def test_keychain_creation(): _init_data() kc = vcs.KeyChain(macgyver, "foobar") public_key, private_key = kc.get_ssh_key() assert public_key.startswith("ssh-rsa") assert "RSA PRIVATE KEY" in private_key public_key2 = vcs.KeyChain.get_ssh_public_key(macgyver) assert public_key2 == public_key bigmac = get_project(macgyver, macgyver, "bigmac", create=True) kc.set_ssh_for_project(bigmac, vcs.AUTH_BOTH) kcfile = path(macgyver.get_location()) / ".bespin-keychain" assert kcfile.exists() metadata = bigmac.metadata assert metadata['remote_auth'] == vcs.AUTH_BOTH metadata.close() # make sure the file is encrypted text = kcfile.bytes() assert "RSA PRIVATE KEY" not in text assert "ssh-rsa" not in text kc = vcs.KeyChain(macgyver, "foobar") public_key2, private_key2 = kc.get_ssh_key() assert public_key2 == public_key assert private_key2 == private_key credentials = kc.get_credentials_for_project(bigmac) assert "RSA PRIVATE KEY" in credentials['ssh_private_key'] assert credentials['type'] == "ssh" kc.delete_credentials_for_project(bigmac) credentials = kc.get_credentials_for_project(bigmac) assert credentials is None metadata = bigmac.metadata try: value = metadata['remote_auth'] assert False, "expected remote_auth key to be removed from project" except KeyError: pass metadata.close() kc.set_credentials_for_project(bigmac, vcs.AUTH_WRITE, "macG", "coolpass") kc = vcs.KeyChain(macgyver, "foobar") credentials = kc.get_credentials_for_project(bigmac) assert credentials['type'] == 'password' assert credentials['username'] == 'macG' assert credentials['password'] == 'coolpass' kc.delete_credentials_for_project(bigmac) kc = vcs.KeyChain(macgyver, "foobar") credentials = kc.get_credentials_for_project(bigmac) assert credentials is None
def test_bad_keychain_password(): _init_data() keychain = vcs.KeyChain(macgyver, "foobar") keychain.get_ssh_key() try: keychain = vcs.KeyChain(macgyver, "blorg") keychain.get_ssh_key() assert False, "Expected exception for bad keychain password" except NotAuthorized: pass
def test_hg_push_on_web(run_command_params): _init_data() kc = vcs.KeyChain(macgyver, "foobar") # generate key pair kc.get_ssh_key() bigmac = get_project(macgyver, macgyver, 'bigmac', create=True) kc.set_ssh_for_project(bigmac, vcs.AUTH_WRITE) metadata = bigmac.metadata metadata['remote_url'] = "http://hg.mozilla.org/labs/bespin" metadata['push'] = "ssh://hg.mozilla.org/labs/bespin" metadata.close() bigmac.save_file(".hg/hgrc", "# test rc file\n") request = simplejson.dumps({'command' : ['push', '_BESPIN_PUSH'], 'kcpass' : 'foobar'}) resp = app.post("/vcs/command/bigmac/", request) resp = app.post("/messages/") command, context = run_command_params assert context.user == "MacGyver" command_line = command.get_command_line() print command_line assert command_line[0:3] == ["hg", "push", "-e"] assert command_line[3].startswith("ssh -i") assert command_line[4] == "ssh://hg.mozilla.org/labs/bespin"
def test_vcs_get_ssh_key_from_web_without_password_with_pubkey(): _init_data() kc = vcs.KeyChain(macgyver, "foobar") # generate the key pair kc.get_ssh_key() resp = app.post("/vcs/getkey/") assert resp.content_type == "application/x-ssh-key" assert resp.body.startswith("ssh-rsa")
def test_find_out_remote_auth_info_from_web(): _init_data() bigmac = get_project(macgyver, macgyver, "bigmac", create=True) keychain = vcs.KeyChain(macgyver, "foobar") keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH) resp = app.get("/vcs/remoteauth/bigmac/") assert resp.body == "both" keychain.delete_credentials_for_project(bigmac) resp = app.get("/vcs/remoteauth/bigmac/") assert resp.body == "" keychain.set_ssh_for_project(bigmac, vcs.AUTH_WRITE) resp = app.get("/vcs/remoteauth/bigmac/") assert resp.body == "write"
def test_vcs_auth_set_password_on_web(): _init_data() bigmac = get_project(macgyver, macgyver, 'bigmac', create=True) resp = app.post("/vcs/setauth/bigmac/", dict(kcpass="******", type="password", username="******", password="******", remoteauth="write")) kc = vcs.KeyChain(macgyver, "foobar") credentials = kc.get_credentials_for_project(bigmac) assert credentials['type'] == 'password' assert credentials['username'] == 'macG' assert credentials['password'] == 'coolpass' metadata = bigmac.metadata assert metadata[vcs.AUTH_PROPERTY] == vcs.AUTH_WRITE metadata.close()
def get_ssh_key(request, response): user = request.user try: kcpass = request.POST['kcpass'] except KeyError: kcpass = None if kcpass is None: pubkey = vcs.KeyChain.get_ssh_public_key(user) else: keychain = vcs.KeyChain(user, kcpass) pubkey = keychain.get_ssh_key()[0] response.content_type = "application/x-ssh-key" response.body = pubkey return response()
def test_vcs_auth_set_ssh_newkey_on_web(): _init_data() bigmac = get_project(macgyver, macgyver, "bigmac", create=True) resp = app.post("/vcs/setauth/bigmac/", dict(kcpass="******", type="ssh", remoteauth="both")) assert resp.content_type == "application/json" assert "ssh-rsa" in resp.body kc = vcs.KeyChain(macgyver, "foobar") credentials = kc.get_credentials_for_project(bigmac) assert credentials['type'] == 'ssh' assert "RSA PRIVATE KEY" in credentials['ssh_private_key'] metadata = bigmac.metadata assert metadata[vcs.AUTH_PROPERTY] == vcs.AUTH_BOTH metadata.close()
def test_dont_provide_auth_info_to_update_command(run_command_params): _init_data() bigmac = get_project(macgyver, macgyver, 'bigmac', create=True) bigmac.save_file(".hg/hgrc", "# test rc file\n") keychain = vcs.KeyChain(macgyver, "foobar") keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH) cmd = ["update"] output = vcs.run_command(macgyver, bigmac, cmd) resp = app.post("/messages/") messages = simplejson.loads(resp.body) assert len(messages) == 1 output = messages[0] assert 'output' in output assert output['output'] == 'Keychain password is required for this command.'
def installkey(options): """Install an SSH key into your Bespin keychain. This will prompt you for your Bespin keychain password. You must give a Bespin username with -u. You must also specify a passwordless SSH private key file with -f.""" if not 'installkey' in options or not options.installkey.user: raise BuildFailure("You must specify a user with -u for this task.") if not options.installkey.file: raise BuildFailure("You must specify a private key with with -f") private_key = path(options.installkey.file) public_key = private_key + ".pub" if not private_key.exists() or not public_key.exists(): raise BuildFailure( "Either your private key file or public key file does not exist") user = options.installkey.user import getpass password = getpass.getpass("Enter your keychain password: "******"dev") config.activate_profile() session = config.c.session_factory() try: user = session.query(database.User).filter_by(username=user).one() except NoResultFound: raise BuildFailure("I couldn't find %s in the database. Sorry!" % (user)) keychain = vcs.KeyChain(user, password) public_key = public_key.bytes() private_key = private_key.bytes() keychain.set_ssh_key(private_key, public_key)
def test_provide_auth_info_to_update_command(run_command_params): _init_data() bigmac = get_project(macgyver, macgyver, 'bigmac', create=True) bigmac.save_file(".hg/hgrc", "# test rc file\n") metadata = bigmac.metadata metadata['remote_url'] = 'http://hg.mozilla.org/labs/bespin' metadata.close() keychain = vcs.KeyChain(macgyver, "foobar") keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH) cmd = ["update", "_BESPIN_REMOTE_URL"] output = vcs.run_command(macgyver, bigmac, cmd, "foobar") command, context = run_command_params command_line = command.get_command_line() assert command_line[:3] == ["hg", "fetch", "-e"] assert command_line[3].startswith("ssh -i") assert command_line[4] == "http://hg.mozilla.org/labs/bespin" # make sure it's not unicode assert isinstance(command_line[4], str) assert len(command_line) == 5
def keychain_setauth(request, response): user = request.user project_name = request.kwargs['project_name'] project = get_project(user, user, project_name) try: kcpass = request.POST['kcpass'] atype = request.POST['type'] remote_auth = request.POST['remoteauth'] except KeyError: raise BadRequest("Request must include kcpass, type and remoteauth.") if remote_auth != vcs.AUTH_WRITE and remote_auth != vcs.AUTH_BOTH: raise BadRequest("Remote auth type must be %s or %s" % (vcs.AUTH_WRITE, vcs.AUTH_BOTH)) keychain = vcs.KeyChain(user, kcpass) body = "" if atype == "password": try: username = request.POST['username'] password = request.POST['password'] except KeyError: raise BadRequest("Request must include username and password") keychain.set_credentials_for_project(project, remote_auth, username, password) elif atype == "ssh": # set the project to use the SSH key and return the public key body = keychain.set_ssh_for_project(project, remote_auth)[0] else: raise BadRequest("auth type must be ssh or password") response.content_type = "application/json" response.body = body return response()