def test_login_newip_hmac_ipaddr(self):
        name = self.id()
        password = ''
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        key = '5678'
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.login(_request_fallback=req)
        self.assertEqual(res.status_code, 403)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        # Switch to plaintext and try login again
        req = {'Username': name, 'SecurityLevel': 'plaintext'}
        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 403)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')
    def register_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))
    def test_login_wrong_password_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        res = self.app.login(username=name, _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password=object(), _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='******', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))
    def test_logout_wrong_token_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))
Esempio n. 5
0
    def test_authenticate_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
    def test_register_fail_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        #data = {'Username': None, 'SecurityLevel': 'hmac+ipaddr'}
        #req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        #res = self.app.register(user_info=req)
        #self.assertEqual(res.status_code, 400)
        #self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': '1234'}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': '1234', 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.key_exchange('hmac+ipaddr', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))