def test_login_logout():
"""
See if we can login and log out correctly.
"""
try:
os.remove("test-loginlogout.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-loginlogout.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-loginlogout.authdb.sqlite-wal")
except Exception:
pass
get_test_authdb()
get_public_suffix_list()
# create the user
user_payload = {
"full_name": "Test User",
"email": "*****@*****.**",
"password": "******",
"pii_salt": "super-secret-salt",
"reqid": 1,
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
)
assert user_created["success"] is True
assert user_created["user_email"] == "*****@*****.**"
assert (
"User account created. Please verify your email address to log in."
in user_created["messages"]
)
# create a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {"pref_datasets_always_private": True},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert session_token1["success"] is True
assert session_token1["session_token"] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
"session_token": session_token1["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
# this should fail because we haven't verified our email yet
assert login["success"] is False
# verify our email
emailverify = actions.set_user_emailaddr_verified(
{
"email": user_payload["email"],
"user_id": user_created["user_id"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert emailverify["success"] is True
assert emailverify["user_id"] == user_created["user_id"]
assert emailverify["is_active"] is True
assert emailverify["user_role"] == "authenticated"
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {"pref_datasets_always_private": True},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert session_token2["success"] is True
assert session_token2["session_token"] is not None
# and now try to log in again
login = actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert login["success"] is True
# make sure the session token we used to log in is gone
# check if our session was deleted correctly
session_still_exists = actions.auth_session_exists(
{
"session_token": session_token2["session_token"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
)
assert session_still_exists["success"] is False
# start a new session with this user's user ID
authenticated_session_token = actions.auth_session_new(
{
"user_id": login["user_id"],
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {"pref_datasets_always_private": True},
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
# now see if we can log out
logged_out = actions.auth_user_logout(
{
"session_token": authenticated_session_token["session_token"],
"user_id": login["user_id"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert logged_out["success"] is True
# check if our session was deleted correctly
session_still_exists = actions.auth_session_exists(
{
"session_token": authenticated_session_token,
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-loginlogout.authdb.sqlite",
raiseonfail=True,
)
assert session_still_exists["success"] is False
try:
os.remove("test-loginlogout.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-loginlogout.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-loginlogout.authdb.sqlite-wal")
except Exception:
pass
def test_login():
"""
This tests if we can log in successfully or fail correctly.
"""
try:
os.remove("test-login.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-login.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-login.authdb.sqlite-wal")
except Exception:
pass
get_test_authdb()
get_public_suffix_list()
# create the user
user_payload = {
"full_name": "Test User",
"email": "*****@*****.**",
"password": "******",
"pii_salt": "super-secret-salt",
"reqid": 1,
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path="sqlite:///test-login.authdb.sqlite")
assert user_created["success"] is True
assert user_created["user_email"] == "*****@*****.**"
assert ("User account created. Please verify your email address to log in."
in user_created["messages"])
# create a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert session_token1["success"] is True
assert session_token1["session_token"] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
"session_token": session_token1["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
# this should fail because we haven't verified our email yet
assert login["success"] is False
# verify our email
emailverify = actions.set_user_emailaddr_verified(
{
"email": user_payload["email"],
"user_id": user_created["user_id"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert emailverify["success"] is True
assert emailverify["user_id"] == user_created["user_id"]
assert emailverify["is_active"] is True
assert emailverify["user_role"] == "authenticated"
# now make a new session token
session_payload = {
"user_id": emailverify["user_id"],
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert session_token2["success"] is True
assert session_token2["session_token"] is not None
# and now try to log in again
login = actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert login["success"] is True
# try logging in now with the wrong password
login = actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": "******",
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert login["success"] is False
# tests for no session token provided
login = actions.auth_user_login(
{
"session_token": "correcthorsebatterystaple",
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-login.authdb.sqlite",
)
assert login["success"] is False
try:
os.remove("test-login.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-login.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-login.authdb.sqlite-wal")
except Exception:
pass
def test_login_timing():
"""This tests obfuscating the presence/absence of users based on password
checks.
This may fail randomly if the testing service is under load.
"""
try:
os.remove("test-timing.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-timing.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-timing.authdb.sqlite-wal")
except Exception:
pass
get_test_authdb()
get_public_suffix_list()
# create the user
user_payload = {
"full_name": "Test User",
"email": "*****@*****.**",
"password": "******",
"pii_salt": "super-secret-salt",
"reqid": 1,
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
assert user_created["success"] is True
assert user_created["user_email"] == "*****@*****.**"
assert ("User account created. Please verify your email address to log in."
in user_created["messages"])
# create a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
assert session_token1["success"] is True
assert session_token1["session_token"] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
"session_token": session_token1["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
# this should fail because we haven't verified our email yet
assert login["success"] is False
# verify our email
emailverify = actions.set_user_emailaddr_verified(
{
"email": user_payload["email"],
"user_id": user_created["user_id"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
assert emailverify["success"] is True
assert emailverify["user_id"] == user_created["user_id"]
assert emailverify["is_active"] is True
assert emailverify["user_role"] == "authenticated"
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
assert session_token2["success"] is True
assert session_token2["session_token"] is not None
# and now try to log in again
login = actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
assert login["success"] is True
# basic tests for timing attacks
# incorrect passwords
incorrect_timings = []
for _ in range(500):
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
start = time.time()
actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": secrets.token_urlsafe(16),
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
end = time.time()
incorrect_timings.append(end - start)
# correct passwords
correct_timings = []
for _ in range(500):
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
start = time.time()
actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
end = time.time()
correct_timings.append(end - start)
# wronguser passwords
wronguser_timings = []
for _ in range(500):
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
start = time.time()
actions.auth_user_login(
{
"session_token": session_token2["session_token"],
"email": secrets.token_urlsafe(16),
"password": secrets.token_urlsafe(16),
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
end = time.time()
wronguser_timings.append(end - start)
# broken requests
broken_timings = []
for _ in range(500):
# now make a new session token
session_payload = {
"user_id": 2,
"user_agent": "Mozzarella Killerwhale",
"expires": datetime.utcnow() + timedelta(hours=1),
"ip_address": "1.1.1.1",
"extra_info_json": {
"pref_datasets_always_private": True
},
"pii_salt": "super-secret-salt",
"reqid": 1,
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
start = time.time()
actions.auth_user_login(
{
"session_token": "correcthorsebatterystaple",
"email": user_payload["email"],
"password": user_payload["password"],
"pii_salt": "super-secret-salt",
"reqid": 1,
},
override_authdb_path="sqlite:///test-timing.authdb.sqlite",
)
end = time.time()
broken_timings.append(end - start)
correct_median = statistics.median(correct_timings)
incorrect_median = statistics.median(incorrect_timings)
broken_median = statistics.median(broken_timings)
wronguser_median = statistics.median(wronguser_timings)
# all timings should match within 10 milliseconds or so
assert abs(correct_median - incorrect_median) < 0.01
assert abs(correct_median - broken_median) < 0.01
assert abs(correct_median - wronguser_median) < 0.01
try:
os.remove("test-timing.authdb.sqlite")
except Exception:
pass
try:
os.remove("test-timing.authdb.sqlite-shm")
except Exception:
pass
try:
os.remove("test-timing.authdb.sqlite-wal")
except Exception:
pass
def test_login_logout():
'''
See if we can login and log out correctly.
'''
try:
os.remove('test-loginlogout.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-loginlogout.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-loginlogout.authdb.sqlite-wal')
except Exception as e:
pass
get_test_authdb()
# create the user
user_payload = {
'full_name': 'Test User',
'email': '*****@*****.**',
'password': '******'
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite')
assert user_created['success'] is True
assert user_created['user_email'] == '*****@*****.**'
assert ('User account created. Please verify your email address to log in.'
in user_created['messages'])
# create a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
assert session_token1['success'] is True
assert session_token1['session_token'] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
'session_token': session_token1['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
# this should fail because we haven't verified our email yet
assert login['success'] is False
# verify our email
emailverify = (actions.verify_user_email_address(
{
'email': user_payload['email'],
'user_id': user_created['user_id']
},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True))
assert emailverify['success'] is True
assert emailverify['user_id'] == user_created['user_id']
assert emailverify['is_active'] is True
assert emailverify['user_role'] == 'authenticated'
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
assert session_token2['success'] is True
assert session_token2['session_token'] is not None
# and now try to log in again
login = actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
assert login['success'] is True
# make sure the session token we used to log in is gone
# check if our session was deleted correctly
session_still_exists = actions.auth_session_exists(
{'session_token': session_token2['session_token']},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite')
assert session_still_exists['success'] is False
# start a new session with this user's user ID
authenticated_session_token = actions.auth_session_new(
{
'user_id': login['user_id'],
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
# now see if we can log out
logged_out = actions.auth_user_logout(
{
'session_token': authenticated_session_token['session_token'],
'user_id': login['user_id']
},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
assert logged_out['success'] is True
# check if our session was deleted correctly
session_still_exists = actions.auth_session_exists(
{'session_token': authenticated_session_token},
override_authdb_path='sqlite:///test-loginlogout.authdb.sqlite',
raiseonfail=True)
assert session_still_exists['success'] is False
try:
os.remove('test-loginlogout.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-loginlogout.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-loginlogout.authdb.sqlite-wal')
except Exception as e:
pass
def test_login_timing():
'''This tests obfuscating the presence/absence of users based on password
checks.
This may fail randomly if the testing service is under load.
'''
try:
os.remove('test-timing.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-timing.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-timing.authdb.sqlite-wal')
except Exception as e:
pass
get_test_authdb()
# create the user
user_payload = {
'full_name': 'Test User',
'email': '*****@*****.**',
'password': '******'
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
assert user_created['success'] is True
assert user_created['user_email'] == '*****@*****.**'
assert ('User account created. Please verify your email address to log in.'
in user_created['messages'])
# create a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
assert session_token1['success'] is True
assert session_token1['session_token'] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
'session_token': session_token1['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
# this should fail because we haven't verified our email yet
assert login['success'] is False
# verify our email
emailverify = (actions.verify_user_email_address(
{
'email': user_payload['email'],
'user_id': user_created['user_id']
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite'))
assert emailverify['success'] is True
assert emailverify['user_id'] == user_created['user_id']
assert emailverify['is_active'] is True
assert emailverify['user_role'] == 'authenticated'
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
assert session_token2['success'] is True
assert session_token2['session_token'] is not None
# and now try to log in again
login = actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
assert login['success'] is True
# basic tests for timing attacks
# incorrect passwords
incorrect_timings = []
for _ in range(1000):
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
start = time.time()
actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': secrets.token_urlsafe(16)
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
end = time.time()
incorrect_timings.append(end - start)
# correct passwords
correct_timings = []
for _ in range(1000):
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
start = time.time()
actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
end = time.time()
correct_timings.append(end - start)
# wronguser passwords
wronguser_timings = []
for _ in range(1000):
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
start = time.time()
actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': secrets.token_urlsafe(16),
'password': secrets.token_urlsafe(16)
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
end = time.time()
wronguser_timings.append(end - start)
# broken requests
broken_timings = []
for _ in range(1000):
# now make a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
start = time.time()
actions.auth_user_login(
{
'session_token': 'correcthorsebatterystaple',
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-timing.authdb.sqlite')
end = time.time()
broken_timings.append(end - start)
correct_timings = np.array(correct_timings)
incorrect_timings = np.array(incorrect_timings)
broken_timings = np.array(broken_timings)
wronguser_timings = np.array(wronguser_timings)
correct_median = np.median(correct_timings)
incorrect_median = np.median(incorrect_timings)
broken_median = np.median(broken_timings)
wronguser_median = np.median(wronguser_timings)
# all timings should match within 7 milliseconds or so
assert_allclose(correct_median, incorrect_median, atol=7.0e-3)
assert_allclose(correct_median, broken_median, atol=7.0e-3)
assert_allclose(correct_median, wronguser_median, atol=7.0e-3)
try:
os.remove('test-timing.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-timing.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-timing.authdb.sqlite-wal')
except Exception as e:
pass
def test_login():
'''
This tests if we can log in successfully or fail correctly.
'''
try:
os.remove('test-login.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-login.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-login.authdb.sqlite-wal')
except Exception as e:
pass
get_test_authdb()
# create the user
user_payload = {
'full_name': 'Test User',
'email': '*****@*****.**',
'password': '******'
}
user_created = actions.create_new_user(
user_payload,
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert user_created['success'] is True
assert user_created['user_email'] == '*****@*****.**'
assert ('User account created. Please verify your email address to log in.'
in user_created['messages'])
# create a new session token
session_payload = {
'user_id': 2,
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token1 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert session_token1['success'] is True
assert session_token1['session_token'] is not None
# try logging in now with correct password
login = actions.auth_user_login(
{
'session_token': session_token1['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-login.authdb.sqlite')
# this should fail because we haven't verified our email yet
assert login['success'] is False
# verify our email
emailverify = (actions.verify_user_email_address(
{
'email': user_payload['email'],
'user_id': user_created['user_id']
},
override_authdb_path='sqlite:///test-login.authdb.sqlite'))
assert emailverify['success'] is True
assert emailverify['user_id'] == user_created['user_id']
assert emailverify['is_active'] is True
assert emailverify['user_role'] == 'authenticated'
# now make a new session token
session_payload = {
'user_id': emailverify['user_id'],
'user_agent': 'Mozzarella Killerwhale',
'expires': datetime.utcnow() + timedelta(hours=1),
'ip_address': '1.1.1.1',
'extra_info_json': {
'pref_datasets_always_private': True
}
}
# check creation of session
session_token2 = actions.auth_session_new(
session_payload,
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert session_token2['success'] is True
assert session_token2['session_token'] is not None
# and now try to log in again
login = actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert login['success'] is True
# try logging in now with the wrong password
login = actions.auth_user_login(
{
'session_token': session_token2['session_token'],
'email': user_payload['email'],
'password': '******'
},
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert login['success'] is False
# tests for no session token provided
login = actions.auth_user_login(
{
'session_token': 'correcthorsebatterystaple',
'email': user_payload['email'],
'password': user_payload['password']
},
override_authdb_path='sqlite:///test-login.authdb.sqlite')
assert login['success'] is False
try:
os.remove('test-login.authdb.sqlite')
except Exception as e:
pass
try:
os.remove('test-login.authdb.sqlite-shm')
except Exception as e:
pass
try:
os.remove('test-login.authdb.sqlite-wal')
except Exception as e:
pass