def test_getinfoloc_happy_default(): db_conn = get_db() u_me = db.user_with_pk(db_conn, U1.pk) u_other = db.user_with_pk(db_conn, U2.pk) insert_many_locs(db_conn, u_other) ecred = get_cred(u_me) gi = SignedMessage.sign(getinfo.GetInfoLocation(u_other.pk, ecred), SK1) gir = server.handle_getinfo(db_conn, gi) assert gir.ok assert gir.err is None assert len(gir.locs) == 1
def test_getinfoloc_multiple_count_correct_3(): db_conn = get_db() u_me = db.user_with_pk(db_conn, U1.pk) u_other = db.user_with_pk(db_conn, U2.pk) num_locs = insert_many_locs(db_conn, u_other) ecred = get_cred(u_me) gi = SignedMessage.sign( getinfo.GetInfoLocation(u_other.pk, ecred, count=num_locs + 10), SK1) gir = server.handle_getinfo(db_conn, gi) assert gir.ok assert gir.err is None assert len(gir.locs) == num_locs
def test_account_full_auth_handshake(client): u = db.user_with_pk(flask.g.db, U1.pk) req1 = SignedMessage.sign(account.AuthReq(u.pk), SK1) rv1 = client.post( '/account/challenge/gen', json=req1.to_dict(), ) assert rv1.status_code == 200 echal = Message.from_dict(rv1.json) assert isinstance(echal, EncryptedMessage) schal = EncryptedMessage.dec(echal, server.ENCKEY) assert schal.is_valid() chal, pk_used = schal.unwrap() assert isinstance(chal, account.AuthChallenge) assert pk_used == server.IDKEY.pubkey req2 = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) rv2 = client.post( '/account/challenge/verify', json=req2.to_dict(), ) assert rv2.status_code == 200 resp = Message.from_dict(rv2.json) assert resp.err is None assert isinstance(resp.cred, EncryptedMessage) scred = EncryptedMessage.dec(resp.cred, server.ENCKEY) assert scred.is_valid() cred, pk_used = scred.unwrap() assert isinstance(cred, account.AccountCred) assert pk_used == server.IDKEY.pubkey
def test_getinfoloc_multiple_order_correct_2(): db_conn = get_db() u_me = db.user_with_pk(db_conn, U1.pk) u_other = db.user_with_pk(db_conn, U2.pk) insert_many_locs(db_conn, u_other) # when asking for newest=False, we should get the oldest location first, # thus it should have the min time of all locations min_time = min( [loc.time for loc in db.locations_for_user(db_conn, u_other)]) ecred = get_cred(u_me) gi = SignedMessage.sign( getinfo.GetInfoLocation(u_other.pk, ecred, count=1, newest=False), SK1) gir = server.handle_getinfo(db_conn, gi) assert gir.ok assert gir.err is None assert len(gir.locs) == 1 assert gir.locs[0].time == min_time
def test_getinfo_notimpl(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) gi = SignedMessage.sign(getinfo.GetInfo(U2.pk, ecred), SK1) gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == getinfo.GetInfoRespErr.NotImpl
def test_account_req_resp_db_inserted(): db_conn = get_db() sk = crypto.Seckey((333).to_bytes(32, byteorder='big')) req = SignedMessage.sign(account.AccountReq('Saul3', sk.pubkey), sk) server.handle_account_request(db_conn, req) u_out = db.user_with_pk(db_conn, sk.pubkey) assert u_out.rowid assert u_out.nick == 'Saul3' assert u_out.pk == sk.pubkey
def test_authchallengeresp_expired_cred(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # echal is expired echal = get_chal(u, cred_expired=True) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.cred is None assert resp.err == CredChalErr.BadCred
def test_authchallengeresp_badscred_2(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # echal is correct but contains a broken SignedMessage echal = get_chal(u, scred_munge=True) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.cred is None assert resp.err == CredChalErr.Malformed
def test_authchallengeresp_wrong_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # challenge is for a user other than the one who signed the message echal = get_chal(u, cred_wrong_user=True) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.cred is None assert resp.err == CredChalErr.WrongUser
def test_getinfoloc_multiple_order_correct_3(): db_conn = get_db() u_me = db.user_with_pk(db_conn, U1.pk) u_other = db.user_with_pk(db_conn, U2.pk) num_locs = insert_many_locs(db_conn, u_other) # when not asking for a specfic order, we get the newest location first, # every subsequent location should have a smaller time ecred = get_cred(u_me) gi = SignedMessage.sign( getinfo.GetInfoLocation(u_other.pk, ecred, count=num_locs), SK1) gir = server.handle_getinfo(db_conn, gi) assert gir.ok assert gir.err is None assert len(gir.locs) == num_locs last_time = 999999999999999 for loc in gir.locs: assert loc.time < last_time last_time = loc.time
def test_authchallengeresp_badcred_1(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # echal is correct and contains good SignedMessage, but the SignedMessage # contains a Stub echal = get_chal(u, cred_stub=True) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.cred is None assert resp.err == CredChalErr.Malformed
def test_authchallengeresp_badcred_2(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # echal is correct and contains good SignedMessage, but the SignedMessage # is signed by the wrong key echal = get_chal(u, cred_wrong_key=True) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.cred is None assert resp.err == CredChalErr.BadCred
def test_getinfo_location(client): u_us = db.user_with_pk(flask.g.db, U1.pk) u_them = db.user_with_pk(flask.g.db, U2.pk) ecred = get_cred(u_us) loc = loca.Location(u_them, loca.Coords(12, 34), time.time()) db.insert_location(flask.g.db, loc) gil = getinfo.GetInfoLocation(u_them.pk, ecred, count=1) req = SignedMessage.sign(gil, SK1) rv = client.post( '/getinfo/location', json=req.to_dict(), ) assert rv.status_code == 200 resp = Message.from_dict(rv.json) assert isinstance(resp, getinfo.GetInfoRespLocation) assert resp.ok assert resp.err is None assert len(resp.locs) == 1 assert resp.locs[0] == loc
def test_location_update_badecred_1(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) loc = location.Location(u, loca.Coords(42, 69), time.time()) # use a Stub instead of encrypted signed AccountCred lu = location.LocationUpdate(loc, Stub(90210)) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == location.LocationUpdateRespErr.Malformed
def test_getinfo_unknown_user_in_req(): db_conn = get_db() # ask about a user with a pubkey that doesn't exist fake_pk = crypto.Pubkey((98345).to_bytes(32, byteorder='big')) u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) gi = SignedMessage.sign(getinfo.GetInfo(fake_pk, ecred), SK1) gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == getinfo.GetInfoRespErr.NoSuchUser
def test_getinfo_badcred(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) # munge the cred so it isn't valid ecred.ctext_nonce = b'0000000000000000000000000' gi = SignedMessage.sign(getinfo.GetInfo(u.pk, ecred), SK1) gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == CredChalErr.Malformed
def test_getinfo_badsig(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) gi = SignedMessage.sign(getinfo.GetInfo(u.pk, ecred), SK1) # munge the signed message so it doesn't verify gi.msg_bytes = b'nnnnnnnnnnnnnnnnnnnnnnnnaaaaaaaaaaaa' gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == SignedMessageErr.BadSig
def test_getinfo_unknown_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) # user who signed this message is not even in the db fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big')) gi = SignedMessage.sign(getinfo.GetInfo(u.pk, ecred), fake_sk) gir = server.handle_getinfo(db_conn, gi) assert isinstance(gir, getinfo.GetInfoResp) assert not gir.ok assert gir.err == SignedMessageErr.UnknownUser
def test_location_update_malformed(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) _ = get_cred(u) # Sign a Stub instead of a LocationUpate slu = SignedMessage.sign(Stub(90210), SK1) resp = server.handle_location_update(db_conn, slu) assert type(resp) == location.LocationUpdateResp assert not resp.ok assert resp.cred is None # TODO assert resp.err == location.LocationUpdateRespErr.Malformed
def test_authchallengeresp_bad_chal(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) echal = get_chal(u) # use an unknown sk to sign the AuthChallengeResp sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big')) smsg = SignedMessage.sign(account.AuthChallengeResp(echal), sk_unknown) resp = server.handle_authchallengeresp(db_conn, smsg) assert isinstance(resp, account.AuthResp) assert resp.cred is None assert resp.err == SignedMessageErr.UnknownUser
def test_location_update_badscred_2(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # ecred is correct but contains a broken SignedMessage ecred = get_cred(u, scred_munge=True) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == CredChalErr.Malformed
def test_authchallengeresp_happy(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) echal = get_chal(u) sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1) resp = server.handle_authchallengeresp(db_conn, sacr) assert resp.err is None assert isinstance(resp.cred, EncryptedMessage) scred = EncryptedMessage.dec(resp.cred, server.ENCKEY) cred, pk_used = SignedMessage.unwrap(scred) assert pk_used == server.IDKEY.pubkey assert cred.expire > time.time()
def test_location_update_expired_cred(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # cred is expired ecred = get_cred(u, cred_expired=True) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == CredChalErr.BadCred
def test_location_update_wrong_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # credential is for a user other than the one who signed the message ecred = get_cred(u, cred_wrong_user=True) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == CredChalErr.WrongUser
def test_location_update_unknown_user(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) # user who signed this message is not even in the db fake_sk = crypto.Seckey((1).to_bytes(32, byteorder='big')) slu = SignedMessage.sign(lu, fake_sk) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == SignedMessageErr.UnknownUser
def test_location_update_db_inserted(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) server.handle_location_update(db_conn, slu) db_locs = list(db.locations_for_user(db_conn, u)) assert len(db_locs) == 1 assert loc.rowid is None loc.rowid = db_locs[0].rowid assert db_locs[0] == loc
def test_location_update_badecred_3(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) # munge the enc part of the encrypted signed account cred ecred.ctext_nonce = b'fooooo' loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == CredChalErr.Malformed
def test_authreq_happy(): db_conn = get_db() smsg = SignedMessage.sign(account.AuthReq(SK1.pubkey), SK1) resp = server.handle_authreq(db_conn, smsg) assert isinstance(resp, EncryptedMessage) schal = EncryptedMessage.dec(resp, server.ENCKEY) assert isinstance(schal, SignedMessage) assert schal.is_valid() chal, pk_used = schal.unwrap() assert isinstance(chal, account.AuthChallenge) assert pk_used == server.IDKEY.pubkey assert chal.user == db.user_with_pk(db_conn, chal.user.pk) assert chal.expire > time.time()
def test_location_update_badcred_2(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) # ecred is correct and contains good SignedMessage, but the SignedMessage # is signed by the wrong key ecred = get_cred(u, cred_wrong_key=True) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) resp = server.handle_location_update(db_conn, slu) assert not resp.ok assert resp.cred is None # TODO assert resp.err == CredChalErr.BadCred
def test_location_update_badsig(): db_conn = get_db() u = db.user_with_pk(db_conn, U1.pk) ecred = get_cred(u) loc = location.Location(u, loca.Coords(42, 69), time.time()) lu = location.LocationUpdate(loc, ecred) slu = SignedMessage.sign(lu, SK1) # ruin the sig in the signed location update slu.msg_bytes = b'foo' resp = server.handle_location_update(db_conn, slu) assert type(resp) == location.LocationUpdateResp assert not resp.ok assert resp.cred is None # TODO assert resp.err == SignedMessageErr.BadSig