passwordcheck: Add test suite

Also improve one error message. Reviewed-by: David Steele <david@pgmasters.net>

passwordcheck: Add test suite
Also improve one error message. Reviewed-by: David Steele <david@pgmasters.net>
af7211e9 · Peter Eisentraut · 8423bf4f · af7211e9 · af7211e9 · af7211e9
Commit af7211e9 authored Aug 11, 2017 by Peter Eisentraut
6 changed files
--- a/contrib/passwordcheck/.gitignore
+++ b/contrib/passwordcheck/.gitignore
+# Generated subdirectories
+/log/
+/results/
+/tmp_check/
--- a/contrib/passwordcheck/Makefile
+++ b/contrib/passwordcheck/Makefile
@@ -8,6 +8,11 @@ PGFILEDESC = "passwordcheck - strengthen user password checks"
 # PG_CPPFLAGS = -DUSE_CRACKLIB '-DCRACKLIB_DICTPATH="/usr/lib/cracklib_dict"'
 # SHLIB_LINK = -lcrack

+REGRESS_OPTS = --temp-config $(srcdir)/passwordcheck.conf
+REGRESS = passwordcheck
+# disabled because these tests require setting shared_preload_libraries
+NO_INSTALLCHECK = 1
+
 ifdef USE_PGXS
 PG_CONFIG = pg_config
 PGXS := $(shell $(PG_CONFIG) --pgxs)

--- a/contrib/passwordcheck/expected/passwordcheck.out
+++ b/contrib/passwordcheck/expected/passwordcheck.out
+CREATE USER regress_user1;
+-- ok
+ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
+-- error: too short
+ALTER USER regress_user1 PASSWORD 'tooshrt';
+ERROR:  password is too short
+-- error: contains user name
+ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
+ERROR:  password must not contain user name
+-- error: contains only letters
+ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
+ERROR:  password must contain both letters and nonletters
+-- encrypted ok (password is "secret")
+ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
+-- error: password is user name
+ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
+ERROR:  password must not equal user name
+DROP USER regress_user1;
--- a/contrib/passwordcheck/passwordcheck.c
+++ b/contrib/passwordcheck/passwordcheck.c
@@ -70,7 +70,7 @@ check_password(const char *username,
 		if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK)
 			ereport(ERROR,
 					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-					 errmsg("password must not contain user name")));
+					 errmsg("password must not equal user name")));
 	}
 	else
 	{

--- a/contrib/passwordcheck/passwordcheck.conf
+++ b/contrib/passwordcheck/passwordcheck.conf
+shared_preload_libraries = 'passwordcheck'
--- a/contrib/passwordcheck/sql/passwordcheck.sql
+++ b/contrib/passwordcheck/sql/passwordcheck.sql
+CREATE USER regress_user1;
+
+-- ok
+ALTER USER regress_user1 PASSWORD 'a_nice_long_password';
+
+-- error: too short
+ALTER USER regress_user1 PASSWORD 'tooshrt';
+
+-- error: contains user name
+ALTER USER regress_user1 PASSWORD 'xyzregress_user1';
+
+-- error: contains only letters
+ALTER USER regress_user1 PASSWORD 'alessnicelongpassword';
+
+-- encrypted ok (password is "secret")
+ALTER USER regress_user1 PASSWORD 'md51a44d829a20a23eac686d9f0d258af13';
+
+-- error: password is user name
+ALTER USER regress_user1 PASSWORD 'md5e589150ae7d28f93333afae92b36ef48';
+
+DROP USER regress_user1;