Added test suites for all current models

2022-05-01 20:49:03 +02:00
parent 5f85a5800e
commit 6e7b30be0a
12 changed files with 400 additions and 27 deletions
--- a/models/auth.go
+++ b/models/auth.go
@@ -2,8 +2,10 @@ package models

 import (
 	"errors"
+	"strings"
 	"time"

+	"github.com/pquerna/otp/totp"
 	"golang.org/x/crypto/bcrypt"
 )

@@ -16,17 +18,29 @@ type Auth struct {
 }

 func (a *Auth) SetPassword(pass string) error {
+	if len(pass) < 12 {
+		return errors.New("password too short")
+	}
+
+	if strings.Contains(strings.ToLower(pass), "password") {
+		return errors.New("contains phrase 'password'")
+	}
+
 	passHash, _ := bcrypt.GenerateFromPassword([]byte(pass), bcrypt.DefaultCost)
 	a.PasswordHash = string(passHash)
 	return nil
 }

 func (a *Auth) Login(pass string, tfCode string) (error, bool) {
+	return a.login(pass, tfCode, time.Now())
+}
+
+func (a *Auth) login(pass string, tfCode string, stamp time.Time) (error, bool) {
 	if err := a.CheckPassword(pass); err != nil {
 		return err, false
 	}

-	if err := a.ValidateTwoFactor(tfCode, time.Now()); err != nil {
+	if err := a.ValidateTwoFactor(tfCode, stamp); err != nil {
 		return err, true
 	}

@@ -51,7 +65,14 @@ func (a *Auth) ValidateTwoFactor(tfCode string, stamp time.Time) error {
 	//TODO two factor
 	if len(tfCode) == 6 {
 		// Test 2FA
-		return errors.New("2FA invalid")
+		expect, err := totp.GenerateCode(a.TwoFactorSecret, stamp)
+		if err != nil {
+			return errors.New("could not process 2fa")
+		}
+		if expect == tfCode {
+			return nil
+		}
+		return errors.New("2fa invalid")
 	} else {
 		// May be a renewal code
 		return errors.New("unlock invalid")