def test_account_full_auth_handshake(client):
u = db.user_with_pk(flask.g.db, U1.pk)
req1 = SignedMessage.sign(account.AuthReq(u.pk), SK1)
rv1 = client.post(
'/account/challenge/gen',
json=req1.to_dict(),
)
assert rv1.status_code == 200
echal = Message.from_dict(rv1.json)
assert isinstance(echal, EncryptedMessage)
schal = EncryptedMessage.dec(echal, server.ENCKEY)
assert schal.is_valid()
chal, pk_used = schal.unwrap()
assert isinstance(chal, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
req2 = SignedMessage.sign(account.AuthChallengeResp(echal), SK1)
rv2 = client.post(
'/account/challenge/verify',
json=req2.to_dict(),
)
assert rv2.status_code == 200
resp = Message.from_dict(rv2.json)
assert resp.err is None
assert isinstance(resp.cred, EncryptedMessage)
scred = EncryptedMessage.dec(resp.cred, server.ENCKEY)
assert scred.is_valid()
cred, pk_used = scred.unwrap()
assert isinstance(cred, account.AccountCred)
assert pk_used == server.IDKEY.pubkey
def test_authreq_diff_pubkey():
db_conn = get_db()
# requesting to auth with user with pubkey from SK2, but signing message
# with SK1
smsg = SignedMessage.sign(account.AuthReq(SK2.pubkey), SK1)
resp = server.handle_authreq(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == account.AuthRespErr.WrongPubkey
def test_authreq_no_user():
db_conn = get_db()
# use an unknown sk to sign the AuthReq
sk_unknown = crypto.Seckey((98345).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthReq(sk_unknown.pubkey), sk_unknown)
resp = server.handle_authreq(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.UnknownUser
def test_authchallengeresp_bad_sig():
db_conn = get_db()
pk = crypto.Pubkey((2398).to_bytes(32, byteorder='big'))
smsg = SignedMessage.sign(account.AuthReq(pk), SK1)
# munge the signature data
smsg.msg_bytes = b'fooooo'
resp = server.handle_authchallengeresp(db_conn, smsg)
assert isinstance(resp, account.AuthResp)
assert resp.cred is None
assert resp.err == SignedMessageErr.BadSig
def test_authreq_happy():
db_conn = get_db()
smsg = SignedMessage.sign(account.AuthReq(SK1.pubkey), SK1)
resp = server.handle_authreq(db_conn, smsg)
assert isinstance(resp, EncryptedMessage)
schal = EncryptedMessage.dec(resp, server.ENCKEY)
assert isinstance(schal, SignedMessage)
assert schal.is_valid()
chal, pk_used = schal.unwrap()
assert isinstance(chal, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
assert chal.user == db.user_with_pk(db_conn, chal.user.pk)
assert chal.expire > time.time()
def test_account_challenge_gen(client):
u = db.user_with_pk(flask.g.db, U1.pk)
req = SignedMessage.sign(account.AuthReq(u.pk), SK1)
rv = client.post(
'/account/challenge/gen',
json=req.to_dict(),
)
assert rv.status_code == 200
eresp = Message.from_dict(rv.json)
assert isinstance(eresp, EncryptedMessage)
sresp = EncryptedMessage.dec(eresp, server.ENCKEY)
resp, pk_used = sresp.unwrap()
assert isinstance(resp, account.AuthChallenge)
assert pk_used == server.IDKEY.pubkey
assert resp.user == u
def test_authreq_str():
ar = account.AuthReq(U.pk)
s = 'AuthReq<%s>' % (U.pk, )
assert str(ar) == s
def test_authreq_dict_no_user():
d = account.AuthReq(U.pk).to_dict()
del d['user_pk']
assert account.AuthReq.from_dict(d) is None
def test_authreq_dict_identity():
first = account.AuthReq(U.pk)
second = account.AuthReq.from_dict(first.to_dict())
assert first == second