def test_login_newip_hmac_ipaddr(self): name = self.id() password = '' key = '1234' data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1' self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1') user_info = self.register_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) bottle.request.environ['REMOTE_ADDR'] = '1234' self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234') key = '5678' res = self.app.key_exchange('hmac', key) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token')) req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token} res = self.app.login(_request_fallback=req) self.assertEqual(res.status_code, 403) self.assertFalse(bottleship.data_is_encoded(res.body)) # Switch to plaintext and try login again req = {'Username': name, 'SecurityLevel': 'plaintext'} res = self.app.login(username=name, _request_fallback=req) self.assertEqual(res.status_code, 403) self.assertFalse(bottleship.data_is_encoded(res.body)) bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1' self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')
def register_hmac(self, user_info, key): res = self.app.key_exchange('hmac', key) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token')) user_info = user_info if isinstance(user_info, str) else json.dumps(user_info) req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) return json.loads(bottleship.data_decode(res.body, key))
def test_login_wrong_password_hmac_ipaddr(self): name = self.id() key = '1234' data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac+ipaddr'} user_info = self.register_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) res = self.app.login(username=name, _request_fallback=data) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) res = self.app.login(username=name, password='', _request_fallback=data) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) res = self.app.login(username=name, password=object(), _request_fallback=data) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) res = self.app.login(username=name, password='******', _request_fallback=data) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body))
def test_logout_wrong_token_hmac_ipaddr(self): name = self.id() key = '1234' data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} user_info = self.register_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) key = '5678' user_info = self.login_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) token = str(user_info.get('Token')) res = self.app.logout(token='1234') self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body))
def test_authenticate_hmac_ipaddr(self): name = self.id() key = '1234' data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} user_info = self.register_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) key = '5678' user_info = self.login_hmac(data, key) self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel')) token = str(user_info.get('Token')) res = self.app._authenticate(token=token) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body))
def test_register_fail_hmac_ipaddr(self): name = self.id() key = '1234' res = self.app.key_exchange('hmac', key) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token')) #data = {'Username': None, 'SecurityLevel': 'hmac+ipaddr'} #req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token} #res = self.app.register(user_info=req) #self.assertEqual(res.status_code, 400) #self.assertFalse(bottleship.data_is_encoded(res.body)) data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': '1234'} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} req = {'Data': '1234', 'Token': token} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body)) res = self.app.key_exchange('hmac+ipaddr', key) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token')) data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 200) self.assertTrue(bottleship.data_is_encoded(res.body)) data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'} req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token} res = self.app.register(user_info=req) self.assertEqual(res.status_code, 400) self.assertFalse(bottleship.data_is_encoded(res.body))