From fe0d3b3e27a5a70337b4d9174e1244569b4b0043 Mon Sep 17 00:00:00 2001 From: Arthur Passos Date: Mon, 24 Jun 2024 15:48:46 -0300 Subject: [PATCH] initial tests --- .../03174_add_identified_with.reference | 38 ++++++++ .../0_stateless/03174_add_identified_with.sh | 92 +++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 tests/queries/0_stateless/03174_add_identified_with.reference create mode 100755 tests/queries/0_stateless/03174_add_identified_with.sh diff --git a/tests/queries/0_stateless/03174_add_identified_with.reference b/tests/queries/0_stateless/03174_add_identified_with.reference new file mode 100644 index 00000000000..bd855d06ffc --- /dev/null +++ b/tests/queries/0_stateless/03174_add_identified_with.reference @@ -0,0 +1,38 @@ +Basic authentication after user creation +1 +Changed password, old password should not work +AUTHENTICATION_FAILED +New password should work +1 +Two new passwords were added, should both work +1 +1 +Gen ssh key +Authenticating with ssh key +1 +Altering credentials and keeping only bcrypt_password +Asserting SSH does not work anymore +AUTHENTICATION_FAILED +Asserting bcrypt_password works +1 +Adding new bcrypt_password +Both current authentication methods should work +1 +1 +Reset authentication methods to new +Only the latest should work, below should fail +AUTHENTICATION_FAILED +Should work +1 +Multiple identified with, not allowed +SYNTAX_ERROR +Multiple identified with, not allowed, even if mixed +SYNTAX_ERROR +Identified with must precede all add identified with, not allowed +SYNTAX_ERROR +CREATE Multiple identified with, not allowed +SYNTAX_ERROR +CREATE Multiple identified with, not allowed, even if mixed +SYNTAX_ERROR +CREATE Identified with must precede all add identified with, not allowed +SYNTAX_ERROR diff --git a/tests/queries/0_stateless/03174_add_identified_with.sh b/tests/queries/0_stateless/03174_add_identified_with.sh new file mode 100755 index 00000000000..f259f236c96 --- /dev/null +++ b/tests/queries/0_stateless/03174_add_identified_with.sh @@ -0,0 +1,92 @@ +#!/usr/bin/env bash + +CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +# shellcheck source=../shell_config.sh +. "$CURDIR"/../shell_config.sh + +function test_login_pwd +{ + ${CLICKHOUSE_CLIENT} --user $1 --password $2 --query "select 1" +} + +function test_login_pwd_expect_error +{ + test_login_pwd "$1" "$2" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED' +} + +user="u01_03174" + +${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}" + +${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password BY '1'" + +echo "Basic authentication after user creation" +test_login_pwd ${user} '1' + +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password BY '2'" + +echo "Changed password, old password should not work" +test_login_pwd_expect_error ${user} '1' + +echo "New password should work" +test_login_pwd ${user} '2' + +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH sha256_password BY '3' ADD IDENTIFIED WITH plaintext_password BY '4'" + +echo "Two new passwords were added, should both work" +test_login_pwd ${user} '3' + +test_login_pwd ${user} '4' + +echo "Gen ssh key" +yes 'yes' | ssh-keygen -t ed25519 -N '' -f 'ssh_key' > /dev/null + +pub_key=$(awk '{print $2}' ssh_key.pub) + +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH ssh_key BY KEY '${pub_key}' TYPE 'ssh-ed25519'" + +echo "Authenticating with ssh key" +${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1" + +echo "Altering credentials and keeping only bcrypt_password" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH bcrypt_password BY '5'" + +echo "Asserting SSH does not work anymore" +${CLICKHOUSE_CLIENT} --user ${user} --ssh-key-file 'ssh_key' --ssh-key-passphrase "" --query "SELECT 1" 2>&1 | grep -m1 -o 'AUTHENTICATION_FAILED' + +echo "Asserting bcrypt_password works" +test_login_pwd ${user} '5' + +echo "Adding new bcrypt_password" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH bcrypt_password BY '6'" + +echo "Both current authentication methods should work" +test_login_pwd ${user} '5' +test_login_pwd ${user} '6' + +echo "Reset authentication methods to new" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} RESET AUTHENTICATION METHODS TO NEW" + +echo "Only the latest should work, below should fail" +test_login_pwd_expect_error ${user} '5' + +echo "Should work" +test_login_pwd ${user} '6' + +echo "Multiple identified with, not allowed" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" +echo "Multiple identified with, not allowed, even if mixed" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} IDENTIFIED WITH plaintext_password '7' ADD IDENTIFIED WITH plaintext_password '8' IDENTIFIED WITH plaintext_password '9'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" +echo "Identified with must precede all add identified with, not allowed" +${CLICKHOUSE_CLIENT} --query "ALTER USER ${user} ADD IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" + +${CLICKHOUSE_CLIENT} --query "DROP USER ${user}" + +echo "CREATE Multiple identified with, not allowed" +${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" +echo "CREATE Multiple identified with, not allowed, even if mixed" +${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} IDENTIFIED WITH plaintext_password '7' ADD IDENTIFIED WITH plaintext_password '8' IDENTIFIED WITH plaintext_password '9'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" +echo "CREATE Identified with must precede all add identified with, not allowed" +${CLICKHOUSE_CLIENT} --query "CREATE USER ${user} ADD IDENTIFIED WITH plaintext_password '7' IDENTIFIED WITH plaintext_password '8'" 2>&1 | grep -m1 -o "SYNTAX_ERROR" + +${CLICKHOUSE_CLIENT} --query "DROP USER IF EXISTS ${user}"