def test_fail_bad_request(self, user):
        useradmm = ApiClient(useradm.URL_MGMT)
        devauthm = ApiClient(deviceauth_v2.URL_MGMT)

        # log in user
        r = useradmm.call('POST',
                          useradm.URL_LOGIN,
                          auth=(user.name, user.pwd))
        assert r.status_code == 200

        utoken = r.text

        # id data not json
        priv, pub = util.crypto.rsa_get_keypair()
        id_data = '{\"mac\": \"foo\"}'
        body = deviceauth_v2.preauth_req(
                    id_data,
                    pub)
        r = devauthm.with_auth(utoken).call('POST',
                                            deviceauth_v2.URL_DEVICES,
                                            body)
        assert r.status_code == 400

        # not a valid key
        id_data = {'mac': 'foo'}
        body = deviceauth_v2.preauth_req(
                    id_data,
                    'not a public key')
        r = devauthm.with_auth(utoken).call('POST',
                                            deviceauth_v2.URL_DEVICES,
                                            body)
        assert r.status_code == 400
    def do_test_fail_duplicate(self, user, devices):
        useradmm = ApiClient(useradm.URL_MGMT)
        devauthm = ApiClient(deviceauth_v2.URL_MGMT)

        # log in user
        r = useradmm.call('POST',
                          useradm.URL_LOGIN,
                          auth=(user.name, user.pwd))
        assert r.status_code == 200

        utoken = r.text

        # preauth duplicate device
        priv, pub = util.crypto.rsa_get_keypair()
        id_data = devices[0].id_data
        body = deviceauth_v2.preauth_req(
                    id_data,
                    pub)
        r = devauthm.with_auth(utoken).call('POST',
                                            deviceauth_v2.URL_DEVICES,
                                            body)
        assert r.status_code == 409

        # device list is unmodified
        r = devauthm.with_auth(utoken).call('GET',
                                            deviceauth_v2.URL_DEVICES)
        assert r.status_code == 200
        api_devs = r.json()

        assert len(api_devs) == len(devices)

        # existing device has no new auth sets
        existing = [d for d in api_devs if d['identity_data'] == id_data]
        assert len(existing) == 1
        existing = existing[0]

        assert len(existing['auth_sets']) == 1
        aset = existing['auth_sets'][0]
        assert util.crypto.rsa_compare_keys(aset['pubkey'], devices[0].pubkey)
        assert aset['status'] == 'pending'
def make_preauthd_device(utoken):
    devauthm = ApiClient(deviceauth_v2.URL_MGMT)

    priv, pub = util.crypto.rsa_get_keypair()
    id_data = rand_id_data()

    body = deviceauth_v2.preauth_req(id_data, pub)
    r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES,
                                        body)
    assert r.status_code == 201

    api_dev = get_device_by_id_data(id_data, utoken)
    assert len(api_dev['auth_sets']) == 1
    aset = api_dev['auth_sets'][0]

    dev = Device(api_dev['id'], id_data, pub)
    dev.authsets.append(
        Authset(aset['id'], dev.id, id_data, pub, priv, 'preauthorized'))

    dev.status = 'preauthorized'

    return dev
    def do_test_ok(self, user, tenant_token=''):
        useradmm = ApiClient(useradm.URL_MGMT)
        devauthm = ApiClient(deviceauth_v2.URL_MGMT)
        devauthd = ApiClient(deviceauth_v1.URL_DEVICES)

        # log in user
        r = useradmm.call('POST',
                          useradm.URL_LOGIN,
                          auth=(user.name, user.pwd))
        assert r.status_code == 200

        utoken = r.text

        # preauth device
        priv, pub = util.crypto.rsa_get_keypair()
        id_data = {'mac': 'pretenditsamac'}
        body = deviceauth_v2.preauth_req(
                    id_data,
                    pub)
        r = devauthm.with_auth(utoken).call('POST',
                                            deviceauth_v2.URL_DEVICES,
                                            body)
        assert r.status_code == 201

        # device appears in device list
        r = devauthm.with_auth(utoken).call('GET',
                                            deviceauth_v2.URL_DEVICES)
        assert r.status_code == 200
        api_devs = r.json()

        assert len(api_devs) == 1
        api_dev = api_devs[0]

        assert api_dev['status'] == 'preauthorized'
        assert api_dev['identity_data'] == id_data
        assert len(api_dev['auth_sets']) == 1
        aset = api_dev['auth_sets'][0]

        assert aset['identity_data'] == id_data
        assert util.crypto.rsa_compare_keys(aset['pubkey'], pub)
        assert aset['status'] == 'preauthorized'

        # actual device can obtain auth token
        body, sighdr = deviceauth_v1.auth_req(id_data,
                                              pub,
                                              priv,
                                              tenant_token)

        r = devauthd.call('POST',
                          deviceauth_v1.URL_AUTH_REQS,
                          body,
                          headers=sighdr)

        assert r.status_code == 200

        # device and authset changed status to 'accepted'
        r = devauthm.with_auth(utoken).call('GET',
                                            deviceauth_v2.URL_DEVICES,
                                            path_params={'id': api_dev['id']})

        api_devs = r.json()
        assert len(api_devs) == 1

        api_dev = api_devs[0]
        assert api_dev['status'] == 'accepted'
        assert len(api_dev['auth_sets']) == 1

        aset = api_dev['auth_sets'][0]
        assert aset['status'] == 'accepted'