def test_bundle_and_unbundle(self):
key = os.urandom(32)
payload = os.urandom(47)
enc_payload = bundle(key, "test-namespace", payload)
self.assertEqual(payload, unbundle(key, "test-namespace", enc_payload))
# Modified ciphertext should fail HMAC check.
bad_enc_payload = mutate_one_byte(enc_payload)
with self.assertRaises(Exception):
unbundle(key, "test-namespace", bad_enc_payload)
def test_change_password(self):
# Change the password.
newpwd = mutate_one_byte(DUMMY_PASSWORD)
self.stretchpwd = quick_stretch_password(self.acct.email, newpwd)
self.session.change_password(DUMMY_PASSWORD, newpwd)
# Check that we can use the new password.
session2 = self.client.login(self.acct.email, newpwd, keys=True)
# Check that encryption keys have been preserved.
session2.fetch_keys()
self.assertEquals(self.session.keys, session2.keys)
def test_change_password(self):
# Change the password.
newpwd = mutate_one_byte(DUMMY_PASSWORD)
self.stretchpwd = quick_stretch_password(self.acct.email, newpwd)
self.session.change_password(DUMMY_PASSWORD, newpwd)
# Check that we can use the new password.
session2 = self.client.login(self.acct.email, newpwd, keys=True)
# Check that encryption keys have been preserved.
session2.fetch_keys()
self.assertEquals(self.session.keys, session2.keys)
def test_change_password(self):
# Change the password.
newpwd = mutate_one_byte(DUMMY_PASSWORD)
self.stretchpwd = quick_stretch_password(self.acct.email, newpwd)
self.session.change_password(DUMMY_PASSWORD, newpwd)
# Check that we can use the new password.
session2 = self.client.login(self.acct.email, newpwd, keys=True)
if not session2.get_email_status().get("verified"):
def has_verify_code(m):
return "x-verify-code" in m["headers"]
m = self.acct.wait_for_email(has_verify_code)
if not m:
raise RuntimeError("Verification email was not received")
self.acct.clear()
session2.verify_email_code(m["headers"]["x-verify-code"])
# Check that encryption keys have been preserved.
session2.fetch_keys()
self.assertEquals(self.session.keys, session2.keys)
def test_change_password(self):
# Change the password.
newpwd = mutate_one_byte(DUMMY_PASSWORD)
self.stretchpwd = quick_stretch_password(self.acct.email, newpwd)
self.session.change_password(DUMMY_PASSWORD, newpwd)
# Check that we can use the new password.
session2 = self.client.login(self.acct.email, newpwd, keys=True)
if not session2.get_email_status().get("verified"):
def has_verify_code(m):
return "x-verify-code" in m["headers"]
m = self.acct.wait_for_email(has_verify_code)
if not m:
raise RuntimeError("Verification email was not received")
self.acct.clear()
session2.verify_email_code(m["headers"]["x-verify-code"])
# Check that encryption keys have been preserved.
session2.fetch_keys()
self.assertEquals(self.session.keys, session2.keys)
def test_forgot_password_flow(self):
acct = TestEmailAccount()
self.client.create_account(
email=acct.email,
stretchpwd=DUMMY_STRETCHED_PASSWORD,
)
self._accounts_to_delete.append(acct)
# Initiate the password reset flow, and grab the verification code.
pftok = self.client.send_reset_code(acct.email, service="foobar")
m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"])
if not m:
raise RuntimeError("Password reset email was not received")
acct.clear()
code = m["headers"]["x-recovery-code"]
# Try with an invalid code to test error handling.
tries = pftok.tries_remaining
self.assertTrue(tries > 1)
with self.assertRaises(Exception):
pftok.verify_code(mutate_one_byte(code))
pftok.get_status()
self.assertEqual(pftok.tries_remaining, tries - 1)
# Re-send the code, as if we've lost the email.
pftok.resend_code()
m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"])
if not m:
raise RuntimeError("Password reset email was not received")
self.assertEqual(m["headers"]["x-recovery-code"], code)
# Now verify with the actual code, and reset the account.
artok = pftok.verify_code(code)
self.client.reset_account(
email=acct.email,
token=artok,
stretchpwd=DUMMY_STRETCHED_PASSWORD
)
def test_forgot_password_flow(self):
acct = TestEmailAccount()
self.client.create_account(
email=acct.email,
stretchpwd=DUMMY_STRETCHED_PASSWORD,
)
self._accounts_to_delete.append(acct)
# Initiate the password reset flow, and grab the verification code.
pftok = self.client.send_reset_code(acct.email, service="foobar")
m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"])
if not m:
raise RuntimeError("Password reset email was not received")
acct.clear()
code = m["headers"]["x-recovery-code"]
# Try with an invalid code to test error handling.
tries = pftok.tries_remaining
self.assertTrue(tries > 1)
with self.assertRaises(Exception):
pftok.verify_code(mutate_one_byte(code))
pftok.get_status()
self.assertEqual(pftok.tries_remaining, tries - 1)
# Re-send the code, as if we've lost the email.
pftok.resend_code()
m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"])
if not m:
raise RuntimeError("Password reset email was not received")
self.assertEqual(m["headers"]["x-recovery-code"], code)
# Now verify with the actual code, and reset the account.
artok = pftok.verify_code(code)
self.client.reset_account(email=acct.email,
token=artok,
stretchpwd=DUMMY_STRETCHED_PASSWORD)
