2020-05-07 02:14:54 -06:00
|
|
|
# Pleroma: A lightweight social networking server
|
2022-02-25 23:11:42 -07:00
|
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
2020-05-07 02:14:54 -06:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.Auth.TOTPAuthenticatorTest do
|
2020-12-21 04:21:40 -07:00
|
|
|
use Pleroma.Web.ConnCase, async: true
|
2020-05-07 02:14:54 -06:00
|
|
|
|
|
|
|
alias Pleroma.MFA
|
|
|
|
alias Pleroma.MFA.BackupCodes
|
|
|
|
alias Pleroma.MFA.TOTP
|
|
|
|
alias Pleroma.Web.Auth.TOTPAuthenticator
|
|
|
|
|
|
|
|
import Pleroma.Factory
|
|
|
|
|
|
|
|
test "verify token" do
|
|
|
|
otp_secret = TOTP.generate_secret()
|
|
|
|
otp_token = TOTP.generate_token(otp_secret)
|
|
|
|
|
|
|
|
user =
|
|
|
|
insert(:user,
|
|
|
|
multi_factor_authentication_settings: %MFA.Settings{
|
|
|
|
enabled: true,
|
|
|
|
totp: %MFA.Settings.TOTP{secret: otp_secret, confirmed: true}
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert TOTPAuthenticator.verify(otp_token, user) == {:ok, :pass}
|
|
|
|
assert TOTPAuthenticator.verify(nil, user) == {:error, :invalid_token}
|
|
|
|
assert TOTPAuthenticator.verify("", user) == {:error, :invalid_token}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "checks backup codes" do
|
|
|
|
[code | _] = backup_codes = BackupCodes.generate()
|
|
|
|
|
|
|
|
hashed_codes =
|
|
|
|
backup_codes
|
2021-01-14 07:06:16 -07:00
|
|
|
|> Enum.map(&Pleroma.Password.Pbkdf2.hash_pwd_salt(&1))
|
2020-05-07 02:14:54 -06:00
|
|
|
|
|
|
|
user =
|
|
|
|
insert(:user,
|
|
|
|
multi_factor_authentication_settings: %MFA.Settings{
|
|
|
|
enabled: true,
|
|
|
|
backup_codes: hashed_codes,
|
|
|
|
totp: %MFA.Settings.TOTP{secret: "otp_secret", confirmed: true}
|
|
|
|
}
|
|
|
|
)
|
|
|
|
|
|
|
|
assert TOTPAuthenticator.verify_recovery_code(user, code) == {:ok, :pass}
|
|
|
|
refute TOTPAuthenticator.verify_recovery_code(code, refresh_record(user)) == {:ok, :pass}
|
|
|
|
end
|
|
|
|
end
|