def test_authchallengeresp_not_authreq():
db_conn = get_db()
# Sign something other than an AuthChallengeResp
smsg = SignedMessage.sign(Stub(1), SK1)
resp = server.handle_authchallengeresp(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == account.AuthRespErr.Malformed
def test_authchallengeresp_wrong_user():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
# challenge is for a user other than the one who signed the message
echal = get_chal(u, cred_wrong_user=True)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.cred is None
assert resp.err == CredChalErr.WrongUser
def test_authchallengeresp_expired_cred():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
# echal is expired
echal = get_chal(u, cred_expired=True)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.cred is None
assert resp.err == CredChalErr.BadCred
def test_authchallengeresp_badscred_2():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
# echal is correct but contains a broken SignedMessage
echal = get_chal(u, scred_munge=True)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.cred is None
assert resp.err == CredChalErr.Malformed
def test_authchallengeresp_badcred_2():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
# echal is correct and contains good SignedMessage, but the SignedMessage
# is signed by the wrong key
echal = get_chal(u, cred_wrong_key=True)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.cred is None
assert resp.err == CredChalErr.BadCred
def test_authchallengeresp_badcred_1():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
# echal is correct and contains good SignedMessage, but the SignedMessage
# contains a Stub
echal = get_chal(u, cred_stub=True)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.cred is None
assert resp.err == CredChalErr.Malformed
def test_authchallengeresp_bad_sig():
db_conn = get_db()
pk = crypto.Pubkey((2398).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthReq(pk), SK1)
# munge the signature data
smsg.msg_bytes = b'fooooo'
resp = server.handle_authchallengeresp(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.BadSig
def test_authchallengeresp_bad_chal():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
echal = get_chal(u)
# use an unknown sk to sign the AuthChallengeResp
sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthChallengeResp(echal), sk_unknown)
resp = server.handle_authchallengeresp(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.UnknownUser
def test_authchallengeresp_happy():
db_conn = get_db()
u = db.user_with_pk(db_conn, U1.pk)
echal = get_chal(u)
sacr = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
resp = server.handle_authchallengeresp(db_conn, sacr)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
cred, pk_used = SignedMessage.unwrap(scred)
assert pk_used == server.IDKEY.pubkey
assert cred.expire > time.time()