Store hashed passwords (#7)

Use if let instead of unwrap Default to invalid password if could not calculate Move hash password methdo and return Result Rename get_password method Default to empty password when no pwd is received Store hashed passwords Store passwords hashed with Argon2 and verify password with that stored hash. Co-authored-by: Guillem Nieto <gnieto.talo@gmail.com>
2020-04-14 22:25:44 +02:00 · 2020-04-14 22:25:44 +02:00 · fa9e127a1e
commit fa9e127a1e
parent abcce95dd8
6 changed files with 148 additions and 21 deletions
--- a/src/test.rs
+++ b/src/test.rs
@ -1,5 +1,9 @@
 use super::*;
 use rocket::{local::Client, http::Status};
+use serde_json::Value;
+use serde_json::json;
+use ruma_client_api::error::ErrorKind;
+use std::time::Duration;

 fn setup_client() -> Client {
    Database::try_remove("temp");
@ -14,19 +18,97 @@ async fn register_login() {
    let client = setup_client();
    let mut response = client
        .post("/_matrix/client/r0/register?kind=user")
-        .body(
-            r#"{
-    "username": "cheeky_monkey",
-    "password": "ilovebananas",
-    "device_id": "GHTYAJCE",
-    "initial_device_display_name": "Jungle Phone",
-    "inhibit_login": false
-            }"#,
-        )
+        .body(registration_init())
        .dispatch().await;
-    let body = serde_json::to_value(&response.body_string().await.unwrap()).unwrap();
+    let body = serde_json::from_str::<Value>(&response.body_string().await.unwrap()).unwrap();

    assert_eq!(response.status().code, 401);
    assert!(dbg!(&body["flows"]).as_array().unwrap().len() > 0);
    assert!(body["session"].as_str().unwrap().len() > 0);
 }
+
+#[tokio::test]
+async fn login_after_register_correct_password() {
+    let client = setup_client();
+    let mut response = client
+        .post("/_matrix/client/r0/register?kind=user")
+        .body(registration_init())
+        .dispatch().await;
+    let body = serde_json::from_str::<Value>(&response.body_string().await.unwrap()).unwrap();
+    let session = body["session"].clone();
+
+    let response = client
+        .post("/_matrix/client/r0/register?kind=user")
+        .body(registration(session.as_str().unwrap()))
+        .dispatch().await;
+    assert_eq!(response.status().code, 200);
+
+    let login_response = client
+        .post("/_matrix/client/r0/login")
+        .body(login_with_password("ilovebananas"))
+        .dispatch()
+        .await;
+    assert_eq!(login_response.status().code, 200);
+}
+
+#[tokio::test]
+async fn login_after_register_incorrect_password() {
+    let client = setup_client();
+    let mut response = client
+        .post("/_matrix/client/r0/register?kind=user")
+        .body(registration_init())
+        .dispatch().await;
+    let body = serde_json::from_str::<Value>(&response.body_string().await.unwrap()).unwrap();
+    let session = body["session"].clone();
+
+    let response = client
+        .post("/_matrix/client/r0/register?kind=user")
+        .body(registration(session.as_str().unwrap()))
+        .dispatch().await;
+    assert_eq!(response.status().code, 200);
+
+    let mut login_response = client
+        .post("/_matrix/client/r0/login")
+        .body(login_with_password("idontlovebananas"))
+        .dispatch()
+        .await;
+    let body = serde_json::from_str::<Value>(&login_response.body_string().await.unwrap()).unwrap();
+    assert_eq!(body.as_object().unwrap().get("errcode").unwrap().as_str().unwrap(), "M_FORBIDDEN");
+    assert_eq!(login_response.status().code, 403);
+}
+
+fn registration_init() -> &'static str {
+    r#"{
+    "username": "cheeky_monkey",
+    "password": "ilovebananas",
+    "device_id": "GHTYAJCE",
+    "initial_device_display_name": "Jungle Phone",
+    "inhibit_login": false
+            }"#
+}
+
+fn registration(session: &str) -> String {
+    json!({
+        "auth": {
+            "session": session,
+            "type": "m.login.dummy"
+        },
+        "username": "cheeky_monkey",
+        "password": "ilovebananas",
+        "device_id": "GHTYAJCE",
+        "initial_device_display_name": "Jungle Phone",
+        "inhibit_login": false
+    }).to_string()
+}
+
+fn login_with_password(password: &str) -> String {
+    json!({
+        "type": "m.login.password",
+        "identifier": {
+            "type": "m.id.user",
+            "user": "cheeky_monkey"
+        },
+        "password": password,
+        "initial_device_display_name": "Jungle Phone"
+    }).to_string()
+}