From 76bc9d708b119d8c5047b487ccedaa9c70fec78b Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 21 Aug 2013 07:58:52 +0200 Subject: also test updating the user password in python against dev.bm --- users/test/integration/api/python/flow_with_srp.py | 63 +++++++++++++--------- 1 file changed, 39 insertions(+), 24 deletions(-) (limited to 'users/test/integration/api/python/flow_with_srp.py') diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index 7b741d6..d37c6af 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -16,24 +16,24 @@ def id_generator(size=6, chars=string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for x in range(size)) # using globals for a start -server = 'https://api.bitmask.net:4430/1' -login = id_generator() +server = 'https://dev.bitmask.net/1' +login = 'test_' + id_generator() password = id_generator() + id_generator() -# print ' username = "' + login + '"' -# print ' password = "' + password + '"' - # log the server communication def print_and_parse(response): - print response.request.method + ': ' + response.url - print " " + json.dumps(response.request.data) + request = response.request + print request.method + ': ' + response.url + if hasattr(request, 'data'): + print " " + json.dumps(response.request.data) print " -> " + response.text - return json.loads(response.text) + try: + return json.loads(response.text) + except ValueError: + return None def signup(session): salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) - # print ' salt = "' + binascii.hexlify(salt) + '"' - # print ' v = "' + binascii.hexlify(vkey) + '"' user_params = { 'user[login]': login, 'user[password_verifier]': binascii.hexlify(vkey), @@ -41,38 +41,53 @@ def signup(session): } return session.post(server + '/users.json', data = user_params, verify = False) -usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) +def change_password(session): + password = id_generator() + id_generator() + salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) + user_params = { + 'user[password_verifier]': binascii.hexlify(vkey), + 'user[password_salt]': binascii.hexlify(salt) + } + print user_params + print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False)) + return srp.User( login, password, srp.SHA256, srp.NG_1024 ) + def authenticate(session, login): uname, A = usr.start_authentication() - # print ' aa = "' + binascii.hexlify(A) + '"' params = { 'login': uname, 'A': binascii.hexlify(A) } init = print_and_parse(session.post(server + '/sessions', data = params, verify=False)) - # print ' b = "' + init['b'] + '"' - # print ' bb = "' + init['B'] + '"' M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) ) - # print ' m = "' + binascii.hexlify(M) + '"' return session.put(server + '/sessions/' + login, verify = False, data = {'client_auth': binascii.hexlify(M)}) +def verify_or_debug(auth): + if ( 'errors' in auth ): + print ' u = "%x"' % usr.u + print ' x = "%x"' % usr.x + print ' v = "%x"' % usr.v + print ' S = "%x"' % usr.S + print ' K = "' + binascii.hexlify(usr.K) + '"' + print ' M = "' + binascii.hexlify(usr.M) + '"' + else: + usr.verify_session( safe_unhexlify(auth["M2"]) ) + +usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) session = requests.session() user = print_and_parse(signup(session)) # SRP signup would happen here and calculate M hex auth = print_and_parse(authenticate(session, user['login'])) -if ( 'errors' in auth ): - print ' u = "%x"' % usr.u - print ' x = "%x"' % usr.x - print ' v = "%x"' % usr.v - print ' S = "%x"' % usr.S - print ' K = "' + binascii.hexlify(usr.K) + '"' - print ' M = "%x"' % usr.M -else: - usr.verify_session( safe_unhexlify(auth["M2"]) ) +verify_or_debug(auth) +assert usr.authenticated() + +usr = change_password(session) +auth = print_and_parse(authenticate(session, user['login'])) +verify_or_debug(auth) # At this point the authentication process is complete. assert usr.authenticated() -- cgit v1.2.3 From d4a253d0564d4b1735fb8be5faac6a0fed174238 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 16:20:27 +0200 Subject: use token to update user password --- users/test/integration/api/python/flow_with_srp.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'users/test/integration/api/python/flow_with_srp.py') diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index d37c6af..72c513f 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -16,7 +16,8 @@ def id_generator(size=6, chars=string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for x in range(size)) # using globals for a start -server = 'https://dev.bitmask.net/1' +# server = 'https://dev.bitmask.net/1' +server = 'http://api.lvh.me:3000/1' login = 'test_' + id_generator() password = id_generator() + id_generator() @@ -41,15 +42,16 @@ def signup(session): } return session.post(server + '/users.json', data = user_params, verify = False) -def change_password(session): +def change_password(token): password = id_generator() + id_generator() salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) user_params = { 'user[password_verifier]': binascii.hexlify(vkey), 'user[password_salt]': binascii.hexlify(salt) } + auth_headers = { 'Authorization': 'Token token="' + token + '"'} print user_params - print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False)) + print_and_parse(requests.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False, headers = auth_headers)) return srp.User( login, password, srp.SHA256, srp.NG_1024 ) @@ -84,7 +86,7 @@ auth = print_and_parse(authenticate(session, user['login'])) verify_or_debug(auth) assert usr.authenticated() -usr = change_password(session) +usr = change_password(auth['token']) auth = print_and_parse(authenticate(session, user['login'])) verify_or_debug(auth) -- cgit v1.2.3 From fdf9c5f9ea605020ea371de8e221efe8e5d5ba32 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 16:35:09 +0200 Subject: refactor: Changing the py test to use less globals and session only locally. --- users/test/integration/api/python/flow_with_srp.py | 59 +++++++++++----------- 1 file changed, 30 insertions(+), 29 deletions(-) (limited to 'users/test/integration/api/python/flow_with_srp.py') diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py index 72c513f..9fc168b 100755 --- a/users/test/integration/api/python/flow_with_srp.py +++ b/users/test/integration/api/python/flow_with_srp.py @@ -11,16 +11,31 @@ import binascii safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x) +# using globals for now +# server = 'https://dev.bitmask.net/1' +server = 'http://api.lvh.me:3000/1' + +def run_tests(): + login = 'test_' + id_generator() + password = id_generator() + id_generator() + usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) + print_and_parse(signup(login, password)) + + auth = print_and_parse(authenticate(usr)) + verify_or_debug(auth, usr) + assert usr.authenticated() + + usr = change_password(auth['id'], login, auth['token']) + + auth = print_and_parse(authenticate(usr)) + verify_or_debug(auth, usr) + # At this point the authentication process is complete. + assert usr.authenticated() + # let's have some random name def id_generator(size=6, chars=string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for x in range(size)) -# using globals for a start -# server = 'https://dev.bitmask.net/1' -server = 'http://api.lvh.me:3000/1' -login = 'test_' + id_generator() -password = id_generator() + id_generator() - # log the server communication def print_and_parse(response): request = response.request @@ -33,16 +48,16 @@ def print_and_parse(response): except ValueError: return None -def signup(session): +def signup(login, password): salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) user_params = { 'user[login]': login, 'user[password_verifier]': binascii.hexlify(vkey), 'user[password_salt]': binascii.hexlify(salt) } - return session.post(server + '/users.json', data = user_params, verify = False) + return requests.post(server + '/users.json', data = user_params, verify = False) -def change_password(token): +def change_password(user_id, login, token): password = id_generator() + id_generator() salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 ) user_params = { @@ -51,11 +66,12 @@ def change_password(token): } auth_headers = { 'Authorization': 'Token token="' + token + '"'} print user_params - print_and_parse(requests.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False, headers = auth_headers)) + print_and_parse(requests.put(server + '/users/' + user_id + '.json', data = user_params, verify = False, headers = auth_headers)) return srp.User( login, password, srp.SHA256, srp.NG_1024 ) -def authenticate(session, login): +def authenticate(usr): + session = requests.session() uname, A = usr.start_authentication() params = { 'login': uname, @@ -63,10 +79,10 @@ def authenticate(session, login): } init = print_and_parse(session.post(server + '/sessions', data = params, verify=False)) M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) ) - return session.put(server + '/sessions/' + login, verify = False, + return session.put(server + '/sessions/' + uname, verify = False, data = {'client_auth': binascii.hexlify(M)}) -def verify_or_debug(auth): +def verify_or_debug(auth, usr): if ( 'errors' in auth ): print ' u = "%x"' % usr.u print ' x = "%x"' % usr.x @@ -77,19 +93,4 @@ def verify_or_debug(auth): else: usr.verify_session( safe_unhexlify(auth["M2"]) ) -usr = srp.User( login, password, srp.SHA256, srp.NG_1024 ) -session = requests.session() -user = print_and_parse(signup(session)) - -# SRP signup would happen here and calculate M hex -auth = print_and_parse(authenticate(session, user['login'])) -verify_or_debug(auth) -assert usr.authenticated() - -usr = change_password(auth['token']) - -auth = print_and_parse(authenticate(session, user['login'])) -verify_or_debug(auth) -# At this point the authentication process is complete. -assert usr.authenticated() - +run_tests() -- cgit v1.2.3