def test_fail_bad_request(self, user): useradmm = ApiClient(useradm.URL_MGMT) devauthm = ApiClient(deviceauth_v2.URL_MGMT) # log in user r = useradmm.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 utoken = r.text # id data not json priv, pub = util.crypto.rsa_get_keypair() id_data = '{\"mac\": \"foo\"}' body = deviceauth_v2.preauth_req( id_data, pub) r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES, body) assert r.status_code == 400 # not a valid key id_data = {'mac': 'foo'} body = deviceauth_v2.preauth_req( id_data, 'not a public key') r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES, body) assert r.status_code == 400
def do_test_fail_duplicate(self, user, devices): useradmm = ApiClient(useradm.URL_MGMT) devauthm = ApiClient(deviceauth_v2.URL_MGMT) # log in user r = useradmm.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 utoken = r.text # preauth duplicate device priv, pub = util.crypto.rsa_get_keypair() id_data = devices[0].id_data body = deviceauth_v2.preauth_req( id_data, pub) r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES, body) assert r.status_code == 409 # device list is unmodified r = devauthm.with_auth(utoken).call('GET', deviceauth_v2.URL_DEVICES) assert r.status_code == 200 api_devs = r.json() assert len(api_devs) == len(devices) # existing device has no new auth sets existing = [d for d in api_devs if d['identity_data'] == id_data] assert len(existing) == 1 existing = existing[0] assert len(existing['auth_sets']) == 1 aset = existing['auth_sets'][0] assert util.crypto.rsa_compare_keys(aset['pubkey'], devices[0].pubkey) assert aset['status'] == 'pending'
def make_preauthd_device(utoken): devauthm = ApiClient(deviceauth_v2.URL_MGMT) priv, pub = util.crypto.rsa_get_keypair() id_data = rand_id_data() body = deviceauth_v2.preauth_req(id_data, pub) r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES, body) assert r.status_code == 201 api_dev = get_device_by_id_data(id_data, utoken) assert len(api_dev['auth_sets']) == 1 aset = api_dev['auth_sets'][0] dev = Device(api_dev['id'], id_data, pub) dev.authsets.append( Authset(aset['id'], dev.id, id_data, pub, priv, 'preauthorized')) dev.status = 'preauthorized' return dev
def do_test_ok(self, user, tenant_token=''): useradmm = ApiClient(useradm.URL_MGMT) devauthm = ApiClient(deviceauth_v2.URL_MGMT) devauthd = ApiClient(deviceauth_v1.URL_DEVICES) # log in user r = useradmm.call('POST', useradm.URL_LOGIN, auth=(user.name, user.pwd)) assert r.status_code == 200 utoken = r.text # preauth device priv, pub = util.crypto.rsa_get_keypair() id_data = {'mac': 'pretenditsamac'} body = deviceauth_v2.preauth_req( id_data, pub) r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES, body) assert r.status_code == 201 # device appears in device list r = devauthm.with_auth(utoken).call('GET', deviceauth_v2.URL_DEVICES) assert r.status_code == 200 api_devs = r.json() assert len(api_devs) == 1 api_dev = api_devs[0] assert api_dev['status'] == 'preauthorized' assert api_dev['identity_data'] == id_data assert len(api_dev['auth_sets']) == 1 aset = api_dev['auth_sets'][0] assert aset['identity_data'] == id_data assert util.crypto.rsa_compare_keys(aset['pubkey'], pub) assert aset['status'] == 'preauthorized' # actual device can obtain auth token body, sighdr = deviceauth_v1.auth_req(id_data, pub, priv, tenant_token) r = devauthd.call('POST', deviceauth_v1.URL_AUTH_REQS, body, headers=sighdr) assert r.status_code == 200 # device and authset changed status to 'accepted' r = devauthm.with_auth(utoken).call('GET', deviceauth_v2.URL_DEVICES, path_params={'id': api_dev['id']}) api_devs = r.json() assert len(api_devs) == 1 api_dev = api_devs[0] assert api_dev['status'] == 'accepted' assert len(api_dev['auth_sets']) == 1 aset = api_dev['auth_sets'][0] assert aset['status'] == 'accepted'