def test_fail_uri_verification_if_invalid_insecure(self):
bad_bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bad_bitid_uri, CALLBACK_URI)
self.assertFalse(is_valid)
bad_bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bad_bitid_uri, SEC_CALLBACK_URI)
self.assertFalse(is_valid)
def test_fail_uri_verification_if_invalid_insecure(self):
bad_bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bad_bitid_uri, CALLBACK_URI)
self.assertFalse(is_valid)
bad_bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bad_bitid_uri, SEC_CALLBACK_URI)
self.assertFalse(is_valid)
def login():
'''
This function initializes the authentication process
It builds a challenge which is sent to the client
'''
# Initializes a new session id and stores it in the session cookie
# If user was authenticated, it will be similar to a log out
session["sid"] = str(uuid.uuid4())
session["uid"] = None
# Creates a new nonce associated to this session
nonce = Nonce(session["sid"])
# Stores the nonce in database
nonce_db_service.create_nonce(nonce)
# Gets the callback uri
callback_uri = get_callback_uri()
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
# Renders the login page
params_tpl = {
"callback_uri": callback_uri,
"bitid_uri": bitid_uri,
"qrcode": qrcode
}
return render_template('login.html', params_tpl=params_tpl)
def include_challenge(self):
"""Created a new challenge only when no data is provided by user."""
if not self.data:
new_challenge = bitid.build_uri(
self.request.build_absolute_uri(), Challenge.objects.generate()
)
self.initial["challenge"] = new_challenge
def get(self, request):
"""
This function initializes the authentication process
It builds a challenge which is sent to the client
"""
# Creates a new nonce associated to this session
nonce = Nonce()
nonce.save()
# Gets the callback uri
callback_uri = self.get_callback_uri(request)
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
context = {
"callback_uri": callback_uri,
"bitid_uri": bitid_uri,
"qrcode": qrcode
}
return render(request, self.template_name, context)
def get(self, request):
"""
This function initializes the authentication process
It builds a challenge which is sent to the client
"""
# Creates a new nonce associated to this session
sid = request.session._get_or_create_session_key()
nonce = Nonce(sid=sid)
nonce.save()
# Gets the callback uri
callback_uri = self.get_callback_uri(request)
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
context = {
"callback_uri": callback_uri,
"bitid_uri": bitid_uri,
"qrcode": qrcode
}
return render(request, self.template_name, context)
def test_build_uri_unsecure(self):
try:
bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
regexp = "\Abitid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+&u=1\Z"
self.assertRegex(bitid_uri, regexp)
except:
pass
def test_build_uri_unsecure(self):
try:
bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
regexp = "\Abitid\:\/\/localhost\:3000\/callback\?x=[a-z0-9]+&u=1\Z"
self.assertRegex(bitid_uri, regexp)
except:
pass
def test_build_uri(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
parsed = urlparse(bitid_uri)
qs_bitid = parse_qs(parsed.query, strict_parsing=True)
qs_nonce = qs_bitid.get(bitid.PARAM_NONCE, "")
self.assertIsNotNone(bitid_uri)
self.assertEqual(bitid.BITID_SCHEME, parsed.scheme)
self.assertEqual(NETLOC, parsed.netloc)
self.assertEqual(PATH, parsed.path)
self.assertEqual(len(qs_nonce), 1)
self.assertEqual(qs_nonce[0], NONCE)
def test_build_uri(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
parsed = urlparse(bitid_uri)
qs_bitid = parse_qs(parsed.query, strict_parsing=True)
qs_nonce = qs_bitid.get(bitid.PARAM_NONCE, "")
self.assertIsNotNone(bitid_uri)
self.assertEqual(bitid.BITID_SCHEME, parsed.scheme)
self.assertEqual(NETLOC, parsed.netloc)
self.assertEqual(PATH, parsed.path)
self.assertEqual(len(qs_nonce), 1)
self.assertEqual(qs_nonce[0], NONCE)
def prepare_bitid_challenge(callback_uri):
# Creates a new nonce associated to this session
nonce = Nonce(session["sid"])
nonce.uid = session.get("uid", None)
# Stores the nonce in database
nonce_db_service.create_nonce(nonce)
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
# Returns a dictionary storing data related to the challenge
return {"callback_uri": callback_uri, "bitid_uri": bitid_uri, "qrcode": qrcode}
def prepare_bitid_challenge(callback_uri):
# Creates a new nonce associated to this session
nonce = Nonce(session["sid"])
nonce.uid = session.get("uid", None)
# Stores the nonce in database
nonce_db_service.create_nonce(nonce)
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
# Returns a dictionary storing data related to the challenge
return {
"callback_uri": callback_uri,
"bitid_uri": bitid_uri,
"qrcode": qrcode
}
def login():
'''
This function initializes the authentication process
It builds a challenge which is sent to the client
'''
# Initializes a new session id and stores it in the session cookie
# If user was authenticated, it will be similar to a log out
session["sid"] = str(uuid.uuid4())
session["uid"] = None
# Creates a new nonce associated to this session
nonce = Nonce(session["sid"])
# Stores the nonce in database
nonce_db_service.create_nonce(nonce)
# Gets the callback uri
callback_uri = get_callback_uri()
# Builds the challenge (bitid uri)
bitid_uri = bitid.build_uri(callback_uri, nonce.nid)
# Gets the qrcode uri
qrcode = bitid.qrcode(bitid_uri)
# Renders the login page
params_tpl = {"callback_uri": callback_uri, "bitid_uri": bitid_uri, "qrcode": qrcode}
return render_template('login.html', params_tpl=params_tpl)
def test_verify_uri(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bitid_uri, CALLBACK_URI)
self.assertTrue(is_valid)
def test_fail_verification_if_signature_text_doesnt_match(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
bad_signature = "H4/hhdnxtXHduvCaA+Vnf0TM4UqdljTsbdIfltwx9+w50gg3mxy8WgLSLIiEjTnxbOPW9sNRzEfjibZXnWEpde4="
is_valid = bitid.signature_valid(ADDRESS, bad_signature, bitid_uri, CALLBACK_URI)
self.assertFalse(is_valid)
def test_verify_signature(self):
bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
is_valid = bitid.signature_valid(ADDRESS, SIGNATURE, bitid_uri,
SEC_CALLBACK_URI)
self.assertTrue(is_valid)
def test_verify_uri(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.uri_valid(bitid_uri, CALLBACK_URI)
self.assertTrue(is_valid)
def test_fail_verification_if_signature_text_doesnt_match(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
bad_signature = "H4/hhdnxtXHduvCaA+Vnf0TM4UqdljTsbdIfltwx9+w50gg3mxy8WgLSLIiEjTnxbOPW9sNRzEfjibZXnWEpde4="
is_valid = bitid.signature_valid(ADDRESS, bad_signature, bitid_uri,
CALLBACK_URI)
self.assertFalse(is_valid)
def test_fail_verification_if_invalid_signature(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.signature_valid(ADDRESS, "garbage", bitid_uri,
CALLBACK_URI)
self.assertFalse(is_valid)
def get(self, request, format=None):
"""Returns a new challenge for the login."""
serializer = ChallengeSerializer(instance=Challenge.objects.generate())
serializer.data["challenge"] = bitid.build_uri(
request.build_absolute_uri(), serializer.data["challenge"])
return Response(serializer.data, status=status.HTTP_200_OK)
def gen_challenge(request, challenge):
return bitid.build_uri(request.build_absolute_uri(), challenge)
def test_fail_verification_if_invalid_signature(self):
bitid_uri = bitid.build_uri(CALLBACK_URI, NONCE)
is_valid = bitid.signature_valid(ADDRESS, "garbage", bitid_uri, CALLBACK_URI)
self.assertFalse(is_valid)
def gen_challenge():
return bitid.build_uri(EXAMPLE_LOGIN_URL, Challenge.objects.generate())
def test_verify_signature(self):
bitid_uri = bitid.build_uri(SEC_CALLBACK_URI, NONCE)
is_valid = bitid.signature_valid(ADDRESS, SIGNATURE, bitid_uri, SEC_CALLBACK_URI)
self.assertTrue(is_valid)
