markbase/markbase-core/src/security_audit/auth_security.rs

use crate::provider::{DataProvider, SqliteProvider, User};
use std::sync::Arc;

fn get_test_provider() -> Arc<dyn DataProvider> {
    let db_path = format!(
        "{}/../data/auth.sqlite",
        std::env::var("CARGO_MANIFEST_DIR").unwrap()
    );
    Arc::new(SqliteProvider::new(&db_path).unwrap())
}

#[test]
fn test_password_authentication_brute_force_prevention() {
    let provider = get_test_provider();

    assert!(provider.check_password("demo", "demo123").unwrap());
    assert!(!provider.check_password("demo", "wrongpassword").unwrap());
    assert!(!provider.check_password("demo", "").unwrap());
    assert!(!provider
        .check_password("__nonexistent__", "anypassword")
        .unwrap());
}

#[test]
fn test_publickey_authentication_security() {
    let provider = get_test_provider();

    let keys = provider.get_public_keys("demo").unwrap();
    assert!(keys.is_empty() || keys.len() >= 0);

    let keys = provider.get_public_keys("__nonexistent__").unwrap();
    assert!(keys.is_empty());
}

#[test]
fn test_user_status_check() {
    let provider = get_test_provider();

    let user = provider.get_user("demo").unwrap();
    assert!(user.is_some());

    let user = provider.get_user("demo").unwrap();
    if let Some(u) = user {
        assert_eq!(u.status, 1);
    }
}

#[test]
fn test_home_dir_security() {
    let provider = get_test_provider();

    let home = provider.get_home_dir("demo").unwrap();
    assert!(home.is_some());

    let home = provider.get_home_dir("__nonexistent__").unwrap();
    assert!(home.is_none());

    if let Some(home_path) = provider.get_home_dir("demo").unwrap() {
        assert!(!home_path.contains(".."));
        assert!(!home_path.starts_with("/etc"));
        assert!(!home_path.starts_with("/root"));
    }
}