Merge remote-tracking branch 'origin/develop'

Conflicts: app/assets/javascripts/srp test/nagios/soledad_sync.py test/nagios/webapp_login.py
author: Azul <azul@leap.se> 2014-05-16 08:42:36 +0200
committer: Azul <azul@leap.se> 2014-05-16 08:42:36 +0200
commit: 8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree: 17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /test/integration/api/python
parent: 81555ec6244ed76f92e3629880f68104b8705817 (diff)
parent: a4f7a410c536d88c91c834cab6ee950c71005ddd (diff)
6 files changed, 301 insertions, 0 deletions
diff --git a/test/integration/api/python/flow_with_srp.py b/test/integration/api/python/flow_with_srp.py
new file mode 100755
index 0000000..9fc168b
--- /dev/null
+++ b/test/integration/api/python/flow_with_srp.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python
+
+# under development
+
+import requests
+import json
+import string
+import random
+import srp._pysrp as srp
+import binascii
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
+# using globals for now
+# server = 'https://dev.bitmask.net/1'
+server = 'http://api.lvh.me:3000/1'
+
+def run_tests():
+  login = 'test_' + id_generator()
+  password = id_generator() + id_generator()
+  usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+  print_and_parse(signup(login, password))
+
+  auth = print_and_parse(authenticate(usr))
+  verify_or_debug(auth, usr)
+  assert usr.authenticated()
+
+  usr = change_password(auth['id'], login, auth['token'])
+
+  auth = print_and_parse(authenticate(usr))
+  verify_or_debug(auth, usr)
+  # At this point the authentication process is complete.
+  assert usr.authenticated()
+
+# let's have some random name
+def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+# log the server communication
+def print_and_parse(response):
+  request = response.request
+  print request.method + ': ' + response.url
+  if hasattr(request, 'data'):
+    print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+  try: 
+    return json.loads(response.text)
+  except ValueError:
+    return None
+
+def signup(login, password):
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  user_params = {
+      'user[login]': login,
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  return requests.post(server + '/users.json', data = user_params, verify = False)
+
+def change_password(user_id, login, token):
+  password = id_generator() + id_generator()
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  user_params = {
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  auth_headers = { 'Authorization': 'Token token="' + token + '"'}
+  print user_params
+  print_and_parse(requests.put(server + '/users/' + user_id + '.json', data = user_params, verify = False, headers = auth_headers))
+  return srp.User( login, password, srp.SHA256, srp.NG_1024 )
+
+
+def authenticate(usr):
+  session = requests.session()
+  uname, A = usr.start_authentication()
+  params = {
+      'login': uname,
+      'A': binascii.hexlify(A)
+      }
+  init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
+  M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+  return session.put(server + '/sessions/' + uname, verify = False,
+      data = {'client_auth': binascii.hexlify(M)})
+
+def verify_or_debug(auth, usr):
+  if ( 'errors' in auth ):
+    print '    u = "%x"' % usr.u
+    print '    x = "%x"' % usr.x
+    print '    v = "%x"' % usr.v
+    print '    S = "%x"' % usr.S
+    print '    K = "' + binascii.hexlify(usr.K) + '"'
+    print '    M = "' + binascii.hexlify(usr.M) + '"'
+  else:
+    usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+run_tests()
diff --git a/test/integration/api/python/login_wrong_username.py b/test/integration/api/python/login_wrong_username.py
new file mode 100755
index 0000000..390f250
--- /dev/null
+++ b/test/integration/api/python/login_wrong_username.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+params = {
+    'login': 'python_test_user_'+id_generator(),
+    'A': '12345',
+    }
+r = requests.post(server + '/sessions', data = params)
+print r.url
+print r.text
diff --git a/test/integration/api/python/signup.py b/test/integration/api/python/signup.py
new file mode 100755
index 0000000..0d3a4e0
--- /dev/null
+++ b/test/integration/api/python/signup.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+user_params = {
+    'user[login]': 'python_test_user_'+id_generator(),
+    'user[password_verifier]': '12345',
+    'user[password_salt]': '54321'
+    }
+r = requests.post(server + '/users.json', data = user_params)
+print r.url
+print r.text
diff --git a/test/integration/api/python/signup_and_login.py b/test/integration/api/python/signup_and_login.py
new file mode 100755
index 0000000..ac611d7
--- /dev/null
+++ b/test/integration/api/python/signup_and_login.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+
+# FAILS
+#
+# This test is currently failing for me because the session is not kept.
+# Played with it a bunch - is probably messed up right now as well.
+
+
+server = 'http://localhost:3000'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+  print response.request.method + ': ' + response.url
+  print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+  return json.loads(response.text)
+
+def signup(session):
+  user_params = {
+      'user[login]': id_generator(),
+      'user[password_verifier]': '12345',
+      'user[password_salt]': 'AB54321'
+      }
+  return session.post(server + '/users.json', data = user_params)
+
+def authenticate(session, login):
+  params = {
+      'login': login,
+      'A': '12345',
+      }
+  init = print_and_parse(session.post(server + '/sessions', data = params))
+  return session.put(server + '/sessions/' + login, data = {'client_auth': '123'})
+
+session = requests.session()
+user = print_and_parse(signup(session))
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))
diff --git a/test/integration/api/python/signup_and_login_wrong_password.py b/test/integration/api/python/signup_and_login_wrong_password.py
new file mode 100755
index 0000000..9efffa1
--- /dev/null
+++ b/test/integration/api/python/signup_and_login_wrong_password.py
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+server = 'http://localhost:9292'
+
+import requests
+import json
+import string
+import random
+
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+def print_and_parse(response):
+  print response.request.method + ': ' + response.url
+  print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+#  print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
+  return json.loads(response.text)
+
+def signup():
+  user_params = {
+      'user[login]': id_generator(),
+      'user[password_verifier]': '12345',
+      'user[password_salt]': '54321'
+      }
+  return requests.post(server + '/users.json', data = user_params)
+
+def handshake(login):
+  params = {
+      'login': login,
+      'A': '12345',
+      }
+  return requests.post(server + '/sessions', data = params)
+
+def authenticate(login, M):
+  return requests.put(server + '/sessions/' + login, data = {'M': M})
+
+
+user = print_and_parse(signup())
+handshake = print_and_parse(handshake(user['login']))
+# SRP signup would happen here and calculate M hex
+M = '123ABC'
+auth = print_and_parse(authenticate(user['login'], M))
diff --git a/test/integration/api/python/umlauts.py b/test/integration/api/python/umlauts.py
new file mode 100755
index 0000000..96fecbf
--- /dev/null
+++ b/test/integration/api/python/umlauts.py
@@ -0,0 +1,79 @@
+#!/usr/bin/env python
+# coding: utf-8
+
+# under development
+
+import requests
+import json
+import string
+import random
+import srp._pysrp as srp
+import binascii
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
+# using globals for now
+# server = 'https://dev.bitmask.net/1'
+server = 'http://api.lvh.me:3000/1'
+
+def run_tests():
+  login = 'test_' + id_generator()
+  password = id_generator() + "äöì" + id_generator()
+  usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+  print_and_parse(signup(login, password))
+
+  auth = print_and_parse(authenticate(usr))
+  verify_or_debug(auth, usr)
+  assert usr.authenticated()
+
+
+# let's have some random name
+def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+# log the server communication
+def print_and_parse(response):
+  request = response.request
+  print request.method + ': ' + response.url
+  if hasattr(request, 'data'):
+    print "    " + json.dumps(response.request.data)
+  print " -> " + response.text
+  try: 
+    return json.loads(response.text)
+  except ValueError:
+    return None
+
+def signup(login, password):
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  user_params = {
+      'user[login]': login,
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  print json.dumps(user_params)
+  return requests.post(server + '/users.json', data = user_params, verify = False)
+
+def authenticate(usr):
+  session = requests.session()
+  uname, A = usr.start_authentication()
+  params = {
+      'login': uname,
+      'A': binascii.hexlify(A)
+      }
+  init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
+  M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+  return session.put(server + '/sessions/' + uname, verify = False,
+      data = {'client_auth': binascii.hexlify(M)})
+
+def verify_or_debug(auth, usr):
+  if ( 'errors' in auth ):
+    print '    u = "%x"' % usr.u
+    print '    x = "%x"' % usr.x
+    print '    v = "%x"' % usr.v
+    print '    S = "%x"' % usr.S
+    print '    K = "' + binascii.hexlify(usr.K) + '"'
+    print '    M = "' + binascii.hexlify(usr.M) + '"'
+  else:
+    usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+run_tests()
author	Azul <azul@leap.se>	2014-05-16 08:42:36 +0200
committer	Azul <azul@leap.se>	2014-05-16 08:42:36 +0200
commit	8fbbb8717f0578536b97c2dc0883c632f120e976 (patch)
tree	17aeb2b48ada703ac916a9a65fbf3c75a5dadb86 /test/integration/api/python
parent	81555ec6244ed76f92e3629880f68104b8705817 (diff)
parent	a4f7a410c536d88c91c834cab6ee950c71005ddd (diff)