mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 211 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17994 Commits
17 Branches
Tree: 4afdf7c340
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4afdf7c340'
${ noResults }
gitea/modules/auth/password/pwn/pwn_test.go

pwn_test.go 2.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103 
  1. // Copyright 2023 The Gitea Authors. All rights reserved.

  2. // SPDX-License-Identifier: MIT

  3. 

  4. package pwn

  5. 

  6. import (

  7. 	"math/rand/v2"

  8. 	"net/http"

  9. 	"strings"

  10. 	"testing"

  11. 	"time"

  12. 

  13. 	"github.com/stretchr/testify/assert"

  14. )

  15. 

  16. var client = New(WithHTTP(&http.Client{

  17. 	Timeout: time.Second * 2,

  18. }))

  19. 

  20. func TestPassword(t *testing.T) {

  21. 	// Check input error

  22. 	_, err := client.CheckPassword("", false)

  23. 	assert.ErrorIs(t, err, ErrEmptyPassword, "blank input should return ErrEmptyPassword")

  24. 

  25. 	// Should fail

  26. 	fail := "password1234"

  27. 	count, err := client.CheckPassword(fail, false)

  28. 	assert.NotEmpty(t, count, "%s should fail as a password", fail)

  29. 	assert.NoError(t, err)

  30. 

  31. 	// Should fail (with padding)

  32. 	failPad := "administrator"

  33. 	count, err = client.CheckPassword(failPad, true)

  34. 	assert.NotEmpty(t, count, "%s should fail as a password", failPad)

  35. 	assert.NoError(t, err)

  36. 

  37. 	// Checking for a "good" password isn't going to be perfect, but we can give it a good try

  38. 	// with hopefully minimal error. Try five times?

  39. 	assert.Condition(t, func() bool {

  40. 		for i := 0; i <= 5; i++ {

  41. 			count, err = client.CheckPassword(testPassword(), false)

  42. 			assert.NoError(t, err)

  43. 			if count == 0 {

  44. 				return true

  45. 			}

  46. 		}

  47. 		return false

  48. 	}, "no generated passwords passed. there is a chance this is a fluke")

  49. 

  50. 	// Again, but with padded responses

  51. 	assert.Condition(t, func() bool {

  52. 		for i := 0; i <= 5; i++ {

  53. 			count, err = client.CheckPassword(testPassword(), true)

  54. 			assert.NoError(t, err)

  55. 			if count == 0 {

  56. 				return true

  57. 			}

  58. 		}

  59. 		return false

  60. 	}, "no generated passwords passed. there is a chance this is a fluke")

  61. }

  62. 

  63. // Credit to https://golangbyexample.com/generate-random-password-golang/

  64. // DO NOT USE THIS FOR AN ACTUAL PASSWORD GENERATOR

  65. var (

  66. 	lowerCharSet   = "abcdedfghijklmnopqrst"

  67. 	upperCharSet   = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"

  68. 	specialCharSet = "!@#$%&*"

  69. 	numberSet      = "0123456789"

  70. 	allCharSet     = lowerCharSet + upperCharSet + specialCharSet + numberSet

  71. )

  72. 

  73. func testPassword() string {

  74. 	var password strings.Builder

  75. 

  76. 	// Set special character

  77. 	for i := 0; i < 5; i++ {

  78. 		random := rand.IntN(len(specialCharSet))

  79. 		password.WriteString(string(specialCharSet[random]))

  80. 	}

  81. 

  82. 	// Set numeric

  83. 	for i := 0; i < 5; i++ {

  84. 		random := rand.IntN(len(numberSet))

  85. 		password.WriteString(string(numberSet[random]))

  86. 	}

  87. 

  88. 	// Set uppercase

  89. 	for i := 0; i < 5; i++ {

  90. 		random := rand.IntN(len(upperCharSet))

  91. 		password.WriteString(string(upperCharSet[random]))

  92. 	}

  93. 

  94. 	for i := 0; i < 5; i++ {

  95. 		random := rand.IntN(len(allCharSet))

  96. 		password.WriteString(string(allCharSet[random]))

  97. 	}

  98. 	inRune := []rune(password.String())

  99. 	rand.Shuffle(len(inRune), func(i, j int) {

  100. 		inRune[i], inRune[j] = inRune[j], inRune[i]

  101. 	})

  102. 	return string(inRune)

  103. }