-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy pathsasl-scram-tests.js
135 lines (107 loc) · 3.74 KB
/
sasl-scram-tests.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
'use strict'
require('./test-helper');
var sasl = require('../../../lib/sasl')
test('sasl/scram', function () {
test('startSession', function () {
test('fails when mechanisms does not include SCRAM-SHA-256', function () {
assert.throws(function () {
sasl.startSession([])
}, {
message: 'SASL: Only mechanism SCRAM-SHA-256 is currently supported',
})
})
test('returns expected session data', function () {
const session = sasl.startSession(['SCRAM-SHA-256'])
assert.equal(session.mechanism, 'SCRAM-SHA-256')
assert.equal(String(session.clientNonce).length, 24)
assert.equal(session.message, 'SASLInitialResponse')
assert(session.response.match(/^n,,n=\*,r=.{24}/))
})
test('creates random nonces', function () {
const session1 = sasl.startSession(['SCRAM-SHA-256'])
const session2 = sasl.startSession(['SCRAM-SHA-256'])
assert(session1.clientNonce != session2.clientNonce)
})
})
test('continueSession', function () {
test('fails when last session message was not SASLInitialResponse', function () {
assert.throws(function () {
sasl.continueSession({})
}, {
message: 'SASL: Last message was not SASLInitialResponse',
})
})
test('fails when nonce is missing in server message', function () {
assert.throws(function () {
sasl.continueSession({
message: 'SASLInitialResponse',
}, "s=1,i=1")
}, {
message: 'SASL: SCRAM-SERVER-FIRST-MESSAGE: nonce missing',
})
})
test('fails when salt is missing in server message', function () {
assert.throws(function () {
sasl.continueSession({
message: 'SASLInitialResponse',
}, "r=1,i=1")
}, {
message: 'SASL: SCRAM-SERVER-FIRST-MESSAGE: salt missing',
})
})
test('fails when iteration is missing in server message', function () {
assert.throws(function () {
sasl.continueSession({
message: 'SASLInitialResponse',
}, "r=1,s=1")
}, {
message: 'SASL: SCRAM-SERVER-FIRST-MESSAGE: iteration missing',
})
})
test('fails when server nonce does not start with client nonce', function () {
assert.throws(function () {
sasl.continueSession({
message: 'SASLInitialResponse',
clientNonce: '2',
}, 'r=1,s=1,i=1')
}, {
message: 'SASL: SCRAM-SERVER-FIRST-MESSAGE: server nonce does not start with client nonce',
})
})
test('sets expected session data', function () {
const session = {
message: 'SASLInitialResponse',
clientNonce: 'a',
};
sasl.continueSession(session, 'password', 'r=ab,s=x,i=1')
assert.equal(session.message, 'SASLResponse')
assert.equal(session.serverSignature, 'TtywIrpWDJ0tCSXM2mjkyiaa8iGZsZG7HllQxr8fYAo=')
assert.equal(session.response, 'c=biws,r=ab,p=KAEPBUTjjofB0IM5UWcZApK1dSzFE0o5vnbWjBbvFHA=')
})
})
test('continueSession', function () {
test('fails when last session message was not SASLResponse', function () {
assert.throws(function () {
sasl.finalizeSession({})
}, {
message: 'SASL: Last message was not SASLResponse',
})
})
test('fails when server signature does not match', function () {
assert.throws(function () {
sasl.finalizeSession({
message: 'SASLResponse',
serverSignature: '3',
}, "v=4")
}, {
message: 'SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature does not match',
})
})
test('does not fail when eveything is ok', function () {
sasl.finalizeSession({
message: 'SASLResponse',
serverSignature: '5',
}, "v=5")
})
})
})