From b84007d8fec8c949ba4ac1d26695c710a210d797 Mon Sep 17 00:00:00 2001 From: kali Date: Thu, 8 Nov 2012 08:37:24 +0900 Subject: more careful error catching during registration. added a twisted server that fakes some of the provider interaction. --- src/leap/eip/checks.py | 4 +- src/leap/gui/firstrun/connect.py | 38 +++--- src/leap/gui/firstrun/providersetup.py | 3 +- src/leap/gui/firstrun/regvalidation.py | 12 +- .../firstrun/tests/integration/fake_provider.py | 132 +++++++++++++++++++++ 5 files changed, 169 insertions(+), 20 deletions(-) create mode 100755 src/leap/gui/firstrun/tests/integration/fake_provider.py (limited to 'src/leap') diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index ae3634bc..9bd96a1c 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -212,12 +212,12 @@ class ProviderCertChecker(object): if credentials: user, passwd = credentials - @srpauth_protected(user, passwd) + @srpauth_protected(user, passwd, verify) def getfn(*args, **kwargs): return fgetfn(*args, **kwargs) else: - @magick_srpauth + @magick_srpauth(verify) def getfn(*args, **kwargs): return fgetfn(*args, **kwargs) try: diff --git a/src/leap/gui/firstrun/connect.py b/src/leap/gui/firstrun/connect.py index 3172a526..283e81b2 100644 --- a/src/leap/gui/firstrun/connect.py +++ b/src/leap/gui/firstrun/connect.py @@ -91,12 +91,19 @@ class ConnectingPage(QtGui.QWizardPage): wizard, 'start_eipconnection_signal', None) - conductor.set_provider_domain(domain) - conductor.run_checks() - self.conductor = conductor - errors = self.eip_error_check() - if not errors and start_eip_signal: - start_eip_signal.emit() + if conductor: + conductor.set_provider_domain(domain) + conductor.run_checks() + self.conductor = conductor + errors = self.eip_error_check() + if not errors and start_eip_signal: + start_eip_signal.emit() + + else: + logger.warning( + "No conductor found. This means that " + "probably the wizard has been launched " + "in an stand-alone way") def eip_error_check(self): """ @@ -110,6 +117,7 @@ class ConnectingPage(QtGui.QWizardPage): # XXX missing! def fetch_and_validate(self): + # XXX MOVE TO validate function in register-validation import time domain = self.field('provider_domain') wizard = self.wizard() @@ -150,15 +158,15 @@ class ConnectingPage(QtGui.QWizardPage): # Download cert try: pCertChecker.download_new_client_cert( - credentials=credentials) - except auth.SRPAuthenticationError: - self.set_validation_status("Authentication error") - #self.set_validation_message( - #"Click next to introduce your " - #"credentials again") - self.goto_login_again = True - # We should do something here - # but it's broken + credentials=credentials, + # FIXME FIXME FIXME + # XXX FIX THIS!!!!! + # BUG #638. remove verify + # FIXME FIXME FIXME + verify=False) + except auth.SRPAuthenticationError as exc: + self.set_validation_status( + "Authentication error: %s" % exc.message) return False time.sleep(2) diff --git a/src/leap/gui/firstrun/providersetup.py b/src/leap/gui/firstrun/providersetup.py index c039dfc5..2609629a 100644 --- a/src/leap/gui/firstrun/providersetup.py +++ b/src/leap/gui/firstrun/providersetup.py @@ -100,7 +100,8 @@ class ProviderSetupValidationPage(ValidationPage): if self.errors: print 'going back with errors' wizard.set_validation_error( - 'signup', 'that name is taken') + 'providerselection', + 'error on provider setup') self.go_back() else: print 'going next' diff --git a/src/leap/gui/firstrun/regvalidation.py b/src/leap/gui/firstrun/regvalidation.py index 42b9ccd5..6cf150b6 100644 --- a/src/leap/gui/firstrun/regvalidation.py +++ b/src/leap/gui/firstrun/regvalidation.py @@ -39,14 +39,22 @@ class RegisterUserValidationPage(ValidationPage): we initialize the srp protocol register and try to register user. """ + print 'register user checks' + wizard = self.wizard() domain = self.field('provider_domain') username = self.field('userName') password = self.field('userPassword') - update_signal.emit("head_sentinel") + # XXX use pause_for_user from providerinfo + update_signal.emit("head_sentinel", 0) update_signal.emit("registering with provider", 40) - time.sleep(4) + time.sleep(0.5) + update_signal.emit("registering 2", 60) + time.sleep(1) + update_signal.emit("end_sentinel", 100) + time.sleep(0.5) + return if wizard and wizard.debug_server: # We're debugging diff --git a/src/leap/gui/firstrun/tests/integration/fake_provider.py b/src/leap/gui/firstrun/tests/integration/fake_provider.py new file mode 100755 index 00000000..27886d3b --- /dev/null +++ b/src/leap/gui/firstrun/tests/integration/fake_provider.py @@ -0,0 +1,132 @@ +#/usr/bin/env python +"""A server faking some of the provider resources and apis, +used for testing Leap Client requests. + +Right needs that you create a subfolder named 'certs', +and that you place the following files: + +[ ] certs/leaptestscert.pem +[ ] certs/leaptestskey.pem +[ ] certs/cacert.pem +[ ] certs/openvpn.pem + +[ ] provider.json +[ ] eip-service.json + +""" +import json +import os +import sys + +# GnuTLS Example -- is not working as expected +from gnutls import crypto +from gnutls.constants import COMP_LZO, COMP_DEFLATE, COMP_NULL +from gnutls.interfaces.twisted import X509Credentials + +# Going with OpenSSL as a workaround instead +# But we DO NOT want to introduce this dependency. +from OpenSSL import SSL + +from twisted.web.server import Site +from twisted.web.static import File +from twisted.web.resource import Resource +from twisted.internet import reactor + +# See +# http://twistedmatrix.com/documents/current/web/howto/web-in-60/index.htmln +# for more examples + + +class FakeSession(Resource): + def __init__(self, name): + self.name = name + + def render_GET(self, request): + return json.dumps({'errors': None}) + + def render_POST(self, request): + return json.dumps( + {'salt': 'deadbeef', 'B': 'deadbeef', 'errors': None}) + + def render_PUT(self, request): + return json.dumps( + {'M2': 'deadbeef', 'errors': None}) + + +class API_Sessions(Resource): + def getChild(self, name, request): + return FakeSession(name) + + +def get_certs_path(): + script_path = os.path.realpath(os.path.dirname(sys.argv[0])) + certs_path = os.path.join(script_path, 'certs') + return certs_path + + +def get_TLS_credentials(): + # XXX this is giving errors + # XXX REview! We want to use gnutls! + certs_path = get_certs_path() + + cert = crypto.X509Certificate( + open(certs_path + '/leaptestscert.pem').read()) + key = crypto.X509PrivateKey( + open(certs_path + '/leaptestskey.pem').read()) + ca = crypto.X509Certificate( + open(certs_path + '/cacert.pem').read()) + #crl = crypto.X509CRL(open(certs_path + '/crl.pem').read()) + #cred = crypto.X509Credentials(cert, key, [ca], [crl]) + cred = X509Credentials(cert, key, [ca]) + cred.verify_peer = True + cred.session_params.compressions = (COMP_LZO, COMP_DEFLATE, COMP_NULL) + return cred + + +class OpenSSLServerContextFactory: + # XXX workaround for broken TLS interface + # from gnuTLS. + + def getContext(self): + """Create an SSL context. + This is a sample implementation that loads a certificate from a file + called 'server.pem'.""" + certs_path = get_certs_path() + + ctx = SSL.Context(SSL.SSLv23_METHOD) + ctx.use_certificate_file(certs_path + '/leaptestscert.pem') + ctx.use_privatekey_file(certs_path + '/leaptestskey.pem') + return ctx + + +if __name__ == "__main__": + + from twisted.python import log + log.startLogging(sys.stdout) + + root = Resource() + root.putChild("provider.json", File("./provider.json")) + config = Resource() + config.putChild( + "eip-service.json", + File("./eip-service.json")) + apiv1 = Resource() + apiv1.putChild("config", config) + apiv1.putChild("sessions.json", API_Sessions()) + apiv1.putChild("cert", File(get_certs_path() + '/openvpn.pem')) + root.putChild("1", apiv1) + + cred = get_TLS_credentials() + + factory = Site(root) + + # regular http + reactor.listenTCP(8000, factory) + + # TLS with gnutls --- seems broken :( + #reactor.listenTLS(8003, factory, cred) + + # OpenSSL + reactor.listenSSL(8443, factory, OpenSSLServerContextFactory()) + + reactor.run() -- cgit v1.2.3