go-hibp/hibp_test.go

package hibp

import (
	"fmt"
	"net/http"
	"os"
	"testing"
	"time"
)

// TestNew tests the New() function
func TestNew(t *testing.T) {
	hc := New()
	if *hc.PwnedPassAPI.hibp != hc {
		t.Errorf("hibp client creation failed")
	}
}

// TestNewWithNil tests the New() function with a nil option
func TestNewWithNil(t *testing.T) {
	hc := New(nil)
	if *hc.PwnedPassAPI.hibp != hc {
		t.Errorf("hibp client creation failed")
	}
}

// TestNewWithHttpTimeout tests the New() function with the http timeout option
func TestNewWithHttpTimeout(t *testing.T) {
	hc := New(WithHTTPTimeout(time.Second * 10))
	if hc.to != time.Second*10 {
		t.Errorf("hibp client timeout option was not set properly. Expected %d, got: %d",
			time.Second*10, hc.to)
	}
}

// TestNewWithPwnedPadding tests the New() function with the PwnedPadding option
func TestNewWithPwnedPadding(t *testing.T) {
	hc := New(WithPwnedPadding())
	if !hc.PwnedPassAPIOpts.WithPadding {
		t.Errorf("hibp client pwned padding option was not set properly. Expected %t, got: %t",
			true, hc.PwnedPassAPIOpts.WithPadding)
	}
}

// TestNewWithPwnedNTLMHash tests the New() function with the PwnedPadding option
func TestNewWithPwnedNTLMHash(t *testing.T) {
	hc := New(WithPwnedNTLMHash())
	if hc.PwnedPassAPIOpts.HashMode != HashModeNTLM {
		t.Errorf("hibp client NTLM hash mode option was not set properly. Expected %d, got: %d",
			HashModeNTLM, hc.PwnedPassAPIOpts.HashMode)
	}
	hc = New()
	if hc.PwnedPassAPIOpts.HashMode != HashModeSHA1 {
		t.Errorf("hibp client SHA-1 hash mode option was not set properly. Expected %d, got: %d",
			HashModeSHA1, hc.PwnedPassAPIOpts.HashMode)
	}
}

// TestNewWithApiKey tests the New() function with the API key set
func TestNewWithApiKey(t *testing.T) {
	apiKey := os.Getenv("HIBP_API_KEY")
	hc := New(WithAPIKey(apiKey), WithRateLimitSleep())
	if hc.ak != apiKey {
		t.Errorf("hibp client API key was not set properly. Expected %s, got: %s",
			apiKey, hc.ak)
	}
}

// TestNewWithUserAgent tests the New() function with a custom user agent
func TestNewWithUserAgent(t *testing.T) {
	hc := New()
	if hc.ua != DefaultUserAgent {
		t.Errorf("hibp client default user agent was not set properly. Expected %s, got: %s",
			DefaultUserAgent, hc.ua)
	}

	custUA := fmt.Sprintf("customUA v%s", Version)
	hc = New(WithUserAgent(custUA))
	if hc.ua != custUA {
		t.Errorf("hibp client custom user agent was not set properly. Expected %s, got: %s",
			custUA, hc.ua)
	}

	hc = New(WithUserAgent(""))
	if hc.ua != DefaultUserAgent {
		t.Errorf("hibp client custom user agent was not set properly. Expected %s, got: %s",
			DefaultUserAgent, hc.ua)
	}
}

func TestClient_HTTPReq(t *testing.T) {
	u1 := "this://is.invalid.tld/with/invalid/chars/" + string([]byte{0x7f})
	u2 := "this://is.invalid.tld/"
	hc := New()
	_, err := hc.HTTPReq(http.MethodGet, u1, map[string]string{"foo": "bar"})
	if err == nil {
		t.Errorf("HTTP GET request was supposed to fail, but didn't")
	}
	_, err = hc.HTTPReq("äöü", u2, map[string]string{"foo": "bar"})
	if err == nil {
		t.Errorf("HTTP GET request was supposed to fail, but didn't")
	}
	_, err = hc.HTTPReq("POST", u2, map[string]string{"foo": "bar"})
	if err != nil {
		t.Errorf("HTTP POST request failed: %s", err)
	}
}

func TestClient_HTTPResBody(t *testing.T) {
	u1 := "this://is.invalid.tld/with/invalid/chars/" + string([]byte{0x7f})
	u2 := "this://is.invalid.tld/"
	hc := New()
	_, _, err := hc.HTTPResBody(http.MethodGet, u1, map[string]string{"foo": "bar"})
	if err == nil {
		t.Errorf("HTTP GET request was supposed to fail, but didn't")
	}
	_, _, err = hc.HTTPResBody("äöü", u2, map[string]string{"foo": "bar"})
	if err == nil {
		t.Errorf("HTTP GET request was supposed to fail, but didn't")
	}
	_, _, err = hc.HTTPResBody("POST", u2, map[string]string{"foo": "bar"})
	if err == nil {
		t.Errorf("HTTP POST request was supposed to fail, but didn't")
	}
}
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00			`package hibp`

			`import (`
Added BreachedAccount() to breaches API Also added WithUserAgent() to the HIBP client for custom UA configuration 2021-09-22 13:59:22 +02:00			`"fmt"`
Better test coverage 2022-10-29 16:58:56 +02:00			`"net/http"`
Wrong type in Errorf() 2021-09-21 19:47:17 +02:00			`"os"`
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00			`"testing"`
			`"time"`
			`)`

			`// TestNew tests the New() function`
			`func TestNew(t *testing.T) {`
			`hc := New()`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`if *hc.PwnedPassAPI.hibp != hc {`
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00			`t.Errorf("hibp client creation failed")`
			`}`
			`}`

Added BreachedAccount() to breaches API Also added WithUserAgent() to the HIBP client for custom UA configuration 2021-09-22 13:59:22 +02:00			`// TestNewWithNil tests the New() function with a nil option`
			`func TestNewWithNil(t *testing.T) {`
			`hc := New(nil)`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`if *hc.PwnedPassAPI.hibp != hc {`
Added BreachedAccount() to breaches API Also added WithUserAgent() to the HIBP client for custom UA configuration 2021-09-22 13:59:22 +02:00			`t.Errorf("hibp client creation failed")`
			`}`
			`}`

Added breaches 2021-09-21 18:21:23 +02:00			`// TestNewWithHttpTimeout tests the New() function with the http timeout option`
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00			`func TestNewWithHttpTimeout(t *testing.T) {`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`hc := New(WithHTTPTimeout(time.Second * 10))`
v0.1.1: Complete refactor 2021-09-21 11:21:04 +02:00			`if hc.to != time.Second*10 {`
			`t.Errorf("hibp client timeout option was not set properly. Expected %d, got: %d",`
			`time.Second*10, hc.to)`
			`}`
			`}`
Added breaches 2021-09-21 18:21:23 +02:00
			`// TestNewWithPwnedPadding tests the New() function with the PwnedPadding option`
			`func TestNewWithPwnedPadding(t *testing.T) {`
			`hc := New(WithPwnedPadding())`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`if !hc.PwnedPassAPIOpts.WithPadding {`
#27: Implement NTLM hash support for PwnedPassAPI This PR implements support for NTLM hashes as announced by Troy Hunt: https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768 For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib" A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will operate on NTLM hashes. Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM` 2023-02-09 17:07:20 +01:00			`t.Errorf("hibp client pwned padding option was not set properly. Expected %t, got: %t",`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`true, hc.PwnedPassAPIOpts.WithPadding)`
Added breaches 2021-09-21 18:21:23 +02:00			`}`
			`}`
Wrong type in Errorf() 2021-09-21 19:47:17 +02:00
#27: Implement NTLM hash support for PwnedPassAPI This PR implements support for NTLM hashes as announced by Troy Hunt: https://s.pebcak.de/@troyhunt@infosec.exchange/109833758367903768 For this we needed to be able to calculate MD4 hashes, as NTLM basically is calculated like this: `MD4(UTF-16LE(pw))`. For this we ported the official golang.org/x/crypto/md4 package, so we can still claim that "only depends on Go stdlib" A new Client option has been introduced: `WithPwnedNTLMHash`. If the client is initalized with this option, all generic methods (`ListHashesPassword` and `CheckPassword`) will operate on NTLM hashes. Additionally, there are now equivalent methods for checking passwords and listing hashes for NTLM: `CheckNTLM` and `ListHashesNTLM` 2023-02-09 17:07:20 +01:00			`// TestNewWithPwnedNTLMHash tests the New() function with the PwnedPadding option`
			`func TestNewWithPwnedNTLMHash(t *testing.T) {`
			`hc := New(WithPwnedNTLMHash())`
			`if hc.PwnedPassAPIOpts.HashMode != HashModeNTLM {`
			`t.Errorf("hibp client NTLM hash mode option was not set properly. Expected %d, got: %d",`
			`HashModeNTLM, hc.PwnedPassAPIOpts.HashMode)`
			`}`
			`hc = New()`
			`if hc.PwnedPassAPIOpts.HashMode != HashModeSHA1 {`
			`t.Errorf("hibp client SHA-1 hash mode option was not set properly. Expected %d, got: %d",`
			`HashModeSHA1, hc.PwnedPassAPIOpts.HashMode)`
			`}`
			`}`

Wrong type in Errorf() 2021-09-21 19:47:17 +02:00			`// TestNewWithApiKey tests the New() function with the API key set`
			`func TestNewWithApiKey(t *testing.T) {`
			`apiKey := os.Getenv("HIBP_API_KEY")`
Implement a golangci-lint workflow and the accordingly GH action 2022-10-29 15:32:12 +02:00			`hc := New(WithAPIKey(apiKey), WithRateLimitSleep())`
Wrong type in Errorf() 2021-09-21 19:47:17 +02:00			`if hc.ak != apiKey {`
			`t.Errorf("hibp client API key was not set properly. Expected %s, got: %s",`
			`apiKey, hc.ak)`
			`}`
			`}`
Added BreachedAccount() to breaches API Also added WithUserAgent() to the HIBP client for custom UA configuration 2021-09-22 13:59:22 +02:00
			`// TestNewWithUserAgent tests the New() function with a custom user agent`
			`func TestNewWithUserAgent(t *testing.T) {`
			`hc := New()`
			`if hc.ua != DefaultUserAgent {`
			`t.Errorf("hibp client default user agent was not set properly. Expected %s, got: %s",`
			`DefaultUserAgent, hc.ua)`
			`}`

			`custUA := fmt.Sprintf("customUA v%s", Version)`
			`hc = New(WithUserAgent(custUA))`
			`if hc.ua != custUA {`
			`t.Errorf("hibp client custom user agent was not set properly. Expected %s, got: %s",`
			`custUA, hc.ua)`
			`}`
Fix code smell in WithUserAgent() option detected by SonarQube 2022-04-12 22:52:24 +02:00
			`hc = New(WithUserAgent(""))`
			`if hc.ua != DefaultUserAgent {`
			`t.Errorf("hibp client custom user agent was not set properly. Expected %s, got: %s",`
			`DefaultUserAgent, hc.ua)`
			`}`
Added BreachedAccount() to breaches API Also added WithUserAgent() to the HIBP client for custom UA configuration 2021-09-22 13:59:22 +02:00			`}`
Better test coverage 2022-10-29 16:58:56 +02:00
			`func TestClient_HTTPReq(t *testing.T) {`
			`u1 := "this://is.invalid.tld/with/invalid/chars/" + string([]byte{0x7f})`
			`u2 := "this://is.invalid.tld/"`
			`hc := New()`
			`_, err := hc.HTTPReq(http.MethodGet, u1, map[string]string{"foo": "bar"})`
			`if err == nil {`
			`t.Errorf("HTTP GET request was supposed to fail, but didn't")`
			`}`
			`_, err = hc.HTTPReq("äöü", u2, map[string]string{"foo": "bar"})`
			`if err == nil {`
			`t.Errorf("HTTP GET request was supposed to fail, but didn't")`
			`}`
			`_, err = hc.HTTPReq("POST", u2, map[string]string{"foo": "bar"})`
			`if err != nil {`
			`t.Errorf("HTTP POST request failed: %s", err)`
			`}`
			`}`

			`func TestClient_HTTPResBody(t *testing.T) {`
			`u1 := "this://is.invalid.tld/with/invalid/chars/" + string([]byte{0x7f})`
			`u2 := "this://is.invalid.tld/"`
			`hc := New()`
			`_, _, err := hc.HTTPResBody(http.MethodGet, u1, map[string]string{"foo": "bar"})`
			`if err == nil {`
			`t.Errorf("HTTP GET request was supposed to fail, but didn't")`
			`}`
			`_, _, err = hc.HTTPResBody("äöü", u2, map[string]string{"foo": "bar"})`
			`if err == nil {`
			`t.Errorf("HTTP GET request was supposed to fail, but didn't")`
			`}`
			`_, _, err = hc.HTTPResBody("POST", u2, map[string]string{"foo": "bar"})`
			`if err == nil {`
			`t.Errorf("HTTP POST request was supposed to fail, but didn't")`
			`}`
			`}`