steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity
Files
18a9f6624e8f4fa38b27f408f1f989aa16552fae
restic-manager/internal/auth/passwords_test.go
T
steve c275f4ff4c phase 1 foundations: api types, store, crypto, auth 
Lands the bottom three layers of Phase 1:

P1-08 internal/api: protocol_version + envelope + every WS message
  shape from spec.md §6.2 (Hello, Heartbeat, Job*, Schedule*, etc).
  Wire-format tests pin the JSON shape so a rename here breaks
  tests instead of silently breaking the agent.

P1-02 + P1-03 internal/store: SQLite via modernc.org/sqlite,
  embed.FS + a tiny version table for hand-rolled migrations.
  0001_initial.sql covers every table from spec.md §5 plus
  enrollment_tokens and host_schedule_version. Typed accessors
  for users / sessions / enrollment / audit. WAL + foreign_keys
  + busy_timeout on by default.

P1-06 internal/crypto: XChaCha20-Poly1305 AEAD wrapper with
  per-message random nonce. Key file lifecycle (generate +
  refuse-to-overwrite, load with size validation). Optional
  additionalData binds ciphertext to the row that owns it.

P1-04 internal/auth (partial — passwords + tokens; sessions
  middleware lands with the HTTP handlers): argon2id following
  RFC 9106 (64 MiB / t=3 / p=4 / 32B), constant-time verify.
  HashToken stores SHA-256 of session/agent/enrollment tokens
  so a stolen DB doesn't hand over credentials.

Build floor moves to Go 1.25 (modernc.org/sqlite v1.50+ requires
it); CI + Dockerfile + README updated. Markdown lint diagnostics
on tasks.md cleared.

All packages tested. ~70 new tests pass in <1s.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 00:24:40 +01:00

82 lines
2.0 KiB
Go
Raw Blame History

package auth
import (
"strings"
"testing"
)
func TestHashAndVerify(t *testing.T) {
t.Parallel()
pw := "correct horse battery staple"
h, err := HashPassword(pw)
if err != nil {
t.Fatalf("hash: %v", err)
}
if !strings.HasPrefix(h, "$argon2id$") {
t.Errorf("encoded form should start $argon2id$, got %q", h)
}
if err := VerifyPassword(h, pw); err != nil {
t.Errorf("verify: %v", err)
}
if err := VerifyPassword(h, "wrong"); err == nil {
t.Error("verify with wrong password should fail")
}
}
func TestEachHashIsUnique(t *testing.T) {
t.Parallel()
// Same password hashed twice → different encoded strings (different
// salts). If this fails the salt is deterministic.
a, _ := HashPassword("hunter2")
b, _ := HashPassword("hunter2")
if a == b {
t.Fatal("two hashes of the same password collided — non-random salt?")
}
}
func TestVerifyRejectsMalformed(t *testing.T) {
t.Parallel()
cases := []string{
"",
"not-a-hash",
"$argon2i$v=19$m=64,t=3,p=4$AAAA$BBBB", // wrong variant
"$argon2id$", // truncated
"$argon2id$v=99$m=64,t=3,p=4$AAAA$BBBB", // bad version
}
for _, c := range cases {
if err := VerifyPassword(c, "anything"); err == nil {
t.Errorf("should reject malformed hash %q", c)
}
}
}
func TestNewTokenUnique(t *testing.T) {
t.Parallel()
a, err := NewToken()
if err != nil {
t.Fatalf("token: %v", err)
}
b, _ := NewToken()
if a == b {
t.Fatal("two tokens collided — broken randomness")
}
if len(a) < 40 {
t.Errorf("token suspiciously short: %q (%d bytes)", a, len(a))
}
}
func TestHashTokenStable(t *testing.T) {
t.Parallel()
// Same input → same hash. This is not a security property, just a
// sanity check that we're using a regular hash not a salted one.
h1 := HashToken("foo")
h2 := HashToken("foo")
if h1 != h2 {
t.Errorf("HashToken not deterministic: %q vs %q", h1, h2)
}
if len(h1) != 64 { // sha256 hex
t.Errorf("expected 64-char hex hash, got %d", len(h1))
}
}
Reference in New Issue View Git Blame Copy Permalink