summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug_2114_fixed-traffic-indicators1
-rw-r--r--changes/feature_test-auth1
-rw-r--r--pkg/requirements-testing.pip13
-rwxr-xr-xpkg/tools/with_venv.sh4
-rwxr-xr-xrun_tests.sh164
-rw-r--r--src/leap/config/pluggableconfig.py2
-rw-r--r--src/leap/config/prefixers.py2
-rw-r--r--src/leap/crypto/srpauth.py31
-rw-r--r--src/leap/crypto/srpregister.py27
-rw-r--r--src/leap/crypto/tests/__init__.py16
-rwxr-xr-xsrc/leap/crypto/tests/fake_provider.py358
-rw-r--r--src/leap/crypto/tests/test_provider.json15
-rw-r--r--src/leap/crypto/tests/test_srpregister.py207
-rw-r--r--src/leap/gui/mainwindow.py8
-rw-r--r--src/leap/services/eip/vpnlaunchers.py25
15 files changed, 843 insertions, 31 deletions
diff --git a/changes/bug_2114_fixed-traffic-indicators b/changes/bug_2114_fixed-traffic-indicators
new file mode 100644
index 00000000..6c91f35d
--- /dev/null
+++ b/changes/bug_2114_fixed-traffic-indicators
@@ -0,0 +1 @@
+ o Make traffic indicators display fixed precision. Closes: #2114
diff --git a/changes/feature_test-auth b/changes/feature_test-auth
new file mode 100644
index 00000000..81ac7b7c
--- /dev/null
+++ b/changes/feature_test-auth
@@ -0,0 +1 @@
+ o Tests infrastructure, and tests for crypto/srpauth and crypto/srpregister
diff --git a/pkg/requirements-testing.pip b/pkg/requirements-testing.pip
new file mode 100644
index 00000000..bfa20544
--- /dev/null
+++ b/pkg/requirements-testing.pip
@@ -0,0 +1,13 @@
+nose
+nose-exclude
+nose-progressive
+mock
+unittest2 # TODO we should include this dep only for python2.6
+coverage
+pep8==1.1
+
+#sphinx>=1.1.2
+#tox
+
+twisted
+zope.interface
diff --git a/pkg/tools/with_venv.sh b/pkg/tools/with_venv.sh
new file mode 100755
index 00000000..0e58f1ab
--- /dev/null
+++ b/pkg/tools/with_venv.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+TOOLS=`dirname $0`
+VENV=$TOOLS/../../.venv
+source $VENV/bin/activate && $@
diff --git a/run_tests.sh b/run_tests.sh
new file mode 100755
index 00000000..fccf6b3f
--- /dev/null
+++ b/run_tests.sh
@@ -0,0 +1,164 @@
+#!/bin/bash
+
+set -eu
+
+function usage {
+ echo "Usage: $0 [OPTION]..."
+ echo "Run leap-client test suite"
+ echo ""
+ echo " -V, --virtual-env Always use virtualenv. Install automatically if not present"
+ echo " -N, --no-virtual-env Don't use virtualenv. Run tests in local environment"
+ echo " -s, --no-site-packages Isolate the virtualenv from the global Python environment"
+ echo " -x, --stop Stop running tests after the first error or failure."
+ echo " -f, --force Force a clean re-build of the virtual environment. Useful when dependencies have been added."
+ echo " -p, --pep8 Just run pep8"
+ echo " -P, --no-pep8 Don't run pep8"
+ echo " -c, --coverage Generate coverage report"
+ echo " -h, --help Print this usage message"
+ echo " -A, --all Run all tests, without excluding any"
+ echo " -i, --progressive Run with nose-progressive plugin"
+ echo " --hide-elapsed Don't print the elapsed time for each test along with slow test list"
+ echo ""
+ echo "Note: with no options specified, the script will try to run the tests in a virtual environment,"
+ echo " If no virtualenv is found, the script will ask if you would like to create one. If you "
+ echo " prefer to run tests NOT in a virtual environment, simply pass the -N option."
+ exit
+}
+
+function process_option {
+ case "$1" in
+ -h|--help) usage;;
+ -V|--virtual-env) always_venv=1; never_venv=0;;
+ -N|--no-virtual-env) always_venv=0; never_venv=1;;
+ -s|--no-site-packages) no_site_packages=1;;
+ -f|--force) force=1;;
+ -p|--pep8) just_pep8=1;;
+ -P|--no-pep8) no_pep8=1;;
+ -c|--coverage) coverage=1;;
+ -A|--all) alltests=1;;
+ -i|--progressive) progressive=1;;
+ -*) noseopts="$noseopts $1";;
+ *) noseargs="$noseargs $1"
+ esac
+}
+
+venv=.venv
+with_venv=pkg/tools/with_venv.sh
+always_venv=0
+never_venv=0
+force=0
+no_site_packages=0
+installvenvopts=
+noseargs=
+noseopts=
+wrapper=""
+just_pep8=0
+no_pep8=0
+coverage=0
+alltests=0
+progressive=0
+
+for arg in "$@"; do
+ process_option $arg
+done
+
+# If enabled, tell nose to collect coverage data
+if [ $coverage -eq 1 ]; then
+ noseopts="$noseopts --with-coverage --cover-package=leap-client"
+fi
+
+if [ $no_site_packages -eq 1 ]; then
+ installvenvopts="--no-site-packages"
+fi
+
+# If alltests flag is not set, let's exclude some dirs that are troublesome.
+if [ $alltests -eq 0 ]; then
+ echo "[+] Running ALL tests..."
+ #noseopts="$noseopts --exclude-dir=src/leap/exclude-me"
+fi
+
+# If progressive flag enabled, run with this nice plugin :)
+if [ $progressive -eq 1 ]; then
+ noseopts="$noseopts --with-progressive"
+fi
+
+
+function run_tests {
+ # Just run the test suites in current environment
+ ${wrapper} $NOSETESTS
+ # If we get some short import error right away, print the error log directly
+ RESULT=$?
+ return $RESULT
+}
+
+function run_pep8 {
+ echo "Running pep8 ..."
+ srcfiles="src/leap"
+ # Just run PEP8 in current environment
+ pep8_opts="--ignore=E202,W602 --exclude=*_rc.py,ui_*,_version.py --repeat"
+ ${wrapper} pep8 ${pep8_opts} ${srcfiles}
+}
+
+# XXX we cannot run tests that need X server
+# in the current debhelper build process,
+# so I exclude the topmost tests
+
+NOSETESTS="nosetests leap $noseopts $noseargs"
+
+if [ $never_venv -eq 0 ]
+then
+ # Remove the virtual environment if --force used
+ if [ $force -eq 1 ]; then
+ echo "Cleaning virtualenv..."
+ rm -rf ${venv}
+ fi
+ if [ -e ${venv} ]; then
+ wrapper="${with_venv}"
+ else
+ if [ $always_venv -eq 1 ]; then
+ # Automatically install the virtualenv
+ python pkg/install_venv.py $installvenvopts
+ wrapper="${with_venv}"
+ else
+ echo -e "No virtual environment found...create one? (Y/n) \c"
+ read use_ve
+ if [ "x$use_ve" = "xY" -o "x$use_ve" = "x" -o "x$use_ve" = "xy" ]; then
+ # Install the virtualenv and run the test suite in it
+ python pkg/install_venv.py $installvenvopts
+ wrapper=${with_venv}
+ fi
+ fi
+ fi
+fi
+
+# Delete old coverage data from previous runs
+if [ $coverage -eq 1 ]; then
+ ${wrapper} coverage erase
+fi
+
+if [ $just_pep8 -eq 1 ]; then
+ run_pep8
+ exit
+fi
+
+run_tests
+
+if [ -z "$noseargs" ]; then
+ if [ $no_pep8 -eq 0 ]; then
+ run_pep8
+ fi
+fi
+
+function run_coverage {
+ cov_opts="--omit=`pwd`/src/leap/base/tests/*,`pwd`/src/leap/eip/tests/*,`pwd`/src/leap/gui/tests/*"
+ cov_opts="$cov_opts,`pwd`/src/leap/util/tests/* "
+ cov_opts="$cov_opts --include=`pwd`/src/leap/*" #,`pwd`/src/leap/eip/*"
+ ${wrapper} coverage html -d docs/covhtml -i $cov_opts
+ echo "now point your browser at docs/covhtml/index.html"
+}
+
+if [ $coverage -eq 1 ]; then
+ echo "Generating coverage report in docs/covhtml/"
+ run_coverage
+ exit
+fi
diff --git a/src/leap/config/pluggableconfig.py b/src/leap/config/pluggableconfig.py
index 4a742da4..8535fa6b 100644
--- a/src/leap/config/pluggableconfig.py
+++ b/src/leap/config/pluggableconfig.py
@@ -160,7 +160,7 @@ class TranslatableType(object):
def to_python(self, data):
# TODO: add translatable
- return data#LEAPTranslatable(data)
+ return data # LEAPTranslatable(data)
# needed? we already have an extended dict...
#def get_prep_value(self, data):
diff --git a/src/leap/config/prefixers.py b/src/leap/config/prefixers.py
index 460e5b46..72211790 100644
--- a/src/leap/config/prefixers.py
+++ b/src/leap/config/prefixers.py
@@ -96,7 +96,7 @@ class DarwinPrefixer(Prefixer):
config_dir = BaseDirectory.xdg_config_home
if not standalone:
return config_dir
- return os.getenv("LEAP_CLIENT_PATH", config_dir)
+ return os.getenv(os.getcwd(), "config")
class WindowsPrefixer(Prefixer):
diff --git a/src/leap/crypto/srpauth.py b/src/leap/crypto/srpauth.py
index 152d77b5..8028a6dc 100644
--- a/src/leap/crypto/srpauth.py
+++ b/src/leap/crypto/srpauth.py
@@ -50,6 +50,7 @@ class SRPAuth(QtCore.QObject):
LOGIN_KEY = "login"
A_KEY = "A"
CLIENT_AUTH_KEY = "client_auth"
+ SESSION_ID_KEY = "_session_id"
def __init__(self, provider_config):
"""
@@ -272,7 +273,13 @@ class SRPAuth(QtCore.QObject):
"failed"))
logger.debug("Session verified.")
- self.set_session_id(self._session.cookies["_session_id"])
+ session_id = self._session.cookies.get(self.SESSION_ID_KEY, None)
+ if not session_id:
+ logger.error("Bad cookie from server (missing _session_id)")
+ raise SRPAuthenticationError(self.tr("Session cookie "
+ "verification "
+ "failed"))
+ self.set_session_id(session_id)
def authenticate(self, username, password):
"""
@@ -409,11 +416,18 @@ class SRPAuth(QtCore.QObject):
if __name__ == "__main__":
+ import signal
import sys
+
from functools import partial
app = QtGui.QApplication(sys.argv)
- import signal
+ if not len(sys.argv) == 3:
+ print 'Usage: srpauth.py <user> <pass>'
+ sys.exit(0)
+
+ _user = sys.argv[1]
+ _pass = sys.argv[2]
def sigint_handler(*args, **kwargs):
logger.debug('SIGINT catched. shutting down...')
@@ -452,20 +466,9 @@ if __name__ == "__main__":
provider = ProviderConfig()
if provider.load("leap/providers/bitmask.net/provider.json"):
- # url = "%s/tickets" % (provider.get_api_uri(),)
- # print url
- # res = requests.session().get(url, verify=provider.get_ca_cert_path())
- # print res.content
- # res.raise_for_status()
auth = SRPAuth(provider)
- auth_instantiated = partial(auth.authenticate, "test2", "sarasaaaa")
+ auth_instantiated = partial(auth.authenticate, _user, _pass)
checker.add_checks([auth_instantiated, auth.logout])
- #auth.authenticate("test2", "sarasaaaa")
- #res = requests.session().get("%s/cert" % (provider.get_api_uri(),),
- #verify=provider.get_ca_cert_path())
- #print res.content
- #auth.logout()
-
sys.exit(app.exec_())
diff --git a/src/leap/crypto/srpregister.py b/src/leap/crypto/srpregister.py
index 9a9cac76..59aaf257 100644
--- a/src/leap/crypto/srpregister.py
+++ b/src/leap/crypto/srpregister.py
@@ -55,7 +55,7 @@ class SRPRegister(QtCore.QObject):
@type register_path; str
"""
QtCore.QObject.__init__(self)
- leap_assert(provider_config, "Please provider a provider")
+ leap_assert(provider_config, "Please provide a provider")
leap_assert_type(provider_config, ProviderConfig)
self._provider_config = provider_config
@@ -125,15 +125,22 @@ class SRPRegister(QtCore.QObject):
logger.debug("Will try to register user = %s" % (username,))
logger.debug("user_data => %r" % (user_data,))
- req = self._session.post(uri,
- data=user_data,
- timeout=SIGNUP_TIMEOUT,
- verify=self._provider_config.
- get_ca_cert_path())
-
- self.registration_finished.emit(req.ok, req)
-
- return req.ok
+ ok = None
+ try:
+ req = self._session.post(uri,
+ data=user_data,
+ timeout=SIGNUP_TIMEOUT,
+ verify=self._provider_config.
+ get_ca_cert_path())
+
+ except requests.exceptions.SSLError as exc:
+ logger.error("SSLError: %s" % exc.message)
+ req = None
+ ok = False
+ else:
+ ok = req.ok
+ self.registration_finished.emit(ok, req)
+ return ok
if __name__ == "__main__":
diff --git a/src/leap/crypto/tests/__init__.py b/src/leap/crypto/tests/__init__.py
new file mode 100644
index 00000000..7f118735
--- /dev/null
+++ b/src/leap/crypto/tests/__init__.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+# __init__.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
diff --git a/src/leap/crypto/tests/fake_provider.py b/src/leap/crypto/tests/fake_provider.py
new file mode 100755
index 00000000..d533b82b
--- /dev/null
+++ b/src/leap/crypto/tests/fake_provider.py
@@ -0,0 +1,358 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# fake_provider.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""A server faking some of the provider resources and apis,
+used for testing Leap Client requests
+
+It needs that you create a subfolder named 'certs',
+and that you place the following files:
+
+XXX check if in use
+
+[ ] test-openvpn.pem
+[ ] test-provider.json
+[ ] test-eip-service.json
+"""
+import binascii
+import json
+import os
+import sys
+
+import srp
+
+from OpenSSL import SSL
+
+from zope.interface import Interface, Attribute, implements
+
+from twisted.web.server import Site, Request
+from twisted.web.static import File
+from twisted.web.resource import Resource
+from twisted.internet import reactor
+
+from leap.common.testing.https_server import where
+
+# See
+# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.html
+# for more examples
+
+"""
+Testing the FAKE_API:
+#####################
+
+ 1) register an user
+ >> curl -d "user[login]=me" -d "user[password_salt]=foo" \
+ -d "user[password_verifier]=beef" http://localhost:8000/1/users
+ << {"errors": null}
+
+ 2) check that if you try to register again, it will fail:
+ >> curl -d "user[login]=me" -d "user[password_salt]=foo" \
+ -d "user[password_verifier]=beef" http://localhost:8000/1/users
+ << {"errors": {"login": "already taken!"}}
+
+"""
+
+# Globals to mock user/sessiondb
+
+_USERDB = {}
+_SESSIONDB = {}
+
+_here = os.path.split(__file__)[0]
+
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) \
+ if (len(x) % 2 == 0) else binascii.unhexlify('0' + x)
+
+
+class IUser(Interface):
+ """
+ Defines the User Interface
+ """
+ login = Attribute("User login.")
+ salt = Attribute("Password salt.")
+ verifier = Attribute("Password verifier.")
+ session = Attribute("Session.")
+ svr = Attribute("Server verifier.")
+
+
+class User(object):
+ """
+ User object.
+ We store it in our simple session mocks
+ """
+
+ implements(IUser)
+
+ def __init__(self, login, salt, verifier):
+ self.login = login
+ self.salt = salt
+ self.verifier = verifier
+ self.session = None
+ self.svr = None
+
+ def set_server_verifier(self, svr):
+ """
+ Adds a svr verifier object to this
+ User instance
+ """
+ self.svr = svr
+
+ def set_session(self, session):
+ """
+ Adds this instance of User to the
+ global session dict
+ """
+ _SESSIONDB[session] = self
+ self.session = session
+
+
+class FakeUsers(Resource):
+ """
+ Resource that handles user registration.
+ """
+
+ def __init__(self, name):
+ self.name = name
+
+ def render_POST(self, request):
+ """
+ Handles POST to the users api resource
+ Simulates a login.
+ """
+ args = request.args
+
+ login = args['user[login]'][0]
+ salt = args['user[password_salt]'][0]
+ verifier = args['user[password_verifier]'][0]
+
+ if login in _USERDB:
+ return "%s\n" % json.dumps(
+ {'errors': {'login': 'already taken!'}})
+
+ print '[server]', login, verifier, salt
+ user = User(login, salt, verifier)
+ _USERDB[login] = user
+ return json.dumps({'errors': None})
+
+
+def getSession(self, sessionInterface=None):
+ """
+ we overwrite twisted.web.server.Request.getSession method to
+ put the right cookie name in place
+ """
+ if not self.session:
+ #cookiename = b"_".join([b'TWISTED_SESSION'] + self.sitepath)
+ cookiename = b"_".join([b'_session_id'] + self.sitepath)
+ sessionCookie = self.getCookie(cookiename)
+ if sessionCookie:
+ try:
+ self.session = self.site.getSession(sessionCookie)
+ except KeyError:
+ pass
+ # if it still hasn't been set, fix it up.
+ if not self.session:
+ self.session = self.site.makeSession()
+ self.addCookie(cookiename, self.session.uid, path=b'/')
+ self.session.touch()
+ if sessionInterface:
+ return self.session.getComponent(sessionInterface)
+ return self.session
+
+
+def get_user(request):
+ """
+ Returns user from the session dict
+ """
+ login = request.args.get('login')
+ if login:
+ user = _USERDB.get(login[0], None)
+ if user:
+ return user
+
+ request.getSession = getSession.__get__(request, Request)
+ session = request.getSession()
+
+ user = _SESSIONDB.get(session, None)
+ return user
+
+
+class FakeSession(Resource):
+ def __init__(self, name):
+ """
+ Initializes session
+ """
+ self.name = name
+
+ def render_GET(self, request):
+ """
+ Handles GET requests.
+ """
+ return "%s\n" % json.dumps({'errors': None})
+
+ def render_POST(self, request):
+ """
+ Handles POST requests.
+ """
+ user = get_user(request)
+
+ if not user:
+ # XXX get real error from demo provider
+ return json.dumps({'errors': 'no such user'})
+
+ A = request.args['A'][0]
+
+ _A = safe_unhexlify(A)
+ _salt = safe_unhexlify(user.salt)
+ _verifier = safe_unhexlify(user.verifier)
+
+ svr = srp.Verifier(
+ user.login,
+ _salt,
+ _verifier,
+ _A,
+ hash_alg=srp.SHA256,
+ ng_type=srp.NG_1024)
+
+ s, B = svr.get_challenge()
+
+ _B = binascii.hexlify(B)
+
+ print '[server] login = %s' % user.login
+ print '[server] salt = %s' % user.salt
+ print '[server] len(_salt) = %s' % len(_salt)
+ print '[server] vkey = %s' % user.verifier
+ print '[server] len(vkey) = %s' % len(_verifier)
+ print '[server] s = %s' % binascii.hexlify(s)
+ print '[server] B = %s' % _B
+ print '[server] len(B) = %s' % len(_B)
+
+ # override Request.getSession
+ request.getSession = getSession.__get__(request, Request)
+ session = request.getSession()
+
+ user.set_session(session)
+ user.set_server_verifier(svr)
+
+ # yep, this is tricky.
+ # some things are *already* unhexlified.
+ data = {
+ 'salt': user.salt,
+ 'B': _B,
+ 'errors': None}
+
+ return json.dumps(data)
+
+ def render_PUT(self, request):
+ """
+ Handles PUT requests.
+ """
+ # XXX check session???
+ user = get_user(request)
+
+ if not user:
+ print '[server] NO USER'
+ return json.dumps({'errors': 'no such user'})
+
+ data = request.content.read()
+ auth = data.split("client_auth=")
+ M = auth[1] if len(auth) > 1 else None
+ # if not H, return
+ if not M:
+ return json.dumps({'errors': 'no M proof passed by client'})
+
+ svr = user.svr
+ HAMK = svr.verify_session(binascii.unhexlify(M))
+ if HAMK is None:
+ print '[server] verification failed!!!'
+ raise Exception("Authentication failed!")
+ #import ipdb;ipdb.set_trace()
+
+ assert svr.authenticated()
+ print "***"
+ print '[server] User successfully authenticated using SRP!'
+ print "***"
+
+ return json.dumps(
+ {'M2': binascii.hexlify(HAMK),
+ 'id': '9c943eb9d96a6ff1b7a7030bdeadbeef',
+ 'errors': None})
+
+
+class API_Sessions(Resource):
+ """
+ Top resource for the API v1
+ """
+ def getChild(self, name, request):
+ return FakeSession(name)
+
+
+class OpenSSLServerContextFactory(object):
+
+ def getContext(self):
+ """
+ Create an SSL context.
+ """
+ ctx = SSL.Context(SSL.SSLv23_METHOD)
+ #ctx = SSL.Context(SSL.TLSv1_METHOD)
+ ctx.use_certificate_file(where('leaptestscert.pem'))
+ ctx.use_privatekey_file(where('leaptestskey.pem'))
+
+ return ctx
+
+
+def get_provider_factory():
+ """
+ Instantiates a Site that serves the resources
+ that we expect from a valid provider.
+ Listens on:
+ * port 8000 for http connections
+ * port 8443 for https connections
+
+ @rparam: factory for a site
+ @rtype: Site instance
+ """
+ root = Resource()
+ root.putChild("provider.json", File(
+ os.path.join(_here,
+ "test_provider.json")))
+ config = Resource()
+ config.putChild(
+ "eip-service.json",
+ File("./eip-service.json"))
+ apiv1 = Resource()
+ apiv1.putChild("config", config)
+ apiv1.putChild("sessions", API_Sessions())
+ apiv1.putChild("users", FakeUsers(None))
+ apiv1.putChild("cert", File(
+ os.path.join(_here,
+ 'openvpn.pem')))
+ root.putChild("1", apiv1)
+
+ factory = Site(root)
+ return factory
+
+
+if __name__ == "__main__":
+
+ from twisted.python import log
+ log.startLogging(sys.stdout)
+
+ factory = get_provider_factory()
+
+ # regular http (for debugging with curl)
+ reactor.listenTCP(8000, factory)
+ reactor.listenSSL(8443, factory, OpenSSLServerContextFactory())
+ reactor.run()
diff --git a/src/leap/crypto/tests/test_provider.json b/src/leap/crypto/tests/test_provider.json
new file mode 100644
index 00000000..c37bef8f
--- /dev/null
+++ b/src/leap/crypto/tests/test_provider.json
@@ -0,0 +1,15 @@
+{
+ "api_uri": "https://localhost:8443",
+ "api_version": "1",
+ "ca_cert_fingerprint": "SHA256: 0f17c033115f6b76ff67871872303ff65034efe7dd1b910062ca323eb4da5c7e",
+ "ca_cert_uri": "https://bitmask.net/ca.crt",
+ "default_language": "en",
+ "domain": "example.com",
+ "enrollment_policy": "open",
+ "name": {
+ "en": "Bitmask"
+ },
+ "services": [
+ "openvpn"
+ ]
+}
diff --git a/src/leap/crypto/tests/test_srpregister.py b/src/leap/crypto/tests/test_srpregister.py
new file mode 100644
index 00000000..5ba7306f
--- /dev/null
+++ b/src/leap/crypto/tests/test_srpregister.py
@@ -0,0 +1,207 @@
+# -*- coding: utf-8 -*-
+# test_srpregister.py
+# Copyright (C) 2013 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+Tests for:
+ * leap/crypto/srpregister.py
+ * leap/crypto/srpauth.py
+"""
+try:
+ import unittest2 as unittest
+except ImportError:
+ import unittest
+import os
+import sys
+
+from mock import MagicMock
+from nose.twistedtools import reactor, threaded_reactor, stop_reactor
+from twisted.python import log
+
+from leap.common.testing.https_server import where
+from leap.config.providerconfig import ProviderConfig
+from leap.crypto import srpregister, srpauth
+from leap.crypto.tests import fake_provider
+
+log.startLogging(sys.stdout)
+
+
+def _get_capath():
+ return where("cacert.pem")
+
+_here = os.path.split(__file__)[0]
+
+
+class ImproperlyConfiguredError(Exception):
+ """
+ Raised if the test provider is missing configuration
+ """
+
+
+class SRPTestCase(unittest.TestCase):
+ """
+ Tests for the SRP Register and Auth classes
+ """
+ __name__ = "SRPRegister and SRPAuth tests"
+
+ @classmethod
+ def setUpClass(cls):
+ """
+ Sets up this TestCase with a simple and faked provider instance:
+
+ * runs a threaded reactor
+ * loads a mocked ProviderConfig that points to the certs in the
+ leap.common.testing module.
+ """
+ factory = fake_provider.get_provider_factory()
+ http = reactor.listenTCP(8001, factory)
+ https = reactor.listenSSL(
+ 0, factory,
+ fake_provider.OpenSSLServerContextFactory())
+ get_port = lambda p: p.getHost().port
+ cls.http_port = get_port(http)
+ cls.https_port = get_port(https)
+
+ provider = ProviderConfig()
+ provider.get_ca_cert_path = MagicMock()
+ provider.get_ca_cert_path.return_value = _get_capath()
+
+ provider.get_api_uri = MagicMock()
+ provider.get_api_uri.return_value = cls._get_https_uri()
+
+ loaded = provider.load(path=os.path.join(
+ _here, "test_provider.json"))
+ if not loaded:
+ raise ImproperlyConfiguredError(
+ "Could not load test provider config")
+ cls.register = srpregister.SRPRegister(provider_config=provider)
+
+ cls.auth = srpauth.SRPAuth(provider)
+ cls._auth_instance = cls.auth.__dict__['_SRPAuth__instance']
+ cls.authenticate = cls._auth_instance.authenticate
+ cls.logout = cls._auth_instance.logout
+
+ # run!
+ threaded_reactor()
+
+ @classmethod
+ def tearDownClass(cls):
+ """
+ Stops reactor when tearing down the class
+ """
+ stop_reactor()
+
+ # helper methods
+
+ @classmethod
+ def _get_https_uri(cls):
+ """
+ Returns a https uri with the right https port initialized
+ """
+ return "https://localhost:%s" % (cls.https_port,)
+
+ # Register tests
+
+ def test_register_user(self):
+ """
+ Checks if the registration of an unused name works as expected when
+ it is the first time that we attempt to register that user, as well as
+ when we request a user that is taken.
+ """
+ # pristine registration
+ ok = self.register.register_user("foouser_firsttime", "barpass")
+ self.assertTrue(ok)
+
+ # second registration attempt with the same user should return errors
+ ok = self.register.register_user("foouser_second", "barpass")
+ self.assertTrue(ok)
+
+ # FIXME currently we are catching this in an upper layer,
+ # we could bring the error validation to the SRPRegister class
+ ok = self.register.register_user("foouser_second", "barpass")
+
+ def test_correct_http_uri(self):
+ """
+ Checks that registration autocorrect http uris to https ones.
+ """
+ HTTP_URI = "http://localhost:%s" % (self.https_port, )
+ HTTPS_URI = "https://localhost:%s/1/users" % (self.https_port, )
+ provider = ProviderConfig()
+ provider.get_ca_cert_path = MagicMock()
+ provider.get_ca_cert_path.return_value = _get_capath()
+ provider.get_api_uri = MagicMock()
+
+ # we introduce a http uri in the config file...
+ provider.get_api_uri.return_value = HTTP_URI
+ loaded = provider.load(path=os.path.join(
+ _here, "test_provider.json"))
+ if not loaded:
+ raise ImproperlyConfiguredError(
+ "Could not load test provider config")
+
+ self.register = srpregister.SRPRegister(provider_config=provider)
+
+ # ... and we check that we're correctly taking the HTTPS protocol
+ # instead
+ self.assertEquals(self.register._get_registration_uri(),
+ HTTPS_URI)
+ ok = self.register.register_user("test_failhttp", "barpass")
+ self.assertTrue(ok)
+
+ # XXX need to assert that _get_registration_uri was called too
+
+ # Auth tests
+
+ def test_auth(self):
+ """
+ Checks whether a pair of valid credentials is able to be authenticated.
+ """
+ TEST_USER = "register_test_auth"
+ TEST_PASS = "pass"
+
+ # pristine registration, should go well
+ ok = self.register.register_user(TEST_USER, TEST_PASS)
+ self.assertTrue(ok)
+
+ self.authenticate(TEST_USER, TEST_PASS)
+ with self.assertRaises(AssertionError):
+ # AssertionError: already logged in
+ # We probably could take this as its own exception
+ self.authenticate(TEST_USER, TEST_PASS)
+
+ self.logout()
+
+ # cannot log out two times in a row (there's no session)
+ with self.assertRaises(AssertionError):
+ self.logout()
+
+ def test_auth_with_bad_credentials(self):
+ """
+ Checks that auth does not succeed with bad credentials.
+ """
+ TEST_USER = "register_test_auth"
+ TEST_PASS = "pass"
+
+ # non-existent credentials, should fail
+ with self.assertRaises(srpauth.SRPAuthenticationError):
+ self.authenticate("baduser_1", "passwrong")
+
+ # good user, bad password, should fail
+ with self.assertRaises(srpauth.SRPAuthenticationError):
+ self.authenticate(TEST_USER, "passwrong")
+
+ # bad user, good password, should fail too :)
+ with self.assertRaises(srpauth.SRPAuthenticationError):
+ self.authenticate("myunclejoe", TEST_PASS)
diff --git a/src/leap/gui/mainwindow.py b/src/leap/gui/mainwindow.py
index 7f529e2f..f359d7c1 100644
--- a/src/leap/gui/mainwindow.py
+++ b/src/leap/gui/mainwindow.py
@@ -181,11 +181,11 @@ class MainWindow(QtGui.QMainWindow):
self._stop_eip)
self._action_eip_write = QtGui.QAction(
QtGui.QIcon(":/images/Arrow-Up-32.png"),
- "0.0 Kb", self)
+ "%12.2f Kb" % (0.0,), self)
self._action_eip_write.setEnabled(False)
self._action_eip_read = QtGui.QAction(
QtGui.QIcon(":/images/Arrow-Down-32.png"),
- "0.0 Kb", self)
+ "%12.2f Kb" % (0.0,), self)
self._action_eip_read.setEnabled(False)
self._action_visible = QtGui.QAction(self.tr("Hide"), self)
@@ -758,12 +758,12 @@ class MainWindow(QtGui.QMainWindow):
"""
upload = float(data[self._vpn.TUNTAP_WRITE_KEY])
upload = upload / 1000.0
- upload_str = "%s Kb" % (upload,)
+ upload_str = "%12.2f Kb" % (upload,)
self.ui.lblUpload.setText(upload_str)
self._action_eip_write.setText(upload_str)
download = float(data[self._vpn.TUNTAP_READ_KEY])
download = download / 1000.0
- download_str = "%s Kb" % (download,)
+ download_str = "%12.2f Kb" % (download,)
self.ui.lblDownload.setText(download_str)
self._action_eip_read.setText(download_str)
diff --git a/src/leap/services/eip/vpnlaunchers.py b/src/leap/services/eip/vpnlaunchers.py
index 57a8092e..37c6256e 100644
--- a/src/leap/services/eip/vpnlaunchers.py
+++ b/src/leap/services/eip/vpnlaunchers.py
@@ -320,7 +320,15 @@ class DarwinVPNLauncher(VPNLauncher):
leap_assert(socket_host, "We need a socket host!")
leap_assert(socket_port, "We need a socket port!")
- openvpn_possibilities = which(self.OPENVPN_BIN)
+ kwargs = {}
+ if ProviderConfig.standalone:
+ kwargs['path_extension'] = os.path.join(
+ providerconfig.get_path_prefix(),
+ "..", "apps", "eip")
+
+ openvpn_possibilities = which(
+ self.OPENVPN_BIN,
+ **kwargs)
if len(openvpn_possibilities) == 0:
raise OpenVPNNotFoundException()
@@ -391,6 +399,21 @@ class DarwinVPNLauncher(VPNLauncher):
return [command] + cmd_args
+ def get_vpn_env(self, providerconfig):
+ """
+ Returns a dictionary with the custom env for the platform.
+ This is mainly used for setting LD_LIBRARY_PATH to the correct
+ path when distributing a standalone client
+
+ @param providerconfig: provider specific configuration
+ @type providerconfig: ProviderConfig
+
+ @rtype: dict
+ """
+ return {"LD_LIBRARY_PATH": os.path.join(
+ providerconfig.get_path_prefix(),
+ "..", "lib")}
+
class WindowsVPNLauncher(VPNLauncher):
"""