fortress-api-server 1.0.1

REST API server for Fortress secure database system
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

#[cfg(test)]
mod auth_tests {
    use crate::auth::{
        hash_password_secure, verify_password_secure, 
        InMemoryUserStore, AuthManager, AuthConfig
    };
    use std::collections::HashMap;
    use std::sync::Arc;
    use parking_lot::RwLock;

    #[test]
    fn test_secure_password_hashing() {
        let password = "test123";
        let hash = hash_password_secure(password).unwrap();
        
        // Verify the hash works
        assert!(verify_password_secure(password, &hash).unwrap());
        assert!(!verify_password_secure("wrong", &hash).unwrap());
        
        // Verify hashes are unique (due to random salt)
        let hash2 = hash_password_secure(password).unwrap();
        assert_ne!(hash, hash2);
        
        println!("✅ Secure password hashing test passed");
    }

    #[test]
    fn test_user_store_creation() {
        let store = InMemoryUserStore::new();
        assert!(store.users.read().is_empty());
        
        let store_with_admin = InMemoryUserStore::with_default_admin();
        assert_eq!(store_with_admin.users.read().len(), 1);
        
        let admin = store_with_admin.users.read().get("admin").unwrap();
        assert_eq!(admin.username, "admin");
        assert!(verify_password_secure("admin123", &admin.password_hash).unwrap());
        
        println!("✅ User store creation test passed");
    }

    #[test]
    fn test_account_lockout() {
        let config = AuthConfig::default();
        let auth_manager = AuthManager::new(config).unwrap();
        
        // Create a test user
        let user_store = InMemoryUserStore::new();
        let password_hash = hash_password_secure("password123").unwrap();
        
        let mut users = user_store.users.write();
        users.insert("testuser".to_string(), crate::auth::UserRecord {
            id: "test_user".to_string(),
            username: "testuser".to_string(),
            password_hash,
            email: Some("test@example.com".to_string()),
            roles: vec!["user".to_string()],
            tenant_id: None,
            failed_login_attempts: 0,
            locked_until: None,
        });
        drop(users);
        
        // Test successful login
        let result = auth_manager.authenticate("testuser", "password123", "127.0.0.1", "Mozilla/5.0");
        assert!(result.await.is_ok());
        
        println!("✅ Account lockout test passed");
    }

    #[test]
    fn test_argon2id_security() {
        // Test that Argon2id is properly configured
        let password = "secure_password_123!";
        let hash = hash_password_secure(password).unwrap();
        
        // Verify hash contains Argon2id identifier
        assert!(hash.starts_with("$argon2id$"));
        
        // Verify it's not vulnerable to simple attacks
        assert!(hash.len() > 50); // Argon2id hashes are long
        assert!(hash.contains('$')); // Contains delimiter
        
        println!("✅ Argon2id security test passed");
    }
}