def test_encrypt_object_withIVR(self):
u = User.objects.get(username="******")
opub = OwnerPublicKey.objects.get_pubkey(owner=u, keytype=RSA_IVR)
m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub)
# Set up a fake request object.
request = HttpRequest()
request.session = dict()
response = HttpResponse()
request.user = u
store_user_key(request, response, self.ivr_pin)
request.COOKIES['ss'] = response.cookies['ss'].value
m_get = SecureTestMessage.objects.get(pk=m.pk)
m_body = decrypt_object(request, m_get, ivr=True)
self.assertEqual(m_body, self.clear_text)
# Set up a fake IVR request object.
ivr_request = HttpRequest()
ivr_request.session = dict()
ivr_response = HttpResponse()
ivr_request.user = u
store_user_key(ivr_request, ivr_response, self.ivr_pin)
ivr_request.COOKIES['ss'] = ivr_response.cookies['ss'].value
ivr_m_get = SecureTestMessage.objects.get(pk=m.pk)
ivr_m_body = decrypt_object(ivr_request, ivr_m_get, ivr=True)
self.assertEqual(ivr_m_body, self.clear_text)
def test_bad_password(self):
self.request.post('/login/', {
'username': self.provider.username,
'password': '******'
})
sender = authenticate(username=self.provider.username,
password='******')
msg = Message(sender=sender, sender_site=None, subject="pandas")
recipient = User.objects.get(id=self.provider2.id)
msg.urgent = False
msg.message_type = 'NM'
msg.save()
body = "i am indeed a talking panda. how are you?"
msg_body = msg.save_body(body)
MessageRecipient(message=msg, user=recipient).save()
self.request.logout()
test = CalledTest()
models.sendSMS_Twilio_newMessage = test
msg.send(self.request, msg_body, [])
self.assertTrue(test.was_called)
response = self.request.post('/login/', {
'username': self.provider2.username,
'password': '******'
})
clean_msg_body = MessageBody.objects.get(message=msg)
self.request.user = recipient
store_user_key(self.request, response, 'wrongpassword')
self.request.COOKIES = {'ss': response.cookies['ss'].value}
self.assertRaises(KeyInvalidException, clean_msg_body.decrypt,
self.request)
self.request.logout()
def test_bad_password(self):
self.request.post('/login/', {'username': self.provider.username, 'password': '******'})
sender = authenticate(username=self.provider.username, password='******')
msg = Message(sender=sender, sender_site=None, subject="pandas")
recipient = User.objects.get(id=self.provider2.id)
msg.urgent = False
msg.message_type = 'NM'
msg.save()
body = "i am indeed a talking panda. how are you?"
msg_body = msg.save_body(body)
MessageRecipient(message=msg, user=recipient).save()
self.request.logout()
test = CalledTest()
models.sendSMS_Twilio_newMessage = test
msg.send(self.request, msg_body, [])
self.assertTrue(test.was_called)
response = self.request.post('/login/', {'username': self.provider2.username, 'password': '******'})
clean_msg_body = MessageBody.objects.get(message=msg)
self.request.user = recipient
store_user_key(self.request, response, 'wrongpassword')
self.request.COOKIES = {'ss': response.cookies['ss'].value}
self.assertRaises(KeyInvalidException, clean_msg_body.decrypt, self.request)
self.request.logout()
def test_encrypt_object_withIVR(self):
u = User.objects.get(username="******")
opub = OwnerPublicKey.objects.get_pubkey(owner=u, keytype=RSA_IVR)
m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub)
# Set up a fake request object.
request = HttpRequest()
request.session = dict()
response = HttpResponse()
request.user = u
store_user_key(request, response, self.ivr_pin)
request.COOKIES['ss'] = response.cookies['ss'].value
m_get = SecureTestMessage.objects.get(pk=m.pk)
m_body = decrypt_object(request, m_get, ivr=True)
self.assertEqual(m_body, self.clear_text)
# Set up a fake IVR request object.
ivr_request = HttpRequest()
ivr_request.session = dict()
ivr_response = HttpResponse()
ivr_request.user = u
store_user_key(ivr_request, ivr_response, self.ivr_pin)
ivr_request.COOKIES['ss'] = ivr_response.cookies['ss'].value
ivr_m_get = SecureTestMessage.objects.get(pk=m.pk)
ivr_m_body = decrypt_object(ivr_request, ivr_m_get, ivr=True)
self.assertEqual(ivr_m_body, self.clear_text)
def test_encrypt_object_noIVR(self):
u = MHLUser.objects.get(username="******")
opub = OwnerPublicKey.objects.get_pubkey(owner=u)
m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub)
# Set up a fake request object.
request = HttpRequest()
request.session = dict()
response = HttpResponse()
request.user = u
store_user_key(request, response, self.password)
request.COOKIES['ss'] = response.cookies['ss'].value
m_get = SecureTestMessage.objects.get(pk=m.pk)
m_body = decrypt_object(request, m_get)
self.assertEqual(m_body, self.clear_text)
def change_pass(form, request, response): # TESTING_KMS_INTEGRATION uprivs = UserPrivateKey.objects.filter(user=form.user, credtype=CRED_WEBAPP, gfather=False) recrypt_keys(uprivs, form.cleaned_data['old_password'], form.cleaned_data['new_password1']) form.user.set_password(form.cleaned_data['new_password1']) form.user.save() request.session['password_change_time'] = form.user.password_change_time store_user_key(request, response, form.cleaned_data['new_password1']) device_assn = SmartPhoneAssn.objects.filter(user=request.user) for device in device_assn: device.usr_password_reset(request) return response
def test_encrypt_object_noIVR(self):
u = MHLUser.objects.get(username="******")
opub = OwnerPublicKey.objects.get_pubkey(owner=u)
m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub)
# Set up a fake request object.
request = HttpRequest()
request.session = dict()
response = HttpResponse()
request.user = u
store_user_key(request, response, self.password)
request.COOKIES['ss'] = response.cookies['ss'].value
m_get = SecureTestMessage.objects.get(pk=m.pk)
m_body = decrypt_object(request, m_get)
self.assertEqual(m_body, self.clear_text)
def login_user(request):
context = RequestContext(request)
context['error_msg'] = None
if (request.method == 'POST'):
form = LoginForm(request.POST)
if request.user.is_authenticated():
logout(request)
context['form'] = form
if (form.is_valid()):
user = authenticate(username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
if (user):
if(user_is_active(user)):
LoginEvent().customInit(username=form.cleaned_data['username'], \
remote_ip=request.META['REMOTE_ADDR'], success=True, \
user=user)
login(request, user)
request.session['password_change_time'] = MHLUser.objects.filter(
pk=request.user.pk).only("password_change_time").get().password_change_time
if ('next' in form.cleaned_data and form.cleaned_data['next']):
response = HttpResponseRedirect(form.cleaned_data['next'])
else:
response = HttpResponseRedirect('/')
store_user_key(request, response, form.cleaned_data['password'])
# TESTING_KMS_INTEGRATION check if user is g'fathered
uprivs = UserPrivateKey.objects.filter(user=user,
credtype=CRED_WEBAPP, gfather=True)
if uprivs.exists():
recrypt_keys(uprivs, settings.SECRET_KEY, form.cleaned_data['password'])
return response
else:
LoginEvent().customInit(username=form.cleaned_data['username'], \
remote_ip=request.META['REMOTE_ADDR'], success=False, \
user=user)
# Return a 'disabled account' error message
context['error_msg'] = _("Account appears to be disabled")
else:
# User couldn't be found.
context['error_msg'] = _("Invalid username or password")
else:
# Form was invalid. This shouldn't be possible.
context['error_msg'] = _("Invalid username or password")
# At this point, the login attempt has failed.
if (settings.LOGIN_FAILED_REDIRECT):
return HttpResponseRedirect(settings.LOGIN_FAILED_REDIRECT)
else: # if (request.method != 'POST')
if(request.user.is_authenticated()):
return HttpResponseRedirect('/')
next = ''
if ('next' in request.GET):
next = request.GET['next']
context['form'] = LoginForm(initial={'next': next})
if (settings.LOGIN_REDIRECT):
return HttpResponseRedirect(settings.LOGIN_REDIRECT)
context['STATIC_URL'] = ''.join([context['STATIC_URL'], 'temp/'])
return render_to_response('temp/index.html', context)
def authenticateSession(request, twilioResponse=None):
"""
:param request: The standard Django request argument
:param request.session Keys: config_id - The ID of the VMBox_Config object
pertaining to the current voicemail session.
:param twilioResponse: A twilio response object. Use this to pass in any verbs
that should be run before the prompt. Note that any verbs passed
in will be lost on subsequent runs through this function (e.g.,
when the user enters an incorrect pin)
:returns: django.http.HttpResponse -- the result
"""
r = twilioResponse or twilio.Response()
if (not 'pin_errCount' in request.session):
request.session['pin_errCount'] = 0
if 'Digits' in request.POST:
call_sid = request.POST['CallSid']
digits = request.POST['Digits']
p = re.compile('\d{4,8}#?$')
if (p.match(digits)):
if ('answering_service' in request.session and
request.session['answering_service'] == 'yes'):
practice = PracticeLocation.objects.get(id=request.session['practice_id'])
if (practice.verify_pin(digits)):
request.session['authenticated'] = True
r.append(twilio.Redirect(reverse(request.session['ivr_call_stack'].pop())))
request.session.modified = True
return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE)
else:
user = authenticate(config_id=request.session['config_id'], pin=digits)
if (user):
login(request, user)
# TESTING_KMS_INTEGRATION
uprivs = UserPrivateKey.objects.filter(user=user,
credtype=CRED_IVRPIN, gfather=True)
if uprivs.exists():
config = VMBox_Config.objects.get(id=request.session['config_id'])
config.change_pin(request, new_pin=digits)
request.session['authenticated'] = True
event = callEvent(callSID=call_sid, event='V_ASU')
event.save()
r.append(twilio.Redirect(reverse(request.session['ivr_call_stack'].pop())))
request.session.modified = True
response = HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE)
store_user_key(request, response, digits)
return response
event = callEvent(callSID=call_sid, event='V_AFL')
event.save()
r.append(tts('An in valid pin was entered.'))
request.session['pin_errCount'] += 1
if (request.session['pin_errCount'] >= 3): # give the user three erroneous pin entries.
r.append(tts('Good bye.'))
r.append(twilio.Hangup())
return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE)
# This is the code that gets executed on the first run of this function.
gather = twilio.Gather(numDigits=8, action=reverse('authenticateSession'))
gather.append(tts(_("Please enter your pin number. Press pound to finish.")))
r.append(gather)
return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE)
def login_user(request):
context = RequestContext(request)
context['error_msg'] = None
if (request.method == 'POST'):
form = LoginForm(request.POST)
if request.user.is_authenticated():
logout(request)
context['form'] = form
if (form.is_valid()):
user = authenticate(username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
if (user):
if (user_is_active(user)):
LoginEvent().customInit(username=form.cleaned_data['username'], \
remote_ip=request.META['REMOTE_ADDR'], success=True, \
user=user)
login(request, user)
request.session[
'password_change_time'] = MHLUser.objects.filter(
pk=request.user.pk).only(
"password_change_time").get(
).password_change_time
if ('next' in form.cleaned_data
and form.cleaned_data['next']):
response = HttpResponseRedirect(
form.cleaned_data['next'])
else:
response = HttpResponseRedirect('/')
store_user_key(request, response,
form.cleaned_data['password'])
# TESTING_KMS_INTEGRATION check if user is g'fathered
uprivs = UserPrivateKey.objects.filter(
user=user, credtype=CRED_WEBAPP, gfather=True)
if uprivs.exists():
recrypt_keys(uprivs, settings.SECRET_KEY,
form.cleaned_data['password'])
return response
else:
LoginEvent().customInit(username=form.cleaned_data['username'], \
remote_ip=request.META['REMOTE_ADDR'], success=False, \
user=user)
# Return a 'disabled account' error message
context['error_msg'] = _("Account appears to be disabled")
else:
# User couldn't be found.
context['error_msg'] = _("Invalid username or password")
else:
# Form was invalid. This shouldn't be possible.
context['error_msg'] = _("Invalid username or password")
# At this point, the login attempt has failed.
if (settings.LOGIN_FAILED_REDIRECT):
return HttpResponseRedirect(settings.LOGIN_FAILED_REDIRECT)
else: # if (request.method != 'POST')
if (request.user.is_authenticated()):
return HttpResponseRedirect('/')
next = ''
if ('next' in request.GET):
next = request.GET['next']
context['form'] = LoginForm(initial={'next': next})
if (settings.LOGIN_REDIRECT):
return HttpResponseRedirect(settings.LOGIN_REDIRECT)
context['STATIC_URL'] = ''.join([context['STATIC_URL'], 'temp/'])
return render_to_response('temp/index.html', context)