def test_bundle_and_unbundle(self): key = os.urandom(32) payload = os.urandom(47) enc_payload = bundle(key, "test-namespace", payload) self.assertEqual(payload, unbundle(key, "test-namespace", enc_payload)) # Modified ciphertext should fail HMAC check. bad_enc_payload = mutate_one_byte(enc_payload) with self.assertRaises(Exception): unbundle(key, "test-namespace", bad_enc_payload)
def test_change_password(self): # Change the password. newpwd = mutate_one_byte(DUMMY_PASSWORD) self.stretchpwd = quick_stretch_password(self.acct.email, newpwd) self.session.change_password(DUMMY_PASSWORD, newpwd) # Check that we can use the new password. session2 = self.client.login(self.acct.email, newpwd, keys=True) # Check that encryption keys have been preserved. session2.fetch_keys() self.assertEquals(self.session.keys, session2.keys)
def test_change_password(self): # Change the password. newpwd = mutate_one_byte(DUMMY_PASSWORD) self.stretchpwd = quick_stretch_password(self.acct.email, newpwd) self.session.change_password(DUMMY_PASSWORD, newpwd) # Check that we can use the new password. session2 = self.client.login(self.acct.email, newpwd, keys=True) if not session2.get_email_status().get("verified"): def has_verify_code(m): return "x-verify-code" in m["headers"] m = self.acct.wait_for_email(has_verify_code) if not m: raise RuntimeError("Verification email was not received") self.acct.clear() session2.verify_email_code(m["headers"]["x-verify-code"]) # Check that encryption keys have been preserved. session2.fetch_keys() self.assertEquals(self.session.keys, session2.keys)
def test_forgot_password_flow(self): acct = TestEmailAccount() self.client.create_account( email=acct.email, stretchpwd=DUMMY_STRETCHED_PASSWORD, ) self._accounts_to_delete.append(acct) # Initiate the password reset flow, and grab the verification code. pftok = self.client.send_reset_code(acct.email, service="foobar") m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"]) if not m: raise RuntimeError("Password reset email was not received") acct.clear() code = m["headers"]["x-recovery-code"] # Try with an invalid code to test error handling. tries = pftok.tries_remaining self.assertTrue(tries > 1) with self.assertRaises(Exception): pftok.verify_code(mutate_one_byte(code)) pftok.get_status() self.assertEqual(pftok.tries_remaining, tries - 1) # Re-send the code, as if we've lost the email. pftok.resend_code() m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"]) if not m: raise RuntimeError("Password reset email was not received") self.assertEqual(m["headers"]["x-recovery-code"], code) # Now verify with the actual code, and reset the account. artok = pftok.verify_code(code) self.client.reset_account( email=acct.email, token=artok, stretchpwd=DUMMY_STRETCHED_PASSWORD )
def test_forgot_password_flow(self): acct = TestEmailAccount() self.client.create_account( email=acct.email, stretchpwd=DUMMY_STRETCHED_PASSWORD, ) self._accounts_to_delete.append(acct) # Initiate the password reset flow, and grab the verification code. pftok = self.client.send_reset_code(acct.email, service="foobar") m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"]) if not m: raise RuntimeError("Password reset email was not received") acct.clear() code = m["headers"]["x-recovery-code"] # Try with an invalid code to test error handling. tries = pftok.tries_remaining self.assertTrue(tries > 1) with self.assertRaises(Exception): pftok.verify_code(mutate_one_byte(code)) pftok.get_status() self.assertEqual(pftok.tries_remaining, tries - 1) # Re-send the code, as if we've lost the email. pftok.resend_code() m = acct.wait_for_email(lambda m: "x-recovery-code" in m["headers"]) if not m: raise RuntimeError("Password reset email was not received") self.assertEqual(m["headers"]["x-recovery-code"], code) # Now verify with the actual code, and reset the account. artok = pftok.verify_code(code) self.client.reset_account(email=acct.email, token=artok, stretchpwd=DUMMY_STRETCHED_PASSWORD)