val/irctest
1
0
Fork 0
mirror of https://github.com/progval/irctest.git synced 2025-04-05 06:49:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

sasl: Add tests for signature failure from the server (#179)

Browse Source
This commit is contained in:
Val Lorentz
2023-05-29 11:53:08 +02:00
committed by GitHub
parent a03e9bb8ea
commit 79bbdd2948
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/test-stable.yml vendored
View File

@ -894,7 +894,7 @@ jobs:
with: with:
python-version: 3.7 python-version: 3.7
- name: Install dependencies - name: Install dependencies
run: pip install limnoria==2022.03.17 cryptography pyxmpp2-scram run: pip install limnoria==2023.5.27 cryptography pyxmpp2-scram
- name: Install system dependencies - name: Install system dependencies
run: sudo apt-get install atheme-services faketime run: sudo apt-get install atheme-services faketime
- name: Install irctest dependencies - name: Install irctest dependencies

32
irctest/client_tests/sasl.py
View File

@ -228,7 +228,7 @@ class SaslTestCase(cases.BaseClientTestCase):
self.assertEqual(m.params, ["+"], m) self.assertEqual(m.params, ["+"], m)
@cases.skipUnlessHasMechanism("SCRAM-SHA-256") @cases.skipUnlessHasMechanism("SCRAM-SHA-256")
def testScramBadPassword(self): def testScramBadPassword(self, server_fakes_success=False, fake_response=None):
"""Test SCRAM-SHA-256 authentication with a bad password.""" """Test SCRAM-SHA-256 authentication with a bad password."""
auth = authentication.Authentication( auth = authentication.Authentication(
mechanisms=[authentication.Mechanisms.scram_sha_256], mechanisms=[authentication.Mechanisms.scram_sha_256],
@ -261,6 +261,36 @@ class SaslTestCase(cases.BaseClientTestCase):
with self.assertRaises(scram.NotAuthorizedException): with self.assertRaises(scram.NotAuthorizedException):
authenticator.response(msg) authenticator.response(msg)
if server_fakes_success:
self.sendLine(f"AUTHENTICATE :{fake_response}")
m = self.getMessage()
while m.command == "PING":
self.sendLine(f"PONG server. {m.params[-1]}")
m = self.getMessage()
self.assertMessageMatch(
m,
command="AUTHENTICATE",
params=["*"],
fail_msg="Client did not abort: {msg}",
)
@cases.skipUnlessHasMechanism("SCRAM-SHA-256")
@pytest.mark.parametrize(
"fake_response",
[
"",
"AAAA",
"dj1ubU1mM1FIV2NKUWk5cE1ndHFLU0tQclZueUk2c3FOTzZJN3BFLzBveUdjPQ==",
],
)
def testScramMaliciousServer(self, fake_response):
"""Test SCRAM-SHA-256 authentication to a server which pretends to know
the password"""
self.testScramBadPassword(
server_fakes_success=True, fake_response=fake_response
)
class Irc302SaslTestCase(cases.BaseClientTestCase): class Irc302SaslTestCase(cases.BaseClientTestCase):
@cases.skipUnlessHasMechanism("PLAIN") @cases.skipUnlessHasMechanism("PLAIN")

2
workflows.yml
View File

@ -355,7 +355,7 @@ software:
install_steps: install_steps:
stable: stable:
- name: Install dependencies - name: Install dependencies
run: pip install limnoria==2022.03.17 cryptography pyxmpp2-scram run: pip install limnoria==2023.5.27 cryptography pyxmpp2-scram
release: release:
- name: Install dependencies - name: Install dependencies
run: pip install limnoria cryptography pyxmpp2-scram run: pip install limnoria cryptography pyxmpp2-scram