The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
grafana/pkg/services/user/password_test.go

93 lines
4.2 KiB

package user
import (
"testing"
"github.com/grafana/grafana/pkg/setting"
"github.com/stretchr/testify/assert"
)
func TestPasswowrdService_ValidatePasswordHardcodePolicy(t *testing.T) {
LOWERCASE := "lowercase"
UPPERCASE := "UPPERCASE"
NUMBER := "123"
SYMBOLS := "!@#$%"
testCases := []struct {
expectedError error
name string
passwordTest string
strongPasswordPolicyEnabled bool
}{
{
name: "should return error when the password has less than 4 characters and strong password policy is disabled",
passwordTest: NUMBER,
expectedError: ErrPasswordTooShort.Errorf("new password is too short"),
strongPasswordPolicyEnabled: false,
},
{name: "should not return error when the password has 4 characters and strong password policy is disabled",
passwordTest: "test",
expectedError: nil,
strongPasswordPolicyEnabled: false,
},
{
name: "should return error when the password has less than 12 characters and strong password policy is enabled",
passwordTest: NUMBER,
expectedError: ErrPasswordPolicyInfringe.Errorf("new password is too short for the strong password policy"),
strongPasswordPolicyEnabled: true,
},
{
name: "should return error when the password is missing an uppercase character and strong password policy is enabled",
passwordTest: LOWERCASE + NUMBER + SYMBOLS,
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
strongPasswordPolicyEnabled: true,
},
{
name: "should return error when the password is missing a lowercase character and strong password policy is enabled",
passwordTest: UPPERCASE + NUMBER + SYMBOLS,
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
strongPasswordPolicyEnabled: true,
},
{
name: "should return error when the password is missing a number character and strong password policy is enabled",
passwordTest: LOWERCASE + UPPERCASE + SYMBOLS,
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
strongPasswordPolicyEnabled: true,
},
{
name: "should return error when the password is missing a symbol characters and strong password policy is enabled",
passwordTest: LOWERCASE + UPPERCASE + NUMBER,
expectedError: ErrPasswordPolicyInfringe.Errorf("new password doesn't comply with the password policy"),
strongPasswordPolicyEnabled: true,
},
{
name: "should not return error when the password has lowercase, uppercase, number and symbol and strong password policy is enabled",
passwordTest: LOWERCASE + UPPERCASE + NUMBER + SYMBOLS,
expectedError: nil,
strongPasswordPolicyEnabled: true,
},
{
name: "should not return error when the password has uppercase, number, symbol and lowercase and strong password policy is enabled",
passwordTest: UPPERCASE + NUMBER + SYMBOLS + LOWERCASE,
expectedError: nil,
strongPasswordPolicyEnabled: true,
},
{
name: "should not return error when the password has number, symbol, lowercase and uppercase and strong password policy is enabled",
passwordTest: NUMBER + SYMBOLS + LOWERCASE + UPPERCASE,
expectedError: nil,
strongPasswordPolicyEnabled: true,
},
{
name: "should not return error when the password has symbol, lowercase, uppercase and number and strong password policy is enabled",
passwordTest: SYMBOLS + LOWERCASE + UPPERCASE + NUMBER,
expectedError: nil,
strongPasswordPolicyEnabled: true,
},
}
for _, tc := range testCases {
cfg := setting.NewCfg()
cfg.BasicAuthStrongPasswordPolicy = tc.strongPasswordPolicyEnabled
err := ValidatePassword(tc.passwordTest, cfg)
assert.Equal(t, tc.expectedError, err)
}
}