def _login_admin(service_url, username, password, otp): """Internal function used to get a valid login to the specified service for the passed username, password and otp """ from Acquire.Client import User from Acquire.Client import Wallet wallet = Wallet() user = User(username=username, identity_url=service_url, auto_logout=False) result = user.request_login() login_url = result["login_url"] wallet.send_password( url=login_url, username=username, password=password, otpcode=otp.generate(), remember_password=False, remember_device=False, ) user.wait_for_login() return user
def do_login(a): user = User(username=username_text.value, identity_url=f"{base_url}/identity") with login_link_box: user.request_login() if user.wait_for_login(): status_text.value = "<font color='green'>Login success</font>" else: status_text.value = "<font color='red'>Login failure</font>" self._user = user
def authenticated_user(aaai_services): from Acquire.Crypto import PrivateKey, OTP from Acquire.Client import User, Service, Wallet username = str(uuid.uuid4()) password = PrivateKey.random_passphrase() result = User.register(username=username, password=password, identity_url="identity") otpsecret = result["otpsecret"] otp = OTP(otpsecret) # now log the user in user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() assert (type(result) is dict) wallet = Wallet() wallet.send_password(url=result["login_url"], username=username, password=password, otpcode=otp.generate(), remember_password=False, remember_device=False) user.wait_for_login() assert (user.is_logged_in()) return user
def register_user(a): if password_box.value != conf_password_box.value: with output_box: status_text.value = ( "<font color='red'>Passwords do not match</font>") else: result = User.register( username=username_box.value, password=password_box.value, identity_url=f"{base_url}/identity", ) with output_box: status_text.value = "<font color='green'>Please scan QR code with authenticator app</font>" display(result["qrcode"])
def test_login(username, password, aaai_services, tmpdir): # register the new user result = User.register(username=username, password=password, identity_url="identity") assert(type(result) is dict) otpsecret = result["otpsecret"] otp = OTP(otpsecret) user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() assert(type(result) is dict) login_url = result["login_url"] print(login_url) wallet = Wallet() wallet.send_password(url=login_url, username=username, password=password, otpcode=otp.generate(), remember_password=True) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout() # now try to log in, using the remembered password user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() login_url = result["login_url"] # the test has to specify the username as we can't choose... wallet.send_password(url=login_url, username=username, otpcode=otp.generate(), remember_device=True) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout() # now see if the wallet can send all login info # now try to log in, using the remembered password user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() login_url = result["login_url"] # the test has to specify the username as we can't choose... wallet.send_password(url=login_url, username=username) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout()
def test_login_fails(aaai_services, tmpdir): # register two users username1 = "fail1" password1 = "Fail1!!!" username2 = "fail2" password2 = "Fail2!!!" result = User.register(username=username1, password=password1, identity_url="identity") assert (type(result) is dict) otpsecret1 = result["otpsecret"] otp1 = OTP(otpsecret1) user1 = User(username=username1, identity_url="identity", auto_logout=False) result = User.register(username=username2, password=password2, identity_url="identity") assert (type(result) is dict) otpsecret2 = result["otpsecret"] otp2 = OTP(otpsecret2) user2 = User(username=username2, identity_url="identity", auto_logout=False) result1 = user1.request_login() result2 = user2.request_login() assert (type(result1) is dict) assert (type(result2) is dict) login_url1 = result1["login_url"] login_url2 = result2["login_url"] wallet = Wallet() # try to log in with the wrong user with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username2, password=password2, otpcode=otp2.generate(), remember_password=False, remember_device=False) with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username1, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong otpcode with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username1, password=password1, otpcode=otp2.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong otpcode with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username2, password=password2, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong password with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username1, password=password2, otpcode=otp1.generate(), remember_password=False, remember_device=False) with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username2, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now, get it right ;-) wallet.send_password(url=login_url1, username=username1, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) wallet.send_password(url=login_url2, username=username2, password=password2, otpcode=otp2.generate(), remember_password=False, remember_device=False) user1.logout() user2.logout()