summaryrefslogtreecommitdiff
path: root/users/test/integration/api
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-08-27 11:22:52 -0700
committerjessib <jessib@riseup.net>2013-08-27 11:22:52 -0700
commite481b8cbc05a858674a59ef36d695973622f6b3a (patch)
tree8a20143ce831d71076a8c3913664b3a67742ed6b /users/test/integration/api
parent441db4736e0cd003caf9c8f7b3fbdb1ffa72b969 (diff)
parentfdf9c5f9ea605020ea371de8e221efe8e5d5ba32 (diff)
Merge pull request #72 from azul/feature/token-based-auth
Feature: Token based auth
Diffstat (limited to 'users/test/integration/api')
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py59
1 files changed, 31 insertions, 28 deletions
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index d37c6af..9fc168b 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -11,15 +11,31 @@ import binascii
safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+# using globals for now
+# server = 'https://dev.bitmask.net/1'
+server = 'http://api.lvh.me:3000/1'
+
+def run_tests():
+ login = 'test_' + id_generator()
+ password = id_generator() + id_generator()
+ usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+ print_and_parse(signup(login, password))
+
+ auth = print_and_parse(authenticate(usr))
+ verify_or_debug(auth, usr)
+ assert usr.authenticated()
+
+ usr = change_password(auth['id'], login, auth['token'])
+
+ auth = print_and_parse(authenticate(usr))
+ verify_or_debug(auth, usr)
+ # At this point the authentication process is complete.
+ assert usr.authenticated()
+
# let's have some random name
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
-# using globals for a start
-server = 'https://dev.bitmask.net/1'
-login = 'test_' + id_generator()
-password = id_generator() + id_generator()
-
# log the server communication
def print_and_parse(response):
request = response.request
@@ -32,28 +48,30 @@ def print_and_parse(response):
except ValueError:
return None
-def signup(session):
+def signup(login, password):
salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
user_params = {
'user[login]': login,
'user[password_verifier]': binascii.hexlify(vkey),
'user[password_salt]': binascii.hexlify(salt)
}
- return session.post(server + '/users.json', data = user_params, verify = False)
+ return requests.post(server + '/users.json', data = user_params, verify = False)
-def change_password(session):
+def change_password(user_id, login, token):
password = id_generator() + id_generator()
salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
user_params = {
'user[password_verifier]': binascii.hexlify(vkey),
'user[password_salt]': binascii.hexlify(salt)
}
+ auth_headers = { 'Authorization': 'Token token="' + token + '"'}
print user_params
- print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False))
+ print_and_parse(requests.put(server + '/users/' + user_id + '.json', data = user_params, verify = False, headers = auth_headers))
return srp.User( login, password, srp.SHA256, srp.NG_1024 )
-def authenticate(session, login):
+def authenticate(usr):
+ session = requests.session()
uname, A = usr.start_authentication()
params = {
'login': uname,
@@ -61,10 +79,10 @@ def authenticate(session, login):
}
init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
- return session.put(server + '/sessions/' + login, verify = False,
+ return session.put(server + '/sessions/' + uname, verify = False,
data = {'client_auth': binascii.hexlify(M)})
-def verify_or_debug(auth):
+def verify_or_debug(auth, usr):
if ( 'errors' in auth ):
print ' u = "%x"' % usr.u
print ' x = "%x"' % usr.x
@@ -75,19 +93,4 @@ def verify_or_debug(auth):
else:
usr.verify_session( safe_unhexlify(auth["M2"]) )
-usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
-session = requests.session()
-user = print_and_parse(signup(session))
-
-# SRP signup would happen here and calculate M hex
-auth = print_and_parse(authenticate(session, user['login']))
-verify_or_debug(auth)
-assert usr.authenticated()
-
-usr = change_password(session)
-
-auth = print_and_parse(authenticate(session, user['login']))
-verify_or_debug(auth)
-# At this point the authentication process is complete.
-assert usr.authenticated()
-
+run_tests()