LogalDeveloper/owncast
0
Fork 0
Code Activity

Prune expired auth requests + add global max limit. Closes #2490

Browse Source
This commit is contained in:
Gabe Kangas
2022-12-23 20:20:59 -08:00
parent a5f6f49280
commit 87eeeffa1c
9 changed files with 175 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
auth/fediverse/fediverse_test.go
View File

@@ -3,6 +3,8 @@ package fediverse
import (
"strings"
"testing"
"github.com/owncast/owncast/utils"
)
const (
@@ -13,7 +15,10 @@ const (
)
func TestOTPFlowValidation(t *testing.T) {
r, success := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r, success, err := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
if err != nil {
t.Error(err)
}
if !success {
t.Error("Registration should be permitted.")
@@ -50,8 +55,8 @@ func TestOTPFlowValidation(t *testing.T) {
}
func TestSingleOTPFlowRequest(t *testing.T) {
r1, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r2, s2 := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r2, s2, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
if r1.Code != r2.Code {
t.Error("Only one registration should be permitted.")
@@ -65,14 +70,42 @@ func TestSingleOTPFlowRequest(t *testing.T) {
func TestAccountCaseInsensitive(t *testing.T) {
account := "Account"
accessToken := "another-fake-access-token"
r1, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
r1, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, account)
_, reg1 := ValidateFediverseOTP(accessToken, r1.Code)
// Simulate second auth with account in different case
r2, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account))
r2, _, _ := RegisterFediverseOTP(accessToken, userID, userDisplayName, strings.ToUpper(account))
_, reg2 := ValidateFediverseOTP(accessToken, r2.Code)
if reg1.Account != reg2.Account {
t.Errorf("Account names should be case-insensitive: %s %s", reg1.Account, reg2.Account)
}
}
func TestLimitGlobalPendingRequests(t *testing.T) {
for i := 0; i < maxPendingRequests-1; i++ {
at, _ := utils.GenerateRandomString(10)
uid, _ := utils.GenerateRandomString(10)
account, _ := utils.GenerateRandomString(10)
_, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account)
if !success {
t.Error("Registration should be permitted.", i, " of ", len(pendingAuthRequests))
}
if error != nil {
t.Error(error)
}
}
// This one should fail
at, _ := utils.GenerateRandomString(10)
uid, _ := utils.GenerateRandomString(10)
account, _ := utils.GenerateRandomString(10)
_, success, error := RegisterFediverseOTP(at, uid, "userDisplayName", account)
if success {
t.Error("Registration should not be permitted.")
}
if error == nil {
t.Error("Error should be returned.")
}
}