summaryrefslogtreecommitdiff
path: root/users/test
diff options
context:
space:
mode:
authorAzul <azul@leap.se>2012-10-11 12:52:40 +0200
committerAzul <azul@leap.se>2012-10-11 12:52:40 +0200
commit10441deba145f53604ca3b981374f1ee6619c400 (patch)
tree90d2a851cd558652121182937a5ec8373722cab0 /users/test
parent61d73ac517ccbcc7ca8892010ef89e861052807f (diff)
parent33ef3d2ac9a03b06ff29f1367c69731a89f1dfc7 (diff)
Merge branch 'release-0.1.0'
Diffstat (limited to 'users/test')
-rw-r--r--users/test/functional/sessions_controller_test.rb16
-rw-r--r--users/test/integration/api/account_flow_test.rb27
-rwxr-xr-xusers/test/integration/api/python/flow_with_srp.py78
-rwxr-xr-xusers/test/integration/api/python/signup_and_login.py10
-rw-r--r--users/test/test_helper.rb2
-rw-r--r--users/test/unit/user_test.rb41
6 files changed, 132 insertions, 42 deletions
diff --git a/users/test/functional/sessions_controller_test.rb b/users/test/functional/sessions_controller_test.rb
index 7876d84..b6e56a7 100644
--- a/users/test/functional/sessions_controller_test.rb
+++ b/users/test/functional/sessions_controller_test.rb
@@ -8,7 +8,9 @@ class SessionsControllerTest < ActionController::TestCase
@server_hex = 'b123'
@server_rnd = @server_hex.hex
@server_rnd_exp = 'e123'.hex
+ @salt = 'stub user salt'
@server_handshake = stub :aa => @client_rnd, :bb => @server_rnd, :b => @server_rnd_exp
+ @server_auth = 'adfe'
end
test "should get login screen" do
@@ -21,11 +23,13 @@ class SessionsControllerTest < ActionController::TestCase
user.expects(:initialize_auth).
with(@client_rnd).
returns(@server_handshake)
+ @server_handshake.expects(:to_json).
+ returns({'B' => @server_hex, 'salt' => @salt}.to_json)
User.expects(:find_by_param).with(user.login).returns(user)
post :create, :login => user.login, 'A' => @client_hex
assert_equal @server_handshake, session[:handshake]
assert_response :success
- assert_json_response :B => @server_hex
+ assert_json_response :B => @server_hex, :salt => @salt
end
test "should report user not found" do
@@ -39,9 +43,11 @@ class SessionsControllerTest < ActionController::TestCase
test "should authorize" do
session[:handshake] = @server_handshake
user = stub :login => "me", :id => 123
- user.expects(:authenticate!).
- with(@client_rnd, @server_handshake).
+ @server_handshake.expects(:authenticate!).
+ with(@client_rnd).
returns(@server_auth)
+ @server_handshake.expects(:to_json).
+ returns({:M2 => @server_auth}.to_json)
User.expects(:find_by_param).with(user.login).returns(user)
post :update, :id => user.login, :client_auth => @client_hex
assert_nil session[:handshake]
@@ -52,8 +58,8 @@ class SessionsControllerTest < ActionController::TestCase
test "should report wrong password" do
session[:handshake] = @server_handshake
user = stub :login => "me", :id => 123
- user.expects(:authenticate!).
- with(@client_rnd, @server_handshake).
+ @server_handshake.expects(:authenticate!).
+ with(@client_rnd).
raises(WRONG_PASSWORD)
User.expects(:find_by_param).with(user.login).returns(user)
post :update, :id => user.login, :client_auth => @client_hex
diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index e20bcf6..66de1e5 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -30,40 +30,39 @@ class AccountFlowTest < ActionDispatch::IntegrationTest
:password_verifier => @srp.verifier.to_s(16),
:password_salt => @srp.salt.to_s(16)
}
+ post '/users.json', :user => @user_params
+ @user = User.find_by_param(@login)
end
def teardown
@user.destroy if @user # make sure we can run this test again
end
- test "signup and login with srp via api" do
- post '/users.json', :user => @user_params
- @user = User.find_by_param(@login)
+ test "signup response" do
assert_json_response @user_params.slice(:login, :password_salt)
assert_response :success
- server_auth = @srp.authenticate(self, @login, @password)
+ end
+
+ test "signup and login with srp via api" do
+ server_auth = @srp.authenticate(self)
assert_nil server_auth["errors"]
assert server_auth["M2"]
end
test "signup and wrong password login attempt" do
- post '/users.json', :user => @user_params
- @user = User.find_by_param(@login)
- assert_json_response @user_params.slice(:login, :password_salt)
- assert_response :success
- server_auth = @srp.authenticate(self, @login, "wrong password")
+ srp = SRP::Client.new(@login, "wrong password")
+ server_auth = srp.authenticate(self)
assert_equal ["wrong password"], server_auth["errors"]['password']
assert_nil server_auth["M2"]
end
test "signup and wrong username login attempt" do
- post '/users.json', :user => @user_params
- @user = User.find_by_param(@login)
- assert_json_response @user_params.slice(:login, :password_salt)
- assert_response :success
+ srp = SRP::Client.new("wrong_login", @password)
+ server_auth = nil
assert_raises RECORD_NOT_FOUND do
- server_auth = @srp.authenticate(self, "wronglogin", @password)
+ server_auth = srp.authenticate(self)
end
+ assert_nil server_auth
end
end
diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
new file mode 100755
index 0000000..0a11aec
--- /dev/null
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+
+# under development
+
+import requests
+import json
+import string
+import random
+import srp._pysrp as srp
+import binascii
+
+safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
+
+# let's have some random name
+def id_generator(size=6, chars=string.ascii_uppercase + string.digits):
+ return ''.join(random.choice(chars) for x in range(size))
+
+# using globals for a start
+server = 'http://springbok/1/'
+login = id_generator()
+password = id_generator() + id_generator()
+
+# print ' username = "' + login + '"'
+# print ' password = "' + password + '"'
+
+# log the server communication
+def print_and_parse(response):
+ # print response.request.method + ': ' + response.url
+ # print " " + json.dumps(response.request.data)
+ # print " -> " + response.text
+ return json.loads(response.text)
+
+def signup(session):
+ salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+ # print ' salt = "' + binascii.hexlify(salt) + '"'
+ # print ' v = "' + binascii.hexlify(vkey) + '"'
+ user_params = {
+ 'user[login]': login,
+ 'user[password_verifier]': binascii.hexlify(vkey),
+ 'user[password_salt]': binascii.hexlify(salt)
+ }
+ return session.post(server + '/users.json', data = user_params)
+
+usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+
+def authenticate(session, login):
+ uname, A = usr.start_authentication()
+ # print ' aa = "' + binascii.hexlify(A) + '"'
+ params = {
+ 'login': uname,
+ 'A': binascii.hexlify(A)
+ }
+ init = print_and_parse(session.post(server + '/sessions', data = params))
+ # print ' b = "' + init['b'] + '"'
+ # print ' bb = "' + init['B'] + '"'
+ M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
+ # print ' m = "' + binascii.hexlify(M) + '"'
+ return session.put(server + '/sessions/' + login,
+ data = {'client_auth': binascii.hexlify(M)})
+
+session = requests.session()
+user = print_and_parse(signup(session))
+
+# SRP signup would happen here and calculate M hex
+auth = print_and_parse(authenticate(session, user['login']))
+if ( 'errors' in auth ):
+ print ' u = "%x"' % usr.u
+ print ' x = "%x"' % usr.x
+ print ' v = "%x"' % usr.v
+ print ' S = "%x"' % usr.S
+ print ' K = "' + binascii.hexlify(usr.K) + '"'
+ print ' M = "%x"' % usr.M
+else:
+ usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+# At this point the authentication process is complete.
+assert usr.authenticated()
+
diff --git a/users/test/integration/api/python/signup_and_login.py b/users/test/integration/api/python/signup_and_login.py
index 2d79688..ac611d7 100755
--- a/users/test/integration/api/python/signup_and_login.py
+++ b/users/test/integration/api/python/signup_and_login.py
@@ -20,14 +20,13 @@ def print_and_parse(response):
print response.request.method + ': ' + response.url
print " " + json.dumps(response.request.data)
print " -> " + response.text
- print " () " + json.dumps(requests.utils.dict_from_cookiejar(response.cookies))
return json.loads(response.text)
def signup(session):
user_params = {
'user[login]': id_generator(),
'user[password_verifier]': '12345',
- 'user[password_salt]': '54321'
+ 'user[password_salt]': 'AB54321'
}
return session.post(server + '/users.json', data = user_params)
@@ -36,11 +35,8 @@ def authenticate(session, login):
'login': login,
'A': '12345',
}
- init = session.post(server + '/sessions', data = params)
- cookies = requests.utils.dict_from_cookiejar(init.cookies)
- init = session.post(server + '/sessions', data = params, cookies = cookies)
- print "(%) " + json.dumps(cookies)
- return session.put(server + '/sessions/' + login, data = {'client_auth': '123'}, cookies = cookies)
+ init = print_and_parse(session.post(server + '/sessions', data = params))
+ return session.put(server + '/sessions/' + login, data = {'client_auth': '123'})
session = requests.session()
user = print_and_parse(signup(session))
diff --git a/users/test/test_helper.rb b/users/test/test_helper.rb
index b268c51..08d4d41 100644
--- a/users/test/test_helper.rb
+++ b/users/test/test_helper.rb
@@ -1,5 +1,5 @@
ENV["RAILS_ENV"] = "test"
-require File.expand_path('../dummy/config/environment', __FILE__)
+require File.expand_path('../../../test/dummy/config/environment', __FILE__)
require 'rails/test_help'
require 'mocha'
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index 870d422..822ef33 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -3,37 +3,48 @@ require 'test_helper'
class UserTest < ActiveSupport::TestCase
include SRP::Util
+ setup do
+ @attribs = User.valid_attributes_hash
+ @user = User.new(@attribs)
+ end
+
test "test set of attributes should be valid" do
- user = User.new(User.valid_attributes_hash)
- assert user.valid?
+ @user.valid?
+ assert_equal Hash.new, @user.errors.messages
+ end
+
+ test "test require hex for password_verifier" do
+ @user.password_verifier = "QWER"
+ assert !@user.valid?
+ end
+
+ test "test require alphanumerical for login" do
+ @user.login = "qwär"
+ assert !@user.valid?
end
test "find_by_param gets User by login" do
- user = User.create!(User.valid_attributes_hash)
- assert_equal user, User.find_by_param(user.login)
- user.destroy
+ @user.save
+ assert_equal @user, User.find_by_param(@user.login)
+ @user.destroy
end
test "to_param gives user login" do
- user = User.new(User.valid_attributes_hash)
- assert_equal user.login, user.to_param
+ assert_equal @user.login, @user.to_param
end
test "verifier returns number for the hex in password_verifier" do
- user = User.new(User.valid_attributes_hash)
- assert_equal user.password_verifier.hex, user.verifier
+ assert_equal @user.password_verifier.hex, @user.verifier
end
test "salt returns number for the hex in password_salt" do
- user = User.new(User.valid_attributes_hash)
- assert_equal user.password_salt.hex, user.salt
+ assert_equal @user.password_salt.hex, @user.salt
end
- test "should include SRP::Authentication" do
+ test "should include SRP" do
client_rnd = bigrand(32).hex
- user = User.new(User.valid_attributes_hash)
- srp_session = user.initialize_auth(client_rnd)
- assert srp_session.is_a? SRP::Authentication::Session
+ srp_session = @user.initialize_auth(client_rnd)
+ assert srp_session.is_a? SRP::Session
assert_equal client_rnd, srp_session.aa
end