Implement public key and add tests

2022-12-19 20:45:01 -07:00 · 2022-12-19 20:45:01 -07:00 · 110eb0b199
commit 110eb0b199
parent fe661a935a
10 changed files with 133 additions and 11 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -8,6 +8,8 @@ config :esshd,
  handler: {Chessh.Shell, :on_shell, 4},
  port: 42069,
  password_authenticator: Chessh.Auth.PasswordAuthenticator,
-  public_key_authenticator: Chessh.Auth.KeyAuthenticator
+  public_key_authenticator: Chessh.Auth.KeyAuthenticator,
+  # TODO - benchmark
+  max_sessions: 128

 import_config "#{config_env()}.exs"
--- a/lib/chessh/auth/keys.ex
+++ b/lib/chessh/auth/keys.ex
@ -1,10 +1,19 @@
 defmodule Chessh.Auth.KeyAuthenticator do
+  alias Chessh.Key
+  alias Chessh.Repo
  use Sshd.PublicKeyAuthenticator
  require Logger
+  import Ecto.Query

-  def authenticate(username, public_key, _opts) do
-    Logger.debug("#{inspect(username)}")
-    Logger.debug("#{inspect(public_key)}")
-    true
+  def authenticate(username, public_key) do
+    !!Repo.one(
+      from(k in Key,
+        join: p in assoc(k, :player),
+        where: k.key == ^Key.encode_key(public_key),
+        where: p.username == ^String.Chars.to_string(username)
+      )
+    )
  end
+
+  def authenticate(username, public_key, _opts), do: authenticate(username, public_key)
 end
--- a/lib/chessh/auth/password.ex
+++ b/lib/chessh/auth/password.ex
@ -2,11 +2,11 @@ defmodule Chessh.Auth.PasswordAuthenticator do
  alias Chessh.Player
  alias Chessh.Repo
  use Sshd.PasswordAuthenticator
+  require Logger

  def authenticate(username, password) do
    case Repo.get_by(Player, username: String.Chars.to_string(username)) do
-      nil -> false
-      x -> Player.valid_password?(x, password)
+      x -> Player.valid_password?(x, String.Chars.to_string(password))
    end
  end
 end
--- a/lib/chessh/schema/key.ex
+++ b/lib/chessh/schema/key.ex
@ -32,6 +32,7 @@ defmodule Chessh.Key do
    if is_tuple(key) do
      case key do
        {pub, [opts]} -> [{pub, [opts]}]
+        {pub, []} -> [{pub, [comment: '']}]
        key -> [{key, [comment: '']}]
      end
      |> :ssh_file.encode(:openssh_key)
--- a/lib/chessh/schema/player.ex
+++ b/lib/chessh/schema/player.ex
@ -49,7 +49,7 @@ defmodule Chessh.Player do
  defp validate_username(changeset) do
    changeset
    |> validate_required([:username])
-    |> validate_length(:username, min: 2, max: 12)
+    |> validate_length(:username, min: 2, max: 16)
    |> validate_format(:username, ~r/^[a-zA-Z0-9_\-]*$/,
      message: "only letters, numbers, underscores, and hyphens allowed"
    )
--- a/test/auth/password_test.exs
+++ b/test/auth/password_test.exs
@ -0,0 +1,27 @@
+defmodule Chessh.Auth.PasswordAuthenticatorTest do
+  use ExUnit.Case
+  alias Chessh.Player
+  alias Chessh.Repo
+
+  @valid_user %{username: "logan", password: "password"}
+
+  setup do
+    :ok = Ecto.Adapters.SQL.Sandbox.checkout(Chessh.Repo)
+
+    {:ok, _user} = Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
+
+    :ok
+  end
+
+  test "User can sign in with their password" do
+    assert Chessh.Auth.PasswordAuthenticator.authenticate(
+             String.to_charlist(@valid_user.username),
+             String.to_charlist(@valid_user.password)
+           )
+
+    refute Chessh.Auth.PasswordAuthenticator.authenticate(
+             String.to_charlist(@valid_user.username),
+             String.to_charlist("a_bad_password")
+           )
+  end
+end
--- a/test/auth/pubkey_test.exs
+++ b/test/auth/pubkey_test.exs
@ -0,0 +1,35 @@
+defmodule Chessh.Auth.PublicKeyAuthenticatorTest do
+  use ExUnit.Case
+  alias Chessh.Key
+  alias Chessh.Repo
+  alias Chessh.Player
+
+  @valid_user %{username: "logan", password: "password"}
+  @valid_key %{
+    name: "The Gamer Machine",
+    key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/2LOJGGEd/dhFgRxJ5MMv0jJw4s4pA8qmMbZyulN44"
+  }
+
+  setup do
+    :ok = Ecto.Adapters.SQL.Sandbox.checkout(Chessh.Repo)
+
+    {:ok, player} = Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
+
+    {:ok, _key} =
+      Repo.insert(
+        Key.changeset(%Key{}, @valid_key)
+        |> Ecto.Changeset.put_assoc(:player, player)
+      )
+
+    :ok
+  end
+
+  test "User can sign in with their ssh key from raw string" do
+    assert Chessh.Auth.KeyAuthenticator.authenticate(@valid_user.username, @valid_key.key)
+  end
+
+  test "User can sign in with erlang decoded ssh key" do
+    [key] = :ssh_file.decode(@valid_key.key, :openssh_key)
+    assert Chessh.Auth.KeyAuthenticator.authenticate(@valid_user.username, key)
+  end
+end
--- a/test/schema/key_test.exs
+++ b/test/schema/key_test.exs
@ -28,7 +28,6 @@ defmodule Chessh.Schema.KeyTest do
  @empty_attrs %{}

  test "changeset with valid attributes" do
-    IO.puts(inspect(Key.changeset(%Key{}, @valid_attrs)))
    assert Key.changeset(%Key{}, @valid_attrs).valid?
    assert Key.changeset(%Key{}, @valid_key_attrs).valid?
  end
--- a/test/schema/register_test.exs
+++ b/test/schema/register_test.exs
@ -0,0 +1,51 @@
+defmodule Chessh.Auth.UserRegistrationTest do
+  use Chessh.RepoCase
+  use ExUnit.Case
+  alias Chessh.Player
+  alias Chessh.Repo
+
+  @valid_user %{username: "logan", password: "password"}
+  @invalid_username %{username: "a", password: "password"}
+  @invalid_password %{username: "aasdf", password: "pass"}
+  @repeated_username %{username: "LoGan", password: "password"}
+
+  test "Password must be at least 8 characters and username must be at least 2" do
+    refute Player.registration_changeset(%Player{}, @invalid_password).valid?
+    refute Player.registration_changeset(%Player{}, @invalid_username).valid?
+  end
+
+  test "Password changeset must match" do
+    refute Player.password_changeset(
+             %Player{},
+             Map.put(@valid_user, :password_confirmation,
+               password_confirmation: @valid_user.password <> "a"
+             )
+           ).valid?
+
+    valid_user_changed_password = Map.put(@valid_user, :password, "a_new_password")
+
+    assert Player.password_changeset(
+             %Player{},
+             Map.put(
+               valid_user_changed_password,
+               :password_confirmation,
+               valid_user_changed_password.password
+             )
+           ).valid?
+  end
+
+  test "Password is hashed" do
+    changeset = Player.registration_changeset(%Player{}, @valid_user)
+    assert_raise KeyError, fn -> changeset.changes.password end
+    assert changeset.changes.hashed_password
+    refute changeset.changes.hashed_password == @valid_user.password
+  end
+
+  test "Username is uniquely case insensitive" do
+    assert Repo.insert(Player.registration_changeset(%Player{}, @valid_user))
+
+    assert {:error,
+            %{errors: [{:username, {_, [{:constraint, :unique}, {:constraint_name, _}]}}]}} =
+             Repo.insert(Player.registration_changeset(%Player{}, @repeated_username))
+  end
+end
--- a/test/support/repo_case.ex
+++ b/test/support/repo_case.ex
@ -8,8 +8,6 @@ defmodule Chessh.RepoCase do
      import Ecto
      import Ecto.Query
      import Chessh.RepoCase
-
-      # and any other stuff
    end
  end