Feature/authentication (#14)

* makes wsfs_server_config opaque * feature: try to create mount point, if not present * fixes server start failure due to existing mountpoint * added basic authentication infrastructure * makes wsfs_server_config opaque * feature: try to create mount point, if not present * fixes server start failure due to existing mountpoint * added basic authentication infrastructure * added unit tests for credentials * added unit tests for authenticators * propagates authenticators to server protocol * enabled username authentication in daemon example * adds example to compute password hash * adds infrastructure to execute commands * added userdb to encapsulate authentication stuff * adds session and session_manager * fixes warning about unused param * moves some logic from server_protocol to session * makes wsfs_server_config opaque * feature: try to create mount point, if not present * fixes server start failure due to existing mountpoint * added basic authentication infrastructure * makes wsfs_server_config opaque * added unit tests for credentials * added unit tests for authenticators * propagates authenticators to server protocol * enabled username authentication in daemon example * adds example to compute password hash * adds infrastructure to execute commands * added userdb to encapsulate authentication stuff * adds session and session_manager * fixes warning about unused param * moves some logic from server_protocol to session * updates libcrypto to version 1.1.0
2026-03-02 04:09:18 +00:00 · 2019-03-23 22:53:14 +01:00
parent de9095a978
commit 48185776b6
32 changed files with 1969 additions and 112 deletions
--- a/test/mock_authenticator.cc
+++ b/test/mock_authenticator.cc
@@ -0,0 +1,42 @@
+#include "mock_authenticator.hpp"
+
+#define WSFS_AUTHENTICTOR_COUNT 3
+
+namespace
+{
+
+wsfs_test::Authenticator * g_authenticators[WSFS_AUTHENTICTOR_COUNT];
+
+}
+
+
+namespace wsfs_test
+{
+
+void set_authenticator(Authenticator * authenticator)
+{
+    set_authenticator(0, authenticator);
+}
+
+void set_authenticator(size_t i, Authenticator * authenticator)
+{
+    g_authenticators[i] = authenticator;
+}
+
+bool authenticate(struct wsfs_credentials * creds, void * user_data)
+{
+    return g_authenticators[0]->authenticate(creds, user_data);
+}
+
+bool authenticate_1(struct wsfs_credentials * creds, void * user_data)
+{
+    return g_authenticators[1]->authenticate(creds, user_data);
+}
+
+bool authenticate_2(struct wsfs_credentials * creds, void * user_data)
+{
+    return g_authenticators[2]->authenticate(creds, user_data);
+}
+
+    
+}
--- a/test/mock_authenticator.hpp
+++ b/test/mock_authenticator.hpp
@@ -0,0 +1,34 @@
+#ifndef MOCK_AUTHENTICATOR_H
+#define MOCK_AUTHENTICATOR_H
+
+#include <gmock/gmock.h>
+#include "wsfs/adapter/authenticator.h"
+
+namespace wsfs_test
+{
+
+class Authenticator
+{
+public:
+    virtual ~Authenticator() { }
+    virtual bool authenticate(
+        struct wsfs_credentials * credentials,
+        void * user_data) = 0;
+};
+
+class MockAuthenticator: public Authenticator
+{
+public:
+    MOCK_METHOD2(authenticate, bool (struct wsfs_credentials * credentials, void * user_data));
+};
+
+void set_authenticator(Authenticator * authenticator);
+void set_authenticator(size_t index, Authenticator * authenticator);
+
+bool authenticate(struct wsfs_credentials * creds, void * user_data);
+bool authenticate_1(struct wsfs_credentials * creds, void * user_data);
+bool authenticate_2(struct wsfs_credentials * creds, void * user_data);
+
+}
+
+#endif
--- a/test/test_authenticator.cc
+++ b/test/test_authenticator.cc
@@ -0,0 +1,63 @@
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "mock_authenticator.hpp"
+
+#include "wsfs/adapter/authenticator.h"
+#include "wsfs/adapter/credentials_intern.h"
+
+using ::testing::Return;
+using ::testing::_;
+using ::wsfs_test::Authenticator;
+using ::wsfs_test::MockAuthenticator;
+using ::wsfs_test::set_authenticator;
+using ::wsfs_test::authenticate;
+
+
+TEST(Authenticator, Authenticate)
+{
+    MockAuthenticator mock;
+    set_authenticator(&mock);
+
+    struct wsfs_credentials creds;
+    wsfs_credentials_init(&creds, "username", nullptr);
+    char dummy[] = "usr_data";
+    void * user_data = reinterpret_cast<void*>(dummy);
+
+    EXPECT_CALL(mock, authenticate(&creds, user_data))
+        .Times(1)
+        .WillRepeatedly(Return(true));
+
+    struct wsfs_authenticator * authenticator = wsfs_authenticator_create(
+        "username",
+        &authenticate,
+        user_data);
+
+    bool result = wsfs_authenticator_autenticate(authenticator, &creds);
+    ASSERT_TRUE(result);
+
+    wsfs_authenticator_dispose(authenticator);
+    wsfs_credentials_cleanup(&creds);
+}
+
+TEST(Authenticator, SkipAuthenticationWithWrongType)
+{
+    MockAuthenticator mock;
+    set_authenticator(&mock);
+
+    struct wsfs_credentials creds;
+    wsfs_credentials_init(&creds, "username", nullptr);
+    EXPECT_CALL(mock, authenticate(_, _))
+        .Times(0);
+
+    struct wsfs_authenticator * authenticator = wsfs_authenticator_create(
+        "certificate",
+        &authenticate,
+        nullptr);
+
+    bool result = wsfs_authenticator_autenticate(authenticator, &creds);
+    ASSERT_FALSE(result);
+
+    wsfs_authenticator_dispose(authenticator);
+    wsfs_credentials_cleanup(&creds);
+}
--- a/test/test_authenticators.cc
+++ b/test/test_authenticators.cc
@@ -0,0 +1,154 @@
+#include <gtest/gtest.h>
+#include <gmock/gmock.h>
+
+#include "wsfs/adapter/authenticators.h"
+#include "wsfs/adapter/credentials_intern.h"
+#include "mock_authenticator.hpp"
+
+using ::testing::_;
+using ::testing::Return;
+using ::wsfs_test::MockAuthenticator;
+using ::wsfs_test::set_authenticator;
+using ::wsfs_test::authenticate;
+using ::wsfs_test::authenticate_1;
+using ::wsfs_test::authenticate_2;
+
+
+TEST(Authenticators, CloneEmpty)
+{
+    struct wsfs_authenticators authenticators;
+    struct wsfs_authenticators clone;
+
+    wsfs_authenticators_init(&authenticators);
+    ASSERT_EQ(nullptr, authenticators.first);
+
+    wsfs_authenticators_clone(&authenticators, &clone);
+    ASSERT_EQ(nullptr, clone.first);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_authenticators_cleanup(&clone);
+}
+
+TEST(Authenticators, Clone)
+{
+    struct wsfs_authenticators authenticators;
+    struct wsfs_authenticators clone;
+
+    wsfs_authenticators_init(&authenticators);
+    wsfs_authenticators_add(&authenticators, "username", &authenticate, nullptr);
+    ASSERT_NE(nullptr, authenticators.first);
+
+    wsfs_authenticators_clone(&authenticators, &clone);
+    ASSERT_NE(nullptr, clone.first);
+    ASSERT_NE(nullptr, authenticators.first);
+    ASSERT_NE(authenticators.first, clone.first);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_authenticators_cleanup(&clone);
+}
+
+TEST(Authenticators, Move)
+{
+    struct wsfs_authenticators authenticators;
+    struct wsfs_authenticators clone;
+
+    wsfs_authenticators_init(&authenticators);
+    wsfs_authenticators_add(&authenticators, "username", &authenticate, nullptr);
+    ASSERT_NE(nullptr, authenticators.first);
+
+    wsfs_authenticators_move(&authenticators, &clone);
+    ASSERT_NE(nullptr, clone.first);
+    ASSERT_EQ(nullptr, authenticators.first);
+    ASSERT_NE(authenticators.first, clone.first);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_authenticators_cleanup(&clone);
+}
+
+TEST(Authenticators, AuthenticateWithoutAuthenticators)
+{
+    struct wsfs_credentials creds;
+    wsfs_credentials_init(&creds, "username", nullptr);
+
+    struct wsfs_authenticators authenticators;
+    wsfs_authenticators_init(&authenticators);
+
+    bool result = wsfs_authenticators_authenticate(&authenticators, &creds);
+    ASSERT_TRUE(result);
+
+    result = wsfs_authenticators_authenticate(&authenticators, nullptr);
+    ASSERT_TRUE(result);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_credentials_cleanup(&creds);
+}
+
+TEST(Authenticators, FailToAuthenticateWithoutCredentials)
+{
+    MockAuthenticator mock;
+    set_authenticator(&mock);
+
+    struct wsfs_authenticators authenticators;
+    wsfs_authenticators_init(&authenticators);
+    wsfs_authenticators_add(&authenticators, "username", &authenticate, nullptr);
+
+    bool result = wsfs_authenticators_authenticate(&authenticators, nullptr);
+    ASSERT_FALSE(result);
+
+    wsfs_authenticators_cleanup(&authenticators);
+}
+
+TEST(Authenticators, AuthenticateWithMultipleCredentials)
+{
+    struct wsfs_credentials creds;
+    wsfs_credentials_init(&creds, "username", nullptr);
+
+    MockAuthenticator username_mock;
+    set_authenticator(1, &username_mock);
+    EXPECT_CALL(username_mock, authenticate(&creds, nullptr))
+        .Times(1)
+        .WillRepeatedly(Return(true));
+
+    MockAuthenticator certificate_mock;
+    set_authenticator(2, &certificate_mock);
+    EXPECT_CALL(certificate_mock, authenticate(_, _))
+        .Times(0);
+
+    struct wsfs_authenticators authenticators;
+    wsfs_authenticators_init(&authenticators);
+    wsfs_authenticators_add(&authenticators, "username", &authenticate_1, nullptr);
+    wsfs_authenticators_add(&authenticators, "certificate", &authenticate_2, nullptr);
+
+    bool result = wsfs_authenticators_authenticate(&authenticators, &creds);
+    ASSERT_TRUE(result);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_credentials_cleanup(&creds);
+}
+
+TEST(Authenticators, FailedAuthenticateWithWrongType)
+{
+    struct wsfs_credentials creds;
+    wsfs_credentials_init(&creds, "token", nullptr);
+
+    MockAuthenticator username_mock;
+    set_authenticator(1, &username_mock);
+    EXPECT_CALL(username_mock, authenticate(&creds, nullptr))
+        .Times(0);
+
+    MockAuthenticator certificate_mock;
+    set_authenticator(2, &certificate_mock);
+    EXPECT_CALL(certificate_mock, authenticate(_, _))
+        .Times(0);
+
+    struct wsfs_authenticators authenticators;
+    wsfs_authenticators_init(&authenticators);
+    wsfs_authenticators_add(&authenticators, "username", &authenticate_1, nullptr);
+    wsfs_authenticators_add(&authenticators, "certificate", &authenticate_2, nullptr);
+
+    bool result = wsfs_authenticators_authenticate(&authenticators, &creds);
+    ASSERT_FALSE(result);
+
+    wsfs_authenticators_cleanup(&authenticators);
+    wsfs_credentials_cleanup(&creds);
+}
--- a/test/test_credentials.cc
+++ b/test/test_credentials.cc
@@ -0,0 +1,70 @@
+#include <gtest/gtest.h>
+
+#include "wsfs/adapter/credentials_intern.h"
+#include <jansson.h>
+
+TEST(Credentials, Type)
+{
+    struct wsfs_credentials creds;
+
+    wsfs_credentials_init(&creds, "test", nullptr);
+    ASSERT_STREQ("test", wsfs_credentials_type(&creds));
+    wsfs_credentials_cleanup(&creds);
+}
+
+TEST(Credentials, Get)
+{
+    struct wsfs_credentials creds;
+    json_t * data = json_object();
+    json_object_set_new(data, "username", json_string("bob"));
+    json_object_set_new(data, "password", json_string("<secret>"));
+
+    wsfs_credentials_init(&creds, "username", data);
+    ASSERT_STREQ("username", wsfs_credentials_type(&creds));
+    ASSERT_STREQ("bob", wsfs_credentials_get(&creds, "username"));
+    ASSERT_STREQ("<secret>", wsfs_credentials_get(&creds, "password"));
+
+    wsfs_credentials_cleanup(&creds);
+    json_decref(data);
+}
+
+TEST(Credentials, FailedToGetNonexistingValue)
+{
+    struct wsfs_credentials creds;
+    json_t * data = json_object();
+
+    wsfs_credentials_init(&creds, "username", data);
+    ASSERT_STREQ("username", wsfs_credentials_type(&creds));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "username"));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "password"));
+
+    wsfs_credentials_cleanup(&creds);
+    json_decref(data);    
+}
+
+TEST(Credentials, FailedToGetWithoutData)
+{
+    struct wsfs_credentials creds;
+
+    wsfs_credentials_init(&creds, "username", nullptr);
+    ASSERT_STREQ("username", wsfs_credentials_type(&creds));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "username"));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "password"));
+
+    wsfs_credentials_cleanup(&creds);
+}
+
+TEST(Credentials, FailedToGetWrongDataType)
+{
+    struct wsfs_credentials creds;
+    json_t * data = json_string("invalid_creds");
+
+    wsfs_credentials_init(&creds, "username", data);
+    ASSERT_STREQ("username", wsfs_credentials_type(&creds));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "username"));
+    ASSERT_STREQ(nullptr, wsfs_credentials_get(&creds, "password"));
+
+    wsfs_credentials_cleanup(&creds);
+    json_decref(data);    
+}
+
--- a/test/test_server.cc
+++ b/test/test_server.cc
@@ -13,12 +13,13 @@ TEST(server, create_dispose)
 {
    mkdir("test", 0700);

-    struct wsfs_server_config config = {strdup("test"), nullptr, nullptr, nullptr, nullptr, 0};
-    struct wsfs_server * server = wsfs_server_create(&config);
+    struct wsfs_server_config * config = wsfs_server_config_create();
+    wsfs_server_config_set_mountpoint(config, "test");
+    struct wsfs_server * server = wsfs_server_create(config);
    ASSERT_NE(nullptr, server);

    wsfs_server_dispose(server);
-    wsfs_server_config_cleanup(&config);
+    wsfs_server_config_dispose(config);

    rmdir("test");
 }