async def test_handshake_unknown_organization(backend, server_factory,
organization_factory, alice,
type):
bad_org = organization_factory()
if type == "invited":
ch = InvitedClientHandshake(
organization_id=bad_org.organization_id,
invitation_type=InvitationType.USER,
token=uuid4(),
)
else: # authenticated
ch = AuthenticatedClientHandshake(
organization_id=bad_org.organization_id,
device_id=alice.device_id,
user_signkey=alice.signing_key,
root_verify_key=bad_org.root_verify_key,
)
async with server_factory(backend.handle_client) as server:
stream = server.connection_factory()
transport = await Transport.init_for_client(stream,
server.addr.hostname)
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
with pytest.raises(HandshakeBadIdentity):
ch.process_result_req(result_req)
async def test_handshake_expired_organization(backend, server_factory,
expiredorg, alice, type):
if type == "invited":
ch = InvitedClientHandshake(
organization_id=expiredorg.organization_id,
invitation_type=InvitationType.USER,
token=uuid4(),
)
else: # authenticated
ch = AuthenticatedClientHandshake(
organization_id=expiredorg.organization_id,
device_id=alice.device_id,
user_signkey=alice.signing_key,
root_verify_key=expiredorg.root_verify_key,
)
with backend.event_bus.listen() as spy:
async with server_factory(backend.handle_client) as server:
stream = server.connection_factory()
transport = await Transport.init_for_client(
stream, server.addr.hostname)
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
with pytest.raises(HandshakeOrganizationExpired):
ch.process_result_req(result_req)
await spy.wait_with_timeout(BackendEvent.ORGANIZATION_EXPIRED)
async def test_invited_handshake_good(backend, server_factory, alice,
invitation_type):
if invitation_type == InvitationType.USER:
invitation = await backend.invite.new_for_user(
organization_id=alice.organization_id,
greeter_user_id=alice.user_id,
claimer_email="*****@*****.**",
)
else: # Claim device
invitation = await backend.invite.new_for_device(
organization_id=alice.organization_id,
greeter_user_id=alice.user_id)
ch = InvitedClientHandshake(
organization_id=alice.organization_id,
invitation_type=invitation_type,
token=invitation.token,
)
async with server_factory(backend.handle_client) as server:
stream = server.connection_factory()
transport = await Transport.init_for_client(stream,
server.addr.hostname)
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
ch.process_result_req(result_req)
assert ch.client_api_version == API_VERSION
assert ch.backend_api_version == API_VERSION
def test_good_invited_handshake(coolorg, invitation_type):
organization_id = OrganizationID("Org")
token = uuid4()
sh = ServerHandshake()
ch = InvitedClientHandshake(
organization_id=organization_id, invitation_type=invitation_type, token=token
)
assert sh.state == "stalled"
challenge_req = sh.build_challenge_req()
assert sh.state == "challenge"
answer_req = ch.process_challenge_req(challenge_req)
sh.process_answer_req(answer_req)
assert sh.state == "answer"
assert sh.answer_type == HandshakeType.INVITED
assert sh.answer_data == {
"client_api_version": API_V2_VERSION,
"organization_id": organization_id,
"invitation_type": invitation_type,
"token": token,
}
result_req = sh.build_result_req()
assert sh.state == "result"
ch.process_result_req(result_req)
assert sh.client_api_version == API_V2_VERSION
async def test_invited_handshake_bad_token(backend, server_factory, coolorg,
invitation_type):
ch = InvitedClientHandshake(organization_id=coolorg.organization_id,
invitation_type=invitation_type,
token=uuid4())
async with server_factory(backend.handle_client) as server:
stream = server.connection_factory()
transport = await Transport.init_for_client(stream,
server.addr.hostname)
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
with pytest.raises(HandshakeBadIdentity):
ch.process_result_req(result_req)
async def _backend_sock_factory(
backend,
organization_id: OrganizationID,
invitation_type: InvitationType,
token: UUID,
freeze_on_transport_error: bool = True,
):
async with backend_raw_transport_factory(
backend, freeze_on_transport_error=freeze_on_transport_error
) as transport:
ch = InvitedClientHandshake(
organization_id=organization_id, invitation_type=invitation_type, token=token
)
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
ch.process_result_req(result_req)
yield transport
async def test_invited_handshake_bad_token_type(backend, server_factory,
alice):
invitation = await backend.invite.new_for_device(
organization_id=alice.organization_id, greeter_user_id=alice.user_id)
ch = InvitedClientHandshake(
organization_id=alice.organization_id,
invitation_type=InvitationType.USER,
token=invitation.token,
)
async with server_factory(backend.handle_client) as server:
stream = await server.connection_factory()
transport = await Transport.init_for_client(stream, "127.0.0.1")
challenge_req = await transport.recv()
answer_req = ch.process_challenge_req(challenge_req)
await transport.send(answer_req)
result_req = await transport.recv()
with pytest.raises(HandshakeBadIdentity):
ch.process_result_req(result_req)