def test_fail_bad_request(self, user):
useradmm = ApiClient(useradm.URL_MGMT)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
# log in user
r = useradmm.call('POST',
useradm.URL_LOGIN,
auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
# id data not json
priv, pub = util.crypto.rsa_get_keypair()
id_data = '{\"mac\": \"foo\"}'
body = deviceauth_v2.preauth_req(
id_data,
pub)
r = devauthm.with_auth(utoken).call('POST',
deviceauth_v2.URL_DEVICES,
body)
assert r.status_code == 400
# not a valid key
id_data = {'mac': 'foo'}
body = deviceauth_v2.preauth_req(
id_data,
'not a public key')
r = devauthm.with_auth(utoken).call('POST',
deviceauth_v2.URL_DEVICES,
body)
assert r.status_code == 400
def do_test_fail_duplicate(self, user, devices):
useradmm = ApiClient(useradm.URL_MGMT)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
# log in user
r = useradmm.call('POST',
useradm.URL_LOGIN,
auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
# preauth duplicate device
priv, pub = util.crypto.rsa_get_keypair()
id_data = devices[0].id_data
body = deviceauth_v2.preauth_req(
id_data,
pub)
r = devauthm.with_auth(utoken).call('POST',
deviceauth_v2.URL_DEVICES,
body)
assert r.status_code == 409
# device list is unmodified
r = devauthm.with_auth(utoken).call('GET',
deviceauth_v2.URL_DEVICES)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == len(devices)
# existing device has no new auth sets
existing = [d for d in api_devs if d['identity_data'] == id_data]
assert len(existing) == 1
existing = existing[0]
assert len(existing['auth_sets']) == 1
aset = existing['auth_sets'][0]
assert util.crypto.rsa_compare_keys(aset['pubkey'], devices[0].pubkey)
assert aset['status'] == 'pending'
def make_preauthd_device(utoken):
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
priv, pub = util.crypto.rsa_get_keypair()
id_data = rand_id_data()
body = deviceauth_v2.preauth_req(id_data, pub)
r = devauthm.with_auth(utoken).call('POST', deviceauth_v2.URL_DEVICES,
body)
assert r.status_code == 201
api_dev = get_device_by_id_data(id_data, utoken)
assert len(api_dev['auth_sets']) == 1
aset = api_dev['auth_sets'][0]
dev = Device(api_dev['id'], id_data, pub)
dev.authsets.append(
Authset(aset['id'], dev.id, id_data, pub, priv, 'preauthorized'))
dev.status = 'preauthorized'
return dev
def do_test_ok(self, user, tenant_token=''):
useradmm = ApiClient(useradm.URL_MGMT)
devauthm = ApiClient(deviceauth_v2.URL_MGMT)
devauthd = ApiClient(deviceauth_v1.URL_DEVICES)
# log in user
r = useradmm.call('POST',
useradm.URL_LOGIN,
auth=(user.name, user.pwd))
assert r.status_code == 200
utoken = r.text
# preauth device
priv, pub = util.crypto.rsa_get_keypair()
id_data = {'mac': 'pretenditsamac'}
body = deviceauth_v2.preauth_req(
id_data,
pub)
r = devauthm.with_auth(utoken).call('POST',
deviceauth_v2.URL_DEVICES,
body)
assert r.status_code == 201
# device appears in device list
r = devauthm.with_auth(utoken).call('GET',
deviceauth_v2.URL_DEVICES)
assert r.status_code == 200
api_devs = r.json()
assert len(api_devs) == 1
api_dev = api_devs[0]
assert api_dev['status'] == 'preauthorized'
assert api_dev['identity_data'] == id_data
assert len(api_dev['auth_sets']) == 1
aset = api_dev['auth_sets'][0]
assert aset['identity_data'] == id_data
assert util.crypto.rsa_compare_keys(aset['pubkey'], pub)
assert aset['status'] == 'preauthorized'
# actual device can obtain auth token
body, sighdr = deviceauth_v1.auth_req(id_data,
pub,
priv,
tenant_token)
r = devauthd.call('POST',
deviceauth_v1.URL_AUTH_REQS,
body,
headers=sighdr)
assert r.status_code == 200
# device and authset changed status to 'accepted'
r = devauthm.with_auth(utoken).call('GET',
deviceauth_v2.URL_DEVICES,
path_params={'id': api_dev['id']})
api_devs = r.json()
assert len(api_devs) == 1
api_dev = api_devs[0]
assert api_dev['status'] == 'accepted'
assert len(api_dev['auth_sets']) == 1
aset = api_dev['auth_sets'][0]
assert aset['status'] == 'accepted'
