def _login_admin(service_url, username, password, otp): """Internal function used to get a valid login to the specified service for the passed username, password and otp """ from Acquire.Client import User from Acquire.Client import Wallet wallet = Wallet() user = User(username=username, identity_url=service_url, auto_logout=False) result = user.request_login() login_url = result["login_url"] wallet.send_password( url=login_url, username=username, password=password, otpcode=otp.generate(), remember_password=False, remember_device=False, ) user.wait_for_login() return user
def authenticated_user(aaai_services): from Acquire.Crypto import PrivateKey, OTP from Acquire.Client import User, Service, Wallet username = str(uuid.uuid4()) password = PrivateKey.random_passphrase() result = User.register(username=username, password=password, identity_url="identity") otpsecret = result["otpsecret"] otp = OTP(otpsecret) # now log the user in user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() assert (type(result) is dict) wallet = Wallet() wallet.send_password(url=result["login_url"], username=username, password=password, otpcode=otp.generate(), remember_password=False, remember_device=False) user.wait_for_login() assert (user.is_logged_in()) return user
def test_login(username, password, aaai_services, tmpdir): # register the new user result = User.register(username=username, password=password, identity_url="identity") assert(type(result) is dict) otpsecret = result["otpsecret"] otp = OTP(otpsecret) user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() assert(type(result) is dict) login_url = result["login_url"] print(login_url) wallet = Wallet() wallet.send_password(url=login_url, username=username, password=password, otpcode=otp.generate(), remember_password=True) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout() # now try to log in, using the remembered password user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() login_url = result["login_url"] # the test has to specify the username as we can't choose... wallet.send_password(url=login_url, username=username, otpcode=otp.generate(), remember_device=True) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout() # now see if the wallet can send all login info # now try to log in, using the remembered password user = User(username=username, identity_url="identity", auto_logout=False) result = user.request_login() login_url = result["login_url"] # the test has to specify the username as we can't choose... wallet.send_password(url=login_url, username=username) user.wait_for_login() assert(user.is_logged_in()) auth = Authorisation(user=user, resource="test") auth.verify("test") user.logout()
def main(): import argparse import sys from Acquire.Client import Wallet, LoginError parser = argparse.ArgumentParser( description="Log into an Acquire-based identity " "service via a login url", prog="acquire_login") parser.add_argument("url", type=str, nargs="*", help="Login URL") parser.add_argument('-u', '--username', type=str, nargs='?', help="Username with which to log in") parser.add_argument('--remember-password', action="store_true", default=True, help="Remember the password (default on)") parser.add_argument('--remember-device', action="store_true", default=None, help="Remember this device (saves OTP code, " "default off)") parser.add_argument('--no-remember-device', action="store_true", default=None, help="Don't remember this device, and don't ask to") parser.add_argument('--no-remember-password', action="store_true", default=None, help="Don't remember the password, and don't ask to") parser.add_argument('--remove-service', type=str, nargs="*", help="Remove locally stored information about the " "passed service(s)") parser.add_argument('--dry-run', action="store_true", default=None, help="Do a dry-run of the login - don't connect to " "the server") args = parser.parse_args() remember_device = args.remember_device if args.no_remember_device: remember_device = False remember_password = args.remember_password if remember_password is None: remember_password = True if args.no_remember_password: remember_password = False dryrun = args.dry_run if not remember_password: # should not remember the otpsecret if # we don't trust this to remember the password! remember_device = False do_nothing = True wallet = Wallet() if args.remove_service: for service in args.remove_service: try: do_nothing = False print("Removing locally stored information " "about service '%s'" % service) wallet.remove_service(service) except Exception as e: print(e) pass if do_nothing and len(args.url) == 0: parser.print_help(sys.stdout) if len(args.url) == 0: sys.exit(0) for url in args.url: try: wallet.send_password(url=url, username=args.username, remember_password=remember_password, remember_device=remember_device, dryrun=dryrun) except LoginError as e: print("\n%s" % e.args) except Exception as e: from Acquire.Service import exception_to_string print(exception_to_string(e))
def test_login_fails(aaai_services, tmpdir): # register two users username1 = "fail1" password1 = "Fail1!!!" username2 = "fail2" password2 = "Fail2!!!" result = User.register(username=username1, password=password1, identity_url="identity") assert (type(result) is dict) otpsecret1 = result["otpsecret"] otp1 = OTP(otpsecret1) user1 = User(username=username1, identity_url="identity", auto_logout=False) result = User.register(username=username2, password=password2, identity_url="identity") assert (type(result) is dict) otpsecret2 = result["otpsecret"] otp2 = OTP(otpsecret2) user2 = User(username=username2, identity_url="identity", auto_logout=False) result1 = user1.request_login() result2 = user2.request_login() assert (type(result1) is dict) assert (type(result2) is dict) login_url1 = result1["login_url"] login_url2 = result2["login_url"] wallet = Wallet() # try to log in with the wrong user with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username2, password=password2, otpcode=otp2.generate(), remember_password=False, remember_device=False) with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username1, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong otpcode with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username1, password=password1, otpcode=otp2.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong otpcode with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username2, password=password2, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now use the right user by the wrong password with pytest.raises(LoginError): wallet.send_password(url=login_url1, username=username1, password=password2, otpcode=otp1.generate(), remember_password=False, remember_device=False) with pytest.raises(LoginError): wallet.send_password(url=login_url2, username=username2, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) # now, get it right ;-) wallet.send_password(url=login_url1, username=username1, password=password1, otpcode=otp1.generate(), remember_password=False, remember_device=False) wallet.send_password(url=login_url2, username=username2, password=password2, otpcode=otp2.generate(), remember_password=False, remember_device=False) user1.logout() user2.logout()