def test_keychain_creation():
_init_data()
kc = vcs.KeyChain(macgyver, "foobar")
public_key, private_key = kc.get_ssh_key()
assert public_key.startswith("ssh-rsa")
assert "RSA PRIVATE KEY" in private_key
public_key2 = vcs.KeyChain.get_ssh_public_key(macgyver)
assert public_key2 == public_key
bigmac = get_project(macgyver, macgyver, "bigmac", create=True)
kc.set_ssh_for_project(bigmac, vcs.AUTH_BOTH)
kcfile = path(macgyver.get_location()) / ".bespin-keychain"
assert kcfile.exists()
metadata = bigmac.metadata
assert metadata['remote_auth'] == vcs.AUTH_BOTH
metadata.close()
# make sure the file is encrypted
text = kcfile.bytes()
assert "RSA PRIVATE KEY" not in text
assert "ssh-rsa" not in text
kc = vcs.KeyChain(macgyver, "foobar")
public_key2, private_key2 = kc.get_ssh_key()
assert public_key2 == public_key
assert private_key2 == private_key
credentials = kc.get_credentials_for_project(bigmac)
assert "RSA PRIVATE KEY" in credentials['ssh_private_key']
assert credentials['type'] == "ssh"
kc.delete_credentials_for_project(bigmac)
credentials = kc.get_credentials_for_project(bigmac)
assert credentials is None
metadata = bigmac.metadata
try:
value = metadata['remote_auth']
assert False, "expected remote_auth key to be removed from project"
except KeyError:
pass
metadata.close()
kc.set_credentials_for_project(bigmac, vcs.AUTH_WRITE, "macG", "coolpass")
kc = vcs.KeyChain(macgyver, "foobar")
credentials = kc.get_credentials_for_project(bigmac)
assert credentials['type'] == 'password'
assert credentials['username'] == 'macG'
assert credentials['password'] == 'coolpass'
kc.delete_credentials_for_project(bigmac)
kc = vcs.KeyChain(macgyver, "foobar")
credentials = kc.get_credentials_for_project(bigmac)
assert credentials is None
def test_bad_keychain_password():
_init_data()
keychain = vcs.KeyChain(macgyver, "foobar")
keychain.get_ssh_key()
try:
keychain = vcs.KeyChain(macgyver, "blorg")
keychain.get_ssh_key()
assert False, "Expected exception for bad keychain password"
except NotAuthorized:
pass
def test_hg_push_on_web(run_command_params):
_init_data()
kc = vcs.KeyChain(macgyver, "foobar")
# generate key pair
kc.get_ssh_key()
bigmac = get_project(macgyver, macgyver, 'bigmac', create=True)
kc.set_ssh_for_project(bigmac, vcs.AUTH_WRITE)
metadata = bigmac.metadata
metadata['remote_url'] = "http://hg.mozilla.org/labs/bespin"
metadata['push'] = "ssh://hg.mozilla.org/labs/bespin"
metadata.close()
bigmac.save_file(".hg/hgrc", "# test rc file\n")
request = simplejson.dumps({'command' : ['push', '_BESPIN_PUSH'],
'kcpass' : 'foobar'})
resp = app.post("/vcs/command/bigmac/", request)
resp = app.post("/messages/")
command, context = run_command_params
assert context.user == "MacGyver"
command_line = command.get_command_line()
print command_line
assert command_line[0:3] == ["hg", "push", "-e"]
assert command_line[3].startswith("ssh -i")
assert command_line[4] == "ssh://hg.mozilla.org/labs/bespin"
def test_vcs_get_ssh_key_from_web_without_password_with_pubkey():
_init_data()
kc = vcs.KeyChain(macgyver, "foobar")
# generate the key pair
kc.get_ssh_key()
resp = app.post("/vcs/getkey/")
assert resp.content_type == "application/x-ssh-key"
assert resp.body.startswith("ssh-rsa")
def test_find_out_remote_auth_info_from_web():
_init_data()
bigmac = get_project(macgyver, macgyver, "bigmac", create=True)
keychain = vcs.KeyChain(macgyver, "foobar")
keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH)
resp = app.get("/vcs/remoteauth/bigmac/")
assert resp.body == "both"
keychain.delete_credentials_for_project(bigmac)
resp = app.get("/vcs/remoteauth/bigmac/")
assert resp.body == ""
keychain.set_ssh_for_project(bigmac, vcs.AUTH_WRITE)
resp = app.get("/vcs/remoteauth/bigmac/")
assert resp.body == "write"
def test_vcs_auth_set_password_on_web():
_init_data()
bigmac = get_project(macgyver, macgyver, 'bigmac', create=True)
resp = app.post("/vcs/setauth/bigmac/", dict(kcpass="******",
type="password", username="******",
password="******",
remoteauth="write"))
kc = vcs.KeyChain(macgyver, "foobar")
credentials = kc.get_credentials_for_project(bigmac)
assert credentials['type'] == 'password'
assert credentials['username'] == 'macG'
assert credentials['password'] == 'coolpass'
metadata = bigmac.metadata
assert metadata[vcs.AUTH_PROPERTY] == vcs.AUTH_WRITE
metadata.close()
def get_ssh_key(request, response):
user = request.user
try:
kcpass = request.POST['kcpass']
except KeyError:
kcpass = None
if kcpass is None:
pubkey = vcs.KeyChain.get_ssh_public_key(user)
else:
keychain = vcs.KeyChain(user, kcpass)
pubkey = keychain.get_ssh_key()[0]
response.content_type = "application/x-ssh-key"
response.body = pubkey
return response()
def test_vcs_auth_set_ssh_newkey_on_web():
_init_data()
bigmac = get_project(macgyver, macgyver, "bigmac", create=True)
resp = app.post("/vcs/setauth/bigmac/", dict(kcpass="******",
type="ssh", remoteauth="both"))
assert resp.content_type == "application/json"
assert "ssh-rsa" in resp.body
kc = vcs.KeyChain(macgyver, "foobar")
credentials = kc.get_credentials_for_project(bigmac)
assert credentials['type'] == 'ssh'
assert "RSA PRIVATE KEY" in credentials['ssh_private_key']
metadata = bigmac.metadata
assert metadata[vcs.AUTH_PROPERTY] == vcs.AUTH_BOTH
metadata.close()
def test_dont_provide_auth_info_to_update_command(run_command_params):
_init_data()
bigmac = get_project(macgyver, macgyver, 'bigmac', create=True)
bigmac.save_file(".hg/hgrc", "# test rc file\n")
keychain = vcs.KeyChain(macgyver, "foobar")
keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH)
cmd = ["update"]
output = vcs.run_command(macgyver, bigmac, cmd)
resp = app.post("/messages/")
messages = simplejson.loads(resp.body)
assert len(messages) == 1
output = messages[0]
assert 'output' in output
assert output['output'] == 'Keychain password is required for this command.'
def installkey(options):
"""Install an SSH key into your Bespin keychain. This will
prompt you for your Bespin keychain password. You must
give a Bespin username with -u. You must also specify
a passwordless SSH private key file with -f."""
if not 'installkey' in options or not options.installkey.user:
raise BuildFailure("You must specify a user with -u for this task.")
if not options.installkey.file:
raise BuildFailure("You must specify a private key with with -f")
private_key = path(options.installkey.file)
public_key = private_key + ".pub"
if not private_key.exists() or not public_key.exists():
raise BuildFailure(
"Either your private key file or public key file does not exist")
user = options.installkey.user
import getpass
password = getpass.getpass("Enter your keychain password: "******"dev")
config.activate_profile()
session = config.c.session_factory()
try:
user = session.query(database.User).filter_by(username=user).one()
except NoResultFound:
raise BuildFailure("I couldn't find %s in the database. Sorry!" %
(user))
keychain = vcs.KeyChain(user, password)
public_key = public_key.bytes()
private_key = private_key.bytes()
keychain.set_ssh_key(private_key, public_key)
def test_provide_auth_info_to_update_command(run_command_params):
_init_data()
bigmac = get_project(macgyver, macgyver, 'bigmac', create=True)
bigmac.save_file(".hg/hgrc", "# test rc file\n")
metadata = bigmac.metadata
metadata['remote_url'] = 'http://hg.mozilla.org/labs/bespin'
metadata.close()
keychain = vcs.KeyChain(macgyver, "foobar")
keychain.set_ssh_for_project(bigmac, vcs.AUTH_BOTH)
cmd = ["update", "_BESPIN_REMOTE_URL"]
output = vcs.run_command(macgyver, bigmac, cmd, "foobar")
command, context = run_command_params
command_line = command.get_command_line()
assert command_line[:3] == ["hg", "fetch", "-e"]
assert command_line[3].startswith("ssh -i")
assert command_line[4] == "http://hg.mozilla.org/labs/bespin"
# make sure it's not unicode
assert isinstance(command_line[4], str)
assert len(command_line) == 5
def keychain_setauth(request, response):
user = request.user
project_name = request.kwargs['project_name']
project = get_project(user, user, project_name)
try:
kcpass = request.POST['kcpass']
atype = request.POST['type']
remote_auth = request.POST['remoteauth']
except KeyError:
raise BadRequest("Request must include kcpass, type and remoteauth.")
if remote_auth != vcs.AUTH_WRITE and remote_auth != vcs.AUTH_BOTH:
raise BadRequest("Remote auth type must be %s or %s" %
(vcs.AUTH_WRITE, vcs.AUTH_BOTH))
keychain = vcs.KeyChain(user, kcpass)
body = ""
if atype == "password":
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
raise BadRequest("Request must include username and password")
keychain.set_credentials_for_project(project, remote_auth, username,
password)
elif atype == "ssh":
# set the project to use the SSH key and return the public key
body = keychain.set_ssh_for_project(project, remote_auth)[0]
else:
raise BadRequest("auth type must be ssh or password")
response.content_type = "application/json"
response.body = body
return response()
