The test had a dependency on `https://api.pwnedpasswords.com` which caused many failures on CI recently: ``` --- FAIL: TestPassword (2.37s) pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers) FAIL coverage: 82.9% of statements ```pull/30828/head^2
github.com/google/uuid v1.6.0 | github.com/google/uuid v1.6.0 | ||||
github.com/gorilla/feeds v1.1.2 | github.com/gorilla/feeds v1.1.2 | ||||
github.com/gorilla/sessions v1.2.2 | github.com/gorilla/sessions v1.2.2 | ||||
github.com/h2non/gock v1.2.0 | |||||
github.com/hashicorp/go-version v1.6.0 | github.com/hashicorp/go-version v1.6.0 | ||||
github.com/hashicorp/golang-lru/v2 v2.0.7 | github.com/hashicorp/golang-lru/v2 v2.0.7 | ||||
github.com/huandu/xstrings v1.4.0 | github.com/huandu/xstrings v1.4.0 | ||||
github.com/gorilla/handlers v1.5.2 // indirect | github.com/gorilla/handlers v1.5.2 // indirect | ||||
github.com/gorilla/mux v1.8.1 // indirect | github.com/gorilla/mux v1.8.1 // indirect | ||||
github.com/gorilla/securecookie v1.1.2 // indirect | github.com/gorilla/securecookie v1.1.2 // indirect | ||||
github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect | |||||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||||
github.com/hashicorp/go-retryablehttp v0.7.5 // indirect | github.com/hashicorp/go-retryablehttp v0.7.5 // indirect | ||||
github.com/hashicorp/hcl v1.0.0 // indirect | github.com/hashicorp/hcl v1.0.0 // indirect |
github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= | github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= | ||||
github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY= | github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY= | ||||
github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ= | github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ= | ||||
github.com/h2non/gock v1.2.0 h1:K6ol8rfrRkUOefooBC8elXoaNGYkpp7y2qcxGG6BzUE= | |||||
github.com/h2non/gock v1.2.0/go.mod h1:tNhoxHYW2W42cYkYb1WqzdbYIieALC99kpYr7rH/BQk= | |||||
github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= | |||||
github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= | |||||
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= | github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= | ||||
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= | github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= | ||||
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= | github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= | ||||
github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= | github.com/mschoch/smat v0.2.0/go.mod h1:kc9mz7DoBKqDyiRL7VZN8KvXQMWeTaVnttLRXOlotKw= | ||||
github.com/msteinert/pam v1.2.0 h1:mYfjlvN2KYs2Pb9G6nb/1f/nPfAttT/Jee5Sq9r3bGE= | github.com/msteinert/pam v1.2.0 h1:mYfjlvN2KYs2Pb9G6nb/1f/nPfAttT/Jee5Sq9r3bGE= | ||||
github.com/msteinert/pam v1.2.0/go.mod h1:d2n0DCUK8rGecChV3JzvmsDjOY4R7AYbsNxAT+ftQl0= | github.com/msteinert/pam v1.2.0/go.mod h1:d2n0DCUK8rGecChV3JzvmsDjOY4R7AYbsNxAT+ftQl0= | ||||
github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4= | |||||
github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= | |||||
github.com/niklasfasching/go-org v1.7.0 h1:vyMdcMWWTe/XmANk19F4k8XGBYg0GQ/gJGMimOjGMek= | github.com/niklasfasching/go-org v1.7.0 h1:vyMdcMWWTe/XmANk19F4k8XGBYg0GQ/gJGMimOjGMek= | ||||
github.com/niklasfasching/go-org v1.7.0/go.mod h1:WuVm4d45oePiE0eX25GqTDQIt/qPW1T9DGkRscqLW5o= | github.com/niklasfasching/go-org v1.7.0/go.mod h1:WuVm4d45oePiE0eX25GqTDQIt/qPW1T9DGkRscqLW5o= | ||||
github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= | github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= |
package pwn | package pwn | ||||
import ( | import ( | ||||
"math/rand/v2" | |||||
"net/http" | "net/http" | ||||
"strings" | |||||
"testing" | "testing" | ||||
"time" | "time" | ||||
"github.com/h2non/gock" | |||||
"github.com/stretchr/testify/assert" | "github.com/stretchr/testify/assert" | ||||
) | ) | ||||
})) | })) | ||||
func TestPassword(t *testing.T) { | func TestPassword(t *testing.T) { | ||||
// Check input error | |||||
_, err := client.CheckPassword("", false) | |||||
defer gock.Off() | |||||
count, err := client.CheckPassword("", false) | |||||
assert.ErrorIs(t, err, ErrEmptyPassword, "blank input should return ErrEmptyPassword") | assert.ErrorIs(t, err, ErrEmptyPassword, "blank input should return ErrEmptyPassword") | ||||
assert.Equal(t, -1, count) | |||||
// Should fail | |||||
fail := "password1234" | |||||
count, err := client.CheckPassword(fail, false) | |||||
assert.NotEmpty(t, count, "%s should fail as a password", fail) | |||||
gock.New("https://api.pwnedpasswords.com").Get("/range/5c1d8").Times(1).Reply(200).BodyString("EAF2F254732680E8AC339B84F3266ECCBB5:1\r\nFC446EB88938834178CB9322C1EE273C2A7:2") | |||||
count, err = client.CheckPassword("pwned", false) | |||||
assert.NoError(t, err) | assert.NoError(t, err) | ||||
assert.Equal(t, 1, count) | |||||
// Should fail (with padding) | |||||
failPad := "administrator" | |||||
count, err = client.CheckPassword(failPad, true) | |||||
assert.NotEmpty(t, count, "%s should fail as a password", failPad) | |||||
gock.New("https://api.pwnedpasswords.com").Get("/range/ba189").Times(1).Reply(200).BodyString("FD4CB34F0378BCB15D23F6FFD28F0775C9E:3\r\nFDF342FCD8C3611DAE4D76E8A992A3E4169:4") | |||||
count, err = client.CheckPassword("notpwned", false) | |||||
assert.NoError(t, err) | assert.NoError(t, err) | ||||
assert.Equal(t, 0, count) | |||||
// Checking for a "good" password isn't going to be perfect, but we can give it a good try | |||||
// with hopefully minimal error. Try five times? | |||||
assert.Condition(t, func() bool { | |||||
for i := 0; i <= 5; i++ { | |||||
count, err = client.CheckPassword(testPassword(), false) | |||||
assert.NoError(t, err) | |||||
if count == 0 { | |||||
return true | |||||
} | |||||
} | |||||
return false | |||||
}, "no generated passwords passed. there is a chance this is a fluke") | |||||
// Again, but with padded responses | |||||
assert.Condition(t, func() bool { | |||||
for i := 0; i <= 5; i++ { | |||||
count, err = client.CheckPassword(testPassword(), true) | |||||
assert.NoError(t, err) | |||||
if count == 0 { | |||||
return true | |||||
} | |||||
} | |||||
return false | |||||
}, "no generated passwords passed. there is a chance this is a fluke") | |||||
} | |||||
// Credit to https://golangbyexample.com/generate-random-password-golang/ | |||||
// DO NOT USE THIS FOR AN ACTUAL PASSWORD GENERATOR | |||||
var ( | |||||
lowerCharSet = "abcdedfghijklmnopqrst" | |||||
upperCharSet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" | |||||
specialCharSet = "!@#$%&*" | |||||
numberSet = "0123456789" | |||||
allCharSet = lowerCharSet + upperCharSet + specialCharSet + numberSet | |||||
) | |||||
func testPassword() string { | |||||
var password strings.Builder | |||||
// Set special character | |||||
for i := 0; i < 5; i++ { | |||||
random := rand.IntN(len(specialCharSet)) | |||||
password.WriteString(string(specialCharSet[random])) | |||||
} | |||||
// Set numeric | |||||
for i := 0; i < 5; i++ { | |||||
random := rand.IntN(len(numberSet)) | |||||
password.WriteString(string(numberSet[random])) | |||||
} | |||||
gock.New("https://api.pwnedpasswords.com").Get("/range/a1733").Times(1).Reply(200).BodyString("C4CE0F1F0062B27B9E2F41AF0C08218017C:1\r\nFC446EB88938834178CB9322C1EE273C2A7:2\r\nFE81480327C992FE62065A827429DD1318B:0") | |||||
count, err = client.CheckPassword("paddedpwned", true) | |||||
assert.NoError(t, err) | |||||
assert.Equal(t, 1, count) | |||||
// Set uppercase | |||||
for i := 0; i < 5; i++ { | |||||
random := rand.IntN(len(upperCharSet)) | |||||
password.WriteString(string(upperCharSet[random])) | |||||
} | |||||
gock.New("https://api.pwnedpasswords.com").Get("/range/5617b").Times(1).Reply(200).BodyString("FD4CB34F0378BCB15D23F6FFD28F0775C9E:3\r\nFDF342FCD8C3611DAE4D76E8A992A3E4169:4\r\nFE81480327C992FE62065A827429DD1318B:0") | |||||
count, err = client.CheckPassword("paddednotpwned", true) | |||||
assert.NoError(t, err) | |||||
assert.Equal(t, 0, count) | |||||
for i := 0; i < 5; i++ { | |||||
random := rand.IntN(len(allCharSet)) | |||||
password.WriteString(string(allCharSet[random])) | |||||
} | |||||
inRune := []rune(password.String()) | |||||
rand.Shuffle(len(inRune), func(i, j int) { | |||||
inRune[i], inRune[j] = inRune[j], inRune[i] | |||||
}) | |||||
return string(inRune) | |||||
gock.New("https://api.pwnedpasswords.com").Get("/range/79082").Times(1).Reply(200).BodyString("FDF342FCD8C3611DAE4D76E8A992A3E4169:4\r\nFE81480327C992FE62065A827429DD1318B:0\r\nAFEF386F56EB0B4BE314E07696E5E6E6536:0") | |||||
count, err = client.CheckPassword("paddednotpwnedzero", true) | |||||
assert.NoError(t, err) | |||||
assert.Equal(t, 0, count) | |||||
} | } |