Add more checks to make sure ipv6 and 4 keep working (#2564)

* Add more checks to make sure ipv6 and 4 keep working

* Update bugged test

* Add check for incorrect hash

bin/v-check-user-hash

@@ -13,7 +13,7 @@
 # Argument definition
 user=$1
 hash=$2; HIDE=2
-ip=${3-127.0.0.1}
+ip46=${3-127.0.0.1}
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -32,7 +32,7 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #----------------------------------------------------------#
 
 check_args '2' "$#" 'USER HASH'
-is_format_valid 'user'
+is_format_valid 'user' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ] && [ "$user" != 'root' ]; then
@@ -47,7 +47,7 @@ is_hash_valid
 # Checking empty hash
 if [[ -z "$hash" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -70,7 +70,7 @@ then
         method='sha-512'
     else
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 else
@@ -81,14 +81,14 @@ fi
 # Checking salt
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
 # Comparing hashes
 if [[ "$shadow" != "$hash" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -97,6 +97,6 @@ fi
 #----------------------------------------------------------#
 
 # Logging
-echo "$date $time $user $ip successfully logged in" >> $HESTIA/log/auth.log
+echo "$date $time $user $ip46 successfully logged in" >> $HESTIA/log/auth.log
 
 exit

bin/v-check-user-password

@@ -13,8 +13,8 @@
 # Argument definition
 user=$1
 password=$2; HIDE=2
-ip=${3-127.0.0.1}
-return_hash=$4
+ip46=${3-127.0.0.1}
+return_hash=${4-no}
 
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
@@ -32,23 +32,20 @@ date=$(echo "$time_n_date" |cut -f 2 -d \ )
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '2' "$#" 'USER PASSWORD RETURN_HASH'
-is_format_valid 'user'
+check_args '2' "$#" 'USER PASSWORD [ip] [RETURN_HASH]'
+is_format_valid 'user' 'password' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
-# Checking user password
-is_password_valid
-
 # Checking empty password
 if [[ -z "$password" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -81,7 +78,7 @@ fi
 
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -89,7 +86,7 @@ if [ "$method" = "yescrypt" ]; then
     hash=$(mkpasswd "$password" "$shadow")
     if [ $? -ne 0 ]; then 
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 else
@@ -98,7 +95,7 @@ else
     hash=$($BIN/v-generate-password-hash "$method" "$salt" <<< "$password")
     if [[ -z "$hash" ]]; then
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 fi
@@ -107,7 +104,7 @@ fi
 result=$(grep "^$user:$hash:" /etc/shadow 2>/dev/null)
 if [[ -z "$result" ]]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 

bin/v-get-user-salt

@@ -12,7 +12,7 @@
 
 # Argument definition
 user=$1
-ip=${2-127.0.0.1}
+ip46=${2-127.0.0.1}
 format=${3-shell}
 
 # Includes
@@ -63,13 +63,13 @@ csv_list() {
 #----------------------------------------------------------#
 
 
-check_args '1' "$#" 'USER [IP] [SALT]'
-is_format_valid 'user' 'ip'
+check_args '1' "$#" 'USER [IP] [FORMAT]'
+is_format_valid 'user' 'ip46'
 
 # Checking user
 if [ ! -d "$HESTIA/data/users/$user" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 
@@ -93,12 +93,12 @@ then
         method='sha-512'
     else
         echo "Error: password missmatch"
-        echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+        echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
         exit 9
     fi
 elif [[ "$shadow" =~ ! ]]; then 
     echo "Error: Account has been suspended"
-    echo "$date $time $user $ip has been suspended" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 has been suspended" >> $HESTIA/log/auth.log
     exit 5
 else
     salt=${shadow:0:2}
@@ -107,7 +107,7 @@ fi
 
 if [ -z "$salt" ]; then
     echo "Error: password missmatch"
-    echo "$date $time $user $ip failed to login" >> $HESTIA/log/auth.log
+    echo "$date $time $user $ip46 failed to login" >> $HESTIA/log/auth.log
     exit 9
 fi
 

test/test.bats

@@ -262,7 +262,7 @@ function check_ip_not_banned(){
 #                           IP                             #
 #----------------------------------------------------------#
 
-@test "Check reverse Dns validation" {
+@test "RDNS: Check reverse Dns validation" {
     # 1. PTR record for a IP should return a hostname(reverse) which in turn must resolve to the same IP addr(forward). (Full circle)
     #  `-> not implemented in `is_ip_rdns_valid` yet and also not tested here
     # 2. Reject rPTR records that match generic dynamic IP pool patterns
@@ -314,37 +314,37 @@ function check_ip_not_banned(){
 #                         User                             #
 #----------------------------------------------------------#
 
-@test "Add new user" {
+@test "User: Add new user" {
     run v-add-user $user $user $user@hestiacp.com default "Super Test"
     assert_success
     refute_output
 }
 
-@test "Change user password" {
-    run v-change-user-password "$user" t3st-p4ssw0rd
+@test "User: Change user password" {
+    run v-change-user-password "$user" "$userpass2" 
     assert_success
     refute_output
 }
 
-@test "Change user email" {
+@test "User: Change user email" {
     run v-change-user-contact "$user" tester@hestiacp.com
     assert_success
     refute_output
 }
 
-@test "Change user contact invalid email " {
+@test "User: Change user contact invalid email " {
     run v-change-user-contact "$user" testerhestiacp.com
     assert_failure $E_INVALID
     assert_output --partial 'Error: invalid email format'
 }
 
-@test "Change user name" {
+@test "User: Change user name" {
     run v-change-user-name "$user" "New name"
     assert_success
     refute_output
 }
 
-@test "Change user shell" {
+@test "User: Change user shell" {
     run v-change-user-shell $user bash
     assert_success
     refute_output
@@ -353,13 +353,13 @@ function check_ip_not_banned(){
     assert_output --partial "$user"
 }
 
-@test "Change user invalid shell" {
+@test "User: Change user invalid shell" {
     run v-change-user-shell $user bashinvalid
     assert_failure $E_INVALID
     assert_output --partial 'shell bashinvalid is not valid'
 }
 
-@test "Change user nologin" {
+@test "User: Change user nologin" {
     run v-change-user-shell $user nologin
     assert_success
     refute_output
@@ -369,7 +369,7 @@ function check_ip_not_banned(){
 }
 
 
-@test "Change user default ns" {
+@test "User: Change user default ns" {
     run v-change-user-ns $user ns0.com ns1.com ns2.com ns3.com
     assert_success
     refute_output
@@ -379,66 +379,118 @@ function check_ip_not_banned(){
     assert_output --partial 'ns0.com'
 }
 
-@test "Change user language" {
+@test "User: Change user language" {
   run v-change-user-language $user "nl"
   assert_success
   refute_output
 }
 
-@test "Change user language (Does not exists)" {
+@test "User: Change user language (Does not exists)" {
   run v-change-user-language $user "aa"
   assert_failure $E_NOTEXIST
 }
 
-@test "Change user sort order" {
+@test "User: Change user sort order" {
   run v-change-user-sort-order $user "name"
   assert_success
   refute_output
 }
 
-@test "Change user theme" {
+@test "User: Change user theme" {
   run v-change-user-theme $user "flat"
   assert_success
   refute_output
 }
 
-@test "Change user theme (Does not exists)" {
+@test "User: Change user theme (Does not exists)" {
   run v-change-user-theme $user "aa"
   assert_failure $E_NOTEXIST
 }
 
-@test "Change user login ip" {
+@test "User: Change user login ip" {
   run v-change-user-config-value $user "LOGIN_USE_IPLIST" "1.2.3.4,1.2.3.5"
   assert_success
   refute_output
 }
 
-@test "Change user login ip (Failed)" {
+@test "User: Change user login ip (Failed)" {
   run v-change-user-config-value $user "LOGIN_USE_IPLIST" "'; echo 'jaap'; echo '"
   assert_failure $E_INVALID
 }
 
-@test "Add user notification" {
+@test "User: Add user notification" {
   run v-add-user-notification $user "Test message" "Message"
   assert_success
   refute_output
 }
-@test "Acknowledge user notification" {
+@test "User: Acknowledge user notification" {
   run v-acknowledge-user-notification $user 1
   assert_success
   refute_output
 }
-@test "List user notification" {
+@test "User: List user notification" {
   run v-list-user-notifications $user csv
   assert_success
   assert_output --partial "1,\"Test message\",\"Message\",yes"
 }
-@test "Delete user notification" {
+@test "User: Delete user notification" {
   run v-delete-user-notification admin 1
   assert_success
   refute_output
 }
 
+@test "User: Get User salt ipv4" {
+  run v-get-user-salt $user 192.168.2.10
+  assert_success
+}
+
+@test "User: Get User salt ipv4 invalid" {
+  run v-get-user-salt $user 192.168.992.10
+  assert_failure $E_INVALID
+}
+
+@test "User: Get User salt ipv6" {
+  run v-get-user-salt $user "21DA:D3:0:2F3B:2AA:FF:FE28:9C5A"
+  assert_success
+}
+
+@test "User: Get User salt ipv6 not exists" {
+  run v-get-user-salt "notexists" "21DA:D3:0:2F3B:2AA:FF:FE28:9C5B"
+  assert_failure $E_PASSWORD
+}
+
+@test "User: Get User salt ipv6 invalid" {
+  run v-get-user-salt "$user" "21DA:D3:0:2F3B:ZZZ:FF:FE28:9C5B"
+  assert_failure $E_INVALID
+}
+
+@test "User: Check user password" {
+  run v-check-user-password $user "$userpass2" 192.168.2.10 'no'
+  assert_success
+}
+
+@test "User: Check user password Incorrect password" {
+  run v-check-user-password $user "$userpass1" 192.168.2.10 'no'
+  assert_failure $E_PASSWORD
+}
+
+@test "User: Check user hash ipv4" {
+  hash=$(v-check-user-password $user "$userpass2" 192.168.2.10 'yes');
+  run v-check-user-hash $user $hash 192.168.2.10
+  assert_success
+}
+
+@test "User: Check user hash ipv6" {
+  hash=$(v-check-user-password $user "$userpass2" 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A 'yes');
+  run v-check-user-hash $user $hash 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A
+  assert_success
+}
+
+@test "User: Check user hash ipv6 incorrect" {
+  run v-check-user-hash $user 'jafawefaweijawe' 21DA:D3:0:2F3B:2AA:FF:FE28:9C5A
+  assert_failure $E_PASSWORD
+}
+
 #----------------------------------------------------------#
 #                         Cron                             #
 #----------------------------------------------------------#
@@ -1383,13 +1435,13 @@ function check_ip_not_banned(){
 }
 
 @test "MAIL: Add account" {
-    run v-add-mail-account $user $domain test t3st-p4ssw0rd
+    run v-add-mail-account $user $domain test "$userpass2"
     assert_success
     refute_output
 }
 
 @test "MAIL: Add account (duplicate)" {
-    run v-add-mail-account $user $domain test t3st-p4ssw0rd
+    run v-add-mail-account $user $domain test "$userpass2"
     assert_failure $E_EXISTS
 }