diff options
Diffstat (limited to 'src')
25 files changed, 1577 insertions, 248 deletions
diff --git a/src/leap/app.py b/src/leap/app.py index 52ebcaea..341f6a6e 100644 --- a/src/leap/app.py +++ b/src/leap/app.py @@ -3,6 +3,7 @@ import logging # This is only needed for Python v2 but is harmless for Python v3. import sip sip.setapi('QVariant', 2) +sip.setapi('QString', 2) from PyQt4.QtGui import (QApplication, QSystemTrayIcon, QMessageBox) from leap import __version__ as VERSION @@ -50,6 +51,14 @@ def main(): logger.info('Starting app') app = QApplication(sys.argv) + # needed for initializing qsettings + # it will write .config/leap/leap.conf + # top level app settings + # in a platform independent way + app.setOrganizationName("leap") + app.setApplicationName("leap") + app.setOrganizationDomain("leap.se") + if not QSystemTrayIcon.isSystemTrayAvailable(): QMessageBox.critical(None, "Systray", "I couldn't detect" @@ -60,6 +69,10 @@ def main(): window = LeapWindow(opts) if debug: + # we only show the main window + # if debug mode active. + # if not, it will be set visible + # from the systray menu. window.show() sys.exit(app.exec_()) diff --git a/src/leap/base/config.py b/src/leap/base/config.py index 76fbee3c..57f9f1b7 100644 --- a/src/leap/base/config.py +++ b/src/leap/base/config.py @@ -9,13 +9,12 @@ import tempfile import os logger = logging.getLogger(name=__name__) -logger.setLevel('DEBUG') -import configuration import requests from leap.base import exceptions from leap.base import constants +from leap.base.pluggableconfig import PluggableConfig from leap.util.fileutil import (mkdir_p) # move to base! @@ -38,13 +37,9 @@ class BaseLeapConfig(object): def get_config(self, *kwargs): raise NotImplementedError("abstract base class") - #XXX todo: enable this property after - #fixing name clash with "config" in use at - #vpnconnection - - #@property - #def config(self): - #return self.get_config() + @property + def config(self): + return self.get_config() def get_value(self, *kwargs): raise NotImplementedError("abstract base class") @@ -54,55 +49,51 @@ class MetaConfigWithSpec(type): """ metaclass for JSONLeapConfig classes. It creates a configuration spec out of - the `spec` dictionary. + the `spec` dictionary. The `properties` attribute + of the spec dict is turn into the `schema` attribute + of the new class (which will be used to validate against). """ # XXX in the near future, this is the # place where we want to enforce - # singletons, read-only and stuff. - - # TODO: - # - add a error handler for missing options that - # we can act easily upon (sys.exit is ugly, for $deity's sake) + # singletons, read-only and similar stuff. def __new__(meta, classname, bases, classDict): - spec_options = classDict.get('spec', None) + schema_obj = classDict.get('spec', None) + # not quite happy with this workaround. # I want to raise if missing spec dict, but only # for grand-children of this metaclass. # maybe should use abc module for this. abcderived = ("JSONLeapConfig",) - if spec_options is None and classname not in abcderived: + if schema_obj is None and classname not in abcderived: raise exceptions.ImproperlyConfigured( - "missing spec dict on your derived class") + "missing spec dict on your derived class (%s)" % classname) - # we create a configuration spec attribute from the spec dict + # we create a configuration spec attribute + # from the spec dict config_class = type( classname + "Spec", - (configuration.Configuration, object), - {'options': spec_options}) + (PluggableConfig, object), + {'options': schema_obj}) classDict['spec'] = config_class return type.__new__(meta, classname, bases, classDict) ########################################################## -# hacking in progress: +# some hacking still in progress: # Configs have: + # - a slug (from where a filename/folder is derived) # - a spec (for validation and defaults). -# this spec is basically a dict that will be used +# this spec is conformant to the json-schema. +# basically a dict that will be used # for type casting and validation, and defaults settings. # all config objects, since they are derived from BaseConfig, implement basic # useful methods: # - save # - load -# - get_config (returns a optparse.OptionParser object) - -# TODO: -# - have a good type cast repertory (uris, version, hashes...) -# - raise validation errors -# - multilingual objects ########################################################## @@ -125,10 +116,10 @@ class JSONLeapConfig(BaseLeapConfig): raise exceptions.ImproperlyConfigured( "missing spec on JSONLeapConfig" " derived class") - assert issubclass(self.spec, configuration.Configuration) + assert issubclass(self.spec, PluggableConfig) - self._config = self.spec() - self._config.parse_args(list(args)) + self._config = self.spec(format="json") + self._config.load() self.fetcher = kwargs.pop('fetcher', requests) # mandatory baseconfig interface @@ -139,13 +130,6 @@ class JSONLeapConfig(BaseLeapConfig): folder, filename = os.path.split(to) if folder and not os.path.isdir(folder): mkdir_p(folder) - # lazy evaluation until first level of nesting - # to allow lambdas with context-dependant info - # like os.path.expanduser - config = self.get_config() - for k, v in config.iteritems(): - if callable(v): - config[k] = v() self._config.serialize(to) def load(self, fromfile=None, from_uri=None, fetcher=None, verify=False): @@ -155,28 +139,37 @@ class JSONLeapConfig(BaseLeapConfig): return if fromfile is None: fromfile = self.filename - newconfig = self._config.deserialize(fromfile) - # XXX check for no errors, etc - self._config.config = newconfig + if os.path.isfile(fromfile): + self._config.load(fromfile=fromfile) + else: + logger.error('tried to load config from non-existent path') + logger.error('Not Found: %s', fromfile) def fetch(self, uri, fetcher=None, verify=True): if not fetcher: fetcher = self.fetcher logger.debug('verify: %s', verify) + logger.debug('uri: %s', uri) request = fetcher.get(uri, verify=verify) + # XXX should send a if-modified-since header # XXX get 404, ... # and raise a UnableToFetch... request.raise_for_status() fd, fname = tempfile.mkstemp(suffix=".json") - if not request.json: + + if request.json: + self._config.load(json.dumps(request.json)) + + else: + # not request.json + # might be server did not announce content properly, + # let's try deserializing all the same. try: - json.loads(request.content) + self._config.load(request.content) except ValueError: raise eipexceptions.LeapBadConfigFetchedError - with open(fname, 'w') as tmp: - tmp.write(json.dumps(request.json)) - self._loadtemp(fname) + return True def get_config(self): @@ -191,16 +184,16 @@ class JSONLeapConfig(BaseLeapConfig): def filename(self): return self.get_filename() - # private + def validate(self, data): + logger.debug('validating schema') + self._config.validate(data) + return True - def _loadtemp(self, filename): - self.load(fromfile=filename) - os.remove(filename) + # private def _slug_to_filename(self): # is this going to work in winland if slug is "foo/bar" ? folder, filename = os.path.split(self.slug) - # XXX fix import config_file = get_config_file(filename, folder) return config_file diff --git a/src/leap/base/constants.py b/src/leap/base/constants.py index 3f32176f..f7be8d98 100644 --- a/src/leap/base/constants.py +++ b/src/leap/base/constants.py @@ -16,7 +16,7 @@ DEFINITION_EXPECTED_PATH = "provider.json" DEFAULT_PROVIDER_DEFINITION = { u'api_uri': u'https://api.%s/' % DEFAULT_PROVIDER, u'api_version': u'0.1.0', - u'ca_cert': u'8aab80ae4326fd30721689db813733783fe0bd7e', + u'ca_cert_fingerprint': u'8aab80ae4326fd30721689db813733783fe0bd7e', u'ca_cert_uri': u'https://%s/cacert.pem' % DEFAULT_PROVIDER, u'description': {u'en': u'This is a test provider'}, u'display_name': {u'en': u'Test Provider'}, diff --git a/src/leap/base/pluggableconfig.py b/src/leap/base/pluggableconfig.py new file mode 100644 index 00000000..b8615ad8 --- /dev/null +++ b/src/leap/base/pluggableconfig.py @@ -0,0 +1,421 @@ +""" +generic configuration handlers +""" +import copy +import json +import logging +import os +import time +import urlparse + +import jsonschema + +logger = logging.getLogger(__name__) + + +__all__ = ['PluggableConfig', + 'adaptors', + 'types', + 'UnknownOptionException', + 'MissingValueException', + 'ConfigurationProviderException', + 'TypeCastException'] + +# exceptions + + +class UnknownOptionException(Exception): + """exception raised when a non-configuration + value is present in the configuration""" + + +class MissingValueException(Exception): + """exception raised when a required value is missing""" + + +class ConfigurationProviderException(Exception): + """exception raised when a configuration provider is missing, etc""" + + +class TypeCastException(Exception): + """exception raised when a + configuration item cannot be coerced to a type""" + + +class ConfigAdaptor(object): + """ + abstract base class for config adaotors for + serialization/deserialization and custom validation + and type casting. + """ + def read(self, filename): + raise NotImplementedError("abstract base class") + + def write(self, config, filename): + with open(filename, 'w') as f: + self._write(f, config) + + def _write(self, fp, config): + raise NotImplementedError("abstract base class") + + def validate(self, config, schema): + raise NotImplementedError("abstract base class") + + +adaptors = {} + + +class JSONSchemaEncoder(json.JSONEncoder): + """ + custom default encoder that + casts python objects to json objects for + the schema validation + """ + def default(self, obj): + if obj is str: + return 'string' + if obj is unicode: + return 'string' + if obj is int: + return 'integer' + if obj is list: + return 'array' + if obj is dict: + return 'object' + if obj is bool: + return 'boolean' + + +class JSONAdaptor(ConfigAdaptor): + indent = 2 + extensions = ['json'] + + def read(self, _from): + if isinstance(_from, file): + _from_string = _from.read() + if isinstance(_from, str): + _from_string = _from + return json.loads(_from_string) + + def _write(self, fp, config): + fp.write(json.dumps(config, + indent=self.indent, + sort_keys=True)) + + def validate(self, config, schema_obj): + schema_json = JSONSchemaEncoder().encode(schema_obj) + schema = json.loads(schema_json) + jsonschema.validate(config, schema) + + +adaptors['json'] = JSONAdaptor() + +# +# Adaptors +# +# Allow to apply a predefined set of types to the +# specs, so it checks the validity of formats and cast it +# to proper python types. + +# TODO: +# - multilingual object. +# - HTTPS uri + + +class DateType(object): + fmt = '%Y-%m-%d' + + def to_python(self, data): + return time.strptime(data, self.fmt) + + def get_prep_value(self, data): + return time.strftime(self.fmt, data) + + +class URIType(object): + + def to_python(self, data): + parsed = urlparse.urlparse(data) + if not parsed.scheme: + raise TypeCastException("uri %s has no schema" % data) + return parsed + + def get_prep_value(self, data): + return data.geturl() + + +class HTTPSURIType(object): + + def to_python(self, data): + parsed = urlparse.urlparse(data) + if not parsed.scheme: + raise TypeCastException("uri %s has no schema" % data) + if parsed.scheme != "https": + raise TypeCastException( + "uri %s does not has " + "https schema" % data) + return parsed + + def get_prep_value(self, data): + return data.geturl() + + +types = { + 'date': DateType(), + 'uri': URIType(), + 'https-uri': HTTPSURIType(), +} + + +class PluggableConfig(object): + + options = {} + + def __init__(self, + adaptors=adaptors, + types=types, + format=None): + + self.config = {} + self.adaptors = adaptors + self.types = types + self._format = format + + @property + def option_dict(self): + if hasattr(self, 'options') and isinstance(self.options, dict): + return self.options.get('properties', None) + + def items(self): + """ + act like an iterator + """ + if isinstance(self.option_dict, dict): + return self.option_dict.items() + return self.options + + def validate(self, config, format=None): + """ + validate config + """ + schema = self.options + if format is None: + format = self._format + + if format: + adaptor = self.get_adaptor(self._format) + adaptor.validate(config, schema) + else: + # we really should make format mandatory... + logger.error('no format passed to validate') + + # first round of validation is ok. + # now we proceed to cast types if any specified. + self.to_python(config) + + def to_python(self, config): + """ + cast types following first type and then format indications. + """ + unseen_options = [i for i in config if i not in self.option_dict] + if unseen_options: + raise UnknownOptionException( + "Unknown options: %s" % ', '.join(unseen_options)) + + for key, value in config.items(): + _type = self.option_dict[key].get('type') + if _type is None and 'default' in self.option_dict[key]: + _type = type(self.option_dict[key]['default']) + if _type is not None: + tocast = True + if not callable(_type) and isinstance(value, _type): + tocast = False + if tocast: + try: + config[key] = _type(value) + except BaseException, e: + raise TypeCastException( + "Could not coerce %s, %s, " + "to type %s: %s" % (key, value, _type.__name__, e)) + _format = self.option_dict[key].get('format', None) + _ftype = self.types.get(_format, None) + if _ftype: + try: + config[key] = _ftype.to_python(value) + except BaseException, e: + raise TypeCastException( + "Could not coerce %s, %s, " + "to format %s: %s" % (key, value, + _ftype.__class__.__name__, + e)) + + return config + + def prep_value(self, config): + """ + the inverse of to_python method, + called just before serialization + """ + for key, value in config.items(): + _format = self.option_dict[key].get('format', None) + _ftype = self.types.get(_format, None) + if _ftype and hasattr(_ftype, 'get_prep_value'): + try: + config[key] = _ftype.get_prep_value(value) + except BaseException, e: + raise TypeCastException( + "Could not serialize %s, %s, " + "by format %s: %s" % (key, value, + _ftype.__class__.__name__, + e)) + else: + config[key] = value + return config + + # methods for adding configuration + + def get_default_values(self): + """ + return a config options from configuration defaults + """ + defaults = {} + for key, value in self.items(): + if 'default' in value: + defaults[key] = value['default'] + return copy.deepcopy(defaults) + + def get_adaptor(self, format): + """ + get specified format adaptor or + guess for a given filename + """ + adaptor = self.adaptors.get(format, None) + if adaptor: + return adaptor + + # not registered in adaptors dict, let's try all + for adaptor in self.adaptors.values(): + if format in adaptor.extensions: + return adaptor + + def filename2format(self, filename): + extension = os.path.splitext(filename)[-1] + return extension.lstrip('.') or None + + def serialize(self, filename, format=None, full=False): + if not format: + format = self._format + if not format: + format = self.filename2format(filename) + if not format: + raise Exception('Please specify a format') + # TODO: more specific exception type + + adaptor = self.get_adaptor(format) + if not adaptor: + raise Exception("Adaptor not found for format: %s" % format) + + config = copy.deepcopy(self.config) + serializable = self.prep_value(config) + adaptor.write(serializable, filename) + + def deserialize(self, string=None, fromfile=None, format=None): + """ + load configuration from a file or string + """ + + def _try_deserialize(): + if fromfile: + with open(fromfile, 'r') as f: + content = adaptor.read(f) + elif string: + content = adaptor.read(string) + return content + + # XXX cleanup this! + + if fromfile: + assert os.path.exists(fromfile) + if not format: + format = self.filename2format(fromfile) + + if not format: + format = self._format + if format: + adaptor = self.get_adaptor(format) + else: + adaptor = None + + if adaptor: + content = _try_deserialize() + return content + + # no adaptor, let's try rest of adaptors + + adaptors = self.adaptors[:] + + if format: + adaptors.sort( + key=lambda x: int( + format in x.extensions), + reverse=True) + + for adaptor in adaptors: + content = _try_deserialize() + return content + + def load(self, *args, **kwargs): + """ + load from string or file + if no string of fromfile option is given, + it will attempt to load from defaults + defined in the schema. + """ + string = args[0] if args else None + fromfile = kwargs.get("fromfile", None) + content = None + + # start with defaults, so we can + # have partial values applied. + content = self.get_default_values() + if string and isinstance(string, str): + content = self.deserialize(string) + + if not string and fromfile is not None: + #import ipdb;ipdb.set_trace() + content = self.deserialize(fromfile=fromfile) + + if not content: + logger.error('no content could be loaded') + # XXX raise! + return + + # lazy evaluation until first level of nesting + # to allow lambdas with context-dependant info + # like os.path.expanduser + for k, v in content.iteritems(): + if callable(v): + content[k] = v() + + self.validate(content) + self.config = content + return True + + +def testmain(): + from tests import test_validation as t + import pprint + + config = PluggableConfig(_format="json") + properties = copy.deepcopy(t.sample_spec) + + config.options = properties + config.load(fromfile='data.json') + + print 'config' + pprint.pprint(config.config) + + config.serialize('/tmp/testserial.json') + +if __name__ == "__main__": + testmain() diff --git a/src/leap/base/specs.py b/src/leap/base/specs.py index d88dc63f..b4bb8dcf 100644 --- a/src/leap/base/specs.py +++ b/src/leap/base/specs.py @@ -1,49 +1,59 @@ leap_provider_spec = { - 'serial': { - 'type': int, - 'default': 1, - 'required': True, - }, - 'version': { - 'type': unicode, - 'default': '0.1.0' - #'required': True - }, - 'domain': { - 'type': unicode, # XXX define uri type - 'default': 'testprovider.example.org' - #'required': True, - }, - 'display_name': { - 'type': unicode, # XXX multilingual object? - 'default': 'test provider' - #'required': True - }, - 'description': { - 'default': 'test provider' - }, - 'enrollment_policy': { - 'type': unicode, # oneof ?? - 'default': 'open' - }, - 'services': { - 'type': list, # oneof ?? - 'default': ['eip'] - }, - 'api_version': { - 'type': unicode, - 'default': '0.1.0' # version regexp - }, - 'api_uri': { - 'type': unicode # uri - }, - 'public_key': { - 'type': unicode # fingerprint - }, - 'ca_cert': { - 'type': unicode - }, - 'ca_cert_uri': { - 'type': unicode - }, + 'description': 'provider definition', + 'type': 'object', + 'properties': { + 'serial': { + 'type': int, + 'default': 1, + 'required': True, + }, + 'version': { + 'type': unicode, + 'default': '0.1.0' + #'required': True + }, + 'domain': { + 'type': unicode, # XXX define uri type + 'default': 'testprovider.example.org' + #'required': True, + }, + 'display_name': { + 'type': dict, # XXX multilingual object? + 'default': {u'en': u'Test Provider'} + #'required': True + }, + 'description': { + 'type': dict, + 'default': {u'en': u'Test provider'} + }, + 'enrollment_policy': { + 'type': unicode, # oneof ?? + 'default': 'open' + }, + 'services': { + 'type': list, # oneof ?? + 'default': ['eip'] + }, + 'api_version': { + 'type': unicode, + 'default': '0.1.0' # version regexp + }, + 'api_uri': { + 'type': unicode # uri + }, + 'public_key': { + 'type': unicode # fingerprint + }, + 'ca_cert_fingerprint': { + 'type': unicode, + }, + 'ca_cert_uri': { + 'type': unicode, + 'format': 'https-uri' + }, + 'languages': { + 'type': list, + 'default': ['en'] + } + } } diff --git a/src/leap/base/tests/test_config.py b/src/leap/base/tests/test_config.py index bede5ea1..d03149b2 100644 --- a/src/leap/base/tests/test_config.py +++ b/src/leap/base/tests/test_config.py @@ -38,14 +38,14 @@ class JSONLeapConfigTest(BaseLeapTest): class DummyTestConfig(config.JSONLeapConfig): __metaclass__ = config.MetaConfigWithSpec - spec = {} + spec = {'properties': {}} with self.assertRaises(exceptions.ImproperlyConfigured) as exc: DummyTestConfig() exc.startswith("missing slug") class DummyTestConfig(config.JSONLeapConfig): __metaclass__ = config.MetaConfigWithSpec - spec = {} + spec = {'properties': {}} slug = "foo" DummyTestConfig() diff --git a/src/leap/base/tests/test_providers.py b/src/leap/base/tests/test_providers.py index 9e0ff90c..8d3b8847 100644 --- a/src/leap/base/tests/test_providers.py +++ b/src/leap/base/tests/test_providers.py @@ -1,35 +1,39 @@ +import copy import json try: import unittest2 as unittest except ImportError: import unittest - import os +import jsonschema + from leap import __branding as BRANDING from leap.testing.basetest import BaseLeapTest from leap.base import providers EXPECTED_DEFAULT_CONFIG = { - "api_version": "0.1.0", - "description": "test provider", - "display_name": "test provider", - "domain": "testprovider.example.org", - "enrollment_policy": "open", - "serial": 1, - "services": [ - "eip" + u"api_version": u"0.1.0", + u"description": {u'en': u"Test provider"}, + u"display_name": {u'en': u"Test Provider"}, + u"domain": u"testprovider.example.org", + u"enrollment_policy": u"open", + u"serial": 1, + u"services": [ + u"eip" ], - "version": "0.1.0" + u"languages": [u"en"], + u"version": u"0.1.0" } class TestLeapProviderDefinition(BaseLeapTest): def setUp(self): self.definition = providers.LeapProviderDefinition() - #XXX change to self.definition.config when property is fixed - self.config = self.definition.get_config() + self.definition.save() + self.definition.load() + self.config = self.definition.config def tearDown(self): if hasattr(self, 'testfile') and os.path.isfile(self.testfile): @@ -57,6 +61,7 @@ class TestLeapProviderDefinition(BaseLeapTest): self.testfile = self.get_tempfile('test.json') self.definition.save(to=self.testfile) deserialized = json.load(open(self.testfile, 'rb')) + self.maxDiff = None self.assertEqual(deserialized, EXPECTED_DEFAULT_CONFIG) def test_provider_dump_to_slug(self): @@ -78,6 +83,13 @@ class TestLeapProviderDefinition(BaseLeapTest): self.assertDictEqual(self.config, EXPECTED_DEFAULT_CONFIG) + def test_provider_validation(self): + self.definition.validate(self.config) + _config = copy.deepcopy(self.config) + _config['serial'] = 'aaa' + with self.assertRaises(jsonschema.ValidationError): + self.definition.validate(_config) + @unittest.skip def test_load_malformed_json_definition(self): raise NotImplementedError @@ -89,18 +101,6 @@ class TestLeapProviderDefinition(BaseLeapTest): raise NotImplementedError -class TestLeapProvider(BaseLeapTest): - def setUp(self): - pass - - def tearDown(self): - pass - - ### - - # XXX ?? - - class TestLeapProviderSet(BaseLeapTest): def setUp(self): diff --git a/src/leap/base/tests/test_validation.py b/src/leap/base/tests/test_validation.py new file mode 100644 index 00000000..87e99648 --- /dev/null +++ b/src/leap/base/tests/test_validation.py @@ -0,0 +1,92 @@ +import copy +import datetime +#import json +try: + import unittest2 as unittest +except ImportError: + import unittest +import os + +import jsonschema + +from leap.base.config import JSONLeapConfig +from leap.base import pluggableconfig +from leap.testing.basetest import BaseLeapTest + +SAMPLE_CONFIG_DICT = { + 'prop_one': 1, + 'prop_uri': "http://example.org", + 'prop_date': '2012-12-12', +} + +EXPECTED_CONFIG = { + 'prop_one': 1, + 'prop_uri': "http://example.org", + 'prop_date': datetime.datetime(2012, 12, 12) +} + +sample_spec = { + 'description': 'sample schema definition', + 'type': 'object', + 'properties': { + 'prop_one': { + 'type': int, + 'default': 1, + 'required': True + }, + 'prop_uri': { + 'type': str, + 'default': 'http://example.org', + 'required': True, + 'format': 'uri' + }, + 'prop_date': { + 'type': str, + 'default': '2012-12-12', + 'format': 'date' + } + } +} + + +class SampleConfig(JSONLeapConfig): + spec = sample_spec + + @property + def slug(self): + return os.path.expanduser('~/sampleconfig.json') + + +class TestJSONLeapConfigValidation(BaseLeapTest): + def setUp(self): + self.sampleconfig = SampleConfig() + self.sampleconfig.save() + self.sampleconfig.load() + self.config = self.sampleconfig.config + + def tearDown(self): + if hasattr(self, 'testfile') and os.path.isfile(self.testfile): + os.remove(self.testfile) + + # tests + + def test_good_validation(self): + self.sampleconfig.validate(SAMPLE_CONFIG_DICT) + + def test_broken_int(self): + _config = copy.deepcopy(SAMPLE_CONFIG_DICT) + _config['prop_one'] = '1' + with self.assertRaises(jsonschema.ValidationError): + self.sampleconfig.validate(_config) + + def test_format_property(self): + # JsonSchema Validator does not check the format property. + # We should have to extend the Configuration class + blah = copy.deepcopy(SAMPLE_CONFIG_DICT) + blah['prop_uri'] = 'xxx' + with self.assertRaises(pluggableconfig.TypeCastException): + self.sampleconfig.validate(blah) + + +if __name__ == "__main__": + unittest.main() diff --git a/src/leap/baseapp/eip.py b/src/leap/baseapp/eip.py index ad074abc..e291de34 100644 --- a/src/leap/baseapp/eip.py +++ b/src/leap/baseapp/eip.py @@ -40,22 +40,28 @@ class EIPConductorAppMixin(object): debug=self.debugmode, ovpn_verbosity=opts.openvpn_verb) - skip_download = opts.no_provider_checks - skip_verify = opts.no_ca_verify + self.skip_download = opts.no_provider_checks + self.skip_verify = opts.no_ca_verify + + def run_eip_checks(self): + """ + runs eip checks and + the error checking loop + """ + logger.debug('running EIP CHECKS') self.conductor.run_checks( - skip_download=skip_download, - skip_verify=skip_verify) + skip_download=self.skip_download, + skip_verify=self.skip_verify) self.error_check() - # XXX should receive "ready" signal - # it is called from LeapWindow now. - #if self.conductor.autostart: - #self.start_or_stopVPN() - if self.debugmode: self.startStopButton.clicked.connect( lambda: self.start_or_stopVPN()) + # XXX should send ready signal instead + if self.conductor.autostart: + self.start_or_stopVPN() + def error_check(self): """ consumes the conductor error queue. diff --git a/src/leap/baseapp/leap_app.py b/src/leap/baseapp/leap_app.py index 208c4e7c..460d1269 100644 --- a/src/leap/baseapp/leap_app.py +++ b/src/leap/baseapp/leap_app.py @@ -1,5 +1,9 @@ import logging +import sip +sip.setapi('QVariant', 2) + +from PyQt4 import QtCore from PyQt4 import QtGui from leap.gui import mainwindow_rc @@ -23,22 +27,62 @@ class MainWindowMixin(object): widget = QtGui.QWidget() self.setCentralWidget(widget) - self.createWindowHeader() - - # add widgets to layout mainLayout = QtGui.QVBoxLayout() - mainLayout.addWidget(self.headerBox) + # add widgets to layout + #self.createWindowHeader() + #mainLayout.addWidget(self.headerBox) mainLayout.addWidget(self.statusIconBox) if self.debugmode: mainLayout.addWidget(self.statusBox) mainLayout.addWidget(self.loggerBox) widget.setLayout(mainLayout) + self.createMainActions() + self.createMainMenus() + self.setWindowTitle("LEAP Client") self.set_app_icon() - self.resize(400, 300) self.set_statusbarMessage('ready') + def createMainActions(self): + #self.openAct = QtGui.QAction("&Open...", self, shortcut="Ctrl+O", + #triggered=self.open) + + self.firstRunWizardAct = QtGui.QAction( + "&First run wizard...", self, + triggered=self.launch_first_run_wizard) + self.aboutAct = QtGui.QAction("&About", self, triggered=self.about) + + #self.aboutQtAct = QtGui.QAction("About &Qt", self, + #triggered=QtGui.qApp.aboutQt) + + def createMainMenus(self): + self.connMenu = QtGui.QMenu("&Connections", self) + #self.viewMenu.addSeparator() + self.connMenu.addAction(self.quitAction) + + self.settingsMenu = QtGui.QMenu("&Settings", self) + self.settingsMenu.addAction(self.firstRunWizardAct) + + self.helpMenu = QtGui.QMenu("&Help", self) + self.helpMenu.addAction(self.aboutAct) + #self.helpMenu.addAction(self.aboutQtAct) + + self.menuBar().addMenu(self.connMenu) + self.menuBar().addMenu(self.settingsMenu) + self.menuBar().addMenu(self.helpMenu) + + def launch_first_run_wizard(self): + settings = QtCore.QSettings() + settings.setValue('FirstRunWizardDone', False) + logger.debug('should run first run wizard again...') + + from leap.gui.firstrunwizard import FirstRunWizard + wizard = FirstRunWizard( + parent=self, + success_cb=self.initReady.emit) + wizard.show() + def set_app_icon(self): icon = QtGui.QIcon(APP_LOGO) self.setWindowIcon(icon) @@ -88,6 +132,10 @@ class MainWindowMixin(object): """ cleans state before shutting down app. """ + # save geometry for restoring + settings = QtCore.QSettings() + settings.setValue("Geometry", self.saveGeometry()) + # TODO:make sure to shutdown all child process / threads # in conductor # XXX send signal instead? diff --git a/src/leap/baseapp/mainwindow.py b/src/leap/baseapp/mainwindow.py index fdbaf693..09e0c0bb 100644 --- a/src/leap/baseapp/mainwindow.py +++ b/src/leap/baseapp/mainwindow.py @@ -29,22 +29,33 @@ class LeapWindow(QtGui.QMainWindow, newLogLine = QtCore.pyqtSignal([str]) statusChange = QtCore.pyqtSignal([object]) + mainappReady = QtCore.pyqtSignal([]) + initReady = QtCore.pyqtSignal([]) networkError = QtCore.pyqtSignal([object]) def __init__(self, opts): logger.debug('init leap window') self.debugmode = getattr(opts, 'debug', False) - super(LeapWindow, self).__init__() if self.debugmode: self.createLogBrowser() + EIPConductorAppMixin.__init__(self, opts=opts) StatusAwareTrayIconMixin.__init__(self) NetworkCheckerAppMixin.__init__(self) MainWindowMixin.__init__(self) + settings = QtCore.QSettings() + geom = settings.value("Geometry") + if geom: + self.restoreGeometry(geom) + self.wizard_done = settings.value("FirstRunWizardDone") + + self.initchecks = InitChecksThread(self.run_eip_checks) + # bind signals - # XXX move to parent classes init?? + self.initchecks.finished.connect( + lambda: logger.debug('Initial checks finished')) self.trayIcon.activated.connect(self.iconActivated) self.newLogLine.connect( lambda line: self.onLoggerNewLine(line)) @@ -55,22 +66,59 @@ class LeapWindow(QtGui.QMainWindow, self.networkError.connect( lambda exc: self.onNetworkError(exc)) + # do frwizard and init signals + self.mainappReady.connect(self.do_first_run_wizard_check) + self.initReady.connect(self.runchecks_and_eipconnect) + # ... all ready. go! + # calls do_first_run_wizard_check + self.mainappReady.emit() + + def do_first_run_wizard_check(self): + logger.debug('first run wizard check...') + if self.wizard_done: + self.initReady.emit() + else: + # need to run first-run-wizard + logger.debug('running first run wizard') + from leap.gui.firstrunwizard import FirstRunWizard + wizard = FirstRunWizard( + parent=self, + success_cb=self.initReady.emit) + wizard.show() + + def runchecks_and_eipconnect(self): + self.initchecks.begin() + +class InitChecksThread(QtCore.QThread): + + def __init__(self, fun, parent=None): + QtCore.QThread.__init__(self, parent) + self.fun = fun + + def run(self): + self.fun() + +#<<<<<<< HEAD + def begin(self): + self.start() +#======= # could send "ready" signal instead # eipapp should catch that - if self.conductor.autostart: - self.start_or_stopVPN() - + #if self.conductor.autostart: + #self.start_or_stopVPN() +# #TODO: Put all Dialogs in one place - @QtCore.pyqtSlot() - def raise_Network_Error(self, exc): - message = exc.message - + #@QtCore.pyqtSlot() + #def raise_Network_Error(self, exc): + #message = exc.message +# # XXX # check headless = False before # launching dialog. # (so Qt tests can assert stuff) - - dialog = dialogs.ErrorDialog() - dialog.warningMessage(message, 'error') +# + #dialog = dialogs.ErrorDialog() + #dialog.warningMessage(message, 'error') +#>>>>>>> feature/network_check diff --git a/src/leap/baseapp/systray.py b/src/leap/baseapp/systray.py index adcfe9b9..1939bc09 100644 --- a/src/leap/baseapp/systray.py +++ b/src/leap/baseapp/systray.py @@ -41,6 +41,7 @@ class StatusAwareTrayIconMixin(object): self.createIconGroupBox() self.createActions() self.createTrayIcon() + logger.debug('showing tray icon................') self.trayIcon.show() # not sure if this really belongs here, but... diff --git a/src/leap/crypto/__init__.py b/src/leap/crypto/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/leap/crypto/__init__.py diff --git a/src/leap/crypto/leapkeyring.py b/src/leap/crypto/leapkeyring.py new file mode 100644 index 00000000..bb0ca147 --- /dev/null +++ b/src/leap/crypto/leapkeyring.py @@ -0,0 +1,64 @@ +import os + +import keyring + +############# +# Disclaimer +############# +# This currently is not a keyring, it's more like a joke. +# No, seriously. +# We're affected by this **bug** + +# https://bitbucket.org/kang/python-keyring-lib/ +# issue/65/dbusexception-method-opensession-with + +# so using the gnome keyring does not seem feasible right now. +# I thought this was the next best option to store secrets in plain sight. + +# in the future we should move to use the gnome/kde/macosx/win keyrings. + + +class LeapCryptedFileKeyring(keyring.backend.CryptedFileKeyring): + + filename = os.path.expanduser("~/.config/leap/.secrets") + + def __init__(self, seed=None): + self.seed = seed + + def _get_new_password(self): + # XXX every time this method is called, + # $deity kills a kitten. + return "secret%s" % self.seed + + def _init_file(self): + self.keyring_key = self._get_new_password() + self.set_password('keyring_setting', 'pass_ref', 'pass_ref_value') + + def _unlock(self): + self.keyring_key = self._get_new_password() + print 'keyring key ', self.keyring_key + try: + ref_pw = self.get_password( + 'keyring_setting', + 'pass_ref') + print 'ref pw ', ref_pw + assert ref_pw == "pass_ref_value" + except AssertionError: + self._lock() + raise ValueError('Incorrect password') + + +def leap_set_password(key, value, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + keyring.set_password('leap', key, value) + + +def leap_get_password(key, seed="xxx"): + keyring.set_keyring(LeapCryptedFileKeyring(seed=seed)) + return keyring.get_password('leap', key) + + +if __name__ == "__main__": + leap_set_password('test', 'bar') + passwd = leap_get_password('test') + assert passwd == 'bar' diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index b68ee23a..f739c3e8 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -155,6 +155,9 @@ class ProviderCertChecker(object): # verify=verify # Workaround for #638. return to verification # when That's done!!! + + # XXX HOOK SRP here... + # will have to be more generic in the future. req = self.fetcher.get(uri, verify=False) req.raise_for_status() except requests.exceptions.SSLError: @@ -180,7 +183,7 @@ class ProviderCertChecker(object): valid = exists() and valid_pemfile() and not_expired() if not valid: if do_raise: - raise Exception('missing cert') + raise Exception('missing valid cert') else: return False return True @@ -196,7 +199,9 @@ class ProviderCertChecker(object): with open(certfile) as cf: cert_s = cf.read() cert = crypto.X509Certificate(cert_s) - return cert.activation_time < now() < cert.expiration_time + from_ = time.gmtime(cert.activation_time) + to_ = time.gmtime(cert.expiration_time) + return from_ < now() < to_ def is_valid_pemfile(self, cert_s=None): """ @@ -316,7 +321,7 @@ class EIPConfigChecker(object): This is catched by ui and runs FirstRunWizard (MVS+) """ if config is None: - config = self.eipconfig.get_config() + config = self.eipconfig.config logger.debug('checking default provider') provider = config.get('provider', None) if provider is None: @@ -340,7 +345,7 @@ class EIPConfigChecker(object): logger.debug('(fetching def skipped)') return True if config is None: - config = self.defaultprovider.get_config() + config = self.defaultprovider.config if uri is None: domain = config.get('provider', None) uri = self._get_provider_definition_uri(domain=domain) @@ -357,7 +362,7 @@ class EIPConfigChecker(object): if skip_download: return True if config is None: - config = self.eipserviceconfig.get_config() + config = self.eipserviceconfig.config if uri is None: domain = config.get('provider', None) uri = self._get_eip_service_uri(domain=domain) @@ -368,7 +373,7 @@ class EIPConfigChecker(object): def check_complete_eip_config(self, config=None): # TODO check for gateway if config is None: - config = self.eipconfig.get_config() + config = self.eipconfig.config try: 'trying assertions' assert 'provider' in config diff --git a/src/leap/eip/config.py b/src/leap/eip/config.py index 082cc24d..ef0f52b4 100644 --- a/src/leap/eip/config.py +++ b/src/leap/eip/config.py @@ -61,8 +61,10 @@ def get_eip_gateway(): """ placeholder = "testprovider.example.org" eipconfig = EIPConfig() + #import ipdb;ipdb.set_trace() eipconfig.load() - conf = eipconfig.get_config() + conf = eipconfig.config + primary_gateway = conf.get('primary_gateway', None) if not primary_gateway: return placeholder diff --git a/src/leap/eip/exceptions.py b/src/leap/eip/exceptions.py index 24c9bfe8..11bfd620 100644 --- a/src/leap/eip/exceptions.py +++ b/src/leap/eip/exceptions.py @@ -92,6 +92,13 @@ class LeapBadConfigFetchedError(Warning): message = "provider sent a malformed json file" usermessage = "an error occurred during configuratio of leap services" + +class OpenVPNAlreadyRunning(EIPClientError): + message = "Another OpenVPN Process is already running." + usermessage = ("Another OpenVPN Process has been detected." + "Please close it before starting leap-client") + + # # errors still needing some love # diff --git a/src/leap/eip/openvpnconnection.py b/src/leap/eip/openvpnconnection.py index f4d1c449..a835ead9 100644 --- a/src/leap/eip/openvpnconnection.py +++ b/src/leap/eip/openvpnconnection.py @@ -3,6 +3,7 @@ OpenVPN Connection """ from __future__ import (print_function) import logging +import psutil import socket import time from functools import partial @@ -87,6 +88,7 @@ to be triggered for each one of them. def run_openvpn_checks(self): logger.debug('running openvpn checks') + self._check_if_running_instance() self._set_ovpn_command() self._check_vpn_keys() @@ -156,9 +158,20 @@ to be triggered for each one of them. raise eip_exceptions.EIPNoCommandError if self.subp is not None: logger.debug('cowardly refusing to launch subprocess again') - return + self._launch_openvpn() + def _check_if_running_instance(self): + """ + check if openvpn is already running + """ + for process in psutil.get_process_list(): + if process.name == "openvpn": + logger.debug('an openvpn instance is already running.') + raise eip_exceptions.OpenVPNAlreadyRunning + + logger.debug('no openvpn instance found.') + def cleanup(self): """ terminates child subprocess diff --git a/src/leap/eip/specs.py b/src/leap/eip/specs.py index 2391e919..1a670b0e 100644 --- a/src/leap/eip/specs.py +++ b/src/leap/eip/specs.py @@ -8,7 +8,7 @@ PROVIDER_CA_CERT = __branding.get( 'provider_ca_file', 'testprovider-ca-cert.pem') -provider_ca_path = lambda: unicode(os.path.join( +provider_ca_path = lambda: str(os.path.join( baseconfig.get_default_provider_path(), 'keys', 'ca', PROVIDER_CA_CERT @@ -24,78 +24,86 @@ client_cert_path = lambda: unicode(os.path.join( )) eipconfig_spec = { - 'provider': { - 'type': unicode, - 'default': u"%s" % PROVIDER_DOMAIN, - 'required': True, - }, - 'transport': { - 'type': unicode, - 'default': u"openvpn", - }, - 'openvpn_protocol': { - 'type': unicode, - 'default': u"tcp" - }, - 'openvpn_port': { - 'type': int, - 'default': 80 - }, - 'openvpn_ca_certificate': { - 'type': unicode, # path - 'default': provider_ca_path - }, - 'openvpn_client_certificate': { - 'type': unicode, # path - 'default': client_cert_path - }, - 'connect_on_login': { - 'type': bool, - 'default': True - }, - 'block_cleartext_traffic': { - 'type': bool, - 'default': True - }, - 'primary_gateway': { - 'type': unicode, - 'default': u"turkey", - 'required': True - }, - 'secondary_gateway': { - 'type': unicode, - 'default': u"france" - }, - 'management_password': { - 'type': unicode + 'description': 'sample eipconfig', + 'type': 'object', + 'properties': { + 'provider': { + 'type': unicode, + 'default': u"%s" % PROVIDER_DOMAIN, + 'required': True, + }, + 'transport': { + 'type': unicode, + 'default': u"openvpn", + }, + 'openvpn_protocol': { + 'type': unicode, + 'default': u"tcp" + }, + 'openvpn_port': { + 'type': int, + 'default': 80 + }, + 'openvpn_ca_certificate': { + 'type': unicode, # path + 'default': provider_ca_path + }, + 'openvpn_client_certificate': { + 'type': unicode, # path + 'default': client_cert_path + }, + 'connect_on_login': { + 'type': bool, + 'default': True + }, + 'block_cleartext_traffic': { + 'type': bool, + 'default': True + }, + 'primary_gateway': { + 'type': unicode, + 'default': u"turkey", + #'required': True + }, + 'secondary_gateway': { + 'type': unicode, + 'default': u"france" + }, + 'management_password': { + 'type': unicode + } } } eipservice_config_spec = { - 'serial': { - 'type': int, - 'required': True, - 'default': 1 - }, - 'version': { - 'type': unicode, - 'required': True, - 'default': "0.1.0" - }, - 'capabilities': { - 'type': dict, - 'default': { - "transport": ["openvpn"], - "ports": ["80", "53"], - "protocols": ["udp", "tcp"], - "static_ips": True, - "adblock": True} - }, - 'gateways': { - 'type': list, - 'default': [{"country_code": "us", - "label": {"en":"west"}, - "capabilities": {}, - "hosts": ["1.2.3.4", "1.2.3.5"]}] + 'description': 'sample eip service config', + 'type': 'object', + 'properties': { + 'serial': { + 'type': int, + 'required': True, + 'default': 1 + }, + 'version': { + 'type': unicode, + 'required': True, + 'default': "0.1.0" + }, + 'capabilities': { + 'type': dict, + 'default': { + "transport": ["openvpn"], + "ports": ["80", "53"], + "protocols": ["udp", "tcp"], + "static_ips": True, + "adblock": True} + }, + 'gateways': { + 'type': list, + 'default': [{"country_code": "us", + "label": {"en":"west"}, + "capabilities": {}, + "hosts": ["1.2.3.4", "1.2.3.5"]}] + } } } diff --git a/src/leap/eip/tests/data.py b/src/leap/eip/tests/data.py index 9bf86540..43df2013 100644 --- a/src/leap/eip/tests/data.py +++ b/src/leap/eip/tests/data.py @@ -7,7 +7,7 @@ from leap import __branding PROVIDER = __branding.get('provider_domain') -EIP_SAMPLE_JSON = { +EIP_SAMPLE_CONFIG = { "provider": "%s" % PROVIDER, "transport": "openvpn", "openvpn_protocol": "tcp", @@ -38,9 +38,10 @@ EIP_SAMPLE_SERVICE = { "adblock": True }, "gateways": [ - {"country_code": "us", - "label": {"en":"west"}, + {"country_code": "tr", + "name": "turkey", + "label": {"en":"Ankara, Turkey"}, "capabilities": {}, - "hosts": ["1.2.3.4", "1.2.3.5"]}, + "hosts": ["94.103.43.4"]} ] } diff --git a/src/leap/eip/tests/test_checks.py b/src/leap/eip/tests/test_checks.py index 06133825..58ce473f 100644 --- a/src/leap/eip/tests/test_checks.py +++ b/src/leap/eip/tests/test_checks.py @@ -11,6 +11,8 @@ import urlparse from mock import (patch, Mock) +import jsonschema +#import ping import requests from leap.base import config as baseconfig @@ -89,12 +91,12 @@ class EIPCheckTest(BaseLeapTest): # force re-evaluation of the paths # small workaround for evaluating home dirs correctly - EIP_SAMPLE_JSON = copy.copy(testdata.EIP_SAMPLE_JSON) - EIP_SAMPLE_JSON['openvpn_client_certificate'] = \ + EIP_SAMPLE_CONFIG = copy.copy(testdata.EIP_SAMPLE_CONFIG) + EIP_SAMPLE_CONFIG['openvpn_client_certificate'] = \ eipspecs.client_cert_path() - EIP_SAMPLE_JSON['openvpn_ca_certificate'] = \ + EIP_SAMPLE_CONFIG['openvpn_ca_certificate'] = \ eipspecs.provider_ca_path() - self.assertEqual(deserialized, EIP_SAMPLE_JSON) + self.assertEqual(deserialized, EIP_SAMPLE_CONFIG) # TODO: shold ALSO run validation methods. @@ -111,16 +113,20 @@ class EIPCheckTest(BaseLeapTest): # ok. now, messing with real files... # blank out default_provider - sampleconfig = copy.copy(testdata.EIP_SAMPLE_JSON) + sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) sampleconfig['provider'] = None eipcfg_path = checker.eipconfig.filename with open(eipcfg_path, 'w') as fp: json.dump(sampleconfig, fp) - with self.assertRaises(eipexceptions.EIPMissingDefaultProvider): + #with self.assertRaises(eipexceptions.EIPMissingDefaultProvider): + # XXX we should catch this as one of our errors, but do not + # see how to do it quickly. + with self.assertRaises(jsonschema.ValidationError): + #import ipdb;ipdb.set_trace() checker.eipconfig.load(fromfile=eipcfg_path) checker.check_is_there_default_provider() - sampleconfig = testdata.EIP_SAMPLE_JSON + sampleconfig = testdata.EIP_SAMPLE_CONFIG #eipcfg_path = checker._get_default_eipconfig_path() with open(eipcfg_path, 'w') as fp: json.dump(sampleconfig, fp) @@ -132,7 +138,7 @@ class EIPCheckTest(BaseLeapTest): mocked_get.return_value.status_code = 200 mocked_get.return_value.json = DEFAULT_PROVIDER_DEFINITION checker = eipchecks.EIPConfigChecker(fetcher=requests) - sampleconfig = testdata.EIP_SAMPLE_JSON + sampleconfig = testdata.EIP_SAMPLE_CONFIG checker.fetch_definition(config=sampleconfig) fn = os.path.join(baseconfig.get_default_provider_path(), @@ -150,22 +156,22 @@ class EIPCheckTest(BaseLeapTest): mocked_get.return_value.status_code = 200 mocked_get.return_value.json = testdata.EIP_SAMPLE_SERVICE checker = eipchecks.EIPConfigChecker(fetcher=requests) - sampleconfig = testdata.EIP_SAMPLE_JSON + sampleconfig = testdata.EIP_SAMPLE_CONFIG checker.fetch_eip_service_config(config=sampleconfig) def test_check_complete_eip_config(self): checker = eipchecks.EIPConfigChecker() with self.assertRaises(eipexceptions.EIPConfigurationError): - sampleconfig = copy.copy(testdata.EIP_SAMPLE_JSON) + sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) sampleconfig['provider'] = None checker.check_complete_eip_config(config=sampleconfig) with self.assertRaises(eipexceptions.EIPConfigurationError): - sampleconfig = copy.copy(testdata.EIP_SAMPLE_JSON) + sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) del sampleconfig['provider'] checker.check_complete_eip_config(config=sampleconfig) # normal case - sampleconfig = copy.copy(testdata.EIP_SAMPLE_JSON) + sampleconfig = copy.copy(testdata.EIP_SAMPLE_CONFIG) checker.check_complete_eip_config(config=sampleconfig) diff --git a/src/leap/eip/tests/test_config.py b/src/leap/eip/tests/test_config.py index f9f963dc..6759b522 100644 --- a/src/leap/eip/tests/test_config.py +++ b/src/leap/eip/tests/test_config.py @@ -12,7 +12,7 @@ except ImportError: #from leap.eip import config as eip_config from leap import __branding as BRANDING from leap.eip import config as eipconfig -from leap.eip.tests.data import EIP_SAMPLE_SERVICE +from leap.eip.tests.data import EIP_SAMPLE_CONFIG, EIP_SAMPLE_SERVICE from leap.testing.basetest import BaseLeapTest from leap.util.fileutil import mkdir_p @@ -47,13 +47,21 @@ class EIPConfigTest(BaseLeapTest): os.chmod(tfile, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) def write_sample_eipservice(self): - conf = eipconfig.EIPConfig() + conf = eipconfig.EIPServiceConfig() folder, f = os.path.split(conf.filename) if not os.path.isdir(folder): mkdir_p(folder) with open(conf.filename, 'w') as fd: fd.write(json.dumps(EIP_SAMPLE_SERVICE)) + def write_sample_eipconfig(self): + conf = eipconfig.EIPConfig() + folder, f = os.path.split(conf.filename) + if not os.path.isdir(folder): + mkdir_p(folder) + with open(conf.filename, 'w') as fd: + fd.write(json.dumps(EIP_SAMPLE_CONFIG)) + def get_expected_openvpn_args(self): args = [] username = self.get_username() @@ -123,6 +131,8 @@ class EIPConfigTest(BaseLeapTest): def test_build_ovpn_command_empty_config(self): self.touch_exec() self.write_sample_eipservice() + self.write_sample_eipconfig() + from leap.eip import config as eipconfig from leap.util.fileutil import which path = os.environ['PATH'] diff --git a/src/leap/eip/tests/test_openvpnconnection.py b/src/leap/eip/tests/test_openvpnconnection.py index 885c80b3..61769f04 100644 --- a/src/leap/eip/tests/test_openvpnconnection.py +++ b/src/leap/eip/tests/test_openvpnconnection.py @@ -1,6 +1,7 @@ import logging import os import platform +import psutil import shutil #import socket @@ -16,6 +17,7 @@ from mock import Mock, patch # MagicMock from leap.eip import config as eipconfig from leap.eip import openvpnconnection +from leap.eip import exceptions as eipexceptions from leap.eip.udstelnet import UDSTelnet from leap.testing.basetest import BaseLeapTest @@ -73,6 +75,16 @@ class OpenVPNConnectionTest(BaseLeapTest): # tests # + def test_detect_vpn(self): + openvpn_connection = openvpnconnection.OpenVPNConnection() + with patch.object(psutil, "get_process_list") as mocked_psutil: + with self.assertRaises(eipexceptions.OpenVPNAlreadyRunning): + mocked_process = Mock() + mocked_process.name = "openvpn" + mocked_psutil.return_value = [mocked_process] + openvpn_connection._check_if_running_instance() + openvpn_connection._check_if_running_instance() + @unittest.skipIf(_system == "Windows", "lin/mac only") def test_lin_mac_default_init(self): """ diff --git a/src/leap/gui/firstrunwizard.py b/src/leap/gui/firstrunwizard.py new file mode 100755 index 00000000..abdff7cf --- /dev/null +++ b/src/leap/gui/firstrunwizard.py @@ -0,0 +1,489 @@ +#!/usr/bin/env python +import logging +import json +import socket + +import sip +sip.setapi('QString', 2) +sip.setapi('QVariant', 2) + +from PyQt4 import QtCore +from PyQt4 import QtGui + +from leap.crypto import leapkeyring +from leap.gui import mainwindow_rc + +logger = logging.getLogger(__name__) + +APP_LOGO = ':/images/leap-color-small.png' + +# registration ###################### +# move to base/ +import binascii + +import requests +import srp + +from leap.base import constants as baseconstants + +SIGNUP_TIMEOUT = getattr(baseconstants, 'SIGNUP_TIMEOUT', 5) + + +class LeapSRPRegister(object): + + def __init__(self, + schema="https", + provider=None, + port=None, + register_path="1/users.json", + method="POST", + fetcher=requests, + srp=srp, + hashfun=srp.SHA256, + ng_constant=srp.NG_1024): + + self.schema = schema + self.provider = provider + self.port = port + self.register_path = register_path + self.method = method + self.fetcher = fetcher + self.srp = srp + self.HASHFUN = hashfun + self.NG = ng_constant + + self.init_session() + + def init_session(self): + self.session = self.fetcher.session() + + def get_registration_uri(self): + # XXX assert is https! + # use urlparse + if self.port: + uri = "%s://%s:%s/%s" % ( + self.schema, + self.provider, + self.port, + self.register_path) + else: + uri = "%s://%s/%s" % ( + self.schema, + self.provider, + self.register_path) + + return uri + + def register_user(self, username, password, keep=False): + """ + @rtype: tuple + @rvalue: (ok, request) + """ + salt, vkey = self.srp.create_salted_verification_key( + username, + password, + self.HASHFUN, + self.NG) + + user_data = { + 'user[login]': username, + 'user[password_verifier]': binascii.hexlify(vkey), + 'user[password_salt]': binascii.hexlify(salt)} + + uri = self.get_registration_uri() + logger.debug('post to uri: %s' % uri) + + # XXX get self.method + req = self.session.post( + uri, data=user_data, + timeout=SIGNUP_TIMEOUT) + logger.debug(req) + logger.debug('user_data: %s', user_data) + #logger.debug('response: %s', req.text) + # we catch it in the form + #req.raise_for_status() + return (req.ok, req) + +###################################### + +ErrorLabelStyleSheet = """ +QLabel { color: red; + font-weight: bold} +""" + + +class FirstRunWizard(QtGui.QWizard): + + def __init__( + self, parent=None, providers=None, + success_cb=None): + super(FirstRunWizard, self).__init__( + parent, + QtCore.Qt.WindowStaysOnTopHint) + + # XXX hardcoded for tests + if not providers: + providers = ('springbok',) + self.providers = providers + + # success callback + self.success_cb = success_cb + + self.addPage(IntroPage()) + self.addPage(SelectProviderPage(providers=providers)) + + self.addPage(RegisterUserPage(wizard=self)) + #self.addPage(GlobalEIPSettings()) + self.addPage(LastPage()) + + self.setPixmap( + QtGui.QWizard.BannerPixmap, + QtGui.QPixmap(':/images/banner.png')) + self.setPixmap( + QtGui.QWizard.BackgroundPixmap, + QtGui.QPixmap(':/images/background.png')) + + self.setWindowTitle("First Run Wizard") + + # TODO: set style for MAC / windows ... + #self.setWizardStyle() + + def setWindowFlags(self, flags): + logger.debug('setting window flags') + QtGui.QWizard.setWindowFlags(self, flags) + + def focusOutEvent(self, event): + # needed ? + self.setFocus(True) + self.activateWindow() + self.raise_() + self.show() + + def accept(self): + """ + final step in the wizard. + gather the info, update settings + and call the success callback. + """ + provider = self.get_provider() + username = self.field('userName') + password = self.field('userPassword') + remember_pass = self.field('rememberPassword') + + logger.debug('chosen provider: %s', provider) + logger.debug('username: %s', username) + logger.debug('remember password: %s', remember_pass) + super(FirstRunWizard, self).accept() + + settings = QtCore.QSettings() + settings.setValue("FirstRunWizardDone", True) + settings.setValue( + "eip_%s_username" % provider, + username) + settings.setValue("%s_remember_pass" % provider, remember_pass) + + seed = self.get_random_str(10) + settings.setValue("%s_seed" % provider, seed) + + leapkeyring.leap_set_password(username, password, seed=seed) + + logger.debug('First Run Wizard Done.') + cb = self.success_cb + if cb and callable(cb): + self.success_cb() + + def get_provider(self): + provider = self.field('provider_index') + return self.providers[provider] + + def get_random_str(self, n): + from string import (ascii_uppercase, ascii_lowercase, digits) + from random import choice + return ''.join(choice( + ascii_uppercase + + ascii_lowercase + + digits) for x in range(n)) + + +class IntroPage(QtGui.QWizardPage): + def __init__(self, parent=None): + super(IntroPage, self).__init__(parent) + + self.setTitle("First run wizard.") + + #self.setPixmap( + #QtGui.QWizard.WatermarkPixmap, + #QtGui.QPixmap(':/images/watermark1.png')) + + label = QtGui.QLabel( + "Now we will guide you through " + "some configuration that is needed before you " + "can connect for the first time.<br><br>" + "If you ever need to modify these options again, " + "you can find the wizard in the '<i>Settings</i>' menu from the " + "main window of the Leap App.") + + label.setWordWrap(True) + + layout = QtGui.QVBoxLayout() + layout.addWidget(label) + self.setLayout(layout) + + +class SelectProviderPage(QtGui.QWizardPage): + def __init__(self, parent=None, providers=None): + super(SelectProviderPage, self).__init__(parent) + + self.setTitle("Select Provider") + self.setSubTitle( + "Please select which provider do you want " + "to use for your connection." + ) + self.setPixmap( + QtGui.QWizard.LogoPixmap, + QtGui.QPixmap(APP_LOGO)) + + providerNameLabel = QtGui.QLabel("&Provider:") + + providercombo = QtGui.QComboBox() + if providers: + for provider in providers: + providercombo.addItem(provider) + providerNameSelect = providercombo + + providerNameLabel.setBuddy(providerNameSelect) + + self.registerField('provider_index', providerNameSelect) + + layout = QtGui.QGridLayout() + layout.addWidget(providerNameLabel, 0, 0) + layout.addWidget(providerNameSelect, 0, 1) + self.setLayout(layout) + + +class RegisterUserPage(QtGui.QWizardPage): + setSigningUpStatus = QtCore.pyqtSignal([]) + + def __init__(self, parent=None, wizard=None): + super(RegisterUserPage, self).__init__(parent) + + # bind wizard page signals + self.setSigningUpStatus.connect( + self.set_status_validating) + + # XXX check for no wizard pased + # getting provider from previous step + provider = wizard.get_provider() + + self.setTitle("User registration") + self.setSubTitle( + "Register a new user with provider %s." % + provider) + self.setPixmap( + QtGui.QWizard.LogoPixmap, + QtGui.QPixmap(APP_LOGO)) + + rememberPasswordCheckBox = QtGui.QCheckBox( + "&Remember password.") + rememberPasswordCheckBox.setChecked(True) + + userNameLabel = QtGui.QLabel("User &name:") + userNameLineEdit = QtGui.QLineEdit() + userNameLineEdit.cursorPositionChanged.connect( + self.reset_validation_status) + userNameLabel.setBuddy(userNameLineEdit) + + # add regex validator + usernameRe = QtCore.QRegExp(r"^[A-Za-z\d_]+$") + userNameLineEdit.setValidator( + QtGui.QRegExpValidator(usernameRe, self)) + self.userNameLineEdit = userNameLineEdit + + userPasswordLabel = QtGui.QLabel("&Password:") + self.userPasswordLineEdit = QtGui.QLineEdit() + self.userPasswordLineEdit.setEchoMode( + QtGui.QLineEdit.Password) + + userPasswordLabel.setBuddy(self.userPasswordLineEdit) + + self.registerField('userName', self.userNameLineEdit) + self.registerField('userPassword', self.userPasswordLineEdit) + self.registerField('rememberPassword', rememberPasswordCheckBox) + + layout = QtGui.QGridLayout() + layout.setColumnMinimumWidth(0, 20) + + validationMsg = QtGui.QLabel("") + validationMsg.setStyleSheet(ErrorLabelStyleSheet) + + self.validationMsg = validationMsg + + layout.addWidget(validationMsg, 0, 3) + + layout.addWidget(userNameLabel, 1, 0) + layout.addWidget(self.userNameLineEdit, 1, 3) + + layout.addWidget(userPasswordLabel, 2, 0) + layout.addWidget(self.userPasswordLineEdit, 2, 3) + + layout.addWidget(rememberPasswordCheckBox, 3, 3, 3, 4) + self.setLayout(layout) + + def reset_validation_status(self): + """ + empty the validation msg + """ + self.validationMsg.setText('') + + def set_status_validating(self): + """ + set validation msg to 'registering...' + """ + # XXX this is NOT WORKING. + # My guess is that, even if we are using + # signals to trigger this, it does + # not show until the validate function + # returns. + # I guess it is because there is no delay... + logger.debug('registering........') + self.validationMsg.setText('registering...') + # need to call update somehow??? + + def set_status_invalid_username(self): + """ + set validation msg to + not available user + """ + self.validationMsg.setText('Username not available.') + + def set_status_server_500(self): + """ + set validation msg to + internal server error + """ + self.validationMsg.setText("Error during registration (500)") + + def set_status_timeout(self): + """ + set validation msg to + timeout + """ + self.validationMsg.setText("Error connecting to provider (timeout)") + + def set_status_unknown_error(self): + """ + set validation msg to + unknown error + """ + self.validationMsg.setText("Error during signup") + + # overwritten methods + + def initializePage(self): + """ + inits wizard page + """ + self.validationMsg.setText('') + + def validatePage(self): + """ + validation + we initialize the srp protocol register + and try to register user. if error + returned we write validation error msg + above the form. + """ + # the slot for this signal is not doing + # what's expected. Investigate why, + # right now we're not giving any feedback + # to the user re. what's going on. The only + # thing I can see as a workaround is setting + # a low timeout. + self.setSigningUpStatus.emit() + + username = self.userNameLineEdit.text() + password = self.userPasswordLineEdit.text() + + # XXX TODO -- remove debug info + # XXX get from provider info + # XXX enforce https + # and pass a verify value + + signup = LeapSRPRegister( + schema="http", + provider="springbok", + + #provider="localhost", + #register_path="timeout", + #port=8000 + ) + try: + ok, req = signup.register_user(username, password) + except socket.timeout: + self.set_status_timeout() + return False + + if ok: + return True + + # something went wrong. + # not registered, let's catch what. + # get timeout + # ... + if req.status_code == 500: + self.set_status_server_500() + return False + + validation_msgs = json.loads(req.content) + logger.debug('validation errors: %s' % validation_msgs) + errors = validation_msgs.get('errors', None) + if errors and errors.get('login', None): + self.set_status_invalid_username() + else: + self.set_status_unknown_error() + return False + + +class GlobalEIPSettings(QtGui.QWizardPage): + def __init__(self, parent=None): + super(GlobalEIPSettings, self).__init__(parent) + + +class LastPage(QtGui.QWizardPage): + def __init__(self, parent=None): + super(LastPage, self).__init__(parent) + + self.setTitle("Ready to go!") + + #self.setPixmap( + #QtGui.QWizard.WatermarkPixmap, + #QtGui.QPixmap(':/images/watermark2.png')) + + self.label = QtGui.QLabel() + self.label.setWordWrap(True) + + layout = QtGui.QVBoxLayout() + layout.addWidget(self.label) + self.setLayout(layout) + + def initializePage(self): + finishText = self.wizard().buttonText( + QtGui.QWizard.FinishButton) + finishText = finishText.replace('&', '') + self.label.setText( + "Click '<i>%s</i>' to end the wizard and start " + "encrypting your connection." % finishText) + + +if __name__ == '__main__': + # standalone test + import sys + import logging + logging.basicConfig() + logger = logging.getLogger() + logger.setLevel(logging.DEBUG) + + app = QtGui.QApplication(sys.argv) + wizard = FirstRunWizard() + wizard.show() + sys.exit(app.exec_()) diff --git a/src/leap/gui/tests/integration/fake_user_signup.py b/src/leap/gui/tests/integration/fake_user_signup.py new file mode 100644 index 00000000..12f18966 --- /dev/null +++ b/src/leap/gui/tests/integration/fake_user_signup.py @@ -0,0 +1,80 @@ +""" +simple server to test registration and +authentication + +To test: + +curl -d login=python_test_user -d password_salt=54321\ + -d password_verifier=12341234 \ + http://localhost:8000/users.json + +""" +from BaseHTTPServer import HTTPServer +from BaseHTTPServer import BaseHTTPRequestHandler +import cgi +import urlparse + +HOST = "localhost" +PORT = 8000 + +LOGIN_ERROR = """{"errors":{"login":["has already been taken"]}}""" + + +class request_handler(BaseHTTPRequestHandler): + responses = { + '/': ['ok\n'], + '/users.json': ['ok\n'], + '/timeout': ['ok\n'] + } + + def do_GET(self): + path = urlparse.urlparse(self.path) + message = '\n'.join( + self.responses.get( + path.path, None)) + self.send_response(200) + self.end_headers() + self.wfile.write(message) + + def do_POST(self): + form = cgi.FieldStorage( + fp=self.rfile, + headers=self.headers, + environ={'REQUEST_METHOD': 'POST', + 'CONTENT_TYPE': self.headers['Content-Type'], + }) + data = dict( + (key, form[key].value) for key in form.keys()) + path = urlparse.urlparse(self.path) + message = '\n'.join( + self.responses.get( + path.path, '')) + + login = data.get('login', None) + #password_salt = data.get('password_salt', None) + #password_verifier = data.get('password_verifier', None) + + if path.geturl() == "/timeout": + print 'timeout' + self.send_response(200) + self.end_headers() + self.wfile.write(message) + import time + time.sleep(10) + return + + ok = True if (login == "python_test_user") else False + if ok: + self.send_response(200) + self.end_headers() + self.wfile.write(message) + + else: + self.send_response(500) + self.end_headers() + self.wfile.write(LOGIN_ERROR) + + +if __name__ == "__main__": + server = HTTPServer((HOST, PORT), request_handler) + server.serve_forever() |