third-party-mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-06-07 02:43:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Handling encoded passwords

Browse Source
This commit is contained in:
Deluan 2016-03-09 21:05:23 -05:00
parent 61d96421dd
commit 031738f1eb
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/validation.go
View File

@ -1,6 +1,9 @@
package api package api
import ( import (
"encoding/hex"
"strings"
"github.com/astaxie/beego" "github.com/astaxie/beego"
"github.com/deluan/gosonic/api/responses" "github.com/deluan/gosonic/api/responses"
) )
@ -31,7 +34,13 @@ func checkParameters(c ControllerInterface) {
func authenticate(c ControllerInterface) { func authenticate(c ControllerInterface) {
user := c.GetString("u") user := c.GetString("u")
pass := c.GetString("p") // TODO Handle hex-encoded password pass := c.GetString("p")
if strings.HasPrefix(pass, "enc:") {
e := strings.TrimPrefix(pass, "enc:")
if dec, err := hex.DecodeString(e); err == nil {
pass = string(dec)
}
}
if user != beego.AppConfig.String("user") || pass != beego.AppConfig.String("password") { if user != beego.AppConfig.String("user") || pass != beego.AppConfig.String("password") {
abortRequest(c, responses.ERROR_AUTHENTICATION_FAIL) abortRequest(c, responses.ERROR_AUTHENTICATION_FAIL)
} }

23
api/validation_test.go
View File

@ -2,10 +2,11 @@ package api_test
import ( import (
"encoding/xml" "encoding/xml"
"testing"
"github.com/deluan/gosonic/api/responses" "github.com/deluan/gosonic/api/responses"
"github.com/deluan/gosonic/tests" "github.com/deluan/gosonic/tests"
. "github.com/smartystreets/goconvey/convey" . "github.com/smartystreets/goconvey/convey"
"testing"
) )
func TestCheckParams(t *testing.T) { func TestCheckParams(t *testing.T) {
@ -29,9 +30,10 @@ func TestCheckParams(t *testing.T) {
} }
func TestAuthentication(t *testing.T) { func TestAuthentication(t *testing.T) {
_, w := Get("/rest/ping.view?u=INVALID&p=INVALID&c=test&v=1.0.0", "TestAuthentication") tests.Init(t, false)
Convey("Subject: Authentication\n", t, func() { Convey("Subject: Authentication\n", t, func() {
_, w := Get("/rest/ping.view?u=INVALID&p=INVALID&c=test&v=1.0.0", "TestAuthentication")
Convey("Status code should be 200", func() { Convey("Status code should be 200", func() {
So(w.Code, ShouldEqual, 200) So(w.Code, ShouldEqual, 200)
}) })
@ -44,4 +46,21 @@ func TestAuthentication(t *testing.T) {
So(v.Status, ShouldEqual, "fail") So(v.Status, ShouldEqual, "fail")
}) })
}) })
Convey("Subject: Authentication Valid\n", t, func() {
_, w := Get("/rest/ping.view?u=deluan&p=wordpass&c=test&v=1.0.0", "TestAuthentication")
Convey("The status should be 'ok'", func() {
v := responses.Subsonic{}
xml.Unmarshal(w.Body.Bytes(), &v)
So(v.Status, ShouldEqual, "ok")
})
})
Convey("Subject: Password encoded\n", t, func() {
_, w := Get("/rest/ping.view?u=deluan&p=enc:776f726470617373&c=test&v=1.0.0", "TestAuthentication")
Convey("The status should be 'ok'", func() {
v := responses.Subsonic{}
println("------", w.Body.String())
xml.Unmarshal(w.Body.Bytes(), &v)
So(v.Status, ShouldEqual, "ok")
})
})
} }