1 Star 0 Fork 0

quaker1/go-sqlite3

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
sqlite3_opt_userauth_test.go 14.98 KB
一键复制 编辑 原始数据 按行查看 历史
G.J.R. Timmer 提交于 2019-08-22 12:11 . Fix auth* parameter check
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643
// Copyright (C) 2018 G.J.R. Timmer <gjr.timmer@gmail.com>.
//
// Use of this source code is governed by an MIT-style
// license that can be found in the LICENSE file.
// +build sqlite_userauth
package sqlite3
import (
"database/sql"
"fmt"
"os"
"testing"
)
var (
conn *SQLiteConn
create func(t *testing.T, username, password string) (file string, err error)
createWithCrypt func(t *testing.T, username, password, crypt, salt string) (file string, err error)
connect func(t *testing.T, f string, username, password string) (file string, db *sql.DB, c *SQLiteConn, err error)
connectWithCrypt func(t *testing.T, f string, username, password string, crypt string, salt string) (file string, db *sql.DB, c *SQLiteConn, err error)
authEnabled func(db *sql.DB) (exists bool, err error)
addUser func(db *sql.DB, username, password string, admin int) (rv int, err error)
userExists func(db *sql.DB, username string) (rv int, err error)
isAdmin func(db *sql.DB, username string) (rv bool, err error)
modifyUser func(db *sql.DB, username, password string, admin int) (rv int, err error)
deleteUser func(db *sql.DB, username string) (rv int, err error)
)
func init() {
// Create database connection
sql.Register("sqlite3_with_conn",
&SQLiteDriver{
ConnectHook: func(c *SQLiteConn) error {
conn = c
return nil
},
})
create = func(t *testing.T, username, password string) (file string, err error) {
var db *sql.DB
file, db, _, err = connect(t, "", username, password)
db.Close()
return
}
createWithCrypt = func(t *testing.T, username, password, crypt, salt string) (file string, err error) {
var db *sql.DB
file, db, _, err = connectWithCrypt(t, "", "admin", "admin", crypt, salt)
db.Close()
return
}
connect = func(t *testing.T, f string, username, password string) (file string, db *sql.DB, c *SQLiteConn, err error) {
conn = nil // Clear connection
file = f // Copy provided file (f) => file
if file == "" {
// Create dummy file
file = TempFilename(t)
}
params := "?_auth"
if len(username) > 0 {
params = fmt.Sprintf("%s&_auth_user=%s", params, username)
}
if len(password) > 0 {
params = fmt.Sprintf("%s&_auth_pass=%s", params, password)
}
db, err = sql.Open("sqlite3_with_conn", "file:"+file+params)
if err != nil {
defer os.Remove(file)
return file, nil, nil, err
}
// Dummy query to force connection and database creation
// Will return ErrUnauthorized (SQLITE_AUTH) if user authentication fails
if _, err = db.Exec("SELECT 1;"); err != nil {
defer os.Remove(file)
defer db.Close()
return file, nil, nil, err
}
c = conn
return
}
connectWithCrypt = func(t *testing.T, f string, username, password string, crypt string, salt string) (file string, db *sql.DB, c *SQLiteConn, err error) {
conn = nil // Clear connection
file = f // Copy provided file (f) => file
if file == "" {
// Create dummy file
file = TempFilename(t)
}
db, err = sql.Open("sqlite3_with_conn", "file:"+file+fmt.Sprintf("?_auth&_auth_user=%s&_auth_pass=%s&_auth_crypt=%s&_auth_salt=%s", username, password, crypt, salt))
if err != nil {
defer os.Remove(file)
return file, nil, nil, err
}
// Dummy query to force connection and database creation
// Will return ErrUnauthorized (SQLITE_AUTH) if user authentication fails
if _, err = db.Exec("SELECT 1;"); err != nil {
defer os.Remove(file)
defer db.Close()
return file, nil, nil, err
}
c = conn
return
}
authEnabled = func(db *sql.DB) (exists bool, err error) {
err = db.QueryRow("select count(type) from sqlite_master WHERE type='table' and name='sqlite_user';").Scan(&exists)
return
}
addUser = func(db *sql.DB, username, password string, admin int) (rv int, err error) {
err = db.QueryRow("select auth_user_add(?, ?, ?);", username, password, admin).Scan(&rv)
return
}
userExists = func(db *sql.DB, username string) (rv int, err error) {
err = db.QueryRow("select count(uname) from sqlite_user where uname=?", username).Scan(&rv)
return
}
isAdmin = func(db *sql.DB, username string) (rv bool, err error) {
err = db.QueryRow("select isAdmin from sqlite_user where uname=?", username).Scan(&rv)
return
}
modifyUser = func(db *sql.DB, username, password string, admin int) (rv int, err error) {
err = db.QueryRow("select auth_user_change(?, ?, ?);", username, password, admin).Scan(&rv)
return
}
deleteUser = func(db *sql.DB, username string) (rv int, err error) {
err = db.QueryRow("select auth_user_delete(?);", username).Scan(&rv)
return
}
}
func TestUserAuthCreateDatabase(t *testing.T) {
f, db, c, err := connect(t, "", "admin", "admin")
if err != nil && c == nil && db == nil {
t.Fatal(err)
}
defer db.Close()
defer os.Remove(f)
enabled, err := authEnabled(db)
if err != nil || !enabled {
t.Fatalf("UserAuth not enabled: %s", err)
}
e, err := userExists(db, "admin")
if err != nil {
t.Fatal(err)
}
if e != 1 {
t.Fatal("UserAuth: admin does not exists")
}
a, err := isAdmin(db, "admin")
if err != nil {
t.Fatal(err)
}
if !a {
t.Fatal("UserAuth: User is not administrator")
}
}
func TestUserAuthCreateDatabaseWithoutArgs(t *testing.T) {
_, db, c, err := connect(t, "", "", "")
if err == nil && c == nil && db == nil {
t.Fatal("Should have failed due to missing _auth_* parameters")
}
_, db, c, err = connect(t, "", "", "admin")
if err == nil && c == nil && db == nil {
t.Fatal("Should have failed due to missing _auth_user parameter")
}
_, db, c, err = connect(t, "", "admin", "")
if err == nil && c == nil && db == nil {
t.Fatal("Should have failed due to missing _auth_pass parameter")
}
}
func TestUserAuthLogin(t *testing.T) {
f1, err := create(t, "admin", "admin")
if err != nil {
t.Fatal(err)
}
defer os.Remove(f1)
f2, db2, c2, err := connect(t, f1, "admin", "admin")
if err != nil {
t.Fatal(err)
}
defer db2.Close()
if f1 != f2 {
t.Fatal("UserAuth: Database file mismatch")
}
// Test lower level authentication
err = c2.Authenticate("admin", "admin")
if err != nil {
t.Fatalf("UserAuth: *SQLiteConn.Authenticate() Failed: %s", err)
}
// Test Login Failed
_, _, _, err = connect(t, f1, "admin", "invalid")
if err == nil {
t.Fatal("Login successful while expecting to fail")
}
if err != ErrUnauthorized {
t.Fatal(err)
}
err = c2.Authenticate("admin", "invalid")
if err == nil {
t.Fatal("Login successful while expecting to fail")
}
if err != ErrUnauthorized {
t.Fatal(err)
}
}
func TestUserAuthAddAdmin(t *testing.T) {
f, db, c, err := connect(t, "", "admin", "admin")
if err != nil && c == nil && db == nil {
t.Fatal(err)
}
defer db.Close()
defer os.Remove(f)
// Add Admin User through SQL call
rv, err := addUser(db, "admin2", "admin2", 1)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Check if user was created
exists, err := userExists(db, "admin2")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'admin2' does not exists")
}
// Check if user was created as an Administrator
admin, err := isAdmin(db, "admin2")
if err != nil {
t.Fatal(err)
}
if !admin {
t.Fatal("UserAuth: 'admin2' is not administrator")
}
// Test *SQLiteConn
err = c.AuthUserAdd("admin3", "admin3", true)
if err != nil {
t.Fatal(err)
}
// Check if user was created
exists, err = userExists(db, "admin2")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'admin3' does not exists")
}
// Check if the user was created as an Administrator
admin, err = isAdmin(db, "admin3")
if err != nil {
t.Fatal(err)
}
if !admin {
t.Fatal("UserAuth: 'admin3' is not administrator")
}
}
func TestUserAuthAddUser(t *testing.T) {
f1, db1, c, err := connect(t, "", "admin", "admin")
if err != nil && c == nil && db == nil {
t.Fatal(err)
}
defer os.Remove(f1)
// Add user through SQL call
rv, err := addUser(db1, "user", "user", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Check if user was created
exists, err := userExists(db1, "user")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'user' does not exists")
}
// Check if user was created as an Administrator
admin, err := isAdmin(db1, "user")
if err != nil {
t.Fatal(err)
}
if admin {
t.Fatal("UserAuth: 'user' is administrator")
}
// Test *SQLiteConn
err = c.AuthUserAdd("user2", "user2", false)
if err != nil {
t.Fatal(err)
}
// Check if user was created
exists, err = userExists(db1, "user2")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'user2' does not exists")
}
// Check if the user was created as an Administrator
admin, err = isAdmin(db1, "user2")
if err != nil {
t.Fatal(err)
}
if admin {
t.Fatal("UserAuth: 'user2' is administrator")
}
// Reconnect as normal user
db1.Close()
_, db2, c2, err := connect(t, f1, "user", "user")
if err != nil {
t.Fatal(err)
}
defer db2.Close()
// Try to create admin user while logged in as normal user
rv, err = addUser(db2, "admin2", "admin2", 1)
if err != nil {
t.Fatal(err)
}
if rv != SQLITE_AUTH {
t.Fatal("Created admin user while not allowed")
}
err = c2.AuthUserAdd("admin3", "admin3", true)
if err != ErrAdminRequired {
t.Fatal("Created admin user while not allowed")
}
// Try to create normal user while logged in as normal user
rv, err = addUser(db2, "user3", "user3", 0)
if err != nil {
t.Fatal(err)
}
if rv != SQLITE_AUTH {
t.Fatal("Created user while not allowed")
}
err = c2.AuthUserAdd("user4", "user4", false)
if err != ErrAdminRequired {
t.Fatal("Created user while not allowed")
}
}
func TestUserAuthModifyUser(t *testing.T) {
f1, db1, c1, err := connect(t, "", "admin", "admin")
if err != nil && c1 == nil && db == nil {
t.Fatal(err)
}
defer os.Remove(f1)
// Modify Password for current logged in admin
// through SQL
rv, err := modifyUser(db1, "admin", "admin2", 1)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to modify password for admin")
}
// Modify password for current logged in admin
// through *SQLiteConn
err = c1.AuthUserChange("admin", "admin3", true)
if err != nil {
t.Fatal(err)
}
// Modify Administrator Flag
// Because we are current logged in as 'admin'
// Changing our own admin flag should fail.
rv, err = modifyUser(db1, "admin", "admin3", 0)
if err != nil {
t.Fatal(err)
}
if rv != SQLITE_AUTH {
t.Fatal("Successfully changed admin flag while not allowed")
}
// Modify admin flag through (*SQLiteConn)
// Because we are current logged in as 'admin'
// Changing our own admin flag should fail.
err = c1.AuthUserChange("admin", "admin3", false)
if err != ErrAdminRequired {
t.Fatal("Successfully changed admin flag while not allowed")
}
// Add normal user
rv, err = addUser(db1, "user", "password", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
rv, err = addUser(db1, "user2", "user2", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Modify other user password and flag through SQL
rv, err = modifyUser(db1, "user", "pass", 1)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to modify password for user")
}
// Modify other user password and flag through *SQLiteConn
err = c1.AuthUserChange("user", "newpass", false)
if err != nil {
t.Fatal(err)
}
// Disconnect database for reconnect
db1.Close()
_, db2, c2, err := connect(t, f1, "user", "newpass")
if err != nil {
t.Fatal(err)
}
defer db2.Close()
// Modify other user password through SQL
rv, err = modifyUser(db2, "user2", "newpass", 0)
if err != nil {
t.Fatal(err)
}
if rv != SQLITE_AUTH {
t.Fatal("Password change successful while not allowed")
}
// Modify other user password and flag through *SQLiteConn
err = c2.AuthUserChange("user2", "invalid", false)
if err != ErrAdminRequired {
t.Fatal("Password change successful while not allowed")
}
}
func TestUserAuthDeleteUser(t *testing.T) {
f1, db1, c, err := connect(t, "", "admin", "admin")
if err != nil && c == nil && db == nil {
t.Fatal(err)
}
defer os.Remove(f1)
// Add Admin User 2
rv, err := addUser(db1, "admin2", "admin2", 1)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
rv, err = addUser(db1, "admin3", "admin3", 1)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Check if user was created
exists, err := userExists(db1, "admin2")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'admin2' does not exists")
}
exists, err = userExists(db1, "admin3")
if err != nil {
t.Fatal(err)
}
if exists != 1 {
t.Fatal("UserAuth: 'admin2' does not exists")
}
// Delete user through SQL
rv, err = deleteUser(db1, "admin2")
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to delete admin2")
}
// Verify user admin2 deleted
exists, err = userExists(db1, "admin2")
if err != nil {
t.Fatal(err)
}
if exists != 0 {
t.Fatal("UserAuth: 'admin2' still exists")
}
// Delete user through *SQLiteConn
rv, err = deleteUser(db1, "admin3")
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to delete admin3")
}
// Verify user admin3 deleted
exists, err = userExists(db1, "admin3")
if err != nil {
t.Fatal(err)
}
if exists != 0 {
t.Fatal("UserAuth: 'admin3' still exists")
}
// Add normal user for reconnect and privileges check
rv, err = addUser(db1, "reconnect", "reconnect", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Add normal user for deletion through SQL
rv, err = addUser(db1, "user", "user", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
rv, err = addUser(db1, "user2", "user2", 0)
if err != nil {
t.Fatal(err)
}
if rv != 0 {
t.Fatal("Failed to add user")
}
// Close database for reconnect
db1.Close()
// Reconnect as normal user
_, db2, c2, err := connect(t, f1, "reconnect", "reconnect")
if err != nil {
t.Fatal(err)
}
defer db2.Close()
// Delete user while logged in as normal user
// through SQL
rv, err = deleteUser(db2, "user")
if err != nil {
t.Fatal(err)
}
if rv != SQLITE_AUTH {
t.Fatal("Successfully deleted user wthout proper privileges")
}
// Delete user while logged in as normal user
// through *SQLiteConn
err = c2.AuthUserDelete("user2")
if err != ErrAdminRequired {
t.Fatal("Successfully deleted user wthout proper privileges")
}
}
func TestUserAuthEncoders(t *testing.T) {
cases := map[string]string{
"sha1": "",
"ssha1": "salted",
"sha256": "",
"ssha256": "salted",
"sha384": "",
"ssha384": "salted",
"sha512": "",
"ssha512": "salted",
}
for enc, salt := range cases {
f, err := createWithCrypt(t, "admin", "admin", enc, salt)
if err != nil {
t.Fatal(err)
}
defer os.Remove(f)
_, db, _, err := connectWithCrypt(t, f, "admin", "admin", enc, salt)
if err != nil {
t.Fatal(err)
}
defer db.Close()
if e, err := authEnabled(db); err != nil && !e {
t.Fatalf("UserAuth (%s) not enabled %s", enc, err)
}
}
}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/quaker1/go-sqlite3.git
git@gitee.com:quaker1/go-sqlite3.git
quaker1
go-sqlite3
go-sqlite3
master

搜索帮助