1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#!/usr/bin/env python
# under development
import requests
import json
import string
import random
import srp._pysrp as srp
import binascii
safe_unhexlify = lambda x: binascii.unhexlify(x) if (len(x) % 2 == 0) else binascii.unhexlify('0'+x)
# using globals for now
# server = 'https://dev.bitmask.net/1'
server = 'http://api.lvh.me:3000/1'
def run_tests():
login = 'test_' + id_generator()
password = id_generator() + id_generator()
usr = srp.User( login, password, srp.SHA256, srp.NG_1024 )
print_and_parse(signup(login, password))
auth = print_and_parse(authenticate(usr))
verify_or_debug(auth, usr)
assert usr.authenticated()
usr = change_password(auth['id'], login, auth['token'])
auth = print_and_parse(authenticate(usr))
verify_or_debug(auth, usr)
# At this point the authentication process is complete.
assert usr.authenticated()
# let's have some random name
def id_generator(size=6, chars=string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
# log the server communication
def print_and_parse(response):
request = response.request
print request.method + ': ' + response.url
if hasattr(request, 'data'):
print " " + json.dumps(response.request.data)
print " -> " + response.text
try:
return json.loads(response.text)
except ValueError:
return None
def signup(login, password):
salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
user_params = {
'user[login]': login,
'user[password_verifier]': binascii.hexlify(vkey),
'user[password_salt]': binascii.hexlify(salt)
}
return requests.post(server + '/users.json', data = user_params, verify = False)
def change_password(user_id, login, token):
password = id_generator() + id_generator()
salt, vkey = srp.create_salted_verification_key( login, password, srp.SHA256, srp.NG_1024 )
user_params = {
'user[password_verifier]': binascii.hexlify(vkey),
'user[password_salt]': binascii.hexlify(salt)
}
auth_headers = { 'Authorization': 'Token token="' + token + '"'}
print user_params
print_and_parse(requests.put(server + '/users/' + user_id + '.json', data = user_params, verify = False, headers = auth_headers))
return srp.User( login, password, srp.SHA256, srp.NG_1024 )
def authenticate(usr):
session = requests.session()
uname, A = usr.start_authentication()
params = {
'login': uname,
'A': binascii.hexlify(A)
}
init = print_and_parse(session.post(server + '/sessions', data = params, verify=False))
M = usr.process_challenge( safe_unhexlify(init['salt']), safe_unhexlify(init['B']) )
return session.put(server + '/sessions/' + uname, verify = False,
data = {'client_auth': binascii.hexlify(M)})
def verify_or_debug(auth, usr):
if ( 'errors' in auth ):
print ' u = "%x"' % usr.u
print ' x = "%x"' % usr.x
print ' v = "%x"' % usr.v
print ' S = "%x"' % usr.S
print ' K = "' + binascii.hexlify(usr.K) + '"'
print ' M = "' + binascii.hexlify(usr.M) + '"'
else:
usr.verify_session( safe_unhexlify(auth["M2"]) )
run_tests()
|