def test_account_full_auth_handshake(client):
u = db.user_with_pk(flask.g.db, U1.pk)
req1 = SignedMessage.sign(account.AuthReq(u.pk), SK1)
rv1 = client.post(
'/account/challenge/gen',
json=req1.to_dict(),
)
assert rv1.status_code == 200
echal = Message.from_dict(rv1.json)
assert isinstance(echal, EncryptedMessage)
schal = EncryptedMessage.dec(echal, server.ENCKEY)
assert schal.is_valid()
chal, pk_used = schal.unwrap()
assert isinstance(chal, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
req2 = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
rv2 = client.post(
'/account/challenge/verify',
json=req2.to_dict(),
)
assert rv2.status_code == 200
resp = Message.from_dict(rv2.json)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
assert scred.is_valid()
cred, pk_used = scred.unwrap()
assert isinstance(cred, account.AccountCred)
assert pk_used == server.IDKEY.pubkey
def expire_from_ecred(
ecred: EncryptedMessage, ek: crypto.Enckey, pk: crypto.Pubkey) \
-> float:
scred = ecred.dec(ek)
assert isinstance(scred, SignedMessage)
cred, pk_used = scred.unwrap()
assert pk_used == pk
assert isinstance(cred, account.AccountCred)
return cred.expire
def test_authchallengeresp_happy():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
echal = get_chal(u)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
cred, pk_used = SignedMessage.unwrap(scred)
assert pk_used == server.IDKEY.pubkey
assert cred.expire > time.time()
def test_authreq_happy():
db_conn = get_db()
smsg = SignedMessage.sign(account.AuthReq(SK1.pubkey), SK1)
resp = server.handle_authreq(db_conn, smsg)
assert isinstance(resp, EncryptedMessage)
schal = EncryptedMessage.dec(resp, server.ENCKEY)
assert isinstance(schal, SignedMessage)
assert schal.is_valid()
chal, pk_used = schal.unwrap()
assert isinstance(chal, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
assert chal.user == db.user_with_pk(db_conn, chal.user.pk)
assert chal.expire > time.time()
def test_account_challenge_gen(client):
u = db.user_with_pk(flask.g.db, U1.pk)
req = SignedMessage.sign(account.AuthReq(u.pk), SK1)
rv = client.post(
'/account/challenge/gen',
json=req.to_dict(),
)
assert rv.status_code == 200
eresp = Message.from_dict(rv.json)
assert isinstance(eresp, EncryptedMessage)
sresp = EncryptedMessage.dec(eresp, server.ENCKEY)
resp, pk_used = sresp.unwrap()
assert isinstance(resp, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
assert resp.user == u
def test_location_update_happy():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
ecred = get_cred(u)
original_expire = expire_from_ecred(ecred, server.ENCKEY,
server.IDKEY.pubkey)
loc = location.Location(u, loca.Coords(42, 69), time.time())
lu = location.LocationUpdate(loc, ecred)
slu = SignedMessage.sign(lu, SK1)
resp = server.handle_location_update(db_conn, slu)
assert resp.ok
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
cred, pk_used = SignedMessage.unwrap(scred)
assert pk_used == server.IDKEY.pubkey
assert cred.expire > original_expire
assert resp.err is None
def test_account_challenge_verify(client):
u = db.user_with_pk(flask.g.db, U1.pk)
echal = server.generate_auth_challenge(u)
req = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
rv = client.post(
'/account/challenge/verify',
json=req.to_dict(),
)
assert rv.status_code == 200
resp = Message.from_dict(rv.json)
assert isinstance(resp, account.AuthResp)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
assert scred.is_valid()
cred, pk_used = scred.unwrap()
assert pk_used == server.IDKEY.pubkey
assert cred.user == u
assert cred.expire > time.time()