From b84007d8fec8c949ba4ac1d26695c710a210d797 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Thu, 8 Nov 2012 08:37:24 +0900
Subject: more careful error catching during registration.
added a twisted server that fakes some of the provider
interaction.
---
src/leap/eip/checks.py | 4 +-
src/leap/gui/firstrun/connect.py | 38 +++---
src/leap/gui/firstrun/providersetup.py | 3 +-
src/leap/gui/firstrun/regvalidation.py | 12 +-
.../firstrun/tests/integration/fake_provider.py | 132 +++++++++++++++++++++
5 files changed, 169 insertions(+), 20 deletions(-)
create mode 100755 src/leap/gui/firstrun/tests/integration/fake_provider.py
(limited to 'src/leap')
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index ae3634bc..9bd96a1c 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -212,12 +212,12 @@ class ProviderCertChecker(object):
if credentials:
user, passwd = credentials
- @srpauth_protected(user, passwd)
+ @srpauth_protected(user, passwd, verify)
def getfn(*args, **kwargs):
return fgetfn(*args, **kwargs)
else:
- @magick_srpauth
+ @magick_srpauth(verify)
def getfn(*args, **kwargs):
return fgetfn(*args, **kwargs)
try:
diff --git a/src/leap/gui/firstrun/connect.py b/src/leap/gui/firstrun/connect.py
index 3172a526..283e81b2 100644
--- a/src/leap/gui/firstrun/connect.py
+++ b/src/leap/gui/firstrun/connect.py
@@ -91,12 +91,19 @@ class ConnectingPage(QtGui.QWizardPage):
wizard,
'start_eipconnection_signal', None)
- conductor.set_provider_domain(domain)
- conductor.run_checks()
- self.conductor = conductor
- errors = self.eip_error_check()
- if not errors and start_eip_signal:
- start_eip_signal.emit()
+ if conductor:
+ conductor.set_provider_domain(domain)
+ conductor.run_checks()
+ self.conductor = conductor
+ errors = self.eip_error_check()
+ if not errors and start_eip_signal:
+ start_eip_signal.emit()
+
+ else:
+ logger.warning(
+ "No conductor found. This means that "
+ "probably the wizard has been launched "
+ "in an stand-alone way")
def eip_error_check(self):
"""
@@ -110,6 +117,7 @@ class ConnectingPage(QtGui.QWizardPage):
# XXX missing!
def fetch_and_validate(self):
+ # XXX MOVE TO validate function in register-validation
import time
domain = self.field('provider_domain')
wizard = self.wizard()
@@ -150,15 +158,15 @@ class ConnectingPage(QtGui.QWizardPage):
# Download cert
try:
pCertChecker.download_new_client_cert(
- credentials=credentials)
- except auth.SRPAuthenticationError:
- self.set_validation_status("Authentication error")
- #self.set_validation_message(
- #"Click <i>next</i> to introduce your "
- #"credentials again")
- self.goto_login_again = True
- # We should do something here
- # but it's broken
+ credentials=credentials,
+ # FIXME FIXME FIXME
+ # XXX FIX THIS!!!!!
+ # BUG #638. remove verify
+ # FIXME FIXME FIXME
+ verify=False)
+ except auth.SRPAuthenticationError as exc:
+ self.set_validation_status(
+ "Authentication error: %s" % exc.message)
return False
time.sleep(2)
diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py
index c039dfc5..2609629a 100644
--- a/src/leap/gui/firstrun/providersetup.py
+++ b/src/leap/gui/firstrun/providersetup.py
@@ -100,7 +100,8 @@ class ProviderSetupValidationPage(ValidationPage):
if self.errors:
print 'going back with errors'
wizard.set_validation_error(
- 'signup', 'that name is taken')
+ 'providerselection',
+ 'error on provider setup')
self.go_back()
else:
print 'going next'
diff --git a/src/leap/gui/firstrun/regvalidation.py b/src/leap/gui/firstrun/regvalidation.py
index 42b9ccd5..6cf150b6 100644
--- a/src/leap/gui/firstrun/regvalidation.py
+++ b/src/leap/gui/firstrun/regvalidation.py
@@ -39,14 +39,22 @@ class RegisterUserValidationPage(ValidationPage):
we initialize the srp protocol register
and try to register user.
"""
+ print 'register user checks'
+
wizard = self.wizard()
domain = self.field('provider_domain')
username = self.field('userName')
password = self.field('userPassword')
- update_signal.emit("head_sentinel")
+ # XXX use pause_for_user from providerinfo
+ update_signal.emit("head_sentinel", 0)
update_signal.emit("registering with provider", 40)
- time.sleep(4)
+ time.sleep(0.5)
+ update_signal.emit("registering 2", 60)
+ time.sleep(1)
+ update_signal.emit("end_sentinel", 100)
+ time.sleep(0.5)
+ return
if wizard and wizard.debug_server:
# We're debugging
diff --git a/src/leap/gui/firstrun/tests/integration/fake_provider.py b/src/leap/gui/firstrun/tests/integration/fake_provider.py
new file mode 100755
index 00000000..27886d3b
--- /dev/null
+++ b/src/leap/gui/firstrun/tests/integration/fake_provider.py
@@ -0,0 +1,132 @@
+#/usr/bin/env python
+"""A server faking some of the provider resources and apis,
+used for testing Leap Client requests.
+
+Right needs that you create a subfolder named 'certs',
+and that you place the following files:
+
+[ ] certs/leaptestscert.pem
+[ ] certs/leaptestskey.pem
+[ ] certs/cacert.pem
+[ ] certs/openvpn.pem
+
+[ ] provider.json
+[ ] eip-service.json
+
+"""
+import json
+import os
+import sys
+
+# GnuTLS Example -- is not working as expected
+from gnutls import crypto
+from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL
+from gnutls.interfaces.twisted import X509Credentials
+
+# Going with OpenSSL as a workaround instead
+# But we DO NOT want to introduce this dependency.
+from OpenSSL import SSL
+
+from twisted.web.server import Site
+from twisted.web.static import File
+from twisted.web.resource import Resource
+from twisted.internet import reactor
+
+# See
+# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.htmln
+# for more examples
+
+
+class FakeSession(Resource):
+ def __init__(self, name):
+ self.name = name
+
+ def render_GET(self, request):
+ return json.dumps({'errors': None})
+
+ def render_POST(self, request):
+ return json.dumps(
+ {'salt': 'deadbeef', 'B': 'deadbeef', 'errors': None})
+
+ def render_PUT(self, request):
+ return json.dumps(
+ {'M2': 'deadbeef', 'errors': None})
+
+
+class API_Sessions(Resource):
+ def getChild(self, name, request):
+ return FakeSession(name)
+
+
+def get_certs_path():
+ script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
+ certs_path = os.path.join(script_path, 'certs')
+ return certs_path
+
+
+def get_TLS_credentials():
+ # XXX this is giving errors
+ # XXX REview! We want to use gnutls!
+ certs_path = get_certs_path()
+
+ cert = crypto.X509Certificate(
+ open(certs_path + '/leaptestscert.pem').read())
+ key = crypto.X509PrivateKey(
+ open(certs_path + '/leaptestskey.pem').read())
+ ca = crypto.X509Certificate(
+ open(certs_path + '/cacert.pem').read())
+ #crl = crypto.X509CRL(open(certs_path + '/crl.pem').read())
+ #cred = crypto.X509Credentials(cert, key, [ca], [crl])
+ cred = X509Credentials(cert, key, [ca])
+ cred.verify_peer = True
+ cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL)
+ return cred
+
+
+class OpenSSLServerContextFactory:
+ # XXX workaround for broken TLS interface
+ # from gnuTLS.
+
+ def getContext(self):
+ """Create an SSL context.
+ This is a sample implementation that loads a certificate from a file
+ called 'server.pem'."""
+ certs_path = get_certs_path()
+
+ ctx = SSL.Context(SSL.SSLv23_METHOD)
+ ctx.use_certificate_file(certs_path + '/leaptestscert.pem')
+ ctx.use_privatekey_file(certs_path + '/leaptestskey.pem')
+ return ctx
+
+
+if __name__ == "__main__":
+
+ from twisted.python import log
+ log.startLogging(sys.stdout)
+
+ root = Resource()
+ root.putChild("provider.json", File("./provider.json"))
+ config = Resource()
+ config.putChild(
+ "eip-service.json",
+ File("./eip-service.json"))
+ apiv1 = Resource()
+ apiv1.putChild("config", config)
+ apiv1.putChild("sessions.json", API_Sessions())
+ apiv1.putChild("cert", File(get_certs_path() + '/openvpn.pem'))
+ root.putChild("1", apiv1)
+
+ cred = get_TLS_credentials()
+
+ factory = Site(root)
+
+ # regular http
+ reactor.listenTCP(8000, factory)
+
+ # TLS with gnutls --- seems broken :(
+ #reactor.listenTLS(8003, factory, cred)
+
+ # OpenSSL
+ reactor.listenSSL(8443, factory, OpenSSLServerContextFactory())
+
+ reactor.run()
--
cgit v1.2.3