Add (QUnit) server tests

server/tests/test.js

@@ -0,0 +1,201 @@
+server_url = "https://gpass.soutade.fr";
+current_user = "test-v7";
+pbkdf2_level = 1000;
+CRYPTO_V1_COMPATIBLE = 1;
+use_shadow_logins = false;
+
+/*
+  Must contains :
+  URL        login      password           masterkey
+  -----------------------------------------------------------------
+v7 format
+  test       test       test               test
+  test2      test2      test2              test2 (+shadow login)
+  test16     test16     testtesttesttest   test16
+  test17     test17     testtesttesttestt  test17
+v8 format
+  testv8     testv8     testv8             testv8
+  testv8_2   testv8_2   testv8_2           testv8_2 (+shadow login)
+  testv8_16  testv8_16  testtesttesttest   testv8_16
+  testv8_17  testv8_17  testtesttesttestt  testv8_17
+
+  We assume shadow logins are enabled in server side
+*/
+
+function alert(a) {}
+function nb_unciphered_passwords(passwords)
+{
+    var nb_unciphered = 0;
+    for(i=0;i<passwords.length; i++)
+    {
+	if (passwords[i].unciphered)
+	    nb_unciphered++;
+    }
+    return nb_unciphered;
+}
+
+function find_password(passwords, login)
+{
+    for(i=0; i<passwords.length; i++)
+    {
+	if (passwords[i].clear_login == login)
+	    return passwords[i];
+    }
+    return null;
+}
+
+async function decrypt_passwords(passwords, masterkey)
+{
+    var nb_unciphered = 0;
+
+    for(nb_unciphered = 0, i=0;i<passwords.length; i++)
+    {
+	res = await passwords[i].decrypt(current_mkey);
+	if (res == true)
+	    nb_unciphered++;
+    }
+
+    return nb_unciphered;
+}
+
+QUnit.test( "Testbench", async function( assert ) {
+    assert.ok( passwords  == null, "Initial passwords null" );
+    list_all_entries(current_user);
+    assert.ok( passwords  != null, "Retrieved passwords" );
+    assert.equal( passwords.length, 8, "8 passwords retrieved" );
+    var shadow_logins = 0;
+    for(i=0;i<passwords.length; i++)
+	if (passwords[i].shadow_login.length)
+	    shadow_logins++;
+    assert.ok( shadow_logins  == 2, "2 shadow logins" );
+
+    current_mkey = derive_mkey(current_user, "test");
+    var nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal( nb_unciphered, 1, "test #1 decrypted" );
+
+    await get_ciphered_credentials(current_mkey);
+    res = nb_unciphered_passwords(passwords);
+    assert.equal(res, 1, "No more passwords unciphered with shadow logins");
+
+    current_mkey = derive_mkey(current_user, "test2");
+
+    // Get ciphered credentials for "test2"
+    await get_ciphered_credentials(current_mkey);
+    res = nb_unciphered_passwords(passwords);
+
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Shadow logins OK");
+
+    current_mkey = derive_mkey(current_user, "test16");
+
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Test16 OK");
+
+    current_mkey = derive_mkey(current_user, "test17");
+
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Test17 OK");
+
+    // V8
+    current_mkey = derive_mkey(current_user, "testv8");
+
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Testv8 OK");
+
+    current_mkey = derive_mkey(current_user, "testv8_2");
+
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 0, "Testv8_2 without shadow login");
+    
+    await get_ciphered_credentials(current_mkey);
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Testv8_2 OK");
+
+    current_mkey = derive_mkey(current_user, "testv8_16");
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Testv8_16 OK");
+
+    current_mkey = derive_mkey(current_user, "testv8_17");
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Testv8_17 OK");
+    
+    nb_unciphered = nb_unciphered_passwords(passwords);
+    assert.equal(nb_unciphered, 8, "All passwords unciphered");
+
+    password = find_password(passwords, "testv8");
+    var ok = remove_password_server(current_user, passwords[i].ciphered_login,
+				    passwords[i].access_token);
+    assert.equal(ok, true, "Remove OK");
+    alert(passwords[i].ciphered_login);
+    ok = remove_password_server(current_user, passwords[i].ciphered_login,
+				passwords[i].access_token);
+    assert.equal(ok, true, "Double remove OK");
+
+    password = find_password(passwords, "testv8_2");
+    ok = remove_password_server(current_user, passwords[i].ciphered_login,
+				    "");
+    assert.equal(ok, false, "Remove without access token OK");
+    
+    ok = remove_password_server(current_user, passwords[i].ciphered_login,
+				    "AAAAAAAAAAAAAAAA");
+    assert.equal(ok, false, "Remove Bad access token");
+
+
+    res = await construct_pentry(current_user, "testv8_new", "testv8_new", "testv8_new", "testv8_new", true).then(
+	function (pentry) {
+	    if (pentry == null) return false;
+
+	    return add_password_server(current_user, pentry);
+	});
+
+    assert.equal(res, false, "Add without access token OK");
+
+    use_shadow_logins = true;
+    
+    res = await construct_pentry(current_user, "testv8_new", "testv8_new", "testv8_new", "testv8_new", true).then(
+	function (pentry) {
+	    if (pentry == null) return false;
+
+	    return add_password_server(current_user, pentry);
+	});
+
+    assert.equal(res, true, "Add with access token OK");
+    res = add_password_server(current_user, passwords[passwords.length-1]);
+    assert.equal(res, false, "Double add OK");
+
+    res = await construct_pentry(current_user, "testv8_new2", "testv8_new2", "testv8_new2", "testv8_new2", true).then(
+	function (pentry) {
+	    if (pentry == null) return false;
+
+	    pentry.shadow_login = "AAA";
+	    return add_password_server(current_user, pentry);
+	});
+
+    assert.equal(res, false, "Add with truncated shadow login OK");
+
+    password = find_password(passwords, "test16");
+    ok = remove_password_server(current_user, password.ciphered_login,
+				password.access_token);
+    assert.equal(ok, true, "Remove v7");
+
+    password = find_password(passwords, "test16");
+    ok = remove_password_server(current_user, password.ciphered_login,
+				"AAAAAAAAAAAAAAAA");
+    assert.equal(ok, true, "Remove v7 bad access token");
+});
+
+QUnit.test( "Updated database", async function( assert ) {
+    passwords = null;
+    list_all_entries(current_user);
+    assert.ok( passwords  != null, "Passed!" );
+    assert.equal( passwords.length, 7, "7 passwords retrieved" );
+
+    current_mkey = derive_mkey(current_user, "testv8");
+    var nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal( nb_unciphered, 0, "Password removed" );
+
+    current_mkey = derive_mkey(current_user, "testv8_new");
+    await get_ciphered_credentials(current_mkey);
+    nb_unciphered = await decrypt_passwords(passwords, current_user);
+    assert.equal(nb_unciphered, 1, "Password added");
+});

server/tests/tests.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width">
+    <title>QUnit Example</title>
+    <link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-2.3.0.css">
+  </head>
+  <body>
+    <div id="qunit"></div>
+    <div id="qunit-fixture"></div>
+    <script src="https://code.jquery.com/qunit/qunit-2.3.0.js"></script>
+    <script src="../resources/misc.js"></script>
+    <script src="../resources/gpass.js"></script>
+    <script src="test.js"></script>
+  </body>
+  </html>

server/tests/users/test-v7/index.php

@@ -0,0 +1,23 @@
+<?php
+/*
+  Copyright (C) 2013 Grégory Soutadé
+  
+  This file is part of gPass.
+  
+  gPass is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  
+  gPass is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+  
+  You should have received a copy of the GNU General Public License
+  along with gPass.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+include "../../_user";
+
+?>