[test] Ensure failed login doesn't update hash

HaxeFoundation · Aug 23, 2022 · 203e087 · 203e087
1 parent 16eed2d
commit 203e087
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/test/tests/integration/TestPasswords.hx b/test/tests/integration/TestPasswords.hx
@@ -24,6 +24,8 @@ class TestPasswords extends IntegrationTests {
 
 		final hash = dbCnx.escape(Hashing.hash(haxe.crypto.Md5.encode(data.pw), saltBytes));
 
+		dbCnx.request('USE ${dbConfig.database};');
+
 		dbCnx.request(
 			'INSERT INTO User(name, fullname, email, pass, salt, hashmethod)
 			VALUES ("$user", "$fullname", "$email", "$hash", 0x$saltHex, "$Md5");'
@@ -56,4 +58,27 @@ class TestPasswords extends IntegrationTests {
 		assertEquals(Hashing.hash(bar.pw, result.salt), result.pass);
 	}
 
+	public function testFailedSubmit() {
+		createOldUserAccount(bar);
+
+		// attempting to submit with incorrect password should make no difference
+		final r = haxelib([
+			"submit",
+			Path.join([IntegrationTests.projectRoot, "test/libraries/libBar.zip"]),
+		],"incorrect password\nincorrect password\nincorrect password\nincorrect password\nincorrect password\n").result();
+		assertFail(r);
+		assertEquals("Error: Failed to input correct password", r.err.trim());
+
+		// after failed submission, the account should not have changed
+		final user = dbCnx.escape(bar.user);
+		final resultSet = dbCnx.request('SELECT pass,salt,hashmethod FROM User WHERE name="$user";');
+		assertTrue(resultSet.hasNext());
+		final result = resultSet.next();
+		assertFalse(resultSet.hasNext());
+
+		// hash method and hash should remain the same
+		assertEquals(Md5, result.hashmethod);
+		assertEquals(Hashing.hash(haxe.crypto.Md5.encode(bar.pw), result.salt), result.pass);
+	}
+
 }