Skip to content

Commit

Permalink
chore(security): update user login test
Browse files Browse the repository at this point in the history
  • Loading branch information
baurine committed Sep 8, 2023
1 parent c0916bd commit fa5e241
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 11 deletions.
8 changes: 4 additions & 4 deletions pkg/apiserver/user/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ type AuthService struct {
middleware *jwt.GinJWTMiddleware
authenticators map[utils.AuthType]Authenticator

rsaPublicKey *rsa.PublicKey
RsaPublicKey *rsa.PublicKey
RsaPrivateKey *rsa.PrivateKey
}

Expand Down Expand Up @@ -104,7 +104,7 @@ func NewAuthService(featureFlags *featureflag.Registry) *AuthService {
middleware: nil,
authenticators: map[utils.AuthType]Authenticator{},
RsaPrivateKey: privateKey,
rsaPublicKey: publicKey,
RsaPublicKey: publicKey,
}

middleware, err := jwt.New(&jwt.GinJWTMiddleware{
Expand All @@ -128,7 +128,7 @@ func NewAuthService(featureFlags *featureflag.Registry) *AuthService {
// if generate successfully, replace the old key pair
if err == nil {
service.RsaPrivateKey = privateKey
service.rsaPublicKey = publicKey
service.RsaPublicKey = publicKey
}
}
return u, nil
Expand Down Expand Up @@ -321,7 +321,7 @@ func (s *AuthService) GetLoginInfoHandler(c *gin.Context) {
sort.Ints(supportedAuth)
// both work
// publicKeyStr, err := ExportPublicKeyAsString(s.rsaPublicKey)
publicKeyStr, err := DumpPublicKeyBase64(s.rsaPublicKey)
publicKeyStr, err := DumpPublicKeyBase64(s.RsaPublicKey)
if err != nil {
rest.Error(c, err)
return
Expand Down
12 changes: 12 additions & 0 deletions pkg/apiserver/user/rsa_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,18 @@ func DumpPrivateKeyBase64(privatekey *rsa.PrivateKey) (string, error) {
return keyBase64, nil
}

// Encrypt by public key.
func Encrypt(plainText string, publicKey *rsa.PublicKey) (string, error) {
encryptedText, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, []byte(plainText))
if err != nil {
return "", err
}

Check warning on line 87 in pkg/apiserver/user/rsa_utils.go

View check run for this annotation

Codecov / codecov/patch

pkg/apiserver/user/rsa_utils.go#L86-L87

Added lines #L86 - L87 were not covered by tests

// the encryptedText is encoded by base64 in the frontend by jsEncrypt
encodedText := base64.StdEncoding.EncodeToString(encryptedText)
return encodedText, nil
}

// Decrypt by private key.
func Decrypt(cipherText string, privateKey *rsa.PrivateKey) (string, error) {
// the cipherText is encoded by base64 in the frontend by jsEncrypt
Expand Down
3 changes: 2 additions & 1 deletion tests/integration/info/info_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,8 @@ func (s *testInfoSuite) getTokenBySQLRoot() string {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "root"
param["password"] = ""
pwd, _ := user.Encrypt("", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand Down
18 changes: 12 additions & 6 deletions tests/integration/user/user_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,8 @@ func (s *testUserSuite) TestLoginWithNotExistUser() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "not_exist"
param["password"] = "aaa"
pwd, _ := user.Encrypt("aaa", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand All @@ -109,7 +110,8 @@ func (s *testUserSuite) TestLoginWithWrongPassword() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "dashboardAdmin"
param["password"] = "123456789"
pwd, _ := user.Encrypt("123456789", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand All @@ -125,7 +127,8 @@ func (s *testUserSuite) TestLoginWithInsufficientPrivs() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "dashboardAdmin-2"
param["password"] = "12345678"
pwd, _ := user.Encrypt("12345678", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand All @@ -142,7 +145,8 @@ func (s *testUserSuite) TestLoginWithSufficientPrivs() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "dashboardAdmin"
param["password"] = "12345678"
pwd, _ := user.Encrypt("12345678", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand Down Expand Up @@ -177,7 +181,8 @@ func (s *testUserSuite) TestLoginWithWrongPasswordForRoot() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "root"
param["password"] = "aaa"
pwd, _ := user.Encrypt("aaa", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand All @@ -193,7 +198,8 @@ func (s *testUserSuite) TestLoginWithCorrectPasswordForRoot() {
param := make(map[string]interface{})
param["type"] = 0
param["username"] = "root"
param["password"] = ""
pwd, _ := user.Encrypt("", s.authService.RsaPublicKey)
param["password"] = pwd

jsonByte, _ := json.Marshal(param)
req, _ := http.NewRequest(http.MethodPost, "/user/login", bytes.NewReader(jsonByte))
Expand Down

0 comments on commit fa5e241

Please sign in to comment.