more careful error catching during registration.

added a twisted server that fakes some of the provider interaction.
author: kali <kali@leap.se> 2012-11-08 08:37:24 +0900
committer: kali <kali@leap.se> 2012-11-08 08:37:24 +0900
commit: b84007d8fec8c949ba4ac1d26695c710a210d797 (patch)
tree: e9552e9925c103618e2ae6a9161105ab9e1317bd
parent: 8a70d249df9782a370c00a37de9a7d3af568c0f5 (diff)
5 files changed, 169 insertions, 20 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index ae3634bc..9bd96a1c 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -212,12 +212,12 @@ class ProviderCertChecker(object):
         if credentials:
             user, passwd = credentials
 
-            @srpauth_protected(user, passwd)
+            @srpauth_protected(user, passwd, verify)
             def getfn(*args, **kwargs):
                 return fgetfn(*args, **kwargs)
 
         else:
-            @magick_srpauth
+            @magick_srpauth(verify)
             def getfn(*args, **kwargs):
                 return fgetfn(*args, **kwargs)
         try:
diff --git a/src/leap/gui/firstrun/connect.py b/src/leap/gui/firstrun/connect.py
index 3172a526..283e81b2 100644
--- a/src/leap/gui/firstrun/connect.py
+++ b/src/leap/gui/firstrun/connect.py
@@ -91,12 +91,19 @@ class ConnectingPage(QtGui.QWizardPage):
             wizard,
             'start_eipconnection_signal', None)
 
-        conductor.set_provider_domain(domain)
-        conductor.run_checks()
-        self.conductor = conductor
-        errors = self.eip_error_check()
-        if not errors and start_eip_signal:
-            start_eip_signal.emit()
+        if conductor:
+            conductor.set_provider_domain(domain)
+            conductor.run_checks()
+            self.conductor = conductor
+            errors = self.eip_error_check()
+            if not errors and start_eip_signal:
+                start_eip_signal.emit()
+
+        else:
+            logger.warning(
+                "No conductor found. This means that "
+                "probably the wizard has been launched "
+                "in an stand-alone way")
 
     def eip_error_check(self):
         """
@@ -110,6 +117,7 @@ class ConnectingPage(QtGui.QWizardPage):
         # XXX missing!
 
     def fetch_and_validate(self):
+        # XXX MOVE TO validate function in register-validation
         import time
         domain = self.field('provider_domain')
         wizard = self.wizard()
@@ -150,15 +158,15 @@ class ConnectingPage(QtGui.QWizardPage):
         # Download cert
         try:
             pCertChecker.download_new_client_cert(
-                credentials=credentials)
-        except auth.SRPAuthenticationError:
-            self.set_validation_status("Authentication error")
-            #self.set_validation_message(
-                #"Click <i>next</i> to introduce your "
-                #"credentials again")
-            self.goto_login_again = True
-            # We should do something here
-            # but it's broken
+                credentials=credentials,
+                # FIXME FIXME FIXME
+                # XXX FIX THIS!!!!!
+                # BUG #638. remove verify
+                # FIXME FIXME FIXME
+                verify=False)
+        except auth.SRPAuthenticationError as exc:
+            self.set_validation_status(
+                "Authentication error: %s" % exc.message)
             return False
 
         time.sleep(2)
diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py
index c039dfc5..2609629a 100644
--- a/src/leap/gui/firstrun/providersetup.py
+++ b/src/leap/gui/firstrun/providersetup.py
@@ -100,7 +100,8 @@ class ProviderSetupValidationPage(ValidationPage):
         if self.errors:
             print 'going back with errors'
             wizard.set_validation_error(
-                'signup', 'that name is taken')
+                'providerselection',
+                'error on provider setup')
             self.go_back()
         else:
             print 'going next'
diff --git a/src/leap/gui/firstrun/regvalidation.py b/src/leap/gui/firstrun/regvalidation.py
index 42b9ccd5..6cf150b6 100644
--- a/src/leap/gui/firstrun/regvalidation.py
+++ b/src/leap/gui/firstrun/regvalidation.py
@@ -39,14 +39,22 @@ class RegisterUserValidationPage(ValidationPage):
         we initialize the srp protocol register
         and try to register user.
         """
+        print 'register user checks'
+
         wizard = self.wizard()
         domain = self.field('provider_domain')
         username = self.field('userName')
         password = self.field('userPassword')
 
-        update_signal.emit("head_sentinel")
+        # XXX use pause_for_user from providerinfo
+        update_signal.emit("head_sentinel", 0)
         update_signal.emit("registering with provider", 40)
-        time.sleep(4)
+        time.sleep(0.5)
+        update_signal.emit("registering 2", 60)
+        time.sleep(1)
+        update_signal.emit("end_sentinel", 100)
+        time.sleep(0.5)
+        return
 
         if wizard and wizard.debug_server:
             # We're debugging
diff --git a/src/leap/gui/firstrun/tests/integration/fake_provider.py b/src/leap/gui/firstrun/tests/integration/fake_provider.py
new file mode 100755
index 00000000..27886d3b
--- /dev/null
+++ b/src/leap/gui/firstrun/tests/integration/fake_provider.py
@@ -0,0 +1,132 @@
+#/usr/bin/env python
+"""A server faking some of the provider resources and apis,
+used for testing Leap Client requests.
+
+Right needs that you create a subfolder named 'certs',
+and that you place the following files:
+
+[ ] certs/leaptestscert.pem
+[ ] certs/leaptestskey.pem
+[ ] certs/cacert.pem
+[ ] certs/openvpn.pem
+
+[ ] provider.json
+[ ] eip-service.json
+
+"""
+import json
+import os
+import sys
+
+# GnuTLS Example -- is not working as expected
+from gnutls import crypto
+from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL
+from gnutls.interfaces.twisted import X509Credentials
+
+# Going with OpenSSL as a workaround instead
+# But we DO NOT want to introduce this dependency.
+from OpenSSL import SSL
+
+from twisted.web.server import Site
+from twisted.web.static import File
+from twisted.web.resource import Resource
+from twisted.internet import reactor
+
+# See
+# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.htmln
+# for more examples
+
+
+class FakeSession(Resource):
+    def __init__(self, name):
+        self.name = name
+
+    def render_GET(self, request):
+        return json.dumps({'errors': None})
+
+    def render_POST(self, request):
+        return json.dumps(
+            {'salt': 'deadbeef', 'B': 'deadbeef', 'errors': None})
+
+    def render_PUT(self, request):
+        return json.dumps(
+            {'M2': 'deadbeef', 'errors': None})
+
+
+class API_Sessions(Resource):
+    def getChild(self, name, request):
+        return FakeSession(name)
+
+
+def get_certs_path():
+    script_path = os.path.realpath(os.path.dirname(sys.argv[0]))
+    certs_path = os.path.join(script_path, 'certs')
+    return certs_path
+
+
+def get_TLS_credentials():
+    # XXX this is giving errors
+    # XXX REview! We want to use gnutls!
+    certs_path = get_certs_path()
+
+    cert = crypto.X509Certificate(
+        open(certs_path + '/leaptestscert.pem').read())
+    key = crypto.X509PrivateKey(
+        open(certs_path + '/leaptestskey.pem').read())
+    ca = crypto.X509Certificate(
+        open(certs_path + '/cacert.pem').read())
+    #crl = crypto.X509CRL(open(certs_path + '/crl.pem').read())
+    #cred = crypto.X509Credentials(cert, key, [ca], [crl])
+    cred = X509Credentials(cert, key, [ca])
+    cred.verify_peer = True
+    cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL)
+    return cred
+
+
+class OpenSSLServerContextFactory:
+    # XXX workaround for broken TLS interface
+    # from gnuTLS.
+
+    def getContext(self):
+        """Create an SSL context.
+        This is a sample implementation that loads a certificate from a file
+        called 'server.pem'."""
+        certs_path = get_certs_path()
+
+        ctx = SSL.Context(SSL.SSLv23_METHOD)
+        ctx.use_certificate_file(certs_path + '/leaptestscert.pem')
+        ctx.use_privatekey_file(certs_path + '/leaptestskey.pem')
+        return ctx
+
+
+if __name__ == "__main__":
+
+    from twisted.python import log
+    log.startLogging(sys.stdout)
+
+    root = Resource()
+    root.putChild("provider.json", File("./provider.json"))
+    config = Resource()
+    config.putChild(
+        "eip-service.json",
+        File("./eip-service.json"))
+    apiv1 = Resource()
+    apiv1.putChild("config", config)
+    apiv1.putChild("sessions.json", API_Sessions())
+    apiv1.putChild("cert", File(get_certs_path() + '/openvpn.pem'))
+    root.putChild("1", apiv1)
+
+    cred = get_TLS_credentials()
+
+    factory = Site(root)
+
+    # regular http
+    reactor.listenTCP(8000, factory)
+
+    # TLS with gnutls --- seems broken :(
+    #reactor.listenTLS(8003, factory, cred)
+
+    # OpenSSL
+    reactor.listenSSL(8443, factory, OpenSSLServerContextFactory())
+
+    reactor.run()
author	kali <kali@leap.se>	2012-11-08 08:37:24 +0900
committer	kali <kali@leap.se>	2012-11-08 08:37:24 +0900
commit	b84007d8fec8c949ba4ac1d26695c710a210d797 (patch)
tree	e9552e9925c103618e2ae6a9161105ab9e1317bd
parent	8a70d249df9782a370c00a37de9a7d3af568c0f5 (diff)