Example #1
0
 def test_timed_out_emailcheck_credentials_are_cleared_in_registration(self):
     for someone in User.query.all()[:5]:  # @UndefinedVariable
         Credential.new(someone, 'emailcheck', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
     self.assertTrue(self.countExpiredCreds('emailcheck')>=5)
     form = self.prepareLoginForm()
     self.controller.doRegistration(form)
     self.assertTrue(self.countExpiredCreds('emailcheck')==0)
Example #2
0
 def do_add_credential(self, form):
     user = self.getCurrentUser()
     Credential.new(user,
         form.credentialType.data,
         form.identifier.data,
         form.secret.data)
     return self.as_dict(user)
Example #3
0
 def sendPasswordVerificationEmail(self, user):
     secret=unicode(uuid4())
     expiry = time.time() + 60*60*24*4
     Credential.new(user, 'emailcheck', unicode(expiry), secret )
     timeText = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(expiry))
     uri = "{0}/v1/verify_email/{1}".format(self.getConfig('BASE_URL'),secret)
     text = """Hi, click on <a href="{0}">{0}</a> until {1} to verify your email""".format(uri, timeText)
     self.mail.send_message(subject="verification", body=text, recipients=[user.email], sender=self.getConfig('SERVER_EMAIL_ADDRESS'))
Example #4
0
 def createTemporaryCredential(user,
                               credentialType,
                               expiry=fourDaysInSeconds,
                               additionalInfo=None):
     secret = uuid4().hex
     expiry = time.time() + expiry
     Credential.new(user, credentialType,
                    str(expiry) + ":" + str(additionalInfo), secret)
     return secret, expiry
Example #5
0
 def no_password_reset_for_timed_out_temporary_credential(self):
     password = self.mkRandomPassword()
     secret = unicode(uuid4())
     user = User.getByEmail(self.usercreation_email)
     Credential.new(user, 'email_for_password_reset', secret, time.time()-1)
     with app.test_client() as c:
         data = dict(password=password, secret=secret)
         resp = c.post("/v1/password_reset", data = data)
         self.assertEqual(resp.status_code, 404)
Example #6
0
 def _removeACredential(self, myUserid):
     self.controller.loginInFramework(self.cred)
     user = self.cred.user
     Credential.new(user, "facebook", myUserid, "testsecret")
     data = {"credentialType": "facebook",
         "identifier": myUserid}
     self.assertTrue(Credential.get("facebook", myUserid))
     resp = self.controller.doRemoveCredential(FakeForm(data))
     return resp
Example #7
0
 def test_expired_deregistration_certificates_are_deleted_in_deregistration_initiation(
         self):
     for someone in User.query.all()[:5]:  # @UndefinedVariable
         Credential.new(someone, 'deregister',
                        str(time.time() - 1) + ":" + uuid4().hex,
                        uuid4().hex)
     self.assertTrue(self.countExpiredCreds('deregister') >= 5)
     self._doDeregistrationDoit()
     self.assertTrue(self.countExpiredCreds('deregister') == 0)
Example #8
0
 def successful_password_clears_the_temporary_credential(self):
     password = self.mkRandomPassword()
     secret = unicode(uuid4())
     user = User.getByEmail(self.usercreation_email)
     Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
     with app.test_client() as c:
         data = dict(password=password, secret=secret)
         c.post("/v1/password_reset", data = data)
         newcred = Credential.get('email_for_password_reset', secret)
         self.assertEquals(newcred, None)
Example #9
0
 def successful_password_reset_sets_the_password(self):
     password = self.mkRandomPassword()
     secret = unicode(uuid4())
     user = User.getByEmail(self.usercreation_email)
     Credential.new(user, 'email_for_password_reset', secret, time.time()+3600)
     with app.test_client() as c:
         data = dict(password=password, secret=secret)
         c.post("/v1/password_reset", data = data)
         cred = Credential.getByUser(user, "password")
         self.assertEquals(cred.secret, CredentialManager.protect_secret(password))
Example #10
0
 def do_send_password_reset_email(self, email):
     user = User.getByEmail(email)
     if user is None:
         raise ReportedError(['Invalid email address'])
     passwordResetEmailExpiration = 14400
     secret=unicode(uuid4())
     expirationTime = time.time() + passwordResetEmailExpiration
     Credential.new(user, passwordResetCredentialType, secret, unicode(expirationTime))
     self.sendPasswordResetMail(user, secret, expirationTime)
     return self.simple_response("Password reset email has successfully sent.")
Example #11
0
 def test_bad_secret_clears_up_all_timed_out_temporary_credentials(self):
     password = self.mkRandomPassword()
     secret = uuid4().hex
     for someone in User.query.all()[:5]:  # @UndefinedVariable
         Credential.new(someone, 'email_for_password_reset', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
     self.assertTrue(self.countExpiredCreds()>=5)
     data = dict(password=password, secret=secret)
     self.assertReportedError(self.controller.doPasswordReset,(FakeForm(data),),
             404, ['The secret has expired'])
     self.assertEqual(self.countExpiredCreds(),0)
 def test_valid_secret_is_accepted(self):
     password = self.mkRandomPassword()
     secret = uuid4().hex
     user = User.getByEmail(self.userCreationEmail)
     Credential.new(user, 'email_for_password_reset', str(time.time()+3600), secret)
     with app.test_client() as client:
         data = dict(password=password, secret=secret)
         resp = client.post("/v1/password_reset", data = data)
         self.assertEqual(resp.status_code, 200)
         respData = self.fromJson(resp)
         self.assertEqual("Password successfully changed",respData['message'])
Example #13
0
 def test_valid_secret_is_accepted(self):
     password = self.mkRandomPassword()
     secret = uuid4().hex
     user = User.getByEmail(self.userCreationEmail)
     Credential.new(user, 'email_for_password_reset',
                    str(time.time() + 3600), secret)
     with app.test_client() as client:
         data = dict(password=password, secret=secret)
         resp = client.post("/v1/password_reset", data=data)
         self.assertEqual(resp.status_code, 200)
         respData = self.fromJson(resp)
         self.assertEqual("Password successfully changed",
                          respData['message'])
Example #14
0
 def the_credential_is_actually_deleted(self):
     with app.test_client() as c:
         self.login(c)
         user = User.getByEmail(self.usercreation_email)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "credentialType": "facebook",
             "identifier": credId,
         }
         c.post(config.base_url + "/v1/remove_credential", data=data)
         self.assertFalse(Credential.get("facebook", credId))
Example #15
0
 def a_credential_can_be_deleted(self):
     with app.test_client() as c:
         self.login(c)
         user = User.getByEmail(self.usercreation_email)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "credentialType": "facebook",
             "identifier": credId,
         }
         resp = c.post(config.base_url + "/v1/remove_credential", data=data)
         self.assertEqual(200, resp.status_code)
         self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
Example #16
0
 def test_the_credential_is_actually_deleted(self):
     with app.test_client() as client:
         self.login(client)
         user = User.getByEmail(self.userCreationEmail)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "csrf_token": self.getCSRF(client),
             "credentialType": "facebook",
             "identifier": credId,
         }
         client.post(config.BASE_URL + "/v1/remove_credential", data=data)
         self.assertFalse(Credential.get("facebook", credId))
Example #17
0
 def you_should_give_valid_identifier_for_credential_deletion(self):
     with app.test_client() as c:
         self.login(c)
         user = User.getByEmail(self.usercreation_email)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "identifier": credId+"no",
             "credentialType": "facebook",
         }
         resp = c.post(config.base_url + "/v1/remove_credential", data=data)
         self.assertEqual(404, resp.status_code)
         self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
Example #18
0
 def test_a_credential_can_be_deleted(self):
     with app.test_client() as client:
         self.login(client)
         user = User.getByEmail(self.userCreationEmail)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "csrf_token": self.getCSRF(client),
             "credentialType": "facebook",
             "identifier": credId,
         }
         resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data)
         self.assertEqual(200, resp.status_code)
         self.assertEqual('{"message": "credential removed"}', self.getResponseText(resp))
Example #19
0
 def test_you_should_give_valid_identifier_for_credential_deletion(self):
     with app.test_client() as client:
         self.login(client)
         user = User.getByEmail(self.userCreationEmail)
         credId = self.randString
         Credential.new(user, "facebook", credId, "testsecret")
         self.assertTrue(Credential.get("facebook", credId))
         data = {
             "csrf_token": self.getCSRF(client),
             "identifier": credId+"no",
             "credentialType": "facebook",
         }
         resp = client.post(config.BASE_URL + "/v1/remove_credential", data=data)
         self.assertEqual(404, resp.status_code)
         self.assertEqual('{"errors": ["No such credential"]}', self.getResponseText(resp))
Example #20
0
 def you_have_to_use_the_credentials_used_for_login_to_deregister(self):
     with app.test_client() as c:
         self.login(c)
         user = User.getByEmail(self.usercreation_email)
         self.setupUserCreationData()
         Credential.new(user, "password", self.usercreation_userid, self.usercreation_password)
         data = dict(
             csrf_token= self.getCSRF(c),
             credentialType= "password",
             identifier= self.usercreation_userid,
             secret = self.usercreation_password
         )
         resp = c.post(config.base_url+'/deregister', data=data)
         self.assertEquals(resp.status_code, 400)
         self.assertEqual('{"errors": ["You should use your login credentials to deregister"]}', self.getResponseText(resp))
Example #21
0
 def bad_secret_clears_up_all_timed_out_temporary_credentials(self):
     password = self.mkRandomPassword()
     secret = unicode(uuid4())
     for someone in User.query.all()[:5]:  # @UndefinedVariable
         Credential.new(someone, 'email_for_password_reset', unicode(uuid4()), time.time()-1)
     with app.test_client() as c:
         data = dict(password=password, secret=secret)
         c.post("/v1/password_reset", data = data)
         expiredcreds = []
         now = time.time()
         creds = Credential.query.filter_by(credentialType='email_for_password_reset')  # @UndefinedVariable
         for c in creds:
             if (float(c.secret) < now):
                 expiredcreds.append(c)
         self.assertEqual(expiredcreds,[])
Example #22
0
 def createUserAndLoginWithCert(self):
     identifier, digest, cert = self.getCertAttributes()
     user = self.createUserWithCredentials()
     secret = digest
     cred = Credential.new(user, "certificate", identifier, secret)
     resp = self.sslLoginWithCert(cert)
     return resp, cred
Example #23
0
 def doPasswordReset(self, form):
     Credential.deleteExpired(self.passwordResetCredentialType)
     cred = Credential.getBySecret(
         self.passwordResetCredentialType, form.secret.data)
     if cred is None or (cred.getExpirationTime() < time.time()):
         raise ReportedError([theSecretHasExpired], 404)
     passcred = Credential.getByUser(cred.user, 'password')
     protectedSecret = CredentialManager.protect_secret(form.password.data)
     if not passcred:
         passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
     else:
         passcred.secret = protectedSecret
     cred.rm()
     return self.simple_response(passwordSuccessfullyChanged)
Example #24
0
 def doPasswordReset(self, form):
     Credential.deleteExpired(self.passwordResetCredentialType)
     cred = Credential.getBySecret(
         self.passwordResetCredentialType, form.secret.data)
     if cred is None or (cred.getExpirationTime() < time.time()):
         raise ReportedError([theSecretHasExpired], 404)
     passcred = Credential.getByUser(cred.user, 'password')
     protectedSecret = CredentialManager.protect_secret(form.password.data)
     if not passcred:
         passcred = Credential.new(cred.user, "password", cred.user.email, protectedSecret)
     else:
         passcred.secret = protectedSecret
     cred.rm()
     return self.simple_response(passwordSuccessfullyChanged)
Example #25
0
 def create_user_with_creds(cls, credtype, identifier, secret, email, digest=None):
     user = User.new(email, digest)
     protected = cls.protect_secret(secret)
     Credential.new(user, credtype, identifier, protected)
     return user
Example #26
0
 def createUserAndLoginWithCert(self):
     certAttrs = self.getCertAttributes()
     cred = self.createUserWithCredentials()
     Credential.new(cred.user, "certificate", certAttrs.identifier, certAttrs.digest)
     resp = self.sslLoginWithCert(certAttrs.cert)
     return resp
Example #27
0
 def addCertCredentialToUser(self, cert, user):
     identifier, digest = self.parseCert(cert)
     Credential.new(user, "certificate", identifier, digest)
Example #28
0
 def addCredToUser(cls, user, credtype, identifier, secret):
     protected = cls.protect_secret(secret)
     cred = Credential.new(user, credtype, identifier, protected)
     cred.save()
     return cred
Example #29
0
 def test_expired_deregistration_certificates_are_deleted_in_deregistration_initiation(self):
     for someone in User.query.all()[:5]:  # @UndefinedVariable
         Credential.new(someone, 'deregister', str(time.time()-1)+":"+uuid4().hex, uuid4().hex)
     self.assertTrue(self.countExpiredCreds('deregister')>=5)
     self._doDeregistrationDoit()
     self.assertTrue(self.countExpiredCreds('deregister')==0)
Example #30
0
 def addCertCredentialToUser(self, cert, user):
     identifier = self.getIdentifier(cert)
     digest = self.getDigest(cert)
     Credential.new(user, "certificate", identifier, digest)