def test_account_req_resp_wrongpubkey():
db_conn = get_db()
sk_wrong = crypto.Seckey((420).to_bytes(32, byteorder='big'))
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
u = user.User('Saul3', sk.pubkey)
# sign the request with the wrong seckey so it can't verify with the
# correct pubkey
req = SignedMessage.sign(account.AccountReq(u.nick, u.pk), sk_wrong)
resp = server.handle_account_request(db_conn, req)
assert resp.cred is None
assert resp.err == account.AuthRespErr.WrongPubkey
def test_account_req_resp_malformed():
db_conn = get_db()
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
# Supposed to be signing an AccountReq, but instead signing a junk message
req = SignedMessage.sign(Stub(420), sk)
resp = server.handle_account_request(db_conn, req)
assert resp.cred is None
assert resp.err == account.AuthRespErr.Malformed
def test_authreq_no_user():
db_conn = get_db()
# use an unknown sk to sign the AuthReq
sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthReq(sk_unknown.pubkey), sk_unknown)
resp = server.handle_authreq(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.UnknownUser
def test_account_req_resp_db_inserted():
db_conn = get_db()
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk)
server.handle_account_request(db_conn, req)
u_out = db.user_with_pk(db_conn, sk.pubkey)
assert u_out.rowid
assert u_out.nick == 'Saul3'
assert u_out.pk == sk.pubkey
def test_account_req_resp_badsig():
db_conn = get_db()
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
u = user.User('Saul3', sk.pubkey)
req = SignedMessage.sign(account.AccountReq(u.nick, u.pk), sk)
# change message after it has been signed so that it won't verify
req.msg_bytes = b'foo'
resp = server.handle_account_request(db_conn, req)
assert resp.cred is None
assert resp.err is account.AuthRespErr.BadSig
def test_authchallengeresp_bad_chal():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
echal = get_chal(u)
# use an unknown sk to sign the AuthChallengeResp
sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthChallengeResp(echal), sk_unknown)
resp = server.handle_authchallengeresp(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.UnknownUser
def test_getinfo_unknown_user():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
ecred = get_cred(u)
# user who signed this message is not even in the db
fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big'))
gi = SignedMessage.sign(getinfo.GetInfo(u.pk, ecred), fake_sk)
gir = server.handle_getinfo(db_conn, gi)
assert isinstance(gir, getinfo.GetInfoResp)
assert not gir.ok
assert gir.err == SignedMessageErr.UnknownUser
def test_account_req_resp_happy():
db_conn = get_db()
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk)
resp = server.handle_account_request(db_conn, req)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
assert isinstance(resp.cred.dec(server.ENCKEY), SignedMessage)
cred, pk_used = resp.cred.dec(server.ENCKEY).unwrap()
assert isinstance(cred, account.AccountCred)
assert pk_used == server.IDKEY.pubkey
def test_location_update_unknown_user():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
ecred = get_cred(u)
loc = location.Location(u, loca.Coords(42, 69), time.time())
lu = location.LocationUpdate(loc, ecred)
# user who signed this message is not even in the db
fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big'))
slu = SignedMessage.sign(lu, fake_sk)
resp = server.handle_location_update(db_conn, slu)
assert not resp.ok
assert resp.cred is None # TODO
assert resp.err == SignedMessageErr.UnknownUser
def test_account_create_happy(client):
sk = crypto.Seckey((333).to_bytes(32, byteorder='big'))
req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk)
rv = client.post(
'/account/create',
json=req.to_dict(),
)
resp = Message.from_dict(rv.json)
assert isinstance(resp, account.AuthResp)
assert resp.err is None
assert resp.cred is not None
user_db = db.user_with_pk(flask.g.db, sk.pubkey)
assert user_db.nick == 'Saul3'
assert user_db.pk == sk.pubkey
valid_cred, _ = server.validate_credchal(resp.cred, user_db)
assert valid_cred
def get_credchal(
u: user.User,
cls: Type[Union[account.AccountCred, account.AuthChallenge]],
expire: float,
scred_stub: bool = False,
scred_munge: bool = False,
cred_stub: bool = False,
cred_wrong_key: bool = False,
cred_expired: bool = False,
cred_wrong_user: bool = False,
) -> EncryptedMessage:
if scred_stub:
ecred = EncryptedMessage.enc(Stub(34444), server.ENCKEY)
elif scred_munge:
cred = cls(u, expire)
scred = SignedMessage.sign(cred, server.IDKEY)
scred.msg_bytes = b'fooooo'
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
elif cred_stub:
scred = SignedMessage.sign(Stub(2342), server.IDKEY)
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
elif cred_wrong_key:
sk = crypto.Seckey((9879).to_bytes(32, byteorder='big'))
cred = cls(u, expire)
scred = SignedMessage.sign(cred, sk)
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
elif cred_expired:
cred = cls(u, time.time() - 0.00001)
scred = SignedMessage.sign(cred, server.IDKEY)
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
elif cred_wrong_user:
assert u != U2
fake_u = user.User(U2.nick, U2.pk, rowid=11)
cred = cls(fake_u, expire)
scred = SignedMessage.sign(cred, server.IDKEY)
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
else:
cred = cls(u, expire)
scred = SignedMessage.sign(cred, server.IDKEY)
ecred = EncryptedMessage.enc(scred, server.ENCKEY)
return ecred
from rela.lib import user
from rela.lib import crypto
from rela.lib.messages.getinfo import GetInfo, GetInfoLocation, GetInfoResp,\
GetInfoRespErr, GetInfoRespLocation
from rela.lib.messages import EncryptedMessage, Stub
SK = crypto.Seckey((28379873947).to_bytes(32, byteorder='big'))
U = user.User('Foo', SK.pubkey, rowid=420)
def really_fake_cred() -> EncryptedMessage:
return EncryptedMessage.enc(Stub(1), crypto.Enckey.gen())
def test_getinfo_dict_identity():
first = GetInfo(U.pk, really_fake_cred())
second = GetInfo.from_dict(first.to_dict())
assert first == second
def test_getinfo_eq_int():
assert GetInfo(U.pk, really_fake_cred()) != 1
def test_getinfo_dict_no_user():
gi = GetInfo(U.pk, really_fake_cred())
d = gi.to_dict()
del d['user_pk']
assert GetInfo.from_dict(d) is None
import pytest
from rela.core import server
from rela.lib import db, crypto, user, location as loca
from rela.lib.messages import SignedMessage, Message, EncryptedMessage
from rela.lib.messages import account, location, getinfo
import flask
import time
BAD_JSON_ERR = {'err': 'Must speak json, idiot'}
SK1 = crypto.Seckey((111).to_bytes(32, byteorder='big'))
SK2 = crypto.Seckey((222).to_bytes(32, byteorder='big'))
U1 = user.User('Jim1', SK1.pubkey) # no rowid. must fetch from db again
U2 = user.User('Sam2', SK2.pubkey) # no rowid. must fetch from db again
@pytest.fixture
def client():
success, db_conn = db.connect(':memory:', server.DEF_SCHEMA)
assert success
db.insert_user(db_conn, U1)
db.insert_user(db_conn, U2)
with server.app.app_context():
assert 'db' not in flask.g
flask.g.db = db_conn
with server.app.test_client() as client:
yield client
pass
def get_cred(u: user.User) -> EncryptedMessage:
cred = account.AccountCred(u, time.time() + server.CRED_LIFETIME)
from rela.lib import db
from rela.lib import user
from rela.lib import crypto
from rela.lib import location as loca
from rela.lib.messages import Stub, SignedMessage, EncryptedMessage, \
CredChalErr, SignedMessageErr
from rela.lib.messages import account, getinfo, location
from rela.core import server
import time
import random
from typing import Union, Type
SK1 = crypto.Seckey((111).to_bytes(32, byteorder='big'))
SK2 = crypto.Seckey((222).to_bytes(32, byteorder='big'))
U1 = user.User('Jim1', SK1.pubkey) # no rowid. must fetch from db again
U2 = user.User('Sam2', SK2.pubkey) # no rowid. must fetch from db again
server.IDKEY = crypto.Seckey((98734982984).to_bytes(32, byteorder='big'))
server.ENCKEY = crypto.Enckey.gen()
def get_db():
success, db_conn = db.connect(':memory:', server.DEF_SCHEMA)
assert success
db.insert_user(db_conn, U1)
db.insert_user(db_conn, U2)
return db_conn
def insert_many_locs(db_conn, user):
def rand_time():