use opaque_ke::rand::rngs::OsRng; use nkode_protocol::client::opaque::{AuthenticationData, ClientAuthError, OpaqueAuthLogin, OpaqueAuthRegister}; use nkode_protocol::shared::models::opaque::NKodeServerSetup; use nkode_protocol::server::repository::in_memory::in_memory_transport::{InMemoryCodeServer, InMemoryKeyServer}; #[tokio::test] async fn opaque_key_registration_and_login_roundtrip() { let mut rng = OsRng; let server_setup = NKodeServerSetup::new(&mut rng); let server = InMemoryKeyServer::new(server_setup); let auth_reg = OpaqueAuthRegister::new(server.clone()); let auth_data = AuthenticationData::from_secret_key("a@b.com", b"supersecret16bytes"); auth_reg.register(&auth_data).await.expect("registration should succeed"); let login_reg = OpaqueAuthLogin::new(server); let _ =login_reg.login(&auth_data) .await .expect("login should succeed"); } #[tokio::test] async fn opaque_login_fails_if_not_registered() { let mut rng = OsRng; let server_setup = NKodeServerSetup::new(&mut rng); let server = InMemoryKeyServer::new(server_setup); let auth = AuthenticationData::from_secret_key("nope@nope.com", b"supersecret16bytes"); let login_reg = OpaqueAuthLogin::new(server); let err = login_reg.login(&auth) .await .expect_err("login should fail if user not registered"); match err { ClientAuthError::Transport(_) => {} other => panic!("unexpected error: {other:?}"), } } #[tokio::test] async fn cannot_register_code_before_key() { let mut rng = OsRng; let server_setup = NKodeServerSetup::new(&mut rng); let server = InMemoryCodeServer::new(server_setup); let auth_reg = OpaqueAuthRegister::new(server.clone()); let auth = AuthenticationData::from_code("x@y.com", &[1u64,2,3,4]); let err = auth_reg.register(&auth) .await .expect_err("should fail because key is not registered"); match err { ClientAuthError::Transport(msg) => { assert!(msg.contains("KeyNotRegistered"), "msg was: {msg}"); } other => panic!("unexpected error: {other:?}"), } }