diff options
| author | Christopher Speller <crspeller@gmail.com> | 2016-07-12 10:09:04 -0400 |
|---|---|---|
| committer | Harrison Healey <harrisonmhealey@gmail.com> | 2016-07-12 10:09:04 -0400 |
| commit | c976c2881ce5e34febac8a9850a6bad5d728625e (patch) | |
| tree | 7fea777c1c9ba386d97dbdaa2e0b8c83cc419056 /api/user_test.go | |
| parent | 128e4f984ad565297ab1c7b8921d877d3a9c8f03 (diff) | |
| download | chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.gz chat-c976c2881ce5e34febac8a9850a6bad5d728625e.tar.bz2 chat-c976c2881ce5e34febac8a9850a6bad5d728625e.zip | |
Some improvments to password handling (#3549)
Diffstat (limited to 'api/user_test.go')
| -rw-r--r-- | api/user_test.go | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/api/user_test.go b/api/user_test.go index 7dabc8e9b..d0a70c1c0 100644 --- a/api/user_test.go +++ b/api/user_test.go @@ -249,6 +249,42 @@ func TestLoginWithDeviceId(t *testing.T) { } } +func TestPasswordGuessLockout(t *testing.T) { + th := Setup().InitBasic() + Client := th.BasicClient + user := th.BasicUser + Client.Must(Client.Logout()) + + enableSignInWithEmail := *utils.Cfg.EmailSettings.EnableSignInWithEmail + passwordAttempts := utils.Cfg.ServiceSettings.MaximumLoginAttempts + defer func() { + *utils.Cfg.EmailSettings.EnableSignInWithEmail = enableSignInWithEmail + utils.Cfg.ServiceSettings.MaximumLoginAttempts = passwordAttempts + }() + *utils.Cfg.EmailSettings.EnableSignInWithEmail = true + utils.Cfg.ServiceSettings.MaximumLoginAttempts = 2 + + // OK to log in + if _, err := Client.Login(user.Username, user.Password); err != nil { + t.Fatal(err) + } + + Client.Must(Client.Logout()) + + // Fail twice + if _, err := Client.Login(user.Email, "notthepassword"); err == nil { + t.Fatal("Shouldn't be able to login with bad password.") + } + if _, err := Client.Login(user.Email, "notthepassword"); err == nil { + t.Fatal("Shouldn't be able to login with bad password.") + } + + // Locked out + if _, err := Client.Login(user.Email, user.Password); err == nil { + t.Fatal("Shouldn't be able to login with password when account is locked out.") + } +} + func TestSessions(t *testing.T) { th := Setup().InitBasic() Client := th.BasicClient @@ -746,6 +782,26 @@ func TestUserUpdatePassword(t *testing.T) { t.Fatal(err) } + // Test lockout + passwordAttempts := utils.Cfg.ServiceSettings.MaximumLoginAttempts + defer func() { + utils.Cfg.ServiceSettings.MaximumLoginAttempts = passwordAttempts + }() + utils.Cfg.ServiceSettings.MaximumLoginAttempts = 2 + + // Fail twice + if _, err := Client.UpdateUserPassword(user.Id, "badpwd", "newpwd"); err == nil { + t.Fatal("Should have errored") + } + if _, err := Client.UpdateUserPassword(user.Id, "badpwd", "newpwd"); err == nil { + t.Fatal("Should have errored") + } + + // Should fail because account is locked out + if _, err := Client.UpdateUserPassword(user.Id, "newpwd1", "newpwd2"); err == nil { + t.Fatal("Should have errored") + } + user2 := &model.User{Email: strings.ToLower(model.NewId()) + "success+test@simulator.amazonses.com", Nickname: "Corey Hulen", Password: "passwd1"} user2 = Client.Must(Client.CreateUser(user2, "")).Data.(*model.User) LinkUserToTeam(user2, team) |