Merge remote-tracking branch 'origin/main' into #24-switch-to-mautrix

pushbits · Feb 13, 2022 · 4e77180 · 4e77180
2 parents 4ea45af + 21afef0
commit 4e77180
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 21 deletions.
diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml
@@ -10,13 +10,16 @@ on:
       - '**.yaml'
       - '**.json'
 
+env:
+  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
 jobs:
   build_documentation:
     name: Build documentation
     runs-on: ubuntu-latest
     permissions:
       contents: read
-    if: ${{ github.ref == 'refs/heads/master' }}
+    if: ${{ github.ref == 'refs/heads/main' }}
     steps:
       - name: Checkout the repository
         uses: actions/checkout@v2
@@ -41,15 +44,11 @@ jobs:
         run: npx redoc-cli bundle docs/swagger.yaml --output index.html
 
       - name: Setup SSH keys and known_hosts
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
           ssh-agent -a $SSH_AUTH_SOCK > /dev/null
           ssh-add - <<< "${{ secrets.WEBSITE_DEPLOY_KEY }}"
 
       - name: Checkout website
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: mkdir website && git clone [email protected]:pushbits/website.git website
 
       - name: Copy index.html
@@ -59,8 +58,6 @@ jobs:
         run: git config --global user.email "[email protected]" && git config --global user.name "PushBits Pipeline"
 
       - name: Commit and push
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
         run: |
           cd website
           git diff --quiet || ( git add . && git commit -m "Update documentation to ${{ github.sha }}" && git push )
diff --git a/Makefile b/Makefile
@@ -5,14 +5,12 @@ build:
 
 .PHONY: test
 test:
-	stdout=$$(gofmt -l . 2>&1); \
-	if [ "$$stdout" ]; then \
-		exit 1; \
-	fi
+	stdout=$$(gofmt -l . 2>&1); if [ "$$stdout" ]; then exit 1; fi
 	go vet ./...
 	gocyclo -over 10 $(shell find . -iname '*.go' -type f)
 	staticcheck ./...
 	go test -v -cover ./...
+	@printf '\n%s\n' "> Test successful"
 
 .PHONY: setup
 setup:

diff --git a/internal/authentication/token.go b/internal/authentication/token.go
@@ -53,5 +53,7 @@ func GenerateApplicationToken(compat bool) string {
 		tokenLength = compatTokenLength
 	}
 
+	tokenLength -= len(applicationTokenPrefix)
+
 	return applicationTokenPrefix + generateRandomString(tokenLength)
 }
diff --git a/internal/authentication/token_test.go b/internal/authentication/token_test.go
@@ -1,28 +1,29 @@
 package authentication
 
 import (
-	"log"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-func isGoodToken(assert *assert.Assertions, require *require.Assertions, token string, compat bool) {
-	prefix := token[0:len(applicationTokenPrefix)]
-	token = token[len(applicationTokenPrefix):]
+const (
+	minRandomChars = 14
+)
 
-	// Although constant at the time of writing, this check should prevent future changes from generating insecure tokens.
-	if len(token) < 14 {
-		log.Fatalf("Tokens should have more random characters")
-	}
+func isGoodToken(assert *assert.Assertions, require *require.Assertions, token string, compat bool) {
+	tokenLength := len(token)
 
 	if compat {
-		assert.Equal(len(token), compatTokenLength, "Unexpected compatibility token length")
+		assert.Equal(tokenLength, compatTokenLength, "Unexpected compatibility token length")
 	} else {
-		assert.Equal(len(token), regularTokenLength, "Unexpected regular token length")
+		assert.Equal(tokenLength, regularTokenLength, "Unexpected regular token length")
 	}
 
+	randomChars := tokenLength - len(applicationTokenPrefix)
+	assert.GreaterOrEqual(randomChars, minRandomChars, "Token is too short to give sufficient entropy")
+
+	prefix := token[0:len(applicationTokenPrefix)]
 	assert.Equal(prefix, applicationTokenPrefix, "Invalid token prefix")
 
 	for _, c := range []byte(token) {