Implemented password hashing. Added and improved tests.

src/test/json/strawboss.config.json

@@ -1,10 +1,11 @@
 {
   "artifactsRepo": "artifacts",
+  "authSecret": "change me",
   "users": [
     { "name": "bob@builder.com", "hashedPwd": "testvalue" },
     { "name": "sam@sousa.com", "hashedPwd": "testvalue" }
   ],
-  "authSecret": "change me",
+  "pwdCost": 11,
   "projects": [
     { "name": "test-project-1",
       "repo": "/non-existent/dir",

src/test/nim/runtests.nim

@@ -0,0 +1,4 @@
+import unittest
+
+import ./tserver.nim
+import ./tconfiguration.nim

src/test/nim/tconfiguration.nim

@@ -1,6 +1,6 @@
 import strtabs, tables, unittest
 import ./testutil
-import ../../../main/nim/strawbosspkg/configuration
+import ../../main/nim/strawbosspkg/configuration
 
 suite "load and save configuration objects":
 
@@ -23,6 +23,7 @@ suite "load and save configuration objects":
     check:
       cfg.artifactsRepo == "artifacts"
       cfg.authSecret == "change me"
+      cfg.pwdCost == 11
       sameContents(expectedUsers, cfg.users)
       sameContents(expectedProjects, cfg.projects)
 

src/test/nim/tserver.nim

@@ -0,0 +1,25 @@
+import times, unittest
+import ./testutil
+import ../../main/nim/strawbosspkg/configuration
+import ../../main/nim/strawbosspkg/server
+
+let testuser = UserRef( # note: needs to correspond to an actual user
+  name: "bob@builder.com",
+  hashedPwd: "$2a$11$lVZ9U4optQMhzPh0E9A7Yu6XndXblUF3gCa.zmEvJy4F.4C4718b.")
+
+let cfg = loadStrawBossConfig("src/test/json/strawboss.config.json")
+
+## UNIT TESTS
+suite "strawboss server":
+  test "can validate hashed pwd":
+    check validatePwd(testuser, "password")
+
+  test "can detect invalid pwds":
+    check (not validatePwd(testuser, "Password"))
+
+  test "can make and extract a JWT token from a session":
+    let session = newSession(testuser)
+    let tok = toJWT(cfg, session)
+
+    check:
+      fromJWT(cfg, tok) == session