def test_account_req_resp_wrongpubkey(): db_conn = get_db() sk_wrong = crypto.Seckey((420).to_bytes(32, byteorder='big')) sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) u = user.User('Saul3', sk.pubkey) # sign the request with the wrong seckey so it can't verify with the # correct pubkey req = SignedMessage.sign(account.AccountReq(u.nick, u.pk), sk_wrong) resp = server.handle_account_request(db_conn, req) assert resp.cred is None assert resp.err == account.AuthRespErr.WrongPubkey
def test_account_req_resp_malformed(): db_conn = get_db() sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) # Supposed to be signing an AccountReq, but instead signing a junk message req = SignedMessage.sign(Stub(420), sk) resp = server.handle_account_request(db_conn, req) assert resp.cred is None assert resp.err == account.AuthRespErr.Malformed
def test_authreq_no_user(): db_conn = get_db() # use an unknown sk to sign the AuthReq sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big')) smsg = SignedMessage.sign(account.AuthReq(sk_unknown.pubkey), sk_unknown) resp = server.handle_authreq(db_conn, smsg) assert isinstance(resp, account.AuthResp) assert resp.cred is None assert resp.err == SignedMessageErr.UnknownUser
def test_account_req_resp_db_inserted(): db_conn = get_db() sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk) server.handle_account_request(db_conn, req) u_out = db.user_with_pk(db_conn, sk.pubkey) assert u_out.rowid assert u_out.nick == 'Saul3' assert u_out.pk == sk.pubkey
def test_account_req_resp_badsig(): db_conn = get_db() sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) u = user.User('Saul3', sk.pubkey) req = SignedMessage.sign(account.AccountReq(u.nick, u.pk), sk) # change message after it has been signed so that it won't verify req.msg_bytes = b'foo' resp = server.handle_account_request(db_conn, req) assert resp.cred is None assert resp.err is account.AuthRespErr.BadSig
def test_authchallengeresp_bad_chal(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) echal = get_chal(u) # use an unknown sk to sign the AuthChallengeResp sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big')) smsg = SignedMessage.sign(account.AuthChallengeResp(echal), sk_unknown) resp = server.handle_authchallengeresp(db_conn, smsg) assert isinstance(resp, account.AuthResp) assert resp.cred is None assert resp.err == SignedMessageErr.UnknownUser
def test_getinfo_unknown_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) # user who signed this message is not even in the db fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big')) gi = SignedMessage.sign(getinfo.GetInfo(u.pk, ecred), fake_sk) gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == SignedMessageErr.UnknownUser
def test_account_req_resp_happy(): db_conn = get_db() sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk) resp = server.handle_account_request(db_conn, req) assert resp.err is None assert isinstance(resp.cred, EncryptedMessage) assert isinstance(resp.cred.dec(server.ENCKEY), SignedMessage) cred, pk_used = resp.cred.dec(server.ENCKEY).unwrap() assert isinstance(cred, account.AccountCred) assert pk_used == server.IDKEY.pubkey
def test_location_update_unknown_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) # user who signed this message is not even in the db fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big')) slu = SignedMessage.sign(lu, fake_sk) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == SignedMessageErr.UnknownUser
def test_account_create_happy(client): sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk) rv = client.post( '/account/create', json=req.to_dict(), ) resp = Message.from_dict(rv.json) assert isinstance(resp, account.AuthResp) assert resp.err is None assert resp.cred is not None user_db = db.user_with_pk(flask.g.db, sk.pubkey) assert user_db.nick == 'Saul3' assert user_db.pk == sk.pubkey valid_cred, _ = server.validate_credchal(resp.cred, user_db) assert valid_cred
def get_credchal( u: user.User, cls: Type[Union[account.AccountCred, account.AuthChallenge]], expire: float, scred_stub: bool = False, scred_munge: bool = False, cred_stub: bool = False, cred_wrong_key: bool = False, cred_expired: bool = False, cred_wrong_user: bool = False, ) -> EncryptedMessage: if scred_stub: ecred = EncryptedMessage.enc(Stub(34444), server.ENCKEY) elif scred_munge: cred = cls(u, expire) scred = SignedMessage.sign(cred, server.IDKEY) scred.msg_bytes = b'fooooo' ecred = EncryptedMessage.enc(scred, server.ENCKEY) elif cred_stub: scred = SignedMessage.sign(Stub(2342), server.IDKEY) ecred = EncryptedMessage.enc(scred, server.ENCKEY) elif cred_wrong_key: sk = crypto.Seckey((9879).to_bytes(32, byteorder='big')) cred = cls(u, expire) scred = SignedMessage.sign(cred, sk) ecred = EncryptedMessage.enc(scred, server.ENCKEY) elif cred_expired: cred = cls(u, time.time() - 0.00001) scred = SignedMessage.sign(cred, server.IDKEY) ecred = EncryptedMessage.enc(scred, server.ENCKEY) elif cred_wrong_user: assert u != U2 fake_u = user.User(U2.nick, U2.pk, rowid=11) cred = cls(fake_u, expire) scred = SignedMessage.sign(cred, server.IDKEY) ecred = EncryptedMessage.enc(scred, server.ENCKEY) else: cred = cls(u, expire) scred = SignedMessage.sign(cred, server.IDKEY) ecred = EncryptedMessage.enc(scred, server.ENCKEY) return ecred
from rela.lib import user from rela.lib import crypto from rela.lib.messages.getinfo import GetInfo, GetInfoLocation, GetInfoResp,\ GetInfoRespErr, GetInfoRespLocation from rela.lib.messages import EncryptedMessage, Stub SK = crypto.Seckey((28379873947).to_bytes(32, byteorder='big')) U = user.User('Foo', SK.pubkey, rowid=420) def really_fake_cred() -> EncryptedMessage: return EncryptedMessage.enc(Stub(1), crypto.Enckey.gen()) def test_getinfo_dict_identity(): first = GetInfo(U.pk, really_fake_cred()) second = GetInfo.from_dict(first.to_dict()) assert first == second def test_getinfo_eq_int(): assert GetInfo(U.pk, really_fake_cred()) != 1 def test_getinfo_dict_no_user(): gi = GetInfo(U.pk, really_fake_cred()) d = gi.to_dict() del d['user_pk'] assert GetInfo.from_dict(d) is None
import pytest from rela.core import server from rela.lib import db, crypto, user, location as loca from rela.lib.messages import SignedMessage, Message, EncryptedMessage from rela.lib.messages import account, location, getinfo import flask import time BAD_JSON_ERR = {'err': 'Must speak json, idiot'} SK1 = crypto.Seckey((111).to_bytes(32, byteorder='big')) SK2 = crypto.Seckey((222).to_bytes(32, byteorder='big')) U1 = user.User('Jim1', SK1.pubkey) # no rowid. must fetch from db again U2 = user.User('Sam2', SK2.pubkey) # no rowid. must fetch from db again @pytest.fixture def client(): success, db_conn = db.connect(':memory:', server.DEF_SCHEMA) assert success db.insert_user(db_conn, U1) db.insert_user(db_conn, U2) with server.app.app_context(): assert 'db' not in flask.g flask.g.db = db_conn with server.app.test_client() as client: yield client pass def get_cred(u: user.User) -> EncryptedMessage: cred = account.AccountCred(u, time.time() + server.CRED_LIFETIME)
from rela.lib import db from rela.lib import user from rela.lib import crypto from rela.lib import location as loca from rela.lib.messages import Stub, SignedMessage, EncryptedMessage, \ CredChalErr, SignedMessageErr from rela.lib.messages import account, getinfo, location from rela.core import server import time import random from typing import Union, Type SK1 = crypto.Seckey((111).to_bytes(32, byteorder='big')) SK2 = crypto.Seckey((222).to_bytes(32, byteorder='big')) U1 = user.User('Jim1', SK1.pubkey) # no rowid. must fetch from db again U2 = user.User('Sam2', SK2.pubkey) # no rowid. must fetch from db again server.IDKEY = crypto.Seckey((98734982984).to_bytes(32, byteorder='big')) server.ENCKEY = crypto.Enckey.gen() def get_db(): success, db_conn = db.connect(':memory:', server.DEF_SCHEMA) assert success db.insert_user(db_conn, U1) db.insert_user(db_conn, U2) return db_conn def insert_many_locs(db_conn, user): def rand_time():