upstream/mattermost
1
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2026-02-03 20:40:00 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
mattermost/server/platform/shared/mfa/mfa_test.go
Ben Schumacher 9add320011
[MM-64654] Migrate to modern Go features (#31820)
2025-07-18 12:54:51 +02:00

237 lines
7.6 KiB
Go
Raw Permalink Blame History

// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
// See LICENSE.txt for license information.
package mfa
import (
"encoding/base32"
"errors"
"fmt"
"net/url"
"testing"
"time"
"github.com/dgryski/dgoogauth"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/mattermost/mattermost/server/public/model"
"github.com/mattermost/mattermost/server/public/plugin/plugintest/mock"
"github.com/mattermost/mattermost/server/v8/channels/store/storetest/mocks"
)
func TestGenerateSecret(t *testing.T) {
userID := "user-id"
userEmail := "sample@sample.com"
siteURL := "http://localhost:8065"
t.Run("fail on store action fail", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("UpdateMfaSecret", userID, mock.AnythingOfType("string")).Return(func(userId string, secret string) error {
return errors.New("failed to update mfa secret")
})
_, _, err := New(&storeMock).GenerateSecret(siteURL, userEmail, userID)
require.Error(t, err)
require.Contains(t, err.Error(), "unable to store mfa secret")
})
t.Run("Successful generate secret", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("UpdateMfaSecret", userID, mock.AnythingOfType("string")).Return(func(userId string, secret string) error {
return nil
})
secret, img, err := New(&storeMock).GenerateSecret(siteURL, userEmail, userID)
require.NoError(t, err)
assert.Len(t, secret, 32)
require.NotEmpty(t, img, "no image set")
})
}
func TestGetIssuerFromURL(t *testing.T) {
cases := []struct {
Input string
Expected string
}{
{"http://somewebsite.com", url.QueryEscape("somewebsite.com")},
{"https://somewebsite.com", url.QueryEscape("somewebsite.com")},
{"https://some.website.com", url.QueryEscape("some.website.com")},
{" https://www.somewebsite.com", url.QueryEscape("somewebsite.com")},
{"http://somewebsite.com/chat", url.QueryEscape("somewebsite.com/chat")},
{"somewebsite.com ", url.QueryEscape("somewebsite.com")},
{"http://localhost:8065", url.QueryEscape("localhost:8065")},
{"", "Mattermost"},
{" ", "Mattermost"},
}
for _, c := range cases {
assert.Equal(t, c.Expected, getIssuerFromURL(c.Input))
}
}
func TestActivate(t *testing.T) {
userID := "user-id"
userMfaSecret := newRandomBase32String(mfaSecretSize)
token := dgoogauth.ComputeCode(userMfaSecret, time.Now().UTC().Unix()/30)
t.Run("fail on wrongly formatted token", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("GetMfaUsedTimestamps", userID).Return([]int{}, nil).Once()
err := New(&storeMock).Activate(userMfaSecret, userID, "invalid-token")
require.Error(t, err)
require.Contains(t, err.Error(), "unable to parse the token")
})
t.Run("fail on invalid token", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("GetMfaUsedTimestamps", userID).Return([]int{}, nil).Once()
err := New(&storeMock).Activate(userMfaSecret, userID, "000000")
require.Error(t, err)
require.Contains(t, err.Error(), "invalid mfa token")
})
t.Run("fail on store action fail", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("GetMfaUsedTimestamps", userID).Return([]int{}, nil).Once()
storeMock.On("UpdateMfaActive", userID, true).Return(func(userId string, active bool) error {
return errors.New("failed to update mfa active")
})
err := New(&storeMock).Activate(userMfaSecret, userID, fmt.Sprintf("%06d", token))
require.Error(t, err)
require.Contains(t, err.Error(), "unable to store mfa active")
})
t.Run("Successful activate", func(t *testing.T) {
userID := model.NewId()
secret := newRandomBase32String(mfaSecretSize)
t0 := time.Now().UTC().Unix() / 30
code := fmt.Sprintf("%06d", dgoogauth.ComputeCode(secret, t0))
usMock := mocks.UserStore{}
usMock.On("GetMfaUsedTimestamps", userID).Return([]int{}, nil).Once()
usMock.On("UpdateMfaActive", userID, true).Return(nil).Once()
usMock.On("StoreMfaUsedTimestamps", userID, mock.AnythingOfType("[]int")).Return(nil).Once()
err := New(&usMock).Activate(secret, userID, code)
require.NoError(t, err)
})
t.Run("disallow reuse of totp", func(t *testing.T) {
userID := model.NewId()
secret := newRandomBase32String(mfaSecretSize)
t0 := time.Now().UTC().Unix() / 30
code := fmt.Sprintf("%06d", dgoogauth.ComputeCode(secret, t0))
usMock := mocks.UserStore{}
usMock.On("GetMfaUsedTimestamps", userID).Return([]int{int(t0)}, nil).Once()
err := New(&usMock).Activate(secret, userID, code)
require.Error(t, err)
})
}
func TestDeactivate(t *testing.T) {
userID := "user-id"
t.Run("fail on store UpdateMfaActive action fail", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("UpdateMfaActive", userID, false).Return(func(userId string, active bool) error {
return errors.New("failed to update mfa active")
})
storeMock.On("UpdateMfaSecret", userID, "").Return(func(userId string, secret string) error {
return errors.New("failed to update mfa secret")
})
err := New(&storeMock).Deactivate(userID)
require.Error(t, err)
require.Contains(t, err.Error(), "unable to store mfa active")
})
t.Run("fail on store UpdateMfaSecret action fail", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("UpdateMfaActive", userID, false).Return(func(userId string, active bool) error {
return nil
})
storeMock.On("UpdateMfaSecret", userID, "").Return(func(userId string, secret string) error {
return errors.New("failed to update mfa secret")
})
err := New(&storeMock).Deactivate(userID)
require.Error(t, err)
require.Contains(t, err.Error(), "unable to store mfa secret")
})
t.Run("Successful deactivate", func(t *testing.T) {
storeMock := mocks.UserStore{}
storeMock.On("UpdateMfaActive", userID, false).Return(func(userId string, active bool) error {
return nil
})
storeMock.On("UpdateMfaSecret", userID, "").Return(func(userId string, secret string) error {
return nil
})
err := New(&storeMock).Deactivate(userID)
require.NoError(t, err)
})
}
func TestValidateToken(t *testing.T) {
t.Run("fail on wrongly formatted token", func(t *testing.T) {
id := model.NewId()
secret := newRandomBase32String(mfaSecretSize)
u := &model.User{Id: id, MfaSecret: secret}
usMock := mocks.UserStore{}
usMock.On("GetMfaUsedTimestamps", u.Id).Return([]int{}, nil).Once()
ok, err := New(&usMock).ValidateToken(u, "invalid-token")
require.Error(t, err)
require.False(t, ok)
require.Contains(t, err.Error(), "unable to parse the token")
})
t.Run("successful validation", func(t *testing.T) {
id := model.NewId()
secret := newRandomBase32String(mfaSecretSize)
u := &model.User{Id: id, MfaSecret: secret}
code := fmt.Sprintf("%06d", dgoogauth.ComputeCode(secret, time.Now().UTC().Unix()/30))
usMock := mocks.UserStore{}
usMock.On("GetMfaUsedTimestamps", u.Id).Return([]int{}, nil).Once()
usMock.On("StoreMfaUsedTimestamps", u.Id, mock.AnythingOfType("[]int")).Return(nil).Once()
ok, err := New(&usMock).ValidateToken(u, code)
require.NoError(t, err)
require.True(t, ok)
})
t.Run("disallow reuse of totp", func(t *testing.T) {
id := model.NewId()
secret := newRandomBase32String(mfaSecretSize)
u := &model.User{Id: id, MfaSecret: secret}
t0 := time.Now().UTC().Unix() / 30
code := fmt.Sprintf("%06d", dgoogauth.ComputeCode(secret, t0))
usMock := mocks.UserStore{}
usMock.On("GetMfaUsedTimestamps", u.Id).Return([]int{int(t0)}, nil).Once()
ok, err := New(&usMock).ValidateToken(u, code)
require.False(t, ok)
require.NoError(t, err)
})
}
func TestRandomBase32String(t *testing.T) {
for i := range 1000 {
str := newRandomBase32String(i)
require.Len(t, str, base32.StdEncoding.EncodedLen(i))
}
}
Reference in a new issue View git blame Copy permalink