From df2880e379866c6354fa7ce776b436a2c49c557b Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Thu, 8 Feb 2024 00:45:11 -0500
Subject: [PATCH] add an incorrect password test for PLAIN (#253)

* add an incorrect password test for PLAIN

* derace test (hopefully)
---
 irctest/server_tests/sasl.py | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/irctest/server_tests/sasl.py b/irctest/server_tests/sasl.py
index 600f959..e421671 100644
--- a/irctest/server_tests/sasl.py
+++ b/irctest/server_tests/sasl.py
@@ -1,7 +1,7 @@
 import base64
 
 from irctest import cases, runner, scram
-from irctest.numerics import ERR_SASLFAIL
+from irctest.numerics import ERR_SASLFAIL, RPL_LOGGEDIN, RPL_SASLMECHS
 from irctest.patma import ANYSTR
 
 
@@ -48,11 +48,37 @@ class SaslTestCase(cases.BaseServerTestCase):
         m = self.getRegistrationMessage(1)
         self.assertMessageMatch(
             m,
-            command="900",
+            command=RPL_LOGGEDIN,
             params=[ANYSTR, ANYSTR, "jilles", ANYSTR],
             fail_msg="Unexpected reply to correct SASL authentication: {msg}",
         )
 
+    @cases.mark_specifications("IRCv3")
+    @cases.skipUnlessHasMechanism("PLAIN")
+    def testPlainFailure(self):
+        """PLAIN authentication with incorrect username/password."""
+        self.controller.registerUser(self, "jilles", "sesame")
+        self.addClient()
+        self.requestCapabilities(1, ["sasl"], skip_if_cap_nak=False)
+        self.sendLine(1, "AUTHENTICATE PLAIN")
+        m = self.getRegistrationMessage(1)
+        self.assertMessageMatch(
+            m,
+            command="AUTHENTICATE",
+            params=["+"],
+            fail_msg="Sent “AUTHENTICATE PLAIN”, server should have "
+            "replied with “AUTHENTICATE +”, but instead sent: {msg}",
+        )
+        # password 'millet'
+        self.sendLine(1, "AUTHENTICATE amlsbGVzAGppbGxlcwBtaWxsZXQ=")
+        m = self.getRegistrationMessage(1)
+        self.assertMessageMatch(
+            m,
+            command=ERR_SASLFAIL,
+            params=[ANYSTR, ANYSTR],
+            fail_msg="Unexpected reply to incorrect SASL authentication: {msg}",
+        )
+
     @cases.mark_specifications("IRCv3")
     @cases.skipUnlessHasMechanism("PLAIN")
     def testPlainNonAscii(self):
@@ -161,11 +187,11 @@ class SaslTestCase(cases.BaseServerTestCase):
         self.requestCapabilities(1, ["sasl"], skip_if_cap_nak=False)
         self.sendLine(1, "AUTHENTICATE FOO")
         m = self.getRegistrationMessage(1)
-        while m.command == "908":  # RPL_SASLMECHS
+        while m.command == RPL_SASLMECHS:
             m = self.getRegistrationMessage(1)
         self.assertMessageMatch(
             m,
-            command="904",
+            command=ERR_SASLFAIL,
             fail_msg="Did not reply with 904 to “AUTHENTICATE FOO”: {msg}",
         )