htauth 2.0.0 → 2.1.0

data/spec/cli/passwd_spec.rb

@@ -41,8 +41,8 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run([ "-h" ])
     rescue SystemExit => se
-      se.status.must_equal 1
-      @stdout.string.must_match( /passwordfile username/m )
+      _(se.status).must_equal 1
+      _(@stdout.string).must_match( /passwordfile username/m )
     end
   end
 
@@ -50,8 +50,8 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run([ "--version" ])
     rescue SystemExit => se
-      se.status.must_equal 1
-      @stdout.string.must_match( /version #{HTAuth::VERSION}/)
+      _(se.status).must_equal 1
+      _(@stdout.string).must_match( /version #{HTAuth::VERSION}/)
     end
   end
 
@@ -62,11 +62,100 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ "-m", "-c", @new_file, "alice" ])
     rescue SystemExit => se
-      se.status.must_equal 0
+      _(se.status).must_equal 0
       l = IO.readlines(@new_file)
       fields = l.first.split(':')
-      fields.first.must_equal "alice"
-      fields.last.must_match( /^\$apr1\$/ )
+      _(fields.first).must_equal "alice"
+      _(fields.last).must_match( /^\$apr1\$/ )
+    end
+  end
+
+  it "creates a new file with one bcrypt entry" do
+    begin
+      @stdin.puts "b secret"
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-B", "-c", @new_file, "brenda" ])
+    rescue SystemExit => se
+      _(se.status).must_equal 0
+      l = IO.readlines(@new_file)
+      fields = l.first.split(':')
+      _(fields.first).must_equal "brenda"
+      bcrypt_hash = fields.last
+
+      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
+    end
+  end
+
+  it "allows the bcrypt cost to be set" do
+    begin
+      cost = 12
+      @stdin.puts "b secret"
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-C", "#{cost}", "-B", "-c", @new_file, "brenda" ])
+    rescue SystemExit => se
+      _(se.status).must_equal 0
+      l = IO.readlines(@new_file)
+      fields = l.first.split(':')
+      _(fields.first).must_equal "brenda"
+      bcrypt_hash = fields.last
+      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
+
+      _, _version, count, _rest = bcrypt_hash.split("$")
+      _(count).must_equal ("%02d" % cost)
+    end
+  end
+
+  it "raises an error if the bcrypt cost is out of range" do
+    begin
+      @stdin.puts "b secret"
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-C", "42", "-B", "-c", @new_file, "brenda" ])
+    rescue SystemExit => se
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
+    end
+  end
+
+  it "raises an error if the bcrypt cost is not an integer" do
+    begin
+      @stdin.puts "b secret"
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-C", "forty-two", "-B", "-c", @new_file, "brenda" ])
+    rescue SystemExit => se
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
+    end
+ 
+  end
+
+  it "does not verify the password from stdin on -i option" do
+    begin
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-i", "-B", "-c", @new_file, "brenda" ])
+    rescue SystemExit => se
+      _(se.status).must_equal 0
+      l = IO.readlines(@new_file)
+      fields = l.first.split(':')
+      _(fields.first).must_equal "brenda"
+      bcrypt_hash = fields.last
+
+      _(::BCrypt::Password.valid_hash?(bcrypt_hash)).wont_be_nil
+    end
+  end
+
+  it "does not allow options -i and -b to both be set" do
+    begin
+      @stdin.puts "b secret"
+      @stdin.rewind
+      @htauth.run([ "-i", "-b", "-B", "-c", @new_file, "brenda", "b-secret" ])
+    rescue SystemExit => se
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
     end
   end
 
@@ -78,10 +167,10 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ "-c", @tf.path, "bob"])
     rescue SystemExit => se
-      se.status.must_equal 0
+      _(se.status).must_equal 0
       after_lines = IO.readlines(@tf.path)
-      after_lines.size.must_equal 1
-      before_lines.size.must_equal 2
+      _(after_lines.size).must_equal 1
+      _(before_lines.size).must_equal 2
     end
   end
 
@@ -92,12 +181,12 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ "-s", @tf.path, "charlie" ])
     rescue SystemExit => se
-      se.status.must_equal 0
+      _(se.status).must_equal 0
       after_lines = IO.readlines(@tf.path)
-      after_lines.size.must_equal 3
+      _(after_lines.size).must_equal 3
       al = after_lines.last.split(':')
-      al.first.must_equal "charlie"
-      al.last.must_match( /\{SHA\}/ )
+      _(al.first).must_equal "charlie"
+      _(al.last).must_match( /\{SHA\}/ )
     end
   end
 
@@ -108,8 +197,8 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run(["-c", "-p", @tf.path, "bradley"])
     rescue SystemExit => se
-      se.status.must_equal 0
-      IO.read(@tf.path).strip.must_equal "bradley:a bad password"
+      _(se.status).must_equal 0
+      _(IO.read(@tf.path).strip).must_equal "bradley:a bad password"
     end
   end
 
@@ -117,8 +206,8 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run(["-c", "-p", "-b", @tf.path, "bradley", "a bad password"])
     rescue SystemExit => se
-      se.status.must_equal 0
-      IO.read(@tf.path).strip.must_equal "bradley:a bad password"
+      _(se.status).must_equal 0
+      _(IO.read(@tf.path).strip).must_equal "bradley:a bad password"
     end
   end
 
@@ -130,16 +219,16 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ "-d", @tf.path, "alice" ])
     rescue SystemExit => se
-      @stderr.string.must_equal ""
-      se.status.must_equal 0
+      _(@stderr.string).must_equal ""
+      _(se.status).must_equal 0
       after_lines = IO.readlines(@tf.path)
-      after_lines.size.must_equal before_lines.size
+      _(after_lines.size).must_equal before_lines.size
 
       a_b = before_lines.first.split(":")
       a_a = after_lines.first.split(":")
 
-      a_b.first.must_equal a_a.first
-      a_b.last.wont_equal a_a.last
+      _(a_b.first).must_equal a_a.first
+      _(a_b.last).wont_equal a_a.last
     end
   end
 
@@ -147,9 +236,9 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run([ "-D", @tf.path, "bob" ])
     rescue SystemExit => se
-      @stderr.string.must_equal ""
-      se.status.must_equal 0
-      IO.read(@tf.path).must_equal IO.read(PASSWD_DELETE_TEST_FILE)
+      _(@stderr.string).must_equal ""
+      _(se.status).must_equal 0
+      _(IO.read(@tf.path)).must_equal IO.read(PASSWD_DELETE_TEST_FILE)
     end
   end
 
@@ -157,8 +246,26 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run(["-n", "-p", "-b", "bradley", "a bad password"])
     rescue SystemExit => se
-      se.status.must_equal 0
-      @stdout.string.strip.must_equal "bradley:a bad password"
+      _(se.status).must_equal 0
+      _(@stdout.string.strip).must_equal "bradley:a bad password"
+    end
+  end
+
+  it "verifies a password when --verify is used - valid" do
+    begin
+      @htauth.run(["--verify", "-b", @tf.path, "alice", "a secret"])
+    rescue SystemExit => se
+      _(@stderr.string.strip).must_equal "Password for user alice correct."
+      _(se.status).must_equal 0
+    end
+  end
+
+  it "verifies a password when --verify is used - invalid" do
+    begin
+      @htauth.run(["--verify", "-b", @tf.path, "alice", "the wrong secret"])
+    rescue SystemExit => se
+      _(@stderr.string.strip).must_equal "Password verification for user alice failed."
+      _(se.status).must_equal 1
     end
   end
 
@@ -169,8 +276,8 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ "-c", "/etc/you-cannot-create-me", "alice"])
     rescue SystemExit => se
-      @stderr.string.must_match( %r{Password file failure \(/etc/you-cannot-create-me\)}m )
-      se.status.must_equal 1
+      _(@stderr.string).must_match( %r{Password file failure \(/etc/you-cannot-create-me\)}m )
+      _(se.status).must_equal 1
     end
   end
 
@@ -181,8 +288,8 @@ describe HTAuth::CLI::Passwd do
       @stdin.rewind
       @htauth.run([ @tf.path, "alice"])
     rescue SystemExit => se
-      @stderr.string.must_match( /They don't match, sorry./m )
-      se.status.must_equal 1
+      _(@stderr.string).must_match( /They don't match, sorry./m )
+      _(se.status).must_equal 1
     end
   end
 
@@ -190,8 +297,8 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run(["--blah"])
     rescue SystemExit => se
-      @stderr.string.must_match( /ERROR:/m )
-      se.status.must_equal 1
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
     end
   end
 
@@ -199,8 +306,25 @@ describe HTAuth::CLI::Passwd do
     begin
       @htauth.run(["-c", "-n"])
     rescue SystemExit => se
-      @stderr.string.must_match( /ERROR:/m )
-      se.status.must_equal 1
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
+    end
+  end
+
+  it "errors if multiple types of operations are attmpted to be used at once" do
+    begin
+      @htauth.run(["-n", "-D"])
+    rescue SystemExit => se
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
+    end
+
+    begin
+      @htauth.run(["--verify", "-D"])
+    rescue SystemExit => se
+      _(@stderr.string).must_match( /ERROR:/m )
+      _(se.status).must_equal 1
     end
+ 
   end
 end

data/spec/crypt_spec.rb

@@ -2,15 +2,11 @@ require 'spec_helper'
 require 'htauth/crypt'
 
 describe HTAuth::Crypt do
-  it "has a prefix" do
-    HTAuth::Crypt.new.prefix.must_equal ""
-  end
-
   it "encrypts the same way that apache does" do
     apache_salt = "L0LDd/.."
     apache_result = "L0ekWYm59LT1M"
     crypt = HTAuth::Crypt.new({ :salt => apache_salt} )
-    crypt.encode("a secret").must_equal apache_result
+    _(crypt.encode("a secret")).must_equal apache_result
   end
 end
 

data/spec/digest_entry_spec.rb

@@ -8,53 +8,53 @@ describe HTAuth::DigestEntry do
   end
 
   it "initializes with a user and realm" do
-    @alice.user.must_equal "alice"
-    @alice.realm.must_equal "htauth"
+    _(@alice.user).must_equal "alice"
+    _(@alice.realm).must_equal "htauth"
   end
 
   it "has the correct digest for a password" do
     @alice.password = "digit"
-    @alice.digest.must_equal "4ed9e5744c6747af8f292d28afd6372e"
+    _(@alice.digest).must_equal "4ed9e5744c6747af8f292d28afd6372e"
   end
 
   it "returns username:realm for a key" do
-    @alice.key.must_equal "alice:htauth"
+    _(@alice.key).must_equal "alice:htauth"
   end
 
   it "checks the password correctly" do
-    @bob.authenticated?("b secret").must_equal true
+    _(@bob.authenticated?("b secret")).must_equal true
   end
 
   it "formats correctly when put to a string" do
-    @bob.to_s.must_equal "bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e"
+    _(@bob.to_s).must_equal "bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e"
   end
 
   it "parses an input line" do
     @bob_new = HTAuth::DigestEntry.from_line("bob:htauth:fcbeab6821d2ab3b00934c958db0fd1e")
-    @bob.user.must_equal @bob_new.user
-    @bob.digest.must_equal @bob_new.digest
-    @bob.realm.must_equal @bob_new.realm
+    _(@bob.user).must_equal @bob_new.user
+    _(@bob.digest).must_equal @bob_new.digest
+    _(@bob.realm).must_equal @bob_new.realm
   end
 
   it "knows if an input line is a possible entry and raises an exception" do
-    lambda { HTAuth::DigestEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidDigestEntry)
-    lambda { HTAuth::DigestEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidDigestEntry)
-    lambda { HTAuth::DigestEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidDigestEntry)
-    lambda { HTAuth::DigestEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidDigestEntry)
+    _ { HTAuth::DigestEntry.is_entry!("#stuff") }.must_raise(HTAuth::InvalidDigestEntry)
+    _ { HTAuth::DigestEntry.is_entry!("this:that:other:stuff") }.must_raise(HTAuth::InvalidDigestEntry)
+    _ { HTAuth::DigestEntry.is_entry!("this:that:other") }.must_raise(HTAuth::InvalidDigestEntry)
+    _ { HTAuth::DigestEntry.is_entry!("this:that:0a90549e8ffb2dd62f98252a95d88xyz") }.must_raise(HTAuth::InvalidDigestEntry)
   end
 
   it "knows if an input line is a possible entry and returns false" do
-    HTAuth::DigestEntry.is_entry?("#stuff").must_equal false
-    HTAuth::DigestEntry.is_entry?("this:that:other:stuff").must_equal false 
-    HTAuth::DigestEntry.is_entry?("this:that:other").must_equal false 
-    HTAuth::DigestEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz").must_equal false
+    _(HTAuth::DigestEntry.is_entry?("#stuff")).must_equal false
+    _(HTAuth::DigestEntry.is_entry?("this:that:other:stuff")).must_equal false 
+    _(HTAuth::DigestEntry.is_entry?("this:that:other")).must_equal false 
+    _(HTAuth::DigestEntry.is_entry?("this:that:0a90549e8ffb2dd62f98252a95d88xyz")).must_equal false
   end
 
   it "knows if an input line is a possible entry and returns true" do
-    HTAuth::DigestEntry.is_entry?("bob:htauth:0a90549e8ffb2dd62f98252a95d88697").must_equal true
+    _(HTAuth::DigestEntry.is_entry?("bob:htauth:0a90549e8ffb2dd62f98252a95d88697")).must_equal true
   end
 
   it "duplicates itself" do
-    @alice.dup.to_s.must_equal @alice.to_s
+    _(@alice.dup.to_s).must_equal @alice.to_s
   end
 end

data/spec/digest_file_spec.rb

@@ -22,35 +22,35 @@ describe HTAuth::DigestFile do
 
   it "can add a new entry to an already existing digest file" do
     @digest_file.add_or_update("charlie", "htauth-new", "c secret")
-    @digest_file.contents.must_equal IO.read(DIGEST_ADD_TEST_FILE)
+    _(@digest_file.contents).must_equal IO.read(DIGEST_ADD_TEST_FILE)
   end
 
   it "can tell if an entry already exists in the digest file" do
-    @digest_file.has_entry?("alice", "htauth").must_equal true
-    @digest_file.has_entry?("alice", "some other realm").must_equal false
+    _(@digest_file.has_entry?("alice", "htauth")).must_equal true
+    _(@digest_file.has_entry?("alice", "some other realm")).must_equal false
   end
 
   it "can update an entry in an already existing digest file" do
     @digest_file.add_or_update("alice", "htauth", "a new secret")
-    @digest_file.contents.must_equal IO.read(DIGEST_UPDATE_TEST_FILE)
+    _(@digest_file.contents).must_equal IO.read(DIGEST_UPDATE_TEST_FILE)
   end
 
   it "fetches a copy of an entry" do
-    @digest_file.fetch("alice", "htauth").to_s.must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
+    _(@digest_file.fetch("alice", "htauth").to_s).must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
   end
 
   it "raises an error if an attempt is made to alter a non-existenet file" do
-    lambda { HTAuth::DigestFile.new("some-file") }.must_raise(HTAuth::FileAccessError)
+    _ { HTAuth::DigestFile.new("some-file") }.must_raise(HTAuth::FileAccessError)
   end
 
   # this test will only work on systems that have /etc/ssh_host_rsa_key 
   it "raises an error if an attempt is made to open a file where no permissions are granted" do
-    lambda { HTAuth::DigestFile.new("/etc/ssh_host_rsa_key") }.must_raise(HTAuth::FileAccessError)
+    _ { HTAuth::DigestFile.new("/etc/ssh_host_rsa_key") }.must_raise(HTAuth::FileAccessError)
   end
 
   it "deletes an entry" do
     @digest_file.delete("alice", "htauth")
-    @digest_file.contents.must_equal IO.read(DIGEST_DELETE_TEST_FILE)
+    _(@digest_file.contents).must_equal IO.read(DIGEST_DELETE_TEST_FILE)
   end
 
   it "is usable in a ruby manner and yeilds itself when opened" do
@@ -59,7 +59,7 @@ describe HTAuth::DigestFile do
       pf.delete('bob', 'htauth')
     end
     lines = IO.readlines(@tf.path)
-    lines.size.must_equal 1
-    lines.first.strip.must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
+    _(lines.size).must_equal 1
+    _(lines.first.strip).must_equal "alice:htauth:2f361db93147d84831eb34f19d05bfbb"
   end
 end

data/spec/md5_spec.rb

@@ -3,15 +3,11 @@ require File.join(File.dirname(__FILE__),"spec_helper.rb")
 require 'htauth/md5'
 
 describe HTAuth::Md5 do
-  it "has a prefix" do
-    HTAuth::Md5.new.prefix.must_equal "$apr1$"
-  end
-
   it "encrypts the same way that apache does" do
     apache_salt = "L0LDd/.."
     apache_result = "$apr1$L0LDd/..$yhUzDjpxam5F1kWdtwMco1"
     md5 = HTAuth::Md5.new({ 'salt' => apache_salt })
-    md5.encode("a secret").must_equal apache_result
+    _(md5.encode("a secret")).must_equal apache_result
   end
 end