コード例 #1
0
 def test_client_with_password_gamepassword(self):
     """
     Case where a player saved the password to join the game in its UrT config. As a result, we find a 'password'
     field in the clientuserinfo line.
     This value must not overwrite the 'password' property of the Client object.
     """
     # GIVEN a known client
     c = FakeClient(console=self.console,
                    name="Zesco",
                    guid="58D4069246865BB5A85F20FB60ED6F65",
                    login="******",
                    password="******")
     c.save()
     c.connects('15')
     self.assertEqual('password_in_database', c.password)
     # WHEN
     infoline = r"15 \ip\1.2.3.4:27960\name\Zesco\password\some_password_here\racered\2\raceblue\3\rate\8000\ut_timenudge\0\cg_rgb\128 128 128\cg_predictitems\0\cg_physics\1\snaps\20\model\sarge\headmodel\sarge\team_model\james\team_headmodel\*james\color1\4\color2\5\handicap\100\sex\male\cl_anonymous\0\gear\GMIORAA\teamtask\0\cl_guid\58D4069246865BB5A85F20FB60ED6F65\weapmodes\00000110120000020002"
     self.assertTrue('15' in self.console.clients)
     self.console.OnClientuserinfo(action=None, data=infoline)
     # THEN
     client = self.console.clients['15']
     self.assertEqual('1.2.3.4', client.ip)
     self.assertEqual('Zesco^7', client.exactName)
     self.assertEqual('Zesco', client.name)
     self.assertEqual('58D4069246865BB5A85F20FB60ED6F65', client.guid)
     self.assertEqual('password_in_database', client.password)
コード例 #2
0
 def test_high_level_having_password(self):
     # GIVEN
     joe = FakeClient(self.console, name="Joe", guid="joeguid", groupBits=128, password=F00_MD5)
     joe.save()
     # WHEN
     joe.clearMessageHistory()
     joe.connects("0")
     # THEN
     self.assertEqual(['Login via console: /tell 0 !login yourpassword'], joe.message_history)
     self.assertEqual(2, joe.groupBits)
コード例 #3
0
    def test_known_client_with_unverified_guid_but_same_ip_is_auth(self):
        # GIVEN a known client Bob
        bob = FakeClient(self.parser, name="bob", guid="80a50000000000000000000000fcbc7d", ip="111.22.3.4")
        bob.save()
        # WHEN
        when(self.parser.output).write('players').thenReturn('''\
Players on server:
[#] [IP Address]:[Port] [Ping] [GUID] [Name]
--------------------------------------------------
2   111.22.3.4:2316       47   80a50000000000000000000000fcbc7d(?)  bob
(1 players in total)
''')
        rv = self.parser.sync()
        # THEN
        self.assertIn('2', rv)
        client = rv["2"]
        self.assertEqual(bob.guid, client.guid)
        self.assertEqual(bob.ip, client.ip)
        self.assertTrue(client.authed)
コード例 #4
0
    def test_known_client_with_unverified_guid_but_same_ip_is_auth(self):
        # GIVEN a known client Bob
        bob = FakeClient(self.parser, name="bob", guid="80a50000000000000000000000fcbc7d", ip="111.22.3.4")
        bob.save()
        # WHEN
        when(self.parser.output).write('players').thenReturn('''\
Players on server:
[#] [IP Address]:[Port] [Ping] [GUID] [Name]
--------------------------------------------------
2   111.22.3.4:2316       47   80a50000000000000000000000fcbc7d(?)  bob
(1 players in total)
''')
        rv = self.parser.sync()
        # THEN
        self.assertIn('2', rv)
        client = rv["2"]
        self.assertEqual(bob.guid, client.guid)
        self.assertEqual(bob.ip, client.ip)
        self.assertTrue(client.authed)
コード例 #5
0
 def test_client_with_password_gamepassword(self):
     """
     Case where a player saved the password to join the game in its UrT config. As a result, we find a 'password'
     field in the clientuserinfo line.
     This value must not overwrite the 'password' property of the Client object.
     """
     # GIVEN a known client
     c = FakeClient(console=self.console, name="Zesco", guid="58D4069246865BB5A85F20FB60ED6F65", login="******", password="******")
     c.save()
     c.connects('15')
     self.assertEqual('password_in_database', c.password)
     # WHEN
     infoline = r"15 \ip\1.2.3.4:27960\name\Zesco\password\some_password_here\racered\2\raceblue\3\rate\8000\ut_timenudge\0\cg_rgb\128 128 128\cg_predictitems\0\cg_physics\1\snaps\20\model\sarge\headmodel\sarge\team_model\james\team_headmodel\*james\color1\4\color2\5\handicap\100\sex\male\cl_anonymous\0\gear\GMIORAA\teamtask\0\cl_guid\58D4069246865BB5A85F20FB60ED6F65\weapmodes\00000110120000020002"
     self.assertTrue('15' in self.console.clients)
     self.console.OnClientuserinfo(action=None, data=infoline)
     # THEN
     client = self.console.clients['15']
     self.assertEqual('1.2.3.4', client.ip)
     self.assertEqual('Zesco^7', client.exactName)
     self.assertEqual('Zesco', client.name)
     self.assertEqual('58D4069246865BB5A85F20FB60ED6F65', client.guid)
     self.assertEqual('password_in_database', client.password)
コード例 #6
0
class Test_cmd_login(LoginTestCase):

    def setUp(self):
        LoginTestCase.setUp(self)
        self.init_plugin()
        # create a client which needs to log in and has a password saved in database
        self.jack = FakeClient(self.console, name="Jack", guid="jackguid", groupBits=128, password=F00_MD5)
        self.jack.save()

    def test_already_logged_in(self):
        # GIVEN
        joe = FakeClient(self.console, name="Joe", guid="joeguid", groupBits=128)
        joe.setvar(self.p, 'loggedin', 1)
        joe.connects("0")
        # WHEN
        joe.clearMessageHistory()
        joe.says("!login")
        # THEN
        self.assertEqual(['You are already logged in'], joe.message_history)

    def test_low_level(self):
        # GIVEN
        joe = FakeClient(self.console, name="Joe", guid="joeguid", groupBits=8)
        joe.connects("0")
        # WHEN
        joe.clearMessageHistory()
        joe.says("!login")
        # THEN
        self.assertEqual(['You do not need to log in'], joe.message_history)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_no_parameter(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(2, self.jack.groupBits) # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login")
        # THEN
        self.assertEqual(['Usage (via console): /tell 0 !login yourpassword'], self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_wrong_password(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(2, self.jack.groupBits) # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login qsfddqsf")
        # THEN
        self.assertEqual(['***Access denied***'], self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_correct_password(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(2, self.jack.groupBits) # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login f00")
        # THEN
        self.assertEqual(['You are successfully logged in'], self.jack.message_history)
        self.assertEqual(128, self.jack.groupBits)
        self.assertTrue(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_spoofed_password_with_compromised_client_object(self):
        """
        in some B3 game parser implementation there is an issue which could let the 'password' property of client
        objects be compromised.
        """
        # GIVEN
        batman_md5 = 'ec0e2603172c73a8b644bb9456c1ff6e'
        self.jack.connects("0")
        self.assertEqual(2, self.jack.groupBits) # the login plugin set his level down to 2 while waiting for the password
        self.jack.password = batman_md5
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login batman")
        # THEN
        self.assertEqual(['***Access denied***'], self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_correct_password_with_compromised_client_object(self):
        """
        in some B3 game parser implementation there is an issue which could let the 'password' property of client
        objects be compromised.
        """
        # GIVEN
        batman_md5 = 'ec0e2603172c73a8b644bb9456c1ff6e'
        self.jack.connects("0")
        self.assertEqual(2, self.jack.groupBits) # the login plugin set his level down to 2 while waiting for the password
        self.jack.password = batman_md5
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login f00")
        # THEN
        self.assertEqual(['You are successfully logged in'], self.jack.message_history)
        self.assertEqual(128, self.jack.groupBits)
        self.assertTrue(self.jack.isvar(self.p, 'loggedin'))
コード例 #7
0
class Test_cmd_login(LoginTestCase):
    def setUp(self):
        LoginTestCase.setUp(self)
        self.init_plugin()
        # create a client which needs to log in and has a password saved in database
        self.jack = FakeClient(self.console,
                               name="Jack",
                               guid="jackguid",
                               groupBits=128,
                               password=F00_MD5)
        self.jack.save()

    def test_already_logged_in(self):
        # GIVEN
        joe = FakeClient(self.console,
                         name="Joe",
                         guid="joeguid",
                         groupBits=128)
        joe.setvar(self.p, 'loggedin', 1)
        joe.connects("0")
        # WHEN
        joe.clearMessageHistory()
        joe.says("!login")
        # THEN
        self.assertEqual(['You are already logged in'], joe.message_history)

    def test_low_level(self):
        # GIVEN
        joe = FakeClient(self.console, name="Joe", guid="joeguid", groupBits=8)
        joe.connects("0")
        # WHEN
        joe.clearMessageHistory()
        joe.says("!login")
        # THEN
        self.assertEqual(['You do not need to log in'], joe.message_history)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_no_parameter(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(
            2, self.jack.groupBits
        )  # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login")
        # THEN
        self.assertEqual(['Usage (via console): /tell 0 !login yourpassword'],
                         self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_wrong_password(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(
            2, self.jack.groupBits
        )  # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login qsfddqsf")
        # THEN
        self.assertEqual(['***Access denied***'], self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_correct_password(self):
        # GIVEN
        self.jack.connects("0")
        self.assertEqual(
            2, self.jack.groupBits
        )  # the login plugin set his level down to 2 while waiting for the password
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login f00")
        # THEN
        self.assertEqual(['You are successfully logged in'],
                         self.jack.message_history)
        self.assertEqual(128, self.jack.groupBits)
        self.assertTrue(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_spoofed_password_with_compromised_client_object(self):
        """
        in some B3 game parser implementation there is an issue which could let the 'password' property of client
        objects be compromised.
        """
        # GIVEN
        batman_md5 = 'ec0e2603172c73a8b644bb9456c1ff6e'
        self.jack.connects("0")
        self.assertEqual(
            2, self.jack.groupBits
        )  # the login plugin set his level down to 2 while waiting for the password
        self.jack.password = batman_md5
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login batman")
        # THEN
        self.assertEqual(['***Access denied***'], self.jack.message_history)
        self.assertEqual(2, self.jack.groupBits)
        self.assertFalse(self.jack.isvar(self.p, 'loggedin'))

    def test_high_level_correct_password_with_compromised_client_object(self):
        """
        in some B3 game parser implementation there is an issue which could let the 'password' property of client
        objects be compromised.
        """
        # GIVEN
        batman_md5 = 'ec0e2603172c73a8b644bb9456c1ff6e'
        self.jack.connects("0")
        self.assertEqual(
            2, self.jack.groupBits
        )  # the login plugin set his level down to 2 while waiting for the password
        self.jack.password = batman_md5
        # WHEN
        self.jack.clearMessageHistory()
        self.jack.says("!login f00")
        # THEN
        self.assertEqual(['You are successfully logged in'],
                         self.jack.message_history)
        self.assertEqual(128, self.jack.groupBits)
        self.assertTrue(self.jack.isvar(self.p, 'loggedin'))