1111 lines
30 KiB
Go
1111 lines
30 KiB
Go
package session
|
|
|
|
import (
|
|
"bytes"
|
|
"errors"
|
|
"io"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"git.julianfamily.org/keepassgo/vault"
|
|
"git.julianfamily.org/keepassgo/webdav"
|
|
"github.com/tobischo/gokeepasslib/v3"
|
|
w "github.com/tobischo/gokeepasslib/v3/wrappers"
|
|
)
|
|
|
|
func TestCreateSaveAsLockAndUnlockRoundTripsVault(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
var sess Manager
|
|
if err := sess.Create(model, key); err != nil {
|
|
t.Fatalf("Create() error = %v", err)
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "keepassgo.kdbx")
|
|
if err := sess.SaveAs(path); err != nil {
|
|
t.Fatalf("SaveAs() error = %v", err)
|
|
}
|
|
|
|
if _, err := os.Stat(path); err != nil {
|
|
t.Fatalf("Stat(saved path) error = %v", err)
|
|
}
|
|
|
|
if err := sess.Lock(); err != nil {
|
|
t.Fatalf("Lock() error = %v", err)
|
|
}
|
|
|
|
if _, err := sess.Current(); !errors.Is(err, ErrLocked) {
|
|
t.Fatalf("Current() error = %v, want ErrLocked", err)
|
|
}
|
|
|
|
if err := sess.Unlock(key); err != nil {
|
|
t.Fatalf("Unlock() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() after Unlock() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 || got[0].Title != "Git Server" || got[0].Password != "token-1" {
|
|
t.Fatalf("Current() entries = %#v, want persisted Git Server entry", got)
|
|
}
|
|
}
|
|
|
|
func TestOpenLoadsExistingKDBXFromDisk(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Home Assistant (Codex)",
|
|
Username: "codex",
|
|
Password: "token-2",
|
|
URL: "https://lights.julianfamily.org",
|
|
Path: []string{"Root", "Home Assistant"},
|
|
},
|
|
},
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "existing.kdbx")
|
|
file, err := os.Create(path)
|
|
if err != nil {
|
|
t.Fatalf("Create(existing path) error = %v", err)
|
|
}
|
|
if err := vault.SaveKDBXWithKey(file, model, key); err != nil {
|
|
file.Close()
|
|
t.Fatalf("SaveKDBXWithKey() error = %v", err)
|
|
}
|
|
if err := file.Close(); err != nil {
|
|
t.Fatalf("Close(existing path) error = %v", err)
|
|
}
|
|
|
|
var sess Manager
|
|
if err := sess.Open(path, key); err != nil {
|
|
t.Fatalf("Open() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Home Assistant"})
|
|
if len(got) != 1 || got[0].Password != "token-2" {
|
|
t.Fatalf("Current() entries = %#v, want Home Assistant entry", got)
|
|
}
|
|
}
|
|
|
|
func TestSavePersistsEditsBackToCurrentPath(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "editable.kdbx")
|
|
|
|
var sess Manager
|
|
if err := sess.Create(model, key); err != nil {
|
|
t.Fatalf("Create() error = %v", err)
|
|
}
|
|
if err := sess.SaveAs(path); err != nil {
|
|
t.Fatalf("SaveAs() error = %v", err)
|
|
}
|
|
|
|
updated := model
|
|
updated.UpsertEntry(vault.Entry{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-2",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
})
|
|
sess.Replace(updated)
|
|
|
|
if err := sess.Save(); err != nil {
|
|
t.Fatalf("Save() error = %v", err)
|
|
}
|
|
|
|
reopened, err := os.Open(path)
|
|
if err != nil {
|
|
t.Fatalf("Open(saved path) error = %v", err)
|
|
}
|
|
defer reopened.Close()
|
|
|
|
loaded, err := vault.LoadKDBXWithKey(reopened, key)
|
|
if err != nil {
|
|
t.Fatalf("LoadKDBXWithKey() error = %v", err)
|
|
}
|
|
|
|
got := loaded.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 || got[0].Password != "token-2" {
|
|
t.Fatalf("loaded entries = %#v, want updated password token-2", got)
|
|
}
|
|
}
|
|
|
|
func TestSaveReparentsMixedPathsUnderSingleVaultRoot(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
path := filepath.Join(t.TempDir(), "hidden-root.kdbx")
|
|
|
|
var initial bytes.Buffer
|
|
if err := vault.SaveKDBX(&initial, vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"keepass", "Joe", "Internet"},
|
|
},
|
|
{
|
|
ID: "entry-2",
|
|
Title: "Mail",
|
|
Username: "joejulian",
|
|
Password: "token-2",
|
|
URL: "https://mail.julianfamily.org",
|
|
Path: []string{"keepass", "Joe", "eMail"},
|
|
},
|
|
},
|
|
}, key.Password); err != nil {
|
|
t.Fatalf("SaveKDBX() error = %v", err)
|
|
}
|
|
if err := os.WriteFile(path, initial.Bytes(), 0o600); err != nil {
|
|
t.Fatalf("WriteFile(hidden-root.kdbx) error = %v", err)
|
|
}
|
|
|
|
var sess Manager
|
|
if err := sess.Open(path, key); err != nil {
|
|
t.Fatalf("Open() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
current.Entries[0].Path = []string{"Joe", "Internet"}
|
|
current.Groups = append(current.Groups, []string{"Joe"}, []string{"Joe", "Internet"}, []string{"Joe", "eMail"})
|
|
sess.Replace(current)
|
|
|
|
if err := sess.Save(); err != nil {
|
|
t.Fatalf("Save() error = %v", err)
|
|
}
|
|
|
|
reopened, err := os.Open(path)
|
|
if err != nil {
|
|
t.Fatalf("Open(saved path) error = %v", err)
|
|
}
|
|
defer reopened.Close()
|
|
|
|
db := gokeepasslib.NewDatabase()
|
|
db.Credentials = gokeepasslib.NewPasswordCredentials(key.Password)
|
|
if err := gokeepasslib.NewDecoder(reopened).Decode(db); err != nil {
|
|
t.Fatalf("Decode(saved path) error = %v", err)
|
|
}
|
|
if err := db.UnlockProtectedEntries(); err != nil {
|
|
t.Fatalf("UnlockProtectedEntries() error = %v", err)
|
|
}
|
|
|
|
if len(db.Content.Root.Groups) != 1 || db.Content.Root.Groups[0].Name != "keepass" {
|
|
t.Fatalf("top-level groups = %#v, want single keepass root", db.Content.Root.Groups)
|
|
}
|
|
rootGroups := db.Content.Root.Groups[0].Groups
|
|
if len(rootGroups) != 1 || rootGroups[0].Name != "Joe" {
|
|
t.Fatalf("keepass child groups = %#v, want single Joe group", rootGroups)
|
|
}
|
|
}
|
|
|
|
func TestSaveWithoutPathFails(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
var sess Manager
|
|
if err := sess.Create(vault.Model{}, vault.MasterKey{Password: "correct horse battery staple"}); err != nil {
|
|
t.Fatalf("Create() error = %v", err)
|
|
}
|
|
|
|
err := sess.Save()
|
|
if !errors.Is(err, ErrNoPath) {
|
|
t.Fatalf("Save() error = %v, want ErrNoPath", err)
|
|
}
|
|
}
|
|
|
|
func TestOpenRemoteLoadsExistingKDBXFromWebDAV(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
var encoded bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&encoded, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey() error = %v", err)
|
|
}
|
|
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
if r.Method != http.MethodGet || r.URL.Path != "/vaults/main.kdbx" {
|
|
t.Fatalf("unexpected request %s %s", r.Method, r.URL.Path)
|
|
}
|
|
|
|
w.Header().Set("ETag", "\"v1\"")
|
|
_, _ = w.Write(encoded.Bytes())
|
|
}))
|
|
defer server.Close()
|
|
|
|
client := webdav.Client{BaseURL: server.URL}
|
|
|
|
var sess Manager
|
|
if err := sess.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("OpenRemote() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 || got[0].Password != "token-1" {
|
|
t.Fatalf("Current() entries = %#v, want Git Server entry from remote vault", got)
|
|
}
|
|
}
|
|
|
|
func TestSaveRemotePersistsEditsBackToWebDAV(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Home Assistant (Codex)",
|
|
Username: "codex",
|
|
Password: "token-1",
|
|
URL: "https://lights.julianfamily.org",
|
|
Path: []string{"Root", "Home Assistant"},
|
|
},
|
|
},
|
|
}
|
|
|
|
var (
|
|
savedETag string
|
|
savedBytes []byte
|
|
)
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
var encoded bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&encoded, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey() error = %v", err)
|
|
}
|
|
w.Header().Set("ETag", "\"v1\"")
|
|
_, _ = w.Write(encoded.Bytes())
|
|
case http.MethodPut:
|
|
savedETag = r.Header.Get("If-Match")
|
|
var err error
|
|
savedBytes, err = io.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatalf("ReadAll(PUT body) error = %v", err)
|
|
}
|
|
w.Header().Set("ETag", "\"v2\"")
|
|
w.WriteHeader(http.StatusNoContent)
|
|
default:
|
|
t.Fatalf("unexpected method %s", r.Method)
|
|
}
|
|
}))
|
|
defer server.Close()
|
|
|
|
client := webdav.Client{BaseURL: server.URL}
|
|
|
|
var sess Manager
|
|
if err := sess.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("OpenRemote() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
current.UpsertEntry(vault.Entry{
|
|
ID: "entry-1",
|
|
Title: "Home Assistant (Codex)",
|
|
Username: "codex",
|
|
Password: "token-2",
|
|
URL: "https://lights.julianfamily.org",
|
|
Path: []string{"Root", "Home Assistant"},
|
|
})
|
|
sess.Replace(current)
|
|
|
|
if err := sess.SaveRemote(); err != nil {
|
|
t.Fatalf("SaveRemote() error = %v", err)
|
|
}
|
|
|
|
if savedETag != "\"v1\"" {
|
|
t.Fatalf("If-Match header = %q, want %q", savedETag, "\"v1\"")
|
|
}
|
|
|
|
loaded, err := vault.LoadKDBXWithKey(bytes.NewReader(savedBytes), key)
|
|
if err != nil {
|
|
t.Fatalf("LoadKDBXWithKey(savedBytes) error = %v", err)
|
|
}
|
|
|
|
got := loaded.EntriesInPath([]string{"Root", "Home Assistant"})
|
|
if len(got) != 1 || got[0].Password != "token-2" {
|
|
t.Fatalf("loaded remote entries = %#v, want updated token-2 entry", got)
|
|
}
|
|
}
|
|
|
|
func TestSaveUsesRemoteTargetWhenVaultWasOpenedFromWebDAV(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
var putCount int
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
var encoded bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&encoded, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey() error = %v", err)
|
|
}
|
|
w.Header().Set("ETag", "\"v1\"")
|
|
_, _ = w.Write(encoded.Bytes())
|
|
case http.MethodPut:
|
|
putCount++
|
|
w.Header().Set("ETag", "\"v2\"")
|
|
w.WriteHeader(http.StatusNoContent)
|
|
default:
|
|
t.Fatalf("unexpected method %s", r.Method)
|
|
}
|
|
}))
|
|
defer server.Close()
|
|
|
|
client := webdav.Client{BaseURL: server.URL}
|
|
|
|
var sess Manager
|
|
if err := sess.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("OpenRemote() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
current.UpsertEntry(vault.Entry{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-2",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
})
|
|
sess.Replace(current)
|
|
|
|
if err := sess.Save(); err != nil {
|
|
t.Fatalf("Save() error = %v", err)
|
|
}
|
|
|
|
if putCount != 1 {
|
|
t.Fatalf("remote PUT count = %d, want 1", putCount)
|
|
}
|
|
}
|
|
|
|
func TestChangeMasterKeyReencryptsSavedAndLockedVault(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
originalKey := vault.MasterKey{Password: "old-password"}
|
|
updatedKey := vault.MasterKey{
|
|
Password: "new-password",
|
|
KeyFileData: []byte("updated-key-file"),
|
|
}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "keepassgo.kdbx")
|
|
|
|
var sess Manager
|
|
if err := sess.Create(model, originalKey); err != nil {
|
|
t.Fatalf("Create() error = %v", err)
|
|
}
|
|
if err := sess.SaveAs(path); err != nil {
|
|
t.Fatalf("SaveAs() error = %v", err)
|
|
}
|
|
if err := sess.Lock(); err != nil {
|
|
t.Fatalf("Lock() error = %v", err)
|
|
}
|
|
if err := sess.ChangeMasterKey(updatedKey); err != nil {
|
|
t.Fatalf("ChangeMasterKey() error = %v", err)
|
|
}
|
|
if err := sess.Save(); err != nil {
|
|
t.Fatalf("Save() error = %v", err)
|
|
}
|
|
|
|
if err := sess.Unlock(updatedKey); err != nil {
|
|
t.Fatalf("Unlock(updatedKey) error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 || got[0].Title != "Git Server" {
|
|
t.Fatalf("Current() entries = %#v, want Git Server entry after ChangeMasterKey", got)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.Open(path, updatedKey); err != nil {
|
|
t.Fatalf("Open(updatedKey) error = %v", err)
|
|
}
|
|
if err := reopened.Open(path, originalKey); !errors.Is(err, vault.ErrInvalidMasterKey) {
|
|
t.Fatalf("Open(originalKey) error = %v, want ErrInvalidMasterKey", err)
|
|
}
|
|
}
|
|
|
|
func TestSavePreservesOpenedKDBXSecuritySettings(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
db := gokeepasslib.NewDatabase(gokeepasslib.WithDatabaseKDBXVersion4())
|
|
db.Credentials = gokeepasslib.NewPasswordCredentials(key.Password)
|
|
db.Content.Root.Groups = []gokeepasslib.Group{
|
|
{
|
|
Name: "Root",
|
|
Entries: []gokeepasslib.Entry{
|
|
{
|
|
UUID: gokeepasslib.NewUUID(),
|
|
Values: []gokeepasslib.ValueData{
|
|
{Key: "Title", Value: gokeepasslib.V{Content: "Git Server"}},
|
|
{Key: "UserName", Value: gokeepasslib.V{Content: "joejulian"}},
|
|
{Key: "Password", Value: gokeepasslib.V{Content: "token-1", Protected: w.NewBoolWrapper(true)}},
|
|
{Key: "URL", Value: gokeepasslib.V{Content: "https://git.julianfamily.org"}},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
if err := db.LockProtectedEntries(); err != nil {
|
|
t.Fatalf("LockProtectedEntries() error = %v", err)
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "kdbx4.kdbx")
|
|
file, err := os.Create(path)
|
|
if err != nil {
|
|
t.Fatalf("Create(path) error = %v", err)
|
|
}
|
|
if err := gokeepasslib.NewEncoder(file).Encode(db); err != nil {
|
|
file.Close()
|
|
t.Fatalf("Encode() error = %v", err)
|
|
}
|
|
if err := file.Close(); err != nil {
|
|
t.Fatalf("Close(path) error = %v", err)
|
|
}
|
|
|
|
var sess Manager
|
|
if err := sess.Open(path, key); err != nil {
|
|
t.Fatalf("Open() error = %v", err)
|
|
}
|
|
|
|
current, err := sess.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() error = %v", err)
|
|
}
|
|
current.UpsertEntry(vault.Entry{
|
|
ID: current.Entries[0].ID,
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-2",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: current.Entries[0].Path,
|
|
})
|
|
sess.Replace(current)
|
|
|
|
if err := sess.Save(); err != nil {
|
|
t.Fatalf("Save() error = %v", err)
|
|
}
|
|
|
|
saved, err := os.Open(path)
|
|
if err != nil {
|
|
t.Fatalf("Open(saved path) error = %v", err)
|
|
}
|
|
defer saved.Close()
|
|
|
|
reloaded := gokeepasslib.NewDatabase()
|
|
reloaded.Credentials = gokeepasslib.NewPasswordCredentials(key.Password)
|
|
if err := gokeepasslib.NewDecoder(saved).Decode(reloaded); err != nil {
|
|
t.Fatalf("Decode(saved path) error = %v", err)
|
|
}
|
|
|
|
if !reloaded.Header.IsKdbx4() {
|
|
t.Fatal("saved header is not KDBX4, want preserved KDBX4 format")
|
|
}
|
|
if !bytes.Equal(reloaded.Header.FileHeaders.CipherID, db.Header.FileHeaders.CipherID) {
|
|
t.Fatalf("saved cipher = %x, want %x", reloaded.Header.FileHeaders.CipherID, db.Header.FileHeaders.CipherID)
|
|
}
|
|
if !bytes.Equal(reloaded.Header.FileHeaders.KdfParameters.UUID, db.Header.FileHeaders.KdfParameters.UUID) {
|
|
t.Fatalf("saved KDF UUID = %x, want %x", reloaded.Header.FileHeaders.KdfParameters.UUID, db.Header.FileHeaders.KdfParameters.UUID)
|
|
}
|
|
}
|
|
|
|
func TestRemoteSaveAndReopenPreservesCrossFeatureState(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-2",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
Attachments: map[string][]byte{
|
|
"token.txt": []byte("secret attachment contents"),
|
|
},
|
|
History: []vault.Entry{
|
|
{
|
|
ID: "entry-1-history-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
Templates: []vault.Entry{
|
|
{
|
|
ID: "tpl-1",
|
|
Title: "Website Login",
|
|
Username: "template-user",
|
|
Password: "template-password",
|
|
Path: []string{"Templates", "Web"},
|
|
},
|
|
},
|
|
RecycleBin: []vault.Entry{
|
|
{
|
|
ID: "deleted-1",
|
|
Title: "Retired Entry",
|
|
Username: "archived-user",
|
|
Password: "retired-token",
|
|
Path: []string{"Root", "Archive"},
|
|
},
|
|
},
|
|
Groups: [][]string{
|
|
{"Root", "Archive"},
|
|
{"Root", "Empty Group"},
|
|
{"Templates", "Web"},
|
|
},
|
|
}
|
|
|
|
var remoteBytes bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&remoteBytes, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey(seed remote) error = %v", err)
|
|
}
|
|
|
|
etag := "\"v1\""
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
w.Header().Set("ETag", etag)
|
|
_, _ = w.Write(remoteBytes.Bytes())
|
|
case http.MethodPut:
|
|
if got := r.Header.Get("If-Match"); got != etag {
|
|
t.Fatalf("If-Match header = %q, want %q", got, etag)
|
|
}
|
|
|
|
payload, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatalf("ReadAll(PUT body) error = %v", err)
|
|
}
|
|
|
|
remoteBytes.Reset()
|
|
if _, err := remoteBytes.Write(payload); err != nil {
|
|
t.Fatalf("Write(remoteBytes) error = %v", err)
|
|
}
|
|
|
|
etag = "\"v2\""
|
|
w.Header().Set("ETag", etag)
|
|
w.WriteHeader(http.StatusNoContent)
|
|
default:
|
|
t.Fatalf("unexpected method %s", r.Method)
|
|
}
|
|
}))
|
|
defer server.Close()
|
|
|
|
client := webdav.Client{BaseURL: server.URL}
|
|
|
|
var sess Manager
|
|
if err := sess.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("OpenRemote() error = %v", err)
|
|
}
|
|
if err := sess.SaveRemote(); err != nil {
|
|
t.Fatalf("SaveRemote() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("reopen OpenRemote() error = %v", err)
|
|
}
|
|
|
|
current, err := reopened.Current()
|
|
if err != nil {
|
|
t.Fatalf("Current() after reopen error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 {
|
|
t.Fatalf("len(EntriesInPath(Root/Internet)) after reopen = %d, want 1", len(got))
|
|
}
|
|
if got[0].ID != "entry-1" {
|
|
t.Fatalf("entry ID after remote reopen = %q, want %q", got[0].ID, "entry-1")
|
|
}
|
|
if len(got[0].History) != 1 || got[0].History[0].ID != "entry-1-history-1" {
|
|
t.Fatalf("History after remote reopen = %#v, want stable history ID entry-1-history-1", got[0].History)
|
|
}
|
|
if string(got[0].Attachments["token.txt"]) != "secret attachment contents" {
|
|
t.Fatalf("attachment after remote reopen = %q, want %q", string(got[0].Attachments["token.txt"]), "secret attachment contents")
|
|
}
|
|
if len(current.Templates) != 1 || current.Templates[0].Path[1] != "Web" {
|
|
t.Fatalf("Templates after remote reopen = %#v, want Website Login in Templates/Web", current.Templates)
|
|
}
|
|
if len(current.RecycleBin) != 1 || current.RecycleBin[0].Path[1] != "Archive" {
|
|
t.Fatalf("RecycleBin after remote reopen = %#v, want retired entry in Root/Archive", current.RecycleBin)
|
|
}
|
|
}
|
|
|
|
func TestConfigureSecurityAppliesToCreatedVaultAndPersists(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
var sess Manager
|
|
if err := sess.ConfigureSecurity(vault.SecuritySettings{
|
|
Cipher: vault.CipherAES256,
|
|
KDF: vault.KDFAES,
|
|
}); err != nil {
|
|
t.Fatalf("ConfigureSecurity() error = %v", err)
|
|
}
|
|
if err := sess.Create(vault.Model{}, vault.MasterKey{Password: "correct horse battery staple"}); err != nil {
|
|
t.Fatalf("Create() error = %v", err)
|
|
}
|
|
|
|
path := filepath.Join(t.TempDir(), "secure.kdbx")
|
|
if err := sess.SaveAs(path); err != nil {
|
|
t.Fatalf("SaveAs() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.Open(path, vault.MasterKey{Password: "correct horse battery staple"}); err != nil {
|
|
t.Fatalf("Open() error = %v", err)
|
|
}
|
|
got := reopened.SecuritySettings()
|
|
if got.Cipher != vault.CipherAES256 || got.KDF != vault.KDFAES {
|
|
t.Fatalf("SecuritySettings() = %#v, want aes256/aes-kdf", got)
|
|
}
|
|
}
|
|
|
|
func TestSynchronizeRemotePreservesOverwrittenRemoteVariantInHistory(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
model := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-1",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
var remoteBytes bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&remoteBytes, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey(seed remote) error = %v", err)
|
|
}
|
|
|
|
etag := "\"v1\""
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
w.Header().Set("ETag", etag)
|
|
_, _ = w.Write(remoteBytes.Bytes())
|
|
case http.MethodPut:
|
|
if got := r.Header.Get("If-Match"); got != etag {
|
|
t.Fatalf("If-Match header = %q, want %q", got, etag)
|
|
}
|
|
payload, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatalf("ReadAll(PUT body) error = %v", err)
|
|
}
|
|
remoteBytes.Reset()
|
|
if _, err := remoteBytes.Write(payload); err != nil {
|
|
t.Fatalf("Write(remoteBytes) error = %v", err)
|
|
}
|
|
switch etag {
|
|
case "\"v1\"":
|
|
etag = "\"v2\""
|
|
default:
|
|
etag = "\"v3\""
|
|
}
|
|
w.Header().Set("ETag", etag)
|
|
w.WriteHeader(http.StatusNoContent)
|
|
default:
|
|
t.Fatalf("unexpected method %s", r.Method)
|
|
}
|
|
}))
|
|
defer server.Close()
|
|
|
|
client := webdav.Client{BaseURL: server.URL}
|
|
|
|
var first Manager
|
|
if err := first.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("first OpenRemote() error = %v", err)
|
|
}
|
|
var second Manager
|
|
if err := second.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("second OpenRemote() error = %v", err)
|
|
}
|
|
|
|
firstCurrent, err := first.Current()
|
|
if err != nil {
|
|
t.Fatalf("first Current() error = %v", err)
|
|
}
|
|
firstCurrent.UpsertEntry(vault.Entry{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "remote-token-2",
|
|
URL: "https://git.julianfamily.org",
|
|
Notes: "updated remotely first",
|
|
Path: []string{"Root", "Internet"},
|
|
})
|
|
first.Replace(firstCurrent)
|
|
if err := first.SaveRemote(); err != nil {
|
|
t.Fatalf("first SaveRemote() error = %v", err)
|
|
}
|
|
|
|
secondCurrent, err := second.Current()
|
|
if err != nil {
|
|
t.Fatalf("second Current() error = %v", err)
|
|
}
|
|
secondCurrent.UpsertEntry(vault.Entry{
|
|
ID: "entry-1",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "local-token-2",
|
|
URL: "https://git.julianfamily.org/settings/tokens",
|
|
Path: []string{"Root", "Internet"},
|
|
})
|
|
second.Replace(secondCurrent)
|
|
if err := second.Synchronize(); err != nil {
|
|
t.Fatalf("second Synchronize() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.OpenRemote(client, "vaults/main.kdbx", key); err != nil {
|
|
t.Fatalf("reopened OpenRemote() error = %v", err)
|
|
}
|
|
current, err := reopened.Current()
|
|
if err != nil {
|
|
t.Fatalf("reopened Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 1 {
|
|
t.Fatalf("len(EntriesInPath(Root/Internet)) = %d, want 1", len(got))
|
|
}
|
|
if got[0].Password != "local-token-2" || got[0].URL != "https://git.julianfamily.org/settings/tokens" {
|
|
t.Fatalf("entry after synchronize = %#v, want local winning version", got[0])
|
|
}
|
|
if len(got[0].History) == 0 {
|
|
t.Fatal("len(History) = 0, want overwritten remote variant preserved")
|
|
}
|
|
if got[0].History[0].Password != "remote-token-2" || got[0].History[0].Notes != "updated remotely first" {
|
|
t.Fatalf("History[0] = %#v, want displaced remote version first", got[0].History[0])
|
|
}
|
|
}
|
|
|
|
func TestSynchronizeFromLocalMergesOtherVaultIntoCurrentSource(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
currentPath := filepath.Join(t.TempDir(), "current.kdbx")
|
|
otherPath := filepath.Join(t.TempDir(), "other.kdbx")
|
|
|
|
currentModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-current",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-current",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
otherModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-other",
|
|
Title: "Dynadot",
|
|
Username: "jjulian",
|
|
Password: "token-other",
|
|
URL: "https://www.dynadot.com",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
writeKDBXTestFile(t, currentPath, currentModel, key)
|
|
writeKDBXTestFile(t, otherPath, otherModel, key)
|
|
|
|
var sess Manager
|
|
if err := sess.Open(currentPath, key); err != nil {
|
|
t.Fatalf("Open(current) error = %v", err)
|
|
}
|
|
|
|
if err := sess.SynchronizeFromLocal(otherPath); err != nil {
|
|
t.Fatalf("SynchronizeFromLocal() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.Open(currentPath, key); err != nil {
|
|
t.Fatalf("reopen Open(current) error = %v", err)
|
|
}
|
|
current, err := reopened.Current()
|
|
if err != nil {
|
|
t.Fatalf("reopened Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 2 {
|
|
t.Fatalf("len(EntriesInPath(Root/Internet)) = %d, want 2", len(got))
|
|
}
|
|
}
|
|
|
|
func TestSynchronizeToLocalWritesMergedVaultToTarget(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
currentPath := filepath.Join(t.TempDir(), "current.kdbx")
|
|
otherPath := filepath.Join(t.TempDir(), "other.kdbx")
|
|
|
|
currentModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-current",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-current",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
otherModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-other",
|
|
Title: "Dynadot",
|
|
Username: "jjulian",
|
|
Password: "token-other",
|
|
URL: "https://www.dynadot.com",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
writeKDBXTestFile(t, currentPath, currentModel, key)
|
|
writeKDBXTestFile(t, otherPath, otherModel, key)
|
|
|
|
var sess Manager
|
|
if err := sess.Open(currentPath, key); err != nil {
|
|
t.Fatalf("Open(current) error = %v", err)
|
|
}
|
|
|
|
if err := sess.SynchronizeToLocal(otherPath); err != nil {
|
|
t.Fatalf("SynchronizeToLocal() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.Open(otherPath, key); err != nil {
|
|
t.Fatalf("reopen Open(other) error = %v", err)
|
|
}
|
|
current, err := reopened.Current()
|
|
if err != nil {
|
|
t.Fatalf("reopened Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 2 {
|
|
t.Fatalf("len(EntriesInPath(Root/Internet)) = %d, want 2", len(got))
|
|
}
|
|
}
|
|
|
|
func TestSynchronizeToRemoteWritesMergedVaultToTarget(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
key := vault.MasterKey{Password: "correct horse battery staple"}
|
|
currentPath := filepath.Join(t.TempDir(), "current.kdbx")
|
|
currentModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-current",
|
|
Title: "Git Server",
|
|
Username: "joejulian",
|
|
Password: "token-current",
|
|
URL: "https://git.julianfamily.org",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
remoteModel := vault.Model{
|
|
Entries: []vault.Entry{
|
|
{
|
|
ID: "entry-remote",
|
|
Title: "Dynadot",
|
|
Username: "jjulian",
|
|
Password: "token-remote",
|
|
URL: "https://www.dynadot.com",
|
|
Path: []string{"Root", "Internet"},
|
|
},
|
|
},
|
|
}
|
|
|
|
writeKDBXTestFile(t, currentPath, currentModel, key)
|
|
|
|
var remoteBytes bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&remoteBytes, remoteModel, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey(remote) error = %v", err)
|
|
}
|
|
|
|
etag := "\"v1\""
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
switch r.Method {
|
|
case http.MethodGet:
|
|
w.Header().Set("ETag", etag)
|
|
_, _ = w.Write(remoteBytes.Bytes())
|
|
case http.MethodPut:
|
|
payload, err := io.ReadAll(r.Body)
|
|
if err != nil {
|
|
t.Fatalf("ReadAll(PUT body) error = %v", err)
|
|
}
|
|
remoteBytes.Reset()
|
|
if _, err := remoteBytes.Write(payload); err != nil {
|
|
t.Fatalf("Write(remoteBytes) error = %v", err)
|
|
}
|
|
etag = "\"v2\""
|
|
w.Header().Set("ETag", etag)
|
|
w.WriteHeader(http.StatusNoContent)
|
|
default:
|
|
t.Fatalf("unexpected method %s", r.Method)
|
|
}
|
|
}))
|
|
defer server.Close()
|
|
|
|
var sess Manager
|
|
if err := sess.Open(currentPath, key); err != nil {
|
|
t.Fatalf("Open(current) error = %v", err)
|
|
}
|
|
|
|
if err := sess.SynchronizeToRemote(webdav.Client{BaseURL: server.URL}, "vaults/other.kdbx"); err != nil {
|
|
t.Fatalf("SynchronizeToRemote() error = %v", err)
|
|
}
|
|
|
|
var reopened Manager
|
|
if err := reopened.OpenRemote(webdav.Client{BaseURL: server.URL}, "vaults/other.kdbx", key); err != nil {
|
|
t.Fatalf("OpenRemote(reopened) error = %v", err)
|
|
}
|
|
current, err := reopened.Current()
|
|
if err != nil {
|
|
t.Fatalf("reopened Current() error = %v", err)
|
|
}
|
|
|
|
got := current.EntriesInPath([]string{"Root", "Internet"})
|
|
if len(got) != 2 {
|
|
t.Fatalf("len(EntriesInPath(Root/Internet)) = %d, want 2", len(got))
|
|
}
|
|
}
|
|
|
|
func writeKDBXTestFile(t *testing.T, path string, model vault.Model, key vault.MasterKey) {
|
|
t.Helper()
|
|
|
|
var encoded bytes.Buffer
|
|
if err := vault.SaveKDBXWithKey(&encoded, model, key); err != nil {
|
|
t.Fatalf("SaveKDBXWithKey(%s) error = %v", path, err)
|
|
}
|
|
if err := os.WriteFile(path, encoded.Bytes(), 0o600); err != nil {
|
|
t.Fatalf("WriteFile(%s) error = %v", path, err)
|
|
}
|
|
}
|