From c0b88d9e8fe574d6164f48211db50f3b8a4c4d93 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 19 Jul 2013 12:21:40 +0200
Subject: setter for keys for dirty tracking, more robust tests

Just altering identity.keys did not mark identities as changed. Also we now have a sane default for keys.
---
 users/test/integration/api/account_flow_test.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 4c94389..93b6507 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -79,8 +79,13 @@ class AccountFlowTest < RackTest
     test_public_key = 'asdlfkjslfdkjasd'
     original_login = @user.login
     new_login = 'zaph'
+    User.find_by_login(new_login).try(:destroy)
+    Identity.by_address.key(new_login + '@' + APP_CONFIG[:domain]).each do |identity|
+      identity.destroy
+    end
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key, :login => new_login}, :format => :json
     @user.reload
+    assert last_response.successful?
     assert_equal test_public_key, @user.public_key
     assert_equal new_login, @user.login
     # eventually probably want to remove most of this into a non-integration functional test
-- 
cgit v1.2.3


From d70c5796a2989b7b43f7e287899fb1394ae28280 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Fri, 19 Jul 2013 16:02:02 +0200
Subject: separate signup and settings service objects for user

---
 users/test/integration/api/account_flow_test.rb | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 93b6507..c09dcb6 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -84,20 +84,17 @@ class AccountFlowTest < RackTest
       identity.destroy
     end
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => test_public_key, :login => new_login}, :format => :json
-    @user.reload
     assert last_response.successful?
-    assert_equal test_public_key, @user.public_key
-    assert_equal new_login, @user.login
+    assert_equal test_public_key, Identity.for(@user).keys[:pgp]
+    # does not change login if no password_verifier is present
+    assert_equal original_login, @user.login
     # eventually probably want to remove most of this into a non-integration functional test
     # should not overwrite public key:
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:blee => :blah}, :format => :json
-    @user.reload
-    assert_equal test_public_key, @user.public_key
+    assert_equal test_public_key, Identity.for(@user).keys[:pgp]
     # should overwrite public key:
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json', :user => {:public_key => nil}, :format => :json
-    # TODO: not sure why i need this, but when public key is removed, the DB is updated but @user.reload doesn't seem to actually reload.
-    @user = User.find(@user.id) # @user.reload
-    assert_nil @user.public_key
+    assert_nil Identity.for(@user).keys[:pgp]
   end
 
 end
-- 
cgit v1.2.3


From b1065710102193ba11e2a18b5f6506ba1d5b31f9 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 24 Jul 2013 12:30:59 +0200
Subject: also destroy the identity for a test user during teardown

---
 users/test/integration/api/account_flow_test.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index c09dcb6..ec7753c 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -18,7 +18,10 @@ class AccountFlowTest < RackTest
   end
 
   teardown do
-    @user.destroy if @user
+    if @user
+      @user.identity.destroy
+      @user.destroy
+    end
     Warden.test_reset!
   end
 
-- 
cgit v1.2.3


From 54243290c1550d88be0a39cdabeaf47a4a13075c Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 21 Aug 2013 07:30:36 +0200
Subject: integration test updating users password

---
 users/test/integration/api/account_flow_test.rb | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index ec7753c..507f0b9 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -5,6 +5,7 @@ class AccountFlowTest < RackTest
 
   setup do
     @login = "integration_test_user"
+    Identity.find_by_address(@login + '@' + APP_CONFIG[:domain]).tap{|i| i.destroy if i}
     User.find_by_login(@login).tap{|u| u.destroy if u}
     @password = "srp, verify me!"
     @srp = SRP::Client.new @login, :password => @password
@@ -18,7 +19,7 @@ class AccountFlowTest < RackTest
   end
 
   teardown do
-    if @user
+    if @user.reload
       @user.identity.destroy
       @user.destroy
     end
@@ -77,6 +78,25 @@ class AccountFlowTest < RackTest
     assert_nil server_auth
   end
 
+  test "update password via api" do
+    @srp.authenticate(self)
+    @password = "No! Verify me instead."
+    @srp = SRP::Client.new @login, :password => @password
+    @user_params = {
+    #  :login => @login,
+      :password_verifier => @srp.verifier.to_s(16),
+      :password_salt => @srp.salt.to_s(16)
+    }
+    puts @user_params.inspect
+    put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
+      :user => @user_params,
+      :format => :json
+    server_auth = @srp.authenticate(self)
+    assert last_response.successful?
+    assert_nil server_auth["errors"]
+    assert server_auth["M2"]
+  end
+
   test "update user" do
     server_auth = @srp.authenticate(self)
     test_public_key = 'asdlfkjslfdkjasd'
-- 
cgit v1.2.3


From 76bc9d708b119d8c5047b487ccedaa9c70fec78b Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 21 Aug 2013 07:58:52 +0200
Subject: also test updating the user password in python against dev.bm

---
 users/test/integration/api/python/flow_with_srp.py | 63 +++++++++++++---------
 1 file changed, 39 insertions(+), 24 deletions(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 7b741d6..d37c6af 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,24 +16,24 @@ def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
 
 # using globals for a start
-server = 'https://api.bitmask.net:4430/1'
-login = id_generator()
+server = 'https://dev.bitmask.net/1'
+login = 'test_' + id_generator()
 password = id_generator() + id_generator()
 
-# print '    username = "' + login + '"'
-# print '    password = "' + password + '"'
-
 # log the server communication
 def print_and_parse(response):
-  print response.request.method + ': ' + response.url
-  print "    " + json.dumps(response.request.data)
+  request = response.request
+  print request.method + ': ' + response.url
+  if hasattr(request, 'data'):
+    print "    " + json.dumps(response.request.data)
   print " -> " + response.text
-  return json.loads(response.text)
+  try: 
+    return json.loads(response.text)
+  except ValueError:
+    return None
 
 def signup(session):
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
-  # print '    salt = "' + binascii.hexlify(salt) + '"'
-  # print '    v = "' + binascii.hexlify(vkey) + '"'
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
@@ -41,38 +41,53 @@ def signup(session):
       }
   return session.post(server + '/users.json', data = user_params, verify = False)
 
-usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+def change_password(session):
+  password = id_generator() + id_generator()
+  salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
+  user_params = {
+      'user[password_verifier]': binascii.hexlify(vkey),
+      'user[password_salt]': binascii.hexlify(salt)
+      }
+  print user_params
+  print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False))
+  return srp.User( login, password, srp.SHA256, srp.NG_1024 )
+
 
 def authenticate(session, login):
   uname, A = usr.start_authentication()
-  # print '    aa = "' + binascii.hexlify(A) + '"'
   params = {
       'login': uname,
       'A': binascii.hexlify(A)
       }
   init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
-  # print '    b = "' + init['b'] + '"'
-  # print '    bb = "' + init['B'] + '"'
   M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
-  # print '    m = "' + binascii.hexlify(M) + '"'
   return session.put(server + '/sessions/' + login, verify = False,
       data = {'client_auth': binascii.hexlify(M)})
 
+def verify_or_debug(auth):
+  if ( 'errors' in auth ):
+    print '    u = "%x"' % usr.u
+    print '    x = "%x"' % usr.x
+    print '    v = "%x"' % usr.v
+    print '    S = "%x"' % usr.S
+    print '    K = "' + binascii.hexlify(usr.K) + '"'
+    print '    M = "' + binascii.hexlify(usr.M) + '"'
+  else:
+    usr.verify_session( safe_unhexlify(auth["M2"]) )
+
+usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
 session = requests.session()
 user = print_and_parse(signup(session))
 
 # SRP signup would happen here and calculate M hex
 auth = print_and_parse(authenticate(session, user['login']))
-if ( 'errors' in auth ):
-  print '    u = "%x"' % usr.u
-  print '    x = "%x"' % usr.x
-  print '    v = "%x"' % usr.v
-  print '    S = "%x"' % usr.S
-  print '    K = "' + binascii.hexlify(usr.K) + '"'
-  print '    M = "%x"' % usr.M
-else:
-  usr.verify_session( safe_unhexlify(auth["M2"]) )
+verify_or_debug(auth)
+assert usr.authenticated()
+
+usr = change_password(session)
 
+auth = print_and_parse(authenticate(session, user['login']))
+verify_or_debug(auth)
 # At this point the authentication process is complete.
 assert usr.authenticated()
 
-- 
cgit v1.2.3


From 441db4736e0cd003caf9c8f7b3fbdb1ffa72b969 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 27 Aug 2013 14:57:18 +0200
Subject: minor: remove puts line

---
 users/test/integration/api/account_flow_test.rb | 1 -
 1 file changed, 1 deletion(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/account_flow_test.rb b/users/test/integration/api/account_flow_test.rb
index 507f0b9..e41befa 100644
--- a/users/test/integration/api/account_flow_test.rb
+++ b/users/test/integration/api/account_flow_test.rb
@@ -87,7 +87,6 @@ class AccountFlowTest < RackTest
       :password_verifier => @srp.verifier.to_s(16),
       :password_salt => @srp.salt.to_s(16)
     }
-    puts @user_params.inspect
     put "http://api.lvh.me:3000/1/users/" + @user.id + '.json',
       :user => @user_params,
       :format => :json
-- 
cgit v1.2.3


From d4a253d0564d4b1735fb8be5faac6a0fed174238 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 27 Aug 2013 16:20:27 +0200
Subject: use token to update user password

---
 users/test/integration/api/python/flow_with_srp.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index d37c6af..72c513f 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -16,7 +16,8 @@ def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
 
 # using globals for a start
-server = 'https://dev.bitmask.net/1'
+# server = 'https://dev.bitmask.net/1'
+server = 'http://api.lvh.me:3000/1'
 login = 'test_' + id_generator()
 password = id_generator() + id_generator()
 
@@ -41,15 +42,16 @@ def signup(session):
       }
   return session.post(server + '/users.json', data = user_params, verify = False)
 
-def change_password(session):
+def change_password(token):
   password = id_generator() + id_generator()
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
   user_params = {
       'user[password_verifier]': binascii.hexlify(vkey),
       'user[password_salt]': binascii.hexlify(salt)
       }
+  auth_headers = { 'Authorization': 'Token token="' + token + '"'}
   print user_params
-  print_and_parse(session.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False))
+  print_and_parse(requests.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False, headers = auth_headers))
   return srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 
@@ -84,7 +86,7 @@ auth = print_and_parse(authenticate(session, user['login']))
 verify_or_debug(auth)
 assert usr.authenticated()
 
-usr = change_password(session)
+usr = change_password(auth['token'])
 
 auth = print_and_parse(authenticate(session, user['login']))
 verify_or_debug(auth)
-- 
cgit v1.2.3


From fdf9c5f9ea605020ea371de8e221efe8e5d5ba32 Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Tue, 27 Aug 2013 16:35:09 +0200
Subject: refactor: Changing the py test to use less globals and session only
 locally.

---
 users/test/integration/api/python/flow_with_srp.py | 59 +++++++++++-----------
 1 file changed, 30 insertions(+), 29 deletions(-)

(limited to 'users/test/integration/api')

diff --git a/users/test/integration/api/python/flow_with_srp.py b/users/test/integration/api/python/flow_with_srp.py
index 72c513f..9fc168b 100755
--- a/users/test/integration/api/python/flow_with_srp.py
+++ b/users/test/integration/api/python/flow_with_srp.py
@@ -11,16 +11,31 @@ import binascii
 
 safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
 
+# using globals for now
+# server = 'https://dev.bitmask.net/1'
+server = 'http://api.lvh.me:3000/1'
+
+def run_tests():
+  login = 'test_' + id_generator()
+  password = id_generator() + id_generator()
+  usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
+  print_and_parse(signup(login, password))
+
+  auth = print_and_parse(authenticate(usr))
+  verify_or_debug(auth, usr)
+  assert usr.authenticated()
+
+  usr = change_password(auth['id'], login, auth['token'])
+
+  auth = print_and_parse(authenticate(usr))
+  verify_or_debug(auth, usr)
+  # At this point the authentication process is complete.
+  assert usr.authenticated()
+
 # let's have some random name
 def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
   return ''.join(random.choice(chars) for x in range(size))
 
-# using globals for a start
-# server = 'https://dev.bitmask.net/1'
-server = 'http://api.lvh.me:3000/1'
-login = 'test_' + id_generator()
-password = id_generator() + id_generator()
-
 # log the server communication
 def print_and_parse(response):
   request = response.request
@@ -33,16 +48,16 @@ def print_and_parse(response):
   except ValueError:
     return None
 
-def signup(session):
+def signup(login, password):
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
   user_params = {
       'user[login]': login,
       'user[password_verifier]': binascii.hexlify(vkey),
       'user[password_salt]': binascii.hexlify(salt)
       }
-  return session.post(server + '/users.json', data = user_params, verify = False)
+  return requests.post(server + '/users.json', data = user_params, verify = False)
 
-def change_password(token):
+def change_password(user_id, login, token):
   password = id_generator() + id_generator()
   salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
   user_params = {
@@ -51,11 +66,12 @@ def change_password(token):
       }
   auth_headers = { 'Authorization': 'Token token="' + token + '"'}
   print user_params
-  print_and_parse(requests.put(server + '/users/' + auth['id'] + '.json', data = user_params, verify = False, headers = auth_headers))
+  print_and_parse(requests.put(server + '/users/' + user_id + '.json', data = user_params, verify = False, headers = auth_headers))
   return srp.User( login, password, srp.SHA256, srp.NG_1024 )
 
 
-def authenticate(session, login):
+def authenticate(usr):
+  session = requests.session()
   uname, A = usr.start_authentication()
   params = {
       'login': uname,
@@ -63,10 +79,10 @@ def authenticate(session, login):
       }
   init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
   M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
-  return session.put(server + '/sessions/' + login, verify = False,
+  return session.put(server + '/sessions/' + uname, verify = False,
       data = {'client_auth': binascii.hexlify(M)})
 
-def verify_or_debug(auth):
+def verify_or_debug(auth, usr):
   if ( 'errors' in auth ):
     print '    u = "%x"' % usr.u
     print '    x = "%x"' % usr.x
@@ -77,19 +93,4 @@ def verify_or_debug(auth):
   else:
     usr.verify_session( safe_unhexlify(auth["M2"]) )
 
-usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
-session = requests.session()
-user = print_and_parse(signup(session))
-
-# SRP signup would happen here and calculate M hex
-auth = print_and_parse(authenticate(session, user['login']))
-verify_or_debug(auth)
-assert usr.authenticated()
-
-usr = change_password(auth['token'])
-
-auth = print_and_parse(authenticate(session, user['login']))
-verify_or_debug(auth)
-# At this point the authentication process is complete.
-assert usr.authenticated()
-
+run_tests()
-- 
cgit v1.2.3