def __init__(self, server=_FXA_SERVER, oauth=_FXA_OAUTH, password=_PWD):
self.server = server
self.oauth = oauth
self.session = self.token = None
self.password = password
self.acct = TestEmailAccount()
self.client = Client(_FXA_SERVER)
def login(user):
client = Client("https://api.accounts.firefox.com")
session = client.login(user['email'], user['password'], keys=True)
keyA,keyB = session.fetch_keys()
info = b"identity.mozilla.com/picl/v1/oldsync"
namespace = b"oldsync"
keys = derive_key(secret=keyB, namespace=namespace, size=64)
encryption_key = keys[0:32]
hmac_key = keys[32:64]
# TODO: Store this or a derived longer-lived token
# Causes a login event which causes an email
# TODO: Should move to use OAuth which solves the long-term cred storage
# issue
fxab = FxABrowserIDAuth(user['email'], user['password'], with_client_state=True)
raw_resp = requests.get('https://token.services.mozilla.com/1.0/sync/1.5', auth=fxab)
raw_resp.raise_for_status()
hawk_resp = raw_resp.json()
return {
"hawk_resp": hawk_resp,
"hawk_uid": hawk_resp['uid'],
"hawk_hashalg": hawk_resp['hashalg'],
"hawk_api_endpoint": hawk_resp['api_endpoint'],
"hawk_duration": hawk_resp['duration'],
"hawk_key": hawk_resp['key'],
"hawk_hashed_fxa_uid": hawk_resp['hashed_fxa_uid'],
"hawk_id": hawk_resp['id'],
'encryption_key': encryption_key.hex(),
'hmac_key': hmac_key.hex(),
}
def create(ctx):
"""Create a Firefox Account."""
account = TestEmailAccount()
client = Client(ctx.obj["URL"])
password = "".join([random.choice(string.ascii_letters) for i in range(8)])
session = client.create_account(account.email, password)
add(ctx.obj["URL"], account.email, password)
click.echo("Account {}!\n{}".format(
crayons.yellow("created"),
render(ctx.obj["URL"], account.email, password)))
message = account.wait_for_email(lambda m: "x-verify-code" in m["headers"])
session.verify_email_code(message["headers"]["x-verify-code"])
click.echo("Account {}! 🎉".format(crayons.green("verified")))
account.clear()
def destroy(ctx, _all, email, password):
"""Destroy a Firefox Account."""
accounts = []
stored = load()
try:
if email and password:
account = {
"url": ctx.obj["URL"],
"email": email,
"password": password
}
accounts.append(account)
stored.remove(account)
elif email:
click.echo("You must specify a {}! 🔑".format(
crayons.magenta("--password")))
exit(1)
else:
if _all and stored:
accounts.extend(stored)
stored = []
else:
accounts.append(stored.pop())
except ValueError:
pass # account unknown to .accounts
except IndexError:
click.echo("No account to destroy! 🎻")
exit(1)
for account in accounts:
client = Client(account["url"])
try:
client.destroy_account(account["email"], account["password"])
click.echo("Account {}! 💥\n{}".format(
crayons.red("destroyed"),
render(account["url"], account["email"], account["password"]),
))
except ClientError as e:
if e.errno == 102:
click.echo("Account {}! 🔍\n{}".format(
crayons.cyan("unknown"),
render(account["url"], account["email"],
account["password"]),
))
else:
raise
save(stored)
def _create_fxa_user(self):
"""Create fxa user for logging in."""
fxa_client = Client(ENVIRONMENT_URLS['stable']['authentication'])
account = TestEmailAccount(email=self.fxa_email)
password = self.fxa_password
FxAccount = collections.namedtuple('FxAccount', 'email password')
fxa_account = FxAccount(email=account.email, password=password)
session = fxa_client.create_account(fxa_account.email,
fxa_account.password)
account.fetch()
message = account.wait_for_email(lambda m: 'x-verify-code' in m[
'headers'] and session.uid == m['headers']['x-uid'])
session.verify_email_code(message['headers']['x-verify-code'])
log.info('fxa account created: {}'.format(fxa_account))
return session.uid
def get_oauth_token(client_id=CLIENT_ID,
oauth_server=OAUTH_SERVER,
auth_server=AUTH_SERVER,
email=EMAIL,
password=PASSWORD):
if password is None:
raise Exception('You must set FXA_PASSWORD')
print('Getting an oauth token from FxA')
oauth_client = OAuthClient(client_id, server_url=oauth_server)
session = Client(server_url=auth_server).login(email, password=password)
assertion = session.get_identity_assertion(oauth_server)
return oauth_client.authorize_token(assertion, scope="profile")
def __init__(self, url=DEV_URL):
""" Creates an FxATestAccount object, which includes a verified account.
:param url: The url for the api host. Defaults to DEV_URL.
"""
self.url = url
random_string = ''.join(random.choice(string.ascii_lowercase) for _ in range(12))
email_pattern = random_string + '@{hostname}'
self.account = TestEmailAccount(email=email_pattern)
self.client = Client(self.url)
# Create and verify the Firefox account
self.session = self.client.create_account(self.account.email, self.password)
print('fxapom created an account for email: %s at %s on %s' % (
self.account.email, self.url, datetime.now()))
m = self.account.wait_for_email(lambda m: "x-verify-code" in m["headers"])
if not m:
raise RuntimeError("Verification email was not received")
self.session.verify_email_code(m["headers"]["x-verify-code"])
def login(user):
"""
Logs a user into their Firefox account and returns tempoary credentials
for use by AuthRequest.
"""
# TODO: pull out the urls to be part of the config.
client = Client("https://api.accounts.firefox.com")
session = client.login(user['email'], user['password'], keys=True)
keyA, keyB = session.fetch_keys()
# Magic strings from the docs
# https://moz-services-docs.readthedocs.io/en/latest/sync/storageformat5.html
info = b"identity.mozilla.com/picl/v1/oldsync"
namespace = b"oldsync"
keys = derive_key(secret=keyB, namespace=namespace, size=64)
encryption_key = keys[0:32]
hmac_key = keys[32:64]
# TODO: Store this or a derived longer-lived token
# Causes a login event which causes an email
# TODO: Should move to use OAuth which solves the long-term cred storage
# issue
fxab = FxABrowserIDAuth(user['email'],
user['password'],
with_client_state=True)
raw_resp = requests.get('https://token.services.mozilla.com/1.0/sync/1.5',
auth=fxab)
raw_resp.raise_for_status()
hawk_resp = raw_resp.json()
return {
"hawk_resp": hawk_resp,
"hawk_uid": hawk_resp['uid'],
"hawk_hashalg": hawk_resp['hashalg'],
"hawk_api_endpoint": hawk_resp['api_endpoint'],
"hawk_duration": hawk_resp['duration'],
"hawk_key": hawk_resp['key'],
"hawk_hashed_fxa_uid": hawk_resp['hashed_fxa_uid'],
"hawk_id": hawk_resp['id'],
'encryption_key': encryption_key.hex(),
'hmac_key': hmac_key.hex(),
}
def test_email_code_verification(self):
self.client = Client(self.server_url)
# Create a fresh testing account.
self.acct = TestEmailAccount()
self.client.create_account(
email=self.acct.email,
stretchpwd=DUMMY_STRETCHED_PASSWORD,
)
def wait_for_email(m):
return "x-uid" in m["headers"] and "x-verify-code" in m["headers"]
m = self.acct.wait_for_email(wait_for_email)
if not m:
raise RuntimeError("Verification email was not received")
# If everything went well, verify_email_code should return an empty json object
response = self.client.verify_email_code(m["headers"]["x-uid"],
m["headers"]["x-verify-code"])
self.assertEquals(response, {})
def create_account_and_token(args):
acct = TestEmailAccount()
client = Client("https://api.accounts.firefox.com")
session = client.create_account(acct.email, 'MySecretPassword')
m = acct.wait_for_email(lambda m: "x-verify-code" in m["headers"])
if m is None:
raise RuntimeError("verification email did not arrive")
session.verify_email_code(m["headers"]["x-verify-code"])
_FXA['token'] = get_bearer_token(
acct.email,
'MySecretPassword',
account_server_url="https://api.accounts.firefox.com/v1",
oauth_server_url="https://oauth.accounts.firefox.com/v1",
scopes=['sync:addon_storage'],
client_id=DEFAULT_CLIENT_ID)
_FXA['acct'] = acct
_FXA['client'] = client
def setUp(self):
self.client = Client(self.server_url)
# Create a fresh testing account.
self.acct = TestEmailAccount()
self.stretchpwd = quick_stretch_password(
self.acct.email,
DUMMY_PASSWORD,
)
self.session = self.client.create_account(
email=self.acct.email,
stretchpwd=self.stretchpwd,
keys=True,
)
# Verify the account so that we can actually use the session.
m = self.acct.wait_for_email(lambda m: "x-verify-code" in m["headers"])
if not m:
raise RuntimeError("Verification email was not received")
self.session.verify_email_code(m["headers"]["x-verify-code"])
# Fetch the keys.
self.session.fetch_keys()
self.assertEqual(len(self.session.keys), 2)
self.assertEqual(len(self.session.keys[0]), 32)
self.assertEqual(len(self.session.keys[1]), 32)
def setUpClass(cls):
# Create an ephemeral email account to use to create an FxA account
cls.acct = TestEmailAccount()
cls.client = Client(FXA_ACCOUNT_STAGE_HOST)
cls.oauth_client = OAuthClient(CLIENT_ID,
None,
server_url=FXA_OAUTH_STAGE_HOST)
cls.fxa_password = cls._generate_password()
# Create an FxA account for these end-to-end tests
cls.session = cls.client.create_account(cls.acct.email,
password=cls.fxa_password)
# Loop until we receive the verification email from FxA
while not cls.acct.messages:
time.sleep(0.5)
cls.acct.fetch()
# Find the message containing the verification code and verify the
# code
for m in cls.acct.messages:
if 'x-verify-code' in m['headers']:
cls.session.verify_email_code(m['headers']['x-verify-code'])
# Create an OAuth token to be used for the end-to-end tests
cls.oauth_token = cls.oauth_client.authorize_token(cls.session, SCOPE)
cls.browserid_assertion = \
cls.session.get_identity_assertion(BROWSERID_AUDIENCE)
def get_fxa_client():
fxa_env = os.getenv('FXA_ENV', 'stable')
return Client(ENVIRONMENT_URLS[fxa_env]['authentication'])
def fxa_client(fxa_urls):
return Client(fxa_urls["authentication"])
def setUp(self):
super(LoadTest, self).setUp()
self.client = Client(APIClient(self.server_url, session=self.session))
import hashlib
import hmac
config_file_name = 'config.test.ini'
config = ConfigParser()
config.read(config_file_name)
hawk_resp = None
encryption_key = None
hmac_key = None
if 'hawk' not in config or 'fxa' not in config:
user = config['user']
client = Client("https://api.accounts.firefox.com")
session = client.login(user['email'], user['password'], keys=True)
keyA, keyB = session.fetch_keys()
info = b"identity.mozilla.com/picl/v1/oldsync"
namespace = b"oldsync"
keys = derive_key(secret=keyB, namespace=namespace, size=64)
encryption_key = keys[0:32]
hmac_key = keys[32:64]
# TODO: Store this or a derived longer-lived token
# Causes a login event which causes an email
fxab = FxABrowserIDAuth(user['email'],
user['password'],
with_client_state=True)
def setUp(self):
self.client = Client(self.server_url)
self._accounts_to_delete = []
def fxa_client(fxa_urls):
return Client(fxa_urls['authentication'])
