PageRenderTime 62ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/spec/tools/fix_auth/auth_model_spec.rb

https://gitlab.com/unofficial-mirrors/manageiq
Ruby | 184 lines | 153 code | 31 blank | 0 comment | 4 complexity | 6968b106000406baceed6c3485ed2f57 MD5 | raw file
  1. $LOAD_PATH << Rails.root.join("tools").to_s
  2. require "fix_auth/auth_model"
  3. require "fix_auth/auth_config_model"
  4. require "fix_auth/models"
  5. describe FixAuth::AuthModel do
  6. let(:v0_key) { MiqPassword::Key.new("AES-128-CBC", Base64.encode64("9999999999999999"), Base64.encode64("5555555555555555")) }
  7. let(:v1_key) { MiqPassword.generate_symmetric }
  8. let(:pass) { "password" }
  9. let(:enc_v1) { MiqPassword.new.encrypt(pass, "v1", v1_key) }
  10. let(:enc_v2) { MiqPassword.new.encrypt(pass) }
  11. let(:bad_v2) { "v2:{5555555555555555555555==}" }
  12. let(:enc_leg) { v0_key.encrypt64(pass) }
  13. before do
  14. MiqPassword.add_legacy_key(v0_key, :v0)
  15. MiqPassword.add_legacy_key(v1_key, :v1)
  16. end
  17. after do
  18. MiqPassword.clear_keys
  19. end
  20. context "#authentications" do
  21. subject { FixAuth::FixAuthentication }
  22. let(:contenders) { subject.contenders.collect(&:name) }
  23. let(:v1_v2) { subject.create(:name => "v2_v1", :password => enc_v2, :auth_key => enc_v1) }
  24. let(:v2_v1) { subject.create(:name => "v1_v2", :password => enc_v1, :auth_key => enc_v2) }
  25. let(:v1) { subject.create(:name => "v1", :password => enc_v1) }
  26. let(:v2) { subject.create(:name => "v2", :password => enc_v2) }
  27. let(:badv2) { subject.create(:name => "badv2", :password => bad_v2) }
  28. let(:leg) { subject.create(:name => "lg", :password => enc_leg) }
  29. let(:nls) { subject.create(:name => "nls") }
  30. let(:not_c) { subject.create(:name => "notc", :password => "nope") }
  31. it "should read column_names" do
  32. expect(subject.column_names).to include("id", "resource_id", "created_on")
  33. end
  34. it "should determine available_columns" do
  35. expect(subject.available_columns).to eq(%w(password auth_key))
  36. end
  37. it "should limit available_columns when not all columns are available" do
  38. allow(subject).to receive_messages(:column_names => %w(password id))
  39. expect(subject.available_columns).to eq(%w(password))
  40. end
  41. it "should build selection criteria (non selects)" do
  42. expect(subject.selection_criteria).to match(/OR/)
  43. expect(subject.selection_criteria).to match(/password.*<>.*''.*OR.*auth_key.*<>.*''/)
  44. end
  45. it "should not find empty records" do
  46. nls.save!
  47. expect(contenders).not_to include(nls.name)
  48. end
  49. it "should find records with encrypted passwords" do
  50. [v1, v2, leg, nls].each(&:save!)
  51. expect(contenders).to include(v1.name, leg.name, v2.name)
  52. expect(contenders).not_to include(nls.name)
  53. end
  54. it "should find viable records among mixed mode records" do
  55. [v1_v2, v2_v1].each(&:save!)
  56. expect(contenders).to include(v1_v2.name)
  57. expect(contenders).to include(v2_v1.name)
  58. end
  59. context "#recrypt" do
  60. it "should not upgrade blank column" do
  61. subject.fix_passwords(nls)
  62. expect(nls).not_to be_password_changed
  63. end
  64. it "should upgrade legacy columns" do
  65. subject.fix_passwords(leg)
  66. expect(leg).to be_password_changed
  67. expect(leg).not_to be_auth_key_changed
  68. expect(leg.password).to be_encrypted(pass)
  69. expect(leg.password).to be_encrypted_version(2)
  70. end
  71. it "should upgrade v1 columns" do
  72. subject.fix_passwords(v1)
  73. expect(v1).to be_password_changed
  74. expect(v1.password).to be_encrypted_version(2)
  75. end
  76. it "should skip over non-encrypted columns" do
  77. subject.fix_passwords(not_c)
  78. expect(not_c).not_to be_password_changed
  79. end
  80. it "should raise exception for bad encryption" do
  81. expect { subject.fix_passwords(badv2) }.to raise_error(MiqPassword::MiqPasswordError)
  82. end
  83. it "should replace for bad encryption" do
  84. subject.fix_passwords(badv2, :invalid => "other")
  85. expect(badv2.password).to be_encrypted("other")
  86. end
  87. end
  88. context "#hardcode" do
  89. it "should upgrade legacy columns" do
  90. subject.fix_passwords(leg, :hardcode => "newpass")
  91. expect(leg.password).to be_encrypted("newpass")
  92. expect(leg.password).to be_encrypted_version(2)
  93. expect(leg.auth_key).to be_blank
  94. end
  95. it "should upgrade v2 columns" do
  96. subject.fix_passwords(v2, :hardcode => "newpass")
  97. expect(v2.password).to be_encrypted("newpass")
  98. expect(v2.password).to be_encrypted_version(2)
  99. expect(v2.auth_key).to be_blank
  100. end
  101. end
  102. end
  103. context "#miq_database" do
  104. subject { FixAuth::FixMiqDatabase }
  105. let(:v1) { subject.create(:session_secret_token => enc_v1) }
  106. let(:v2) { subject.create(:session_secret_token => enc_v2) }
  107. let(:bad) { subject.create(:session_secret_token => bad_v2) }
  108. it "uses random numbers for hardcode" do
  109. subject.fix_passwords(v1, :hardcode => "newpass")
  110. expect(v1.session_secret_token).to be_encrypted_version(2)
  111. expect(v1.session_secret_token).not_to be_encrypted("newpass")
  112. expect(v1.session_secret_token).not_to eq(enc_v2)
  113. end
  114. it "uses random numbers for invalid" do
  115. subject.fix_passwords(bad, :invalid => "newpass")
  116. expect(bad.session_secret_token).to be_encrypted_version(2)
  117. expect(bad.session_secret_token).not_to be_encrypted("newpass")
  118. expect(bad.session_secret_token).not_to eq(enc_v2)
  119. end
  120. it "upgrades" do
  121. expect(subject.fix_passwords(v1).session_secret_token).to eq(enc_v2)
  122. expect(subject.fix_passwords(v2).session_secret_token).to eq(enc_v2)
  123. end
  124. end
  125. context "#miq_ae_values" do
  126. subject { FixAuth::FixMiqAeValue }
  127. let(:pass_field) { FixAuth::FixMiqAeField.new(:name => "pass", :datatype => "password") }
  128. let(:v1) { subject.create(:field => pass_field, :value => enc_v1) }
  129. it "should update with complex contenders" do
  130. v1 # make sure record exists
  131. subject.run(:silent => true)
  132. expect(v1.reload.value).to be_encrypted_version(2)
  133. end
  134. end
  135. context "#settings_change" do
  136. subject { FixAuth::FixSettingsChange }
  137. let(:v1) { subject.create(:key => "/v1/password", :value => enc_v1) }
  138. let(:v2) { subject.create(:key => "/v2/password", :value => enc_v2) }
  139. let(:bad) { subject.create(:key => "/bad/password", :value => bad_v2) }
  140. it "with hardcode" do
  141. subject.fix_passwords(v1, :hardcode => pass)
  142. expect(v1.value).to eq(enc_v2)
  143. end
  144. it "with invalid" do
  145. subject.fix_passwords(bad, :invalid => pass)
  146. expect(bad.value).to eq(enc_v2)
  147. end
  148. it "upgrades" do
  149. expect(subject.fix_passwords(v1).value).to eq(enc_v2)
  150. expect(subject.fix_passwords(v2).value).to eq(enc_v2)
  151. end
  152. end
  153. end