CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
require 'postgres/postgres-pr/scram_sha_256'
2

3
RSpec.describe Msf::Db::PostgresPR::ScramSha256 do
4
  describe '#hi' do
5
    [
6
      { str: "a", salt: "c", iteration_count: 1, expected: "\xF5*3|\x9ALKB\xD1\x8D\x96d\xC1\x1D\v\xAEY^\xA8\xBB?o\x90\xE0\bE\xD5\xE1!\xA9={".b },
7
      { str: "a", salt: "c", iteration_count: 4096, expected: ")\xA4\x1E\xF6$Vn\x17~w\xFAA\xB4\x8C\xEFY\x83\x82}, 2\xCB\x02\x19Q\xB7\xADOR\xD9\xDC".b },
8
      { str: "pencil", salt: "\x00" * 16, iteration_count: 4096, expected: "\xB1q\x84\xD9\x8E\x0EG\xB2\"\xBD~\xB3-\xDABV?x\xC8'\xB7\xC8r\x9FJhG\xDAB%\xA0~".b },
9
      { str: "pencil", salt: "\x8C\xDDM\x0E\xDBa\xD5\xE4?\x8C\xF3V\xC9\xC9\x94V", iteration_count: 4096, expected: "\xB1?1\xF3\x86\xF5\"\x0F\xCB\xE3=\xE1\xFF(\xF0\x9BODB\xDD\xEF8\xCC\n\x16\x83\x1A&C\xA2\x86F".b },
10
    ].each do |test|
11
      it "returns the expected value for the test #{test}" do
12
        expect(subject.hi(test[:str], test[:salt], test[:iteration_count])).to eq(test[:expected])
13
      end
14
    end
15
  end
16

17
  describe '#gs2_header' do
18
    context 'when channel binding is false' do
19
      it 'returns a header without any channel bindings' do
20
        expect(subject.gs2_header(channel_binding: false)).to eq 'n,,'
21
      end
22
    end
23

24
    context 'when channel binding is true' do
25
      it 'returns a header without any channel bindings' do
26
        expect { subject.gs2_header(channel_binding: true) }.to raise_error NotImplementedError, 'Channel binding not implemented'
27
      end
28
    end
29
  end
30

31
  describe '#normalize' do
32
    [
33
      #
34
      # Tests from spec https://datatracker.ietf.org/doc/html/rfc4013#section-3
35
      #
36
      { str: "I\u00ADX", expected: "IX" },
37
      { str: "user", expected: "user" },
38
      { str: "USER", expected: "USER" },
39
      { str: "\u00AA", expected: "a" },
40
      { str: "\u2168", expected: "IX" },
41
      { str: "\u0007", error: /ASCII control characters/ },
42
      { str: "\u0627\u0031", error: /must start.*end with RandAL/ },
43

44
      #
45
      # Tests from saslprep implementation in Ruby gem https://github.com/ruby/net-imap/blob/92dabbb8959a7a1e02990968ee6a5f4f73dded17/test/net/imap/test_saslprep.rb#L37-L69
46
      #
47
      # some more prohibited codepoints
48
      { str: "\x7f", error: /ASCII control character/i },
49
      { str: "\ufff9", error: /Non-ASCII control character/i },
50
      { str: "\ue000", error: /private use.*C.3/i },
51
      { str: "\u{f0000}", error: /private use.*C.3/i },
52
      { str: "\u{100000}", error: /private use.*C.3/i },
53
      { str: "\ufffe", error: /Non-character code point.*C.4/i },
54
      { str: "\xed\xa0\x80", error: /invalid byte seq\w+ in UTF-8/i },
55
      { str: "\ufffd", error: /inapprop.* plain text.*C.6/i },
56
      { str: "\u2FFb", error: /inapprop.* canonical rep.*C.7/i },
57
      { str: "\u202c", error: /change display.*deprecate.*C.8/i },
58
      { str: "\u{e0001}", error: /tagging character/i },
59
      # some more invalid bidirectional characters
60
      { str: "\u0627abc\u0627", error: /must not contain.* Lcat/i },
61
      { str: "\u0627123", error: /must start.*end with RandAL/i },
62

63
      #
64
      # Arbitrary tests:
65
      #
66
      { str: "abc".force_encoding("ASCII"), expected: "abc".force_encoding("UTF-8") },
67
      { str: 'abcABC123!@£$%^&*()_+=[];l/.,?><|":]}{P+_) hello world', expected: 'abcABC123!@£$%^&*()_+=[];l/.,?><|":]}{P+_) hello world' }
68
    ].each do |test|
69
      it "returns the expected value for the test #{test}", skip: test[:skip] do
70
        if test[:error]
71
          expected_clazz = Msf::Db::PostgresPR::ScramSha256::NormalizeError
72
          expected_message = test[:error]
73
          expect { subject.normalize(test[:str]) }.to raise_error expected_clazz, expected_message
74
        else
75
          expect(subject.normalize(test[:str])).to eq(test[:expected])
76
        end
77
      end
78
    end
79
  end
80

81
  describe '#hmac' do
82
    [
83
      { key: "\x00\x01\x02\x03", message: "hello world", expected: "abc".b }
84
    ].each do |test|
85
      it "returns the expected value for the test #{test}" do
86
        expect(subject.hmac(test[:key], test[:message])).to eq("e\xA7\xB1r\xA9^9,\x90\x9Aey>FD\xF8\xCC\xD1\xDDH\xBB\x90\xDDU\xE5\x04\x05\xFA\xEC\xFC\x8Ew".b)
87
      end
88
    end
89
  end
90
end
91

92