Merge branch 'release-0.1.0'

author: Azul <azul@leap.se> 2012-10-11 12:52:40 +0200
committer: Azul <azul@leap.se> 2012-10-11 12:52:40 +0200
commit: 10441deba145f53604ca3b981374f1ee6619c400 (patch)
tree: 90d2a851cd558652121182937a5ec8373722cab0 /users/test/integration/api
parent: 61d73ac517ccbcc7ca8892010ef89e861052807f (diff)
parent: 33ef3d2ac9a03b06ff29f1367c69731a89f1dfc7 (diff)
3 files changed, 94 insertions, 21 deletions
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e20bcf6..66de1e5 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -30,40 +30,39 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
       :password_verifier => @srp.verifier.to_s(16),
       :password_salt => @srp.salt.to_s(16)
     }
+    post '/users.json', :user => @user_params
+    @user = User.find_by_param(@login)
   end
 
   def teardown
     @user.destroy if @user # make sure we can run this test again
   end
 
-  test "signup and login with srp via api" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
+  test "signup response" do
     assert_json_response @user_params.slice(:login, :password_salt)
     assert_response :success
-    server_auth = @srp.authenticate(self, @login, @password)
+  end
+
+  test "signup and login with srp via api" do
+    server_auth = @srp.authenticate(self)
     assert_nil server_auth["errors"]
     assert server_auth["M2"]
   end
 
   test "signup and wrong password login attempt" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
-    assert_json_response @user_params.slice(:login, :password_salt)
-    assert_response :success
-    server_auth = @srp.authenticate(self, @login, "wrong password")
+    srp = SRP::Client.new(@login, "wrong password")
+    server_auth = srp.authenticate(self)
     assert_equal ["wrong password"], server_auth["errors"]['password']
     assert_nil server_auth["M2"]
   end
 
   test "signup and wrong username login attempt" do
-    post '/users.json', :user => @user_params
-    @user = User.find_by_param(@login)
-    assert_json_response @user_params.slice(:login, :password_salt)
-    assert_response :success
+    srp = SRP::Client.new("wrong_login", @password)
+    server_auth = nil
     assert_raises RECORD_NOT_FOUND do
-      server_auth = @srp.authenticate(self, "wronglogin", @password)
+      server_auth = srp.authenticate(self)
     end
+    assert_nil server_auth
   end
 
 end
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
new file mode 100755
index 0000000..0a11aec
--- /dev/null
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# under development
+
+import requests
+import json
+import string
+import random
+import srp._pysrp as srp
+import binascii
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
+# let's have some random name
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+  return ''.join(random.choice(chars) for x in range(size))
+
+# using globals for a start
+server = 'http://springbok/1/'
+login = id_generator()
+password = id_generator() + id_generator()
+
+# print '    username = "' + login + '"'
+# print '    password = "' + password + '"'
+
+# log the server communication
+def print_and_parse(response):
+  # print response.request.method + ': ' + response.url
+  # print "    " + json.dumps(response.request.data)
+  # print " -> " + response.text
+  return json.loads(response.text)
+
+def signup(session):
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  # print '    salt = "' + binascii.hexlify(salt) + '"'
+  # print '    v = "' + binascii.hexlify(vkey) + '"'
+  user_params = {
+      'user[login]': login,
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  return session.post(server + '/users.json', data = user_params)
+
+usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+
+def authenticate(session, login):
+  uname, A = usr.start_authentication()
+  # print '    aa = "' + binascii.hexlify(A) + '"'
+  params = {
+      'login': uname,
+      'A': binascii.hexlify(A)
+      }
+  init = print_and_parse(session.post(server + '/sessions', data = params))
+  # print '    b = "' + init['b'] + '"'
+  # print '    bb = "' + init['B'] + '"'
+  M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+  # print '    m = "' + binascii.hexlify(M) + '"'
+  return session.put(server + '/sessions/' + login, 
+      data = {'client_auth': binascii.hexlify(M)})
+
+session = requests.session()
+user = print_and_parse(signup(session))
+
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))
+if ( 'errors' in auth ):
+  print '    u = "%x"' % usr.u
+  print '    x = "%x"' % usr.x
+  print '    v = "%x"' % usr.v
+  print '    S = "%x"' % usr.S
+  print '    K = "' + binascii.hexlify(usr.K) + '"'
+  print '    M = "%x"' % usr.M
+else:
+  usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+# At this point the authentication process is complete.
+assert usr.authenticated()
+
diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py
index 2d79688..ac611d7 100755
--- a/users/test/integration/api/python/signup_and_login.py
+++ b/users/test/integration/api/python/signup_and_login.py
@@ -20,14 +20,13 @@ def print_and_parse(response):
   print response.request.method + ': ' + response.url
   print "    " + json.dumps(response.request.data)
   print " -> " + response.text
-  print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
   return json.loads(response.text)
 
 def signup(session):
   user_params = {
       'user[login]': id_generator(),
       'user[password_verifier]': '12345',
-      'user[password_salt]': '54321'
+      'user[password_salt]': 'AB54321'
       }
   return session.post(server + '/users.json', data = user_params)
 
@@ -36,11 +35,8 @@ def authenticate(session, login):
       'login': login,
       'A': '12345',
       }
-  init = session.post(server + '/sessions', data = params)
-  cookies = requests.utils.dict_from_cookiejar(init.cookies)
-  init = session.post(server + '/sessions', data = params, cookies = cookies)
-  print "(%) " + json.dumps(cookies)
-  return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies)
+  init = print_and_parse(session.post(server + '/sessions', data = params))
+  return session.put(server + '/sessions/' + login, data = {'client_auth': '123'})
 
 session = requests.session()
 user = print_and_parse(signup(session))
author	Azul <azul@leap.se>	2012-10-11 12:52:40 +0200
committer	Azul <azul@leap.se>	2012-10-11 12:52:40 +0200
commit	10441deba145f53604ca3b981374f1ee6619c400 (patch)
tree	90d2a851cd558652121182937a5ec8373722cab0 /users/test/integration/api
parent	61d73ac517ccbcc7ca8892010ef89e861052807f (diff)
parent	33ef3d2ac9a03b06ff29f1367c69731a89f1dfc7 (diff)