def test_user_management(zeo_server):
storage = client_storage(zeo_server,
username="******", password=TEST_PASSPHRASE, realm="ZERO")
pk0 = ecc.private("passY").get_pubkey()
pk = ecc.private("passX").get_pubkey()
storage.add_user("userX", pk0)
storage.change_key("userX", pk)
storage = client_storage(zeo_server,
username="******", password="******", realm="ZERO")
with pytest.raises(AssertionError):
storage.add_user("shouldfail", pk)
def get_pubkey(username, password):
pub = ecc.private(str(password), (str(username), str(_realm)),
kdf=kdf).get_pubkey()
if six.PY2:
return pub.encode("hex")
else:
return pub.hex()
def get_pubkey(username, password):
pub = ecc.private(
str(password), (str(username), str(_realm)), kdf=kdf).get_pubkey()
if six.PY2:
return pub.encode("hex")
else:
return pub.hex()
def test_db_users(pass_db):
pk1 = ecc.private("pass1").get_pubkey()
pk2 = ecc.private("pass2").get_pubkey()
pk3 = ecc.private("pass3").get_pubkey()
pass_db.add_user("user1", pk1, administrator=True)
pass_db.add_user("user2", pk2)
pass_db.add_user("user3", pk3)
pass_db.del_user("user3")
pass_db.change_key("user2", pk3)
assert pass_db["user1"].administrator
assert not pass_db["user2"].administrator
assert pass_db["user1"].pubkey == pk1
assert pass_db["user2"].pubkey == pk3
with pytest.raises(LookupError):
pass_db["user3"]
def test_user_management(zeo_server):
storage = client_storage(zeo_server,
username="******",
password=TEST_PASSPHRASE,
realm="ZERO")
pk0 = ecc.private("passY").get_pubkey()
pk = ecc.private("passX").get_pubkey()
storage.add_user("userX", pk0)
storage.change_key("userX", pk)
storage = client_storage(zeo_server,
username="******",
password="******",
realm="ZERO")
with pytest.raises(AssertionError):
storage.add_user("shouldfail", pk)
def test_db_users(pass_db):
pk1 = ecc.private("pass1").get_pubkey()
pk2 = ecc.private("pass2").get_pubkey()
pk3 = ecc.private("pass3").get_pubkey()
pass_db.add_user("user1", pk1, administrator=True)
pass_db.add_user("user2", pk2)
pass_db.add_user("user3", pk3)
pass_db.del_user("user3")
pass_db.change_key("user2", pk3)
assert pass_db["user1"].administrator
assert not pass_db["user2"].administrator
assert pass_db["user1"].pubkey == pk1
assert pass_db["user2"].pubkey == pk3
with pytest.raises(LookupError):
pass_db["user3"]
def test_user_management(zeo_server, abort):
storage = client_storage(
zeo_server, username="******", password=TEST_PASSPHRASE, realm="ZERO")
pk1 = ecc.private("passY", ("userX", "ZERO"), kdf=kdf).get_pubkey()
pk2 = ecc.private("passX", ("userX", "ZERO"), kdf=kdf).get_pubkey()
with transaction.manager:
storage.add_user("userX", pk1)
storage.change_key("userX", pk2)
with pytest.raises(LookupError):
storage.add_user("userX", pk1)
storage = client_storage(
zeo_server, username="******", password="******", realm="ZERO")
with pytest.raises(AssertionError):
storage.add_user("shouldfail", pk1)
def test_db_users(pass_db, abort):
pk1 = ecc.private("pass1", ("user1", "ZERO"), kdf=kdf).get_pubkey()
pk2 = ecc.private("pass2", ("user2", "ZERO"), kdf=kdf).get_pubkey()
pk3 = ecc.private("pass3", ("user3", "ZERO"), kdf=kdf).get_pubkey()
with transaction.manager:
pass_db.add_user("user1", pk1, administrator=True)
pass_db.add_user("user2", pk2)
pass_db.add_user("user3", pk3)
pass_db.del_user("user3")
pass_db.change_key("user2", pk3)
assert pass_db["user1"].administrator
assert not pass_db["user2"].administrator
assert pass_db["user1"].pubkey == pk1
assert pass_db["user2"].pubkey == pk3
with pytest.raises(LookupError):
pass_db["user3"]
def test_user_management_abort(zeo_server, abort):
storage = client_storage(
zeo_server, username="******", password=TEST_PASSPHRASE, realm="ZERO")
pk1 = ecc.private("passY", ("userY", "ZERO"), kdf=kdf).get_pubkey()
storage.add_user("userY", pk1)
with pytest.raises(LookupError):
storage.add_user("userY", pk1)
transaction.abort()
def init_db(path, absolute_path):
"""
Initialize database if doesn't exist.
Creates conf/ directory with config files and db/ with database files
"""
if path:
if not os.path.exists(path):
raise IOError("Path provided doesn't exist")
else:
path = os.getcwd()
if absolute_path:
authdb_path = os.path.join(path, "conf", "authdb.conf")
dbfile_path = os.path.join(path, "db", "db.fs")
else:
authdb_path = os.path.join("conf", "authdb.conf")
dbfile_path = os.path.join("db", "db.fs")
conf_dir = os.path.join(path, "conf")
db_dir = os.path.join(path, "db")
authdb_conf = os.path.join(conf_dir, "authdb.conf")
zcml_conf = os.path.join(conf_dir, "server.zcml")
if os.path.exists(authdb_conf) or os.path.exists(zcml_conf):
raise IOError("Config files already exist, remove them or edit")
if not os.path.exists(conf_dir):
os.mkdir(conf_dir)
if not os.path.exists(db_dir):
os.mkdir(db_dir)
key = ecc.private(_passphrase).get_pubkey()
if six.PY2:
key = key.encode('hex')
else:
key = key.hex()
authdb_content = PERMISSIONS_TEMPLATE.format(
username=_username,
passphrase=key)
zcml_content = ZEO_TEMPLATE.format(
sock=_sock if isinstance(_sock, six.string_types) else "{0}:{1}".format(*_sock),
authdb=authdb_path,
dbfile=dbfile_path)
with open(authdb_conf, "w") as f:
f.write(authdb_content)
with open(zcml_conf, "w") as f:
f.write(zcml_content)
click.echo("Config files created, you can start zerodb-server")
def start(self, username, realm, password):
priv = ecc.private(password)
_realm, challenge, nonce = self.stub.auth_get_challenge()
# _realm is str, challenge is 32-byte hash, nonce as well
if _realm != realm:
raise AuthError("expected realm %r, got realm %r"
% (_realm, realm))
h_up = hashlib.sha256("%s:%s:%s" % (username, realm, priv.get_pubkey())).digest()
check = hashlib.sha256("%s:%s" % (h_up, challenge)).digest()
sig = priv.sign(check)
result = self.stub.auth_response((username, challenge, sig))
if result:
return base.session_key(h_up, nonce)
else:
return None
def start(self, username, realm, password):
priv = ecc.private(password)
_realm, challenge, nonce = self.stub.auth_get_challenge()
# _realm is str, challenge is 32-byte hash, nonce as well
if _realm != realm:
raise AuthError("expected realm %r, got realm %r"
% (_realm, realm))
h_up = hashlib.sha256(b"%s:%s:%s" % (username.encode(), realm.encode(), priv.get_pubkey())).digest()
check = hashlib.sha256(b"%s:%s" % (h_up, challenge)).digest()
sig = priv.sign(check)
result = self.stub.auth_response((username, challenge, sig))
if result:
return base.session_key(h_up, nonce)
else:
return None
def init_db(path, absolute_path):
"""
Initialize database if doesn't exist.
Creates conf/ directory with config files and db/ with database files
"""
if path:
if not os.path.exists(path):
raise IOError("Path provided doesn't exist")
else:
path = os.getcwd()
if absolute_path:
authdb_path = os.path.join(path, "conf", "authdb.conf")
dbfile_path = os.path.join(path, "db", "db.fs")
else:
authdb_path = os.path.join("conf", "authdb.conf")
dbfile_path = os.path.join("db", "db.fs")
conf_dir = os.path.join(path, "conf")
db_dir = os.path.join(path, "db")
authdb_conf = os.path.join(conf_dir, "authdb.conf")
zcml_conf = os.path.join(conf_dir, "server.zcml")
if os.path.exists(authdb_conf) or os.path.exists(zcml_conf):
raise IOError("Config files already exist, remove them or edit")
if not os.path.exists(conf_dir):
os.mkdir(conf_dir)
if not os.path.exists(db_dir):
os.mkdir(db_dir)
key = ecc.private(_passphrase).get_pubkey().encode("hex")
authdb_content = PERMISSIONS_TEMPLATE.format(username=_username,
passphrase=key)
zcml_content = ZEO_TEMPLATE.format(
sock=_sock if isinstance(_sock, basestring) else "{0}:{1}".format(
*_sock),
authdb=authdb_path,
dbfile=dbfile_path)
with open(authdb_conf, "w") as f:
f.write(authdb_content)
with open(zcml_conf, "w") as f:
f.write(zcml_content)
click.echo("Config files created, you can start zerodb-server")
def test_db_users_abort(pass_db, abort):
transaction.begin()
pk4 = ecc.private("pass1", ("user4", "ZERO"), kdf=kdf).get_pubkey()
pass_db.add_user("user4", pk4)
pass_db["user4"]
with pytest.raises(LookupError):
pass_db.add_user("user4", pk4)
transaction.abort()
with pytest.raises(LookupError):
pass_db["user4"]
pass_db.add_user("user4", pk4)
import tempfile from time import sleep from multiprocessing import Process from os import path import zerodb from zerodb.crypto import ecc from zerodb.permissions import elliptic from zerodb.permissions import base as permissions_base from zerodb.storage import ZEOServer from zerodb.util import encode_hex from db import TEST_PASSPHRASE from db import create_objects_and_close, add_wiki_and_close TEST_PUBKEY = ecc.private(TEST_PASSPHRASE).get_pubkey() TEST_PUBKEY_3 = ecc.private(TEST_PASSPHRASE + " third").get_pubkey() TEST_PERMISSIONS = """realm ZERO root:%s third:%s""" % (encode_hex(TEST_PUBKEY), encode_hex(TEST_PUBKEY_3)) ZEO_CONFIG = """<zeo> address %(sock)s authentication-protocol ecc_auth authentication-database %(pass_file)s authentication-realm ZERO </zeo> <filestorage> path %(dbfile)s pack-gc false
import tempfile
from time import sleep
from multiprocessing import Process
from os import path
import zerodb
from zerodb.crypto import ecc
from zerodb.permissions import elliptic
from zerodb.permissions import base as permissions_base
from zerodb.storage import ZEOServer
from zerodb.util import encode_hex
from db import TEST_PASSPHRASE
from db import create_objects_and_close, add_wiki_and_close
TEST_PUBKEY = ecc.private(TEST_PASSPHRASE).get_pubkey()
TEST_PUBKEY_3 = ecc.private(TEST_PASSPHRASE + " third").get_pubkey()
TEST_PERMISSIONS = """realm ZERO
root:%s
third:%s""" % (
encode_hex(TEST_PUBKEY),
encode_hex(TEST_PUBKEY_3),
)
ZEO_CONFIG = """<zeo>
address %(sock)s
authentication-protocol ecc_auth
authentication-database %(pass_file)s
authentication-realm ZERO
</zeo>
import tempfile
from time import sleep
from multiprocessing import Process
from os import path
import zerodb
from zerodb.crypto import ecc
from zerodb.permissions import elliptic
from zerodb.permissions.base import PermissionsDatabase
from zerodb.storage import ZEOServer
from zerodb.util import encode_hex
kdf = elliptic.Client.kdf
TEST_PASSPHRASE = "v3ry 53cr3t pa$$w0rd"
TEST_PUBKEY = ecc.private(
TEST_PASSPHRASE, ("root", "ZERO"), kdf=kdf).get_pubkey()
TEST_PUBKEY_3 = ecc.private(
TEST_PASSPHRASE + " third", ("third", "ZERO"), kdf=kdf).get_pubkey()
TEST_PERMISSIONS = """realm ZERO
auth_secp256k1_scrypt:root:%s
auth_secp256k1_scrypt:third:%s""" % (encode_hex(TEST_PUBKEY), encode_hex(TEST_PUBKEY_3))
ZEO_CONFIG = """<zeo>
address %(sock)s
authentication-protocol auth_secp256k1_scrypt
authentication-database %(pass_file)s
authentication-realm ZERO
</zeo>
<filestorage>
#!/usr/bin/env python2
from zerodb.crypto import ecc
passphrase = raw_input("Enter your passphrase: ")
key = ecc.private(passphrase)
print "Your hex public key:", key.get_pubkey().encode("hex")
