view mod_auth_token/test_token_auth.lua @ 5820:742142f9771e

mod_groups_internal: Fix traceback when room doesn't exist I'm not sure if it should even be included if it doesn't exist, but I'm not currently sure how this situation occurs, so I'm implementing the lightest possible fix for now.
author Matthew Wild <mwild1@gmail.com>
date Thu, 11 Jan 2024 15:53:18 +0000
parents d0ca211e1b0e
children
line wrap: on
line source

local base64 = require "util.encodings".base64;
local hmac = require "openssl.hmac";
local luatz = require "luatz";
local luaunit = require "luaunit";
local uuid = require "uuid";
local otp = require "otp";
local mock = require "mock";
local pkey = require "openssl.pkey";
local token_utils = dofile("token_auth_utils.lib.lua");

math.randomseed(os.time())

local OTP_SEED = 'E3W374VRSFO4NVKE';


function generate_token(jid, key)
	local nonce = '';
	for i=1,32 do
		nonce = nonce..math.random(9);
	end
	local utc_time_table = luatz.gmtime(luatz.time());
	local totp = otp.new_totp_from_key(
		OTP_SEED,
		token_utils.OTP_DIGITS,
		token_utils.OTP_INTERVAL
	):generate(0, utc_time_table);

	local hmac_ctx = hmac.new(key, token_utils.DIGEST_TYPE)
	local signature = hmac_ctx:final(totp..nonce..jid)
	return totp..nonce..' '..base64.encode(signature)
end


function test_token_verification()
	-- Test verification of a valid token
	local key = uuid();
	local result = token_utils.verify_token(
		'root',
		generate_token('root@localhost', key),
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, true)
end


function test_token_is_valid_only_once()
	local key = uuid();
	local token = generate_token('root@localhost', key);
	local result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, true)

	result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	luaunit.assert_is(result, false)
end


function test_token_expiration()
	-- Test that a token expires after (at most) the configured interval plus
	-- any amount of deviations.
	local key = uuid();
	local token = generate_token('root@localhost', key);
	-- Wait two ticks of the interval window and then check that the token is
	-- no longer valid.
	mock.mock(os);
	os.time.replace(function ()
		return os.time.original() +
			(token_utils.OTP_INTERVAL + 
				(token_utils.OTP_DEVIATION * token_utils.OTP_INTERVAL));
	end)
	result = token_utils.verify_token(
		'root',
		token,
		'localhost',
		OTP_SEED,
		key
	)
	mock.unmock(os);
	luaunit.assert_is(result, false)
end

os.exit(luaunit.LuaUnit.run())