add an incorrect password test for PLAIN (#253)

slingamn · web-flow · commit df2880e37986 · 2024-02-08T00:45:11.000-05:00
* add an incorrect password test for PLAIN

* derace test (hopefully)
diff --git a/irctest/server_tests/sasl.py b/irctest/server_tests/sasl.py
@@ -1,7 +1,7 @@
 import base64
 
 from irctest import cases, runner, scram
-from irctest.numerics import ERR_SASLFAIL
+from irctest.numerics import ERR_SASLFAIL, RPL_LOGGEDIN, RPL_SASLMECHS
 from irctest.patma import ANYSTR
 
 
@@ -48,11 +48,37 @@ def testPlain(self):
         m = self.getRegistrationMessage(1)
         self.assertMessageMatch(
             m,
-            command="900",
+            command=RPL_LOGGEDIN,
             params=[ANYSTR, ANYSTR, "jilles", ANYSTR],
             fail_msg="Unexpected reply to correct SASL authentication: {msg}",
         )
 
+    @cases.mark_specifications("IRCv3")
+    @cases.skipUnlessHasMechanism("PLAIN")
+    def testPlainFailure(self):
+        """PLAIN authentication with incorrect username/password."""
+        self.controller.registerUser(self, "jilles", "sesame")
+        self.addClient()
+        self.requestCapabilities(1, ["sasl"], skip_if_cap_nak=False)
+        self.sendLine(1, "AUTHENTICATE PLAIN")
+        m = self.getRegistrationMessage(1)
+        self.assertMessageMatch(
+            m,
+            command="AUTHENTICATE",
+            params=["+"],
+            fail_msg="Sent “AUTHENTICATE PLAIN”, server should have "
+            "replied with “AUTHENTICATE +”, but instead sent: {msg}",
+        )
+        # password 'millet'
+        self.sendLine(1, "AUTHENTICATE amlsbGVzAGppbGxlcwBtaWxsZXQ=")
+        m = self.getRegistrationMessage(1)
+        self.assertMessageMatch(
+            m,
+            command=ERR_SASLFAIL,
+            params=[ANYSTR, ANYSTR],
+            fail_msg="Unexpected reply to incorrect SASL authentication: {msg}",
+        )
+
     @cases.mark_specifications("IRCv3")
     @cases.skipUnlessHasMechanism("PLAIN")
     def testPlainNonAscii(self):
@@ -161,11 +187,11 @@ def testMechanismNotAvailable(self):
         self.requestCapabilities(1, ["sasl"], skip_if_cap_nak=False)
         self.sendLine(1, "AUTHENTICATE FOO")
         m = self.getRegistrationMessage(1)
-        while m.command == "908":  # RPL_SASLMECHS
+        while m.command == RPL_SASLMECHS:
             m = self.getRegistrationMessage(1)
         self.assertMessageMatch(
             m,
-            command="904",
+            command=ERR_SASLFAIL,
             fail_msg="Did not reply with 904 to “AUTHENTICATE FOO”: {msg}",
         )
 
