summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2013-08-21 07:58:52 +0200
committerAzul <azul@leap.se>2013-08-21 07:58:52 +0200
commit76bc9d708b119d8c5047b487ccedaa9c70fec78b (patch)
tree4f87511224df46d93d90f2e7cda75e98ba2d00f4
parent54243290c1550d88be0a39cdabeaf47a4a13075c (diff)
also test updating the user password in python against dev.bm
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py63
1 files changed, 39 insertions, 24 deletions
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 7b741d6..d37c6af 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,24 +16,24 @@ def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
# using globals for a start
-server = 'https://api.bitmask.net:4430/1'
-login = id_generator()
+server = 'https://dev.bitmask.net/1'
+login = 'test_' + id_generator()
password = id_generator() + id_generator()
-# print ' username = "' + login + '"'
-# print ' password = "' + password + '"'
-
# log the server communication
def print_and_parse(response):
- print response.request.method + ': ' + response.url
- print " " + json.dumps(response.request.data)
+ request = response.request
+ print request.method + ': ' + response.url
+ if hasattr(request, 'data'):
+ print " " + json.dumps(response.request.data)
print " -> " + response.text
- return json.loads(response.text)
+ try:
+ return json.loads(response.text)
+ except ValueError:
+ return None
def signup(session):
salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
- # print ' salt = "' + binascii.hexlify(salt) + '"'
- # print ' v = "' + binascii.hexlify(vkey) + '"'
user_params = {
'user[login]': login,
'user[password_verifier]': binascii.hexlify(vkey),
@@ -41,38 +41,53 @@ def signup(session):
}
return session.post(server + '/users.json', data = user_params, verify = False)
-usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+def change_password(session):
+ password = id_generator() + id_generator()
+ salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+ user_params = {
+ 'user[password_verifier]': binascii.hexlify(vkey),
+ 'user[password_salt]': binascii.hexlify(salt)
+ }
+ print user_params
+ print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False))
+ return srp.User( login, password, srp.SHA256, srp.NG_1024 )
+
def authenticate(session, login):
uname, A = usr.start_authentication()
- # print ' aa = "' + binascii.hexlify(A) + '"'
params = {
'login': uname,
'A': binascii.hexlify(A)
}
init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
- # print ' b = "' + init['b'] + '"'
- # print ' bb = "' + init['B'] + '"'
M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
- # print ' m = "' + binascii.hexlify(M) + '"'
return session.put(server + '/sessions/' + login, verify = False,
data = {'client_auth': binascii.hexlify(M)})
+def verify_or_debug(auth):
+ if ( 'errors' in auth ):
+ print ' u = "%x"' % usr.u
+ print ' x = "%x"' % usr.x
+ print ' v = "%x"' % usr.v
+ print ' S = "%x"' % usr.S
+ print ' K = "' + binascii.hexlify(usr.K) + '"'
+ print ' M = "' + binascii.hexlify(usr.M) + '"'
+ else:
+ usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
session = requests.session()
user = print_and_parse(signup(session))
# SRP signup would happen here and calculate M hex
auth = print_and_parse(authenticate(session, user['login']))
-if ( 'errors' in auth ):
- print ' u = "%x"' % usr.u
- print ' x = "%x"' % usr.x
- print ' v = "%x"' % usr.v
- print ' S = "%x"' % usr.S
- print ' K = "' + binascii.hexlify(usr.K) + '"'
- print ' M = "%x"' % usr.M
-else:
- usr.verify_session( safe_unhexlify(auth["M2"]) )
+verify_or_debug(auth)
+assert usr.authenticated()
+
+usr = change_password(session)
+auth = print_and_parse(authenticate(session, user['login']))
+verify_or_debug(auth)
# At this point the authentication process is complete.
assert usr.authenticated()