root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 249 Packages Projects Releases Wiki Activity

Chore: Rewrite brute force login protection test to standard library (#29986)

This commit is contained in:
Emil Hessman 2021-01-02 13:39:25 +01:00 committed by GitHub
parent d236eabe8c
commit 1b53558173
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 108 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

221
pkg/login/brute_force_login_protection_test.go
View File

@ -6,132 +6,127 @@ import (
"github.com/grafana/grafana/pkg/bus" "github.com/grafana/grafana/pkg/bus"
"github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
. "github.com/smartystreets/goconvey/convey" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func TestLoginAttemptsValidation(t *testing.T) { func TestValidateLoginAttempts(t *testing.T) {
Convey("Validate login attempts", t, func() { testCases := []struct {
Convey("Given brute force login protection enabled", func() { name string
cfg := setting.NewCfg() loginAttempts int64
cfg.DisableBruteForceLoginProtection = false cfg *setting.Cfg
query := &models.LoginUserQuery{ expected error
Username: "user", }{
Cfg: cfg, {
} name: "When brute force protection enabled and user login attempt count is less than max",
loginAttempts: maxInvalidLoginAttempts - 1,
cfg: cfgWithBruteForceLoginProtectionEnabled(t),
expected: nil,
},
{
name: "When brute force protection enabled and user login attempt count equals max",
loginAttempts: maxInvalidLoginAttempts,
cfg: cfgWithBruteForceLoginProtectionEnabled(t),
expected: ErrTooManyLoginAttempts,
},
{
name: "When brute force protection enabled and user login attempt count is greater than max",
loginAttempts: maxInvalidLoginAttempts + 1,
cfg: cfgWithBruteForceLoginProtectionEnabled(t),
expected: ErrTooManyLoginAttempts,
},
Convey("When user login attempt count equals max-1 ", func() { {
withLoginAttempts(maxInvalidLoginAttempts - 1) name: "When brute force protection disabled and user login attempt count is less than max",
err := validateLoginAttempts(query) loginAttempts: maxInvalidLoginAttempts - 1,
cfg: cfgWithBruteForceLoginProtectionDisabled(t),
expected: nil,
},
{
name: "When brute force protection disabled and user login attempt count equals max",
loginAttempts: maxInvalidLoginAttempts,
cfg: cfgWithBruteForceLoginProtectionDisabled(t),
expected: nil,
},
{
name: "When brute force protection disabled and user login attempt count is greater than max",
loginAttempts: maxInvalidLoginAttempts + 1,
cfg: cfgWithBruteForceLoginProtectionDisabled(t),
expected: nil,
},
}
Convey("it should not result in error", func() { for _, tc := range testCases {
So(err, ShouldBeNil) t.Run(tc.name, func(t *testing.T) {
}) withLoginAttempts(t, tc.loginAttempts)
})
Convey("When user login attempt count equals max ", func() { query := &models.LoginUserQuery{Username: "user", Cfg: tc.cfg}
withLoginAttempts(maxInvalidLoginAttempts) err := validateLoginAttempts(query)
err := validateLoginAttempts(query) require.Equal(t, tc.expected, err)
})
}
}
Convey("it should result in too many login attempts error", func() { func TestSaveInvalidLoginAttempt(t *testing.T) {
So(err, ShouldEqual, ErrTooManyLoginAttempts) t.Run("When brute force protection enabled", func(t *testing.T) {
}) t.Cleanup(func() { bus.ClearBusHandlers() })
})
Convey("When user login attempt count is greater than max ", func() { createLoginAttemptCmd := &models.CreateLoginAttemptCommand{}
withLoginAttempts(maxInvalidLoginAttempts + 5) bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
err := validateLoginAttempts(query) createLoginAttemptCmd = cmd
return nil
Convey("it should result in too many login attempts error", func() {
So(err, ShouldEqual, ErrTooManyLoginAttempts)
})
})
Convey("When saving invalid login attempt", func() {
defer bus.ClearBusHandlers()
createLoginAttemptCmd := &models.CreateLoginAttemptCommand{}
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
err := saveInvalidLoginAttempt(&models.LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
Cfg: setting.NewCfg(),
})
So(err, ShouldBeNil)
Convey("it should dispatch command", func() {
So(createLoginAttemptCmd, ShouldNotBeNil)
So(createLoginAttemptCmd.Username, ShouldEqual, "user")
So(createLoginAttemptCmd.IpAddress, ShouldEqual, "192.168.1.1:56433")
})
})
}) })
Convey("Given brute force login protection disabled", func() { err := saveInvalidLoginAttempt(&models.LoginUserQuery{
cfg := setting.NewCfg() Username: "user",
cfg.DisableBruteForceLoginProtection = true Password: "pwd",
query := &models.LoginUserQuery{ IpAddress: "192.168.1.1:56433",
Username: "user", Cfg: cfgWithBruteForceLoginProtectionEnabled(t),
Cfg: cfg,
}
Convey("When user login attempt count equals max-1 ", func() {
withLoginAttempts(maxInvalidLoginAttempts - 1)
err := validateLoginAttempts(query)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count equals max ", func() {
withLoginAttempts(maxInvalidLoginAttempts)
err := validateLoginAttempts(query)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When user login attempt count is greater than max ", func() {
withLoginAttempts(maxInvalidLoginAttempts + 5)
err := validateLoginAttempts(query)
Convey("it should not result in error", func() {
So(err, ShouldBeNil)
})
})
Convey("When saving invalid login attempt", func() {
defer bus.ClearBusHandlers()
var createLoginAttemptCmd *models.CreateLoginAttemptCommand
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
err := saveInvalidLoginAttempt(&models.LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
Cfg: cfg,
})
So(err, ShouldBeNil)
Convey("it should not dispatch command", func() {
So(createLoginAttemptCmd, ShouldBeNil)
})
})
}) })
require.NoError(t, err)
require.NotNil(t, createLoginAttemptCmd)
assert.Equal(t, "user", createLoginAttemptCmd.Username)
assert.Equal(t, "192.168.1.1:56433", createLoginAttemptCmd.IpAddress)
})
t.Run("When brute force protection disabled", func(t *testing.T) {
t.Cleanup(func() { bus.ClearBusHandlers() })
var createLoginAttemptCmd *models.CreateLoginAttemptCommand
bus.AddHandler("test", func(cmd *models.CreateLoginAttemptCommand) error {
createLoginAttemptCmd = cmd
return nil
})
err := saveInvalidLoginAttempt(&models.LoginUserQuery{
Username: "user",
Password: "pwd",
IpAddress: "192.168.1.1:56433",
Cfg: cfgWithBruteForceLoginProtectionDisabled(t),
})
require.NoError(t, err)
require.Nil(t, createLoginAttemptCmd)
}) })
} }
func withLoginAttempts(loginAttempts int64) { func cfgWithBruteForceLoginProtectionDisabled(t *testing.T) *setting.Cfg {
t.Helper()
cfg := setting.NewCfg()
cfg.DisableBruteForceLoginProtection = true
return cfg
}
func cfgWithBruteForceLoginProtectionEnabled(t *testing.T) *setting.Cfg {
t.Helper()
cfg := setting.NewCfg()
require.False(t, cfg.DisableBruteForceLoginProtection)
return cfg
}
func withLoginAttempts(t *testing.T, loginAttempts int64) {
t.Helper()
bus.AddHandler("test", func(query *models.GetUserLoginAttemptCountQuery) error { bus.AddHandler("test", func(query *models.GetUserLoginAttemptCountQuery) error {
query.Result = loginAttempts query.Result = loginAttempts
return nil return nil