Archived
1
0

feat: add isCookieValid function and tests

This commit is contained in:
Joe Previte 2021-06-02 17:23:57 -07:00
parent 409b473c82
commit 6020480b30
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24
2 changed files with 86 additions and 1 deletions

View File

@ -249,6 +249,31 @@ export async function handlePasswordValidation(
return passwordValidation return passwordValidation
} }
export type IsCookieValidArgs = {
passwordMethod: PasswordMethod
cookieKey: string
hashedPasswordFromArgs: string | undefined
passwordFromArgs: string | undefined
}
/** Checks if a req.cookies.key is valid using the PasswordMethod */
export async function isCookieValid(isCookieValidArgs: IsCookieValidArgs): Promise<boolean> {
let isValid = false
const { passwordFromArgs = "", cookieKey, hashedPasswordFromArgs = "" } = isCookieValidArgs
switch (isCookieValidArgs.passwordMethod) {
case "PLAIN_TEXT":
isValid = await isHashMatch(passwordFromArgs, cookieKey)
break
case "ARGON2":
case "SHA256":
isValid = safeCompare(cookieKey, hashedPasswordFromArgs)
break
default:
break
}
return isValid
}
const mimeTypes: { [key: string]: string } = { const mimeTypes: { [key: string]: string } = {
".aac": "audio/x-aac", ".aac": "audio/x-aac",
".avi": "video/x-msvideo", ".avi": "video/x-msvideo",

View File

@ -6,6 +6,7 @@ import {
getPasswordMethod, getPasswordMethod,
hashLegacy, hashLegacy,
isHashLegacyMatch, isHashLegacyMatch,
isCookieValid,
} from "../../../src/node/util" } from "../../../src/node/util"
describe("getEnvPaths", () => { describe("getEnvPaths", () => {
@ -234,7 +235,7 @@ describe("getPasswordMethod", () => {
}) })
}) })
describe.only("handlePasswordValidation", () => { describe("handlePasswordValidation", () => {
it("should return true with a hashedPassword for a PLAIN_TEXT password", async () => { it("should return true with a hashedPassword for a PLAIN_TEXT password", async () => {
const p = "password" const p = "password"
const passwordValidation = await handlePasswordValidation({ const passwordValidation = await handlePasswordValidation({
@ -322,3 +323,62 @@ describe.only("handlePasswordValidation", () => {
expect(matchesHash).toBe(false) expect(matchesHash).toBe(false)
}) })
}) })
describe.only("isCookieValid", () => {
it("should be valid if hashed-password for SHA256 matches cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "SHA256",
cookieKey: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
hashedPasswordFromArgs: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
passwordFromArgs: undefined,
})
expect(isValid).toBe(true)
})
it("should be invalid if hashed-password for SHA256 does not match cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "SHA256",
cookieKey: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb9442bb6f8f8f07af",
hashedPasswordFromArgs: "936a185caaa266bb9cbe981e9e05cb78cd732b0b3280eb944412bb6f8f8f07af",
passwordFromArgs: undefined,
})
expect(isValid).toBe(false)
})
it("should be valid if hashed-password for ARGON2 matches cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "ARGON2",
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
hashedPasswordFromArgs:
"$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
passwordFromArgs: undefined,
})
expect(isValid).toBe(true)
})
it("should be invalid if hashed-password for ARGON2 does not match cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "ARGON2",
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9H",
hashedPasswordFromArgs:
"$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
passwordFromArgs: undefined,
})
expect(isValid).toBe(false)
})
it("should be valid if password for PLAIN_TEXT matches cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "PLAIN_TEXT",
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9HYY",
passwordFromArgs: "password",
hashedPasswordFromArgs: undefined,
})
expect(isValid).toBe(true)
})
it("should be invalid if hashed-password for PLAIN_TEXT does not match cookie.key", async () => {
const isValid = await isCookieValid({
passwordMethod: "PLAIN_TEXT",
cookieKey: "$argon2i$v=19$m=4096,t=3,p=1$0qR/o+0t00hsbJFQCKSfdQ$oFcM4rL6o+B7oxpuA4qlXubypbBPsf+8L531U7P9H",
passwordFromArgs: "password1234",
hashedPasswordFromArgs: undefined,
})
expect(isValid).toBe(false)
})
})