From 5029c3f63b44c30584f46a95aa3cf345bf64f0f5 Mon Sep 17 00:00:00 2001 From: antialias Date: Fri, 26 Oct 2012 18:21:16 -0400 Subject: Added generalize test to SRP URIs and failing test cases for SRP. --- src/leap/base/tests/test_auth.py | 53 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/src/leap/base/tests/test_auth.py b/src/leap/base/tests/test_auth.py index 7b5df99e..5652743d 100644 --- a/src/leap/base/tests/test_auth.py +++ b/src/leap/base/tests/test_auth.py @@ -17,7 +17,7 @@ from leap.testing.basetest import BaseLeapTest from BaseHTTPServer import BaseHTTPRequestHandler from leap.testing.https_server import BaseHTTPSServerTestCase -from leap.base.auth import SRPAuth +from leap.base.auth import SRPAuth, SRPAuthenticationError USERNAME = "0ACOJK" PASSWORD = "WG3HD06E7ZF3" @@ -82,4 +82,55 @@ class SRP_SERVER_HTTPSTests(BaseHTTPSServerTestCase, BaseLeapTest): srp_auth = SRPAuth(USERNAME, PASSWORD, "https://%s/1" % (self.get_server()), verify=False) + # XXX We might want to raise different errors for SRP failures + #This should fail at salt/B check time + with patch.object(SRPAuth, "get_data") as mocked_post: + with self.assertRaises(SRPAuthenticationError): + mocked_post.return_value = json.loads("{}") + srp_auth.authenticate() + + #This should fail at verification time + with patch.object(SRPAuth, "get_data") as mocked_post: + with self.assertRaises(SRPAuthenticationError): + mocked_post.return_value = json.loads( + '{"salt":"%s", "B":"%s", "M2":"%s"}' % + (binascii.hexlify("fake"), binascii.hexlify("sofake"), + binascii.hexlify("realfake"))) + srp_auth.authenticate() + srp_auth.authenticate() + +class SRP_Protected_URI_Sequence(BaseHTTPSServerTestCase, BaseLeapTest): + class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler): + # XXX get the real URIs and find the server side auth sequence + responses = { + '/1/get_cookie' : '', + '/1/get_protected' : '', + } + + def do_GET(self): + path = urlparse.urlparse(self.path) + message = '\n'.join(self.responses.get( + path.path, None)) + self.send_response(200) + if path.path == "/1/get_cookie": + self.send_header("set-cookie", "authorized=True") + if path.path == "/1/get_protected": + # XXX use a cookie library to do some abstraction + # and make this prettier + if self.headers.has_key("cookie") and \ + self.headers["cookie"].find("authorized=True") > -1: + self.send_header("set-cookie", "damn=right") + self.end_headers() + self.wfile.write(message) + + + def test_srp_protected_uri(self): + print self.get_server() + s = requests.session() + r1 = s.get("https://%s/1/get_cookie" % self.get_server(), verify=False) + self.assertEquals(r1.cookies["authorized"], 'True') + r2 = s.get("https://%s/1/get_protected" % self.get_server(), verify=False) + self.assertEquals(r2.cookies["damn"], 'right') + + -- cgit v1.2.3