def test_user_management(zeo_server): storage = client_storage(zeo_server, username="******", password=TEST_PASSPHRASE, realm="ZERO") pk0 = ecc.private("passY").get_pubkey() pk = ecc.private("passX").get_pubkey() storage.add_user("userX", pk0) storage.change_key("userX", pk) storage = client_storage(zeo_server, username="******", password="******", realm="ZERO") with pytest.raises(AssertionError): storage.add_user("shouldfail", pk)
def get_pubkey(username, password): pub = ecc.private(str(password), (str(username), str(_realm)), kdf=kdf).get_pubkey() if six.PY2: return pub.encode("hex") else: return pub.hex()
def get_pubkey(username, password): pub = ecc.private( str(password), (str(username), str(_realm)), kdf=kdf).get_pubkey() if six.PY2: return pub.encode("hex") else: return pub.hex()
def test_db_users(pass_db): pk1 = ecc.private("pass1").get_pubkey() pk2 = ecc.private("pass2").get_pubkey() pk3 = ecc.private("pass3").get_pubkey() pass_db.add_user("user1", pk1, administrator=True) pass_db.add_user("user2", pk2) pass_db.add_user("user3", pk3) pass_db.del_user("user3") pass_db.change_key("user2", pk3) assert pass_db["user1"].administrator assert not pass_db["user2"].administrator assert pass_db["user1"].pubkey == pk1 assert pass_db["user2"].pubkey == pk3 with pytest.raises(LookupError): pass_db["user3"]
def test_user_management(zeo_server, abort): storage = client_storage( zeo_server, username="******", password=TEST_PASSPHRASE, realm="ZERO") pk1 = ecc.private("passY", ("userX", "ZERO"), kdf=kdf).get_pubkey() pk2 = ecc.private("passX", ("userX", "ZERO"), kdf=kdf).get_pubkey() with transaction.manager: storage.add_user("userX", pk1) storage.change_key("userX", pk2) with pytest.raises(LookupError): storage.add_user("userX", pk1) storage = client_storage( zeo_server, username="******", password="******", realm="ZERO") with pytest.raises(AssertionError): storage.add_user("shouldfail", pk1)
def test_db_users(pass_db, abort): pk1 = ecc.private("pass1", ("user1", "ZERO"), kdf=kdf).get_pubkey() pk2 = ecc.private("pass2", ("user2", "ZERO"), kdf=kdf).get_pubkey() pk3 = ecc.private("pass3", ("user3", "ZERO"), kdf=kdf).get_pubkey() with transaction.manager: pass_db.add_user("user1", pk1, administrator=True) pass_db.add_user("user2", pk2) pass_db.add_user("user3", pk3) pass_db.del_user("user3") pass_db.change_key("user2", pk3) assert pass_db["user1"].administrator assert not pass_db["user2"].administrator assert pass_db["user1"].pubkey == pk1 assert pass_db["user2"].pubkey == pk3 with pytest.raises(LookupError): pass_db["user3"]
def test_user_management_abort(zeo_server, abort): storage = client_storage( zeo_server, username="******", password=TEST_PASSPHRASE, realm="ZERO") pk1 = ecc.private("passY", ("userY", "ZERO"), kdf=kdf).get_pubkey() storage.add_user("userY", pk1) with pytest.raises(LookupError): storage.add_user("userY", pk1) transaction.abort()
def init_db(path, absolute_path): """ Initialize database if doesn't exist. Creates conf/ directory with config files and db/ with database files """ if path: if not os.path.exists(path): raise IOError("Path provided doesn't exist") else: path = os.getcwd() if absolute_path: authdb_path = os.path.join(path, "conf", "authdb.conf") dbfile_path = os.path.join(path, "db", "db.fs") else: authdb_path = os.path.join("conf", "authdb.conf") dbfile_path = os.path.join("db", "db.fs") conf_dir = os.path.join(path, "conf") db_dir = os.path.join(path, "db") authdb_conf = os.path.join(conf_dir, "authdb.conf") zcml_conf = os.path.join(conf_dir, "server.zcml") if os.path.exists(authdb_conf) or os.path.exists(zcml_conf): raise IOError("Config files already exist, remove them or edit") if not os.path.exists(conf_dir): os.mkdir(conf_dir) if not os.path.exists(db_dir): os.mkdir(db_dir) key = ecc.private(_passphrase).get_pubkey() if six.PY2: key = key.encode('hex') else: key = key.hex() authdb_content = PERMISSIONS_TEMPLATE.format( username=_username, passphrase=key) zcml_content = ZEO_TEMPLATE.format( sock=_sock if isinstance(_sock, six.string_types) else "{0}:{1}".format(*_sock), authdb=authdb_path, dbfile=dbfile_path) with open(authdb_conf, "w") as f: f.write(authdb_content) with open(zcml_conf, "w") as f: f.write(zcml_content) click.echo("Config files created, you can start zerodb-server")
def start(self, username, realm, password): priv = ecc.private(password) _realm, challenge, nonce = self.stub.auth_get_challenge() # _realm is str, challenge is 32-byte hash, nonce as well if _realm != realm: raise AuthError("expected realm %r, got realm %r" % (_realm, realm)) h_up = hashlib.sha256("%s:%s:%s" % (username, realm, priv.get_pubkey())).digest() check = hashlib.sha256("%s:%s" % (h_up, challenge)).digest() sig = priv.sign(check) result = self.stub.auth_response((username, challenge, sig)) if result: return base.session_key(h_up, nonce) else: return None
def start(self, username, realm, password): priv = ecc.private(password) _realm, challenge, nonce = self.stub.auth_get_challenge() # _realm is str, challenge is 32-byte hash, nonce as well if _realm != realm: raise AuthError("expected realm %r, got realm %r" % (_realm, realm)) h_up = hashlib.sha256(b"%s:%s:%s" % (username.encode(), realm.encode(), priv.get_pubkey())).digest() check = hashlib.sha256(b"%s:%s" % (h_up, challenge)).digest() sig = priv.sign(check) result = self.stub.auth_response((username, challenge, sig)) if result: return base.session_key(h_up, nonce) else: return None
def init_db(path, absolute_path): """ Initialize database if doesn't exist. Creates conf/ directory with config files and db/ with database files """ if path: if not os.path.exists(path): raise IOError("Path provided doesn't exist") else: path = os.getcwd() if absolute_path: authdb_path = os.path.join(path, "conf", "authdb.conf") dbfile_path = os.path.join(path, "db", "db.fs") else: authdb_path = os.path.join("conf", "authdb.conf") dbfile_path = os.path.join("db", "db.fs") conf_dir = os.path.join(path, "conf") db_dir = os.path.join(path, "db") authdb_conf = os.path.join(conf_dir, "authdb.conf") zcml_conf = os.path.join(conf_dir, "server.zcml") if os.path.exists(authdb_conf) or os.path.exists(zcml_conf): raise IOError("Config files already exist, remove them or edit") if not os.path.exists(conf_dir): os.mkdir(conf_dir) if not os.path.exists(db_dir): os.mkdir(db_dir) key = ecc.private(_passphrase).get_pubkey().encode("hex") authdb_content = PERMISSIONS_TEMPLATE.format(username=_username, passphrase=key) zcml_content = ZEO_TEMPLATE.format( sock=_sock if isinstance(_sock, basestring) else "{0}:{1}".format( *_sock), authdb=authdb_path, dbfile=dbfile_path) with open(authdb_conf, "w") as f: f.write(authdb_content) with open(zcml_conf, "w") as f: f.write(zcml_content) click.echo("Config files created, you can start zerodb-server")
def test_db_users_abort(pass_db, abort): transaction.begin() pk4 = ecc.private("pass1", ("user4", "ZERO"), kdf=kdf).get_pubkey() pass_db.add_user("user4", pk4) pass_db["user4"] with pytest.raises(LookupError): pass_db.add_user("user4", pk4) transaction.abort() with pytest.raises(LookupError): pass_db["user4"] pass_db.add_user("user4", pk4)
import tempfile from time import sleep from multiprocessing import Process from os import path import zerodb from zerodb.crypto import ecc from zerodb.permissions import elliptic from zerodb.permissions import base as permissions_base from zerodb.storage import ZEOServer from zerodb.util import encode_hex from db import TEST_PASSPHRASE from db import create_objects_and_close, add_wiki_and_close TEST_PUBKEY = ecc.private(TEST_PASSPHRASE).get_pubkey() TEST_PUBKEY_3 = ecc.private(TEST_PASSPHRASE + " third").get_pubkey() TEST_PERMISSIONS = """realm ZERO root:%s third:%s""" % (encode_hex(TEST_PUBKEY), encode_hex(TEST_PUBKEY_3)) ZEO_CONFIG = """<zeo> address %(sock)s authentication-protocol ecc_auth authentication-database %(pass_file)s authentication-realm ZERO </zeo> <filestorage> path %(dbfile)s pack-gc false
import tempfile from time import sleep from multiprocessing import Process from os import path import zerodb from zerodb.crypto import ecc from zerodb.permissions import elliptic from zerodb.permissions import base as permissions_base from zerodb.storage import ZEOServer from zerodb.util import encode_hex from db import TEST_PASSPHRASE from db import create_objects_and_close, add_wiki_and_close TEST_PUBKEY = ecc.private(TEST_PASSPHRASE).get_pubkey() TEST_PUBKEY_3 = ecc.private(TEST_PASSPHRASE + " third").get_pubkey() TEST_PERMISSIONS = """realm ZERO root:%s third:%s""" % ( encode_hex(TEST_PUBKEY), encode_hex(TEST_PUBKEY_3), ) ZEO_CONFIG = """<zeo> address %(sock)s authentication-protocol ecc_auth authentication-database %(pass_file)s authentication-realm ZERO </zeo>
import tempfile from time import sleep from multiprocessing import Process from os import path import zerodb from zerodb.crypto import ecc from zerodb.permissions import elliptic from zerodb.permissions.base import PermissionsDatabase from zerodb.storage import ZEOServer from zerodb.util import encode_hex kdf = elliptic.Client.kdf TEST_PASSPHRASE = "v3ry 53cr3t pa$$w0rd" TEST_PUBKEY = ecc.private( TEST_PASSPHRASE, ("root", "ZERO"), kdf=kdf).get_pubkey() TEST_PUBKEY_3 = ecc.private( TEST_PASSPHRASE + " third", ("third", "ZERO"), kdf=kdf).get_pubkey() TEST_PERMISSIONS = """realm ZERO auth_secp256k1_scrypt:root:%s auth_secp256k1_scrypt:third:%s""" % (encode_hex(TEST_PUBKEY), encode_hex(TEST_PUBKEY_3)) ZEO_CONFIG = """<zeo> address %(sock)s authentication-protocol auth_secp256k1_scrypt authentication-database %(pass_file)s authentication-realm ZERO </zeo> <filestorage>
#!/usr/bin/env python2 from zerodb.crypto import ecc passphrase = raw_input("Enter your passphrase: ") key = ecc.private(passphrase) print "Your hex public key:", key.get_pubkey().encode("hex")