def setUp(self):
     db = PandasDatabase(str(uuid.uuid4()))
     self.app = BottleShip(pddb=db, debug=True)
Exemplo n.º 2
0
class TestBottleshipLogout(unittest.TestCase):

    def setUp(self):
        db = PandasDatabase(str(uuid.uuid4()))
        self.app = BottleShip(pddb=db, debug=True)

    def tearDown(self):
        self.app.pddb.drop_all()


    ### Utility functions ###

    def register_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))

    def login_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.login(_request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))


    ### Logout tests ###

    def test_logout_default(self):
        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token, cookie_only=False)
        self.assertEqual(res.status_code, 200)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 403)


    def test_logout_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token, cookie_only=False)
        self.assertEqual(res.status_code, 200)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 403)

    def test_logout_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token, cookie_only=False)
        self.assertEqual(res.status_code, 200)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 403)

    def test_logout_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        res = self.app.logout(token=token, cookie_only=False)
        self.assertEqual(res.status_code, 200)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 403)

    def test_logout_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        res = self.app.logout(token=token, cookie_only=False)
        self.assertEqual(res.status_code, 200)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 403)


    ### Logout without cookie bypass ###

    def test_logout_cookie_only_default(self):
        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token)
        self.assertEqual(res.status_code, 400)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)


    def test_logout_cookie_only_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token)
        self.assertEqual(res.status_code, 400)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

    def test_logout_cookie_only_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

        res = self.app.logout(token=token)
        self.assertEqual(res.status_code, 400)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

    def test_logout_cookie_only_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        res = self.app.logout(token=token)
        self.assertEqual(res.status_code, 400)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)

    def test_logout_cookie_only_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        res = self.app.logout(token=token)
        self.assertEqual(res.status_code, 400)

        res = self.app._authenticate(token=token)
        self.assertEqual(res.status_code, 200)


    ### Logout wrong token tests ###

    def test_logout_wrong_token_default(self):
        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)

    def test_logout_wrong_token_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)

    def test_logout_wrong_token_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        token = str(json.loads(res.body).get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)

    def test_logout_wrong_token_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

    def test_logout_wrong_token_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))
        token = str(user_info.get('Token'))

        res = self.app.logout(token='1234')
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))
class TestBottleshipRegister(unittest.TestCase):

    def setUp(self):
        db = PandasDatabase(str(uuid.uuid4()))
        self.app = BottleShip(pddb=db, debug=True)

    def tearDown(self):
        self.app.pddb.drop_all()


    ### Utility functions ###

    def register_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))

    def test_security_unsupported(self):
        res = self.app.register(user_info={'SecurityLevel': None})
        self.assertEqual(res.status_code, 400)


    ### Register tests ###

    def test_register_without_password_default(self):
        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

    def test_register_without_password_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext', 'CustomField': name}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)
        user_info = json.loads(res.body)
        for k,v in req.items():
            self.assertEqual(user_info.get(k), req.get(k))

    def test_register_without_password_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr', 'CustomField': name}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)
        user_info = json.loads(res.body)
        for k,v in req.items():
            self.assertEqual(user_info.get(k), req.get(k))

    def test_register_without_password_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac', 'CustomField': name}
        user_info = self.register_hmac(data, key)
        for k,v in data.items():
            self.assertEqual(user_info.get(k), data.get(k))

    def test_register_without_password_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr', 'CustomField': name}
        user_info = self.register_hmac(data, key)
        for k,v in data.items():
            self.assertEqual(user_info.get(k), data.get(k))

    def test_register_with_password_default(self):
        name = self.id()
        password = self.id()
        res = self.app.register(username=name, password=password)
        self.assertEqual(res.status_code, 200)

    def test_register_with_password_plaintext(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext', 'CustomField': name}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)
        user_info = json.loads(res.body)
        for k,v in req.items():
            self.assertEqual(user_info.get(k), req.get(k))

    def test_register_with_password_ipaddr(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr', 'CustomField': name}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)
        user_info = json.loads(res.body)
        for k,v in req.items():
            self.assertEqual(user_info.get(k), req.get(k))

    def test_register_with_password_hmac(self):
        name = self.id()
        password = self.id()
        key = '1234'
        data = {'Username': name, 'Password': password, 'SecurityLevel': 'hmac', 'CustomField': name}
        user_info = self.register_hmac(data, key)
        for k,v in data.items():
            if k == 'Password': continue
            self.assertEqual(user_info.get(k), data.get(k))

    def test_register_with_password_hmac_ipaddr(self):
        name = self.id()
        password = self.id()
        key = '1234'
        data = {'Username': name, 'Password': password, 'SecurityLevel': 'hmac+ipaddr', 'CustomField': name}
        user_info = self.register_hmac(data, key)
        for k,v in data.items():
            if k == 'Password': continue
            self.assertEqual(user_info.get(k), data.get(k))

    def test_register_fail_default(self):
        name = self.id()
        res = self.app.register(username=name, password=object())
        self.assertEqual(res.status_code, 400)

        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 400)

        name = self.id()
        res = self.app.register(username='')
        self.assertEqual(res.status_code, 400)

        name = self.id()
        res = self.app.register(username=object())
        self.assertEqual(res.status_code, 400)

        name = self.id()
        res = self.app.register()
        self.assertEqual(res.status_code, 400)

    def test_register_fail_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, password=object(), user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.register(username='', user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(username=object(), user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)

    def test_register_fail_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr', 'CustomField': name}
        res = self.app.register(username=name, password=object(), user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.register(username='', user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(username=object(), user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)

    def test_register_fail_hmac(self):
        name = self.id()
        key = '1234'
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        #data = {'Username': None, 'SecurityLevel': 'hmac'}
        ##req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        #res = self.app.register(user_info=req)
        #self.assertEqual(res.status_code, 400)
        #self.assertTrue(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': '1234'}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac'}
        req = {'Data': '1234', 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))
        data = {'Username': name, 'SecurityLevel': 'hmac'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

    def test_register_fail_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        #data = {'Username': None, 'SecurityLevel': 'hmac+ipaddr'}
        #req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        #res = self.app.register(user_info=req)
        #self.assertEqual(res.status_code, 400)
        #self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': '1234'}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': '1234', 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.key_exchange('hmac+ipaddr', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))

        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))
Exemplo n.º 4
0
class TestBottleshipLogin(unittest.TestCase):

    def setUp(self):
        db = PandasDatabase(str(uuid.uuid4()))
        self.app = BottleShip(pddb=db, debug=True)

    def tearDown(self):
        self.app.pddb.drop_all()


    ### Utility functions ###

    def register_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.register(user_info=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))

    def login_hmac(self, user_info, key):
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = json.loads(bottleship.data_decode(res.body, key)).get('Token')

        user_info = user_info if isinstance(user_info, str) else json.dumps(user_info)
        req = {'Data': bottleship.data_encode(json.dumps(user_info), key), 'Token': token}
        res = self.app.login(_request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        return json.loads(bottleship.data_decode(res.body, key))

    def test_login_wrong_username_default(self):
        res = self.app.login()
        self.assertEqual(res.status_code, 400)

        res = self.app.login(username='')
        self.assertEqual(res.status_code, 400)

        res = self.app.login(username=object())
        self.assertEqual(res.status_code, 400)

        res = self.app.login(username='******')
        self.assertEqual(res.status_code, 403)

   
    ### Login without password tests ###

    def test_login_without_password_default(self):
        name = self.id()
        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), 'plaintext')

    def test_login_without_password_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

    def test_login_without_password_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel':'plaintext+ipaddr'}
        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

    def test_login_without_password_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        # Switch to plaintext and try login again
        req = {'Username': name, 'SecurityLevel': 'plaintext'}
        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

    def test_login_without_password_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        # Switch to plaintext and try login again
        req = {'Username': name, 'SecurityLevel': 'plaintext'}
        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel') + '+ipaddr')

   
    ### Login with password tests ###

    def test_login_with_password_default(self):
        name = self.id()
        password = self.id()
        res = self.app.register(username=name, password=password)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=password)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), 'plaintext')

    def test_login_with_password_plaintext(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=password)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

    def test_login_with_password_ipaddr(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=password)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

    def test_login_with_password_hmac(self):
        name = self.id()
        password = self.id()
        key = '1234'
        data = {'Username': name, 'Password': password, 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

    def test_login_with_password_hmac_ipaddr(self):
        name = self.id()
        password = self.id()
        key = '1234'
        data = {'Username': name, 'Password': password, 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

   
    ### Login empty password tests ###

    def test_login_empty_password_default(self):
        name = self.id()
        password = ''
        res = self.app.register(username=name, password=password)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=None)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=password)
        self.assertEqual(res.status_code, 200)

    def test_login_empty_password_plaintext(self):
        name = self.id()
        password = ''
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=None, _request_fallback=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=password, _request_fallback=req)
        self.assertEqual(res.status_code, 200)

    def test_login_empty_password_ipaddr(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, password='', user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=None, _request_fallback=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password='', _request_fallback=req)
        self.assertEqual(res.status_code, 200)

    def test_login_empty_password_hmac(self):
        name = self.id()
        password = ''
        key = '1234'
        data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

    def test_login_empty_password_hmac_ipaddr(self):
        name = self.id()
        password = ''
        key = '1234'
        data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        json_str = '{' + ','.join(['"%s":"%s"' % (k,v) for k,v in data.items()]) + '}' 
        user_info = self.login_hmac(json_str, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

   
    ### Login wrong password tests ###

    def test_login_wrong_password_default(self):
        name = self.id()
        password = self.id()
        res = self.app.register(username=name, password=password)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password='******')
        self.assertEqual(res.status_code, 403)

    def test_login_wrong_password_plaintext(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext'}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.login(username=name, password=object())
        self.assertEqual(res.status_code, 400)

        res = self.app.login(username=name, password='******')
        self.assertEqual(res.status_code, 403)

    def test_login_wrong_password_ipaddr(self):
        name = self.id()
        password = self.id()
        req = {'SecurityLevel': 'plaintext+ipaddr'}
        res = self.app.register(username=name, password=password, user_info=req)
        self.assertEqual(res.status_code, 200)

        res = self.app.register(username=name, password=object(), user_info=req)
        self.assertEqual(res.status_code, 400)

        res = self.app.login(username=name, password='******')
        self.assertEqual(res.status_code, 403)

    def test_login_wrong_password_hmac(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        res = self.app.login(username=name, _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password=object(), _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='******', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

    def test_login_wrong_password_hmac_ipaddr(self):
        name = self.id()
        key = '1234'
        data = {'Username': name, 'Password': '', 'SecurityLevel': 'hmac+ipaddr'}
        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        res = self.app.login(username=name, _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password=object(), _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        res = self.app.login(username=name, password='******', _request_fallback=data)
        self.assertEqual(res.status_code, 400)
        self.assertFalse(bottleship.data_is_encoded(res.body))


    ### Login new IP tests ###

    def test_login_newip_default(self):
        name = self.id()

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        res = self.app.register(username=name)
        self.assertEqual(res.status_code, 200)

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

    def test_login_newip_plaintext(self):
        name = self.id()
        req = {'SecurityLevel': 'plaintext'}

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 200)

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

    def test_login_newip_ipaddr(self):
        name = self.id()
        req = {'SecurityLevel':'plaintext+ipaddr'}

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        res = self.app.register(username=name, user_info=req)
        self.assertEqual(res.status_code, 200)

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        res = self.app.login(username=name)
        self.assertEqual(res.status_code, 403)

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

    def test_login_newip_hmac(self):
        name = self.id()
        password = ''
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac'}

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        key = '5678'
        user_info = self.login_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        # Switch to plaintext and try login again
        req = {'Username': name, 'SecurityLevel': 'plaintext'}
        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 200)
        self.assertEqual(json.loads(res.body).get('SecurityLevel'), req.get('SecurityLevel'))

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')


    def test_login_newip_hmac_ipaddr(self):
        name = self.id()
        password = ''
        key = '1234'
        data = {'Username': name, 'SecurityLevel': 'hmac+ipaddr'}

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')

        user_info = self.register_hmac(data, key)
        self.assertEqual(user_info.get('SecurityLevel'), data.get('SecurityLevel'))

        bottle.request.environ['REMOTE_ADDR'] = '1234'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '1234')

        key = '5678'
        res = self.app.key_exchange('hmac', key)
        self.assertEqual(res.status_code, 200)
        self.assertTrue(bottleship.data_is_encoded(res.body))
        token = str(json.loads(bottleship.data_decode(res.body, key)).get('Token'))

        req = {'Data': bottleship.data_encode(json.dumps(data), key), 'Token': token}
        res = self.app.login(_request_fallback=req)
        self.assertEqual(res.status_code, 403)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        # Switch to plaintext and try login again
        req = {'Username': name, 'SecurityLevel': 'plaintext'}
        res = self.app.login(username=name, _request_fallback=req)
        self.assertEqual(res.status_code, 403)
        self.assertFalse(bottleship.data_is_encoded(res.body))

        bottle.request.environ['REMOTE_ADDR'] = '127.0.0.1'
        self.assertEqual(bottle.request.environ['REMOTE_ADDR'], '127.0.0.1')