forked from coder/coder
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathworkspaceapps_internal_test.go
More file actions
100 lines (79 loc) · 2.71 KB
/
workspaceapps_internal_test.go
File metadata and controls
100 lines (79 loc) · 2.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
package coderd
import (
"context"
"crypto/sha256"
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/coder/coder/coderd/database"
"github.com/coder/coder/coderd/database/databasefake"
"github.com/coder/coder/testutil"
)
func TestAPIKeyEncryption(t *testing.T) {
t.Parallel()
generateAPIKey := func(t *testing.T, db database.Store) (keyID, keySecret string, hashedSecret []byte, data encryptedAPIKeyPayload) {
keyID, keySecret, err := generateAPIKeyIDSecret()
require.NoError(t, err)
hashedSecretArray := sha256.Sum256([]byte(keySecret))
data = encryptedAPIKeyPayload{
APIKey: keyID + "-" + keySecret,
ExpiresAt: database.Now().Add(24 * time.Hour),
}
return keyID, keySecret, hashedSecretArray[:], data
}
insertAPIKey := func(t *testing.T, db database.Store, keyID string, hashedSecret []byte) {
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
_, err := db.InsertAPIKey(ctx, database.InsertAPIKeyParams{
ID: keyID,
HashedSecret: hashedSecret,
})
require.NoError(t, err)
}
t.Run("OK", func(t *testing.T) {
t.Parallel()
db := databasefake.New()
keyID, _, hashedSecret, data := generateAPIKey(t, db)
insertAPIKey(t, db, keyID, hashedSecret)
encrypted, err := encryptAPIKey(data)
require.NoError(t, err)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
key, token, err := decryptAPIKey(ctx, db, encrypted)
require.NoError(t, err)
require.Equal(t, keyID, key.ID)
require.Equal(t, hashedSecret[:], key.HashedSecret)
require.Equal(t, data.APIKey, token)
})
t.Run("Verifies", func(t *testing.T) {
t.Parallel()
t.Run("Expiry", func(t *testing.T) {
t.Parallel()
db := databasefake.New()
keyID, _, hashedSecret, data := generateAPIKey(t, db)
insertAPIKey(t, db, keyID, hashedSecret)
data.ExpiresAt = database.Now().Add(-1 * time.Hour)
encrypted, err := encryptAPIKey(data)
require.NoError(t, err)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
_, _, err = decryptAPIKey(ctx, db, encrypted)
require.Error(t, err)
require.ErrorContains(t, err, "expired")
})
t.Run("KeyMatches", func(t *testing.T) {
t.Parallel()
db := databasefake.New()
keyID, _, _, data := generateAPIKey(t, db)
hashedSecret := sha256.Sum256([]byte("wrong"))
insertAPIKey(t, db, keyID, hashedSecret[:])
encrypted, err := encryptAPIKey(data)
require.NoError(t, err)
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
defer cancel()
_, _, err = decryptAPIKey(ctx, db, encrypted)
require.Error(t, err)
require.ErrorContains(t, err, "error in crypto")
})
})
}