示例#1
0
def _login_admin(service_url, username, password, otp):
    """Internal function used to get a valid login to the specified
       service for the passed username, password and otp
    """
    from Acquire.Client import User
    from Acquire.Client import Wallet

    wallet = Wallet()

    user = User(username=username, identity_url=service_url, auto_logout=False)

    result = user.request_login()
    login_url = result["login_url"]

    wallet.send_password(
        url=login_url,
        username=username,
        password=password,
        otpcode=otp.generate(),
        remember_password=False,
        remember_device=False,
    )

    user.wait_for_login()

    return user
示例#2
0
def authenticated_user(aaai_services):
    from Acquire.Crypto import PrivateKey, OTP
    from Acquire.Client import User, Service, Wallet

    username = str(uuid.uuid4())
    password = PrivateKey.random_passphrase()

    result = User.register(username=username,
                           password=password,
                           identity_url="identity")

    otpsecret = result["otpsecret"]
    otp = OTP(otpsecret)

    # now log the user in
    user = User(username=username, identity_url="identity", auto_logout=False)

    result = user.request_login()

    assert (type(result) is dict)

    wallet = Wallet()

    wallet.send_password(url=result["login_url"],
                         username=username,
                         password=password,
                         otpcode=otp.generate(),
                         remember_password=False,
                         remember_device=False)

    user.wait_for_login()

    assert (user.is_logged_in())

    return user
示例#3
0
def test_login(username, password, aaai_services, tmpdir):
    # register the new user
    result = User.register(username=username,
                           password=password,
                           identity_url="identity")

    assert(type(result) is dict)

    otpsecret = result["otpsecret"]

    otp = OTP(otpsecret)

    user = User(username=username, identity_url="identity",
                auto_logout=False)

    result = user.request_login()

    assert(type(result) is dict)

    login_url = result["login_url"]
    print(login_url)

    wallet = Wallet()

    wallet.send_password(url=login_url, username=username,
                         password=password, otpcode=otp.generate(),
                         remember_password=True)

    user.wait_for_login()
    assert(user.is_logged_in())

    auth = Authorisation(user=user, resource="test")

    auth.verify("test")

    user.logout()

    # now try to log in, using the remembered password
    user = User(username=username, identity_url="identity",
                auto_logout=False)

    result = user.request_login()

    login_url = result["login_url"]

    # the test has to specify the username as we can't choose...
    wallet.send_password(url=login_url, username=username,
                         otpcode=otp.generate(),
                         remember_device=True)

    user.wait_for_login()
    assert(user.is_logged_in())

    auth = Authorisation(user=user, resource="test")

    auth.verify("test")

    user.logout()

    # now see if the wallet can send all login info
    # now try to log in, using the remembered password
    user = User(username=username, identity_url="identity",
                auto_logout=False)

    result = user.request_login()

    login_url = result["login_url"]

    # the test has to specify the username as we can't choose...
    wallet.send_password(url=login_url, username=username)

    user.wait_for_login()
    assert(user.is_logged_in())

    auth = Authorisation(user=user, resource="test")

    auth.verify("test")

    user.logout()
def main():
    import argparse
    import sys

    from Acquire.Client import Wallet, LoginError

    parser = argparse.ArgumentParser(
        description="Log into an Acquire-based identity "
        "service via a login url",
        prog="acquire_login")

    parser.add_argument("url", type=str, nargs="*", help="Login URL")

    parser.add_argument('-u',
                        '--username',
                        type=str,
                        nargs='?',
                        help="Username with which to log in")

    parser.add_argument('--remember-password',
                        action="store_true",
                        default=True,
                        help="Remember the password (default on)")

    parser.add_argument('--remember-device',
                        action="store_true",
                        default=None,
                        help="Remember this device (saves OTP code, "
                        "default off)")

    parser.add_argument('--no-remember-device',
                        action="store_true",
                        default=None,
                        help="Don't remember this device, and don't ask to")

    parser.add_argument('--no-remember-password',
                        action="store_true",
                        default=None,
                        help="Don't remember the password, and don't ask to")

    parser.add_argument('--remove-service',
                        type=str,
                        nargs="*",
                        help="Remove locally stored information about the "
                        "passed service(s)")

    parser.add_argument('--dry-run',
                        action="store_true",
                        default=None,
                        help="Do a dry-run of the login - don't connect to "
                        "the server")

    args = parser.parse_args()

    remember_device = args.remember_device

    if args.no_remember_device:
        remember_device = False

    remember_password = args.remember_password

    if remember_password is None:
        remember_password = True

    if args.no_remember_password:
        remember_password = False

    dryrun = args.dry_run

    if not remember_password:
        # should not remember the otpsecret if
        # we don't trust this to remember the password!
        remember_device = False

    do_nothing = True

    wallet = Wallet()

    if args.remove_service:
        for service in args.remove_service:
            try:
                do_nothing = False
                print("Removing locally stored information "
                      "about service '%s'" % service)
                wallet.remove_service(service)
            except Exception as e:
                print(e)
                pass

    if do_nothing and len(args.url) == 0:
        parser.print_help(sys.stdout)

    if len(args.url) == 0:
        sys.exit(0)

    for url in args.url:
        try:
            wallet.send_password(url=url,
                                 username=args.username,
                                 remember_password=remember_password,
                                 remember_device=remember_device,
                                 dryrun=dryrun)
        except LoginError as e:
            print("\n%s" % e.args)
        except Exception as e:
            from Acquire.Service import exception_to_string
            print(exception_to_string(e))
示例#5
0
def test_login_fails(aaai_services, tmpdir):
    # register two users
    username1 = "fail1"
    password1 = "Fail1!!!"
    username2 = "fail2"
    password2 = "Fail2!!!"

    result = User.register(username=username1,
                           password=password1,
                           identity_url="identity")

    assert (type(result) is dict)

    otpsecret1 = result["otpsecret"]

    otp1 = OTP(otpsecret1)

    user1 = User(username=username1,
                 identity_url="identity",
                 auto_logout=False)

    result = User.register(username=username2,
                           password=password2,
                           identity_url="identity")

    assert (type(result) is dict)

    otpsecret2 = result["otpsecret"]

    otp2 = OTP(otpsecret2)

    user2 = User(username=username2,
                 identity_url="identity",
                 auto_logout=False)

    result1 = user1.request_login()
    result2 = user2.request_login()

    assert (type(result1) is dict)
    assert (type(result2) is dict)

    login_url1 = result1["login_url"]
    login_url2 = result2["login_url"]

    wallet = Wallet()

    # try to log in with the wrong user
    with pytest.raises(LoginError):
        wallet.send_password(url=login_url1,
                             username=username2,
                             password=password2,
                             otpcode=otp2.generate(),
                             remember_password=False,
                             remember_device=False)

    with pytest.raises(LoginError):
        wallet.send_password(url=login_url2,
                             username=username1,
                             password=password1,
                             otpcode=otp1.generate(),
                             remember_password=False,
                             remember_device=False)

    # now use the right user by the wrong otpcode
    with pytest.raises(LoginError):
        wallet.send_password(url=login_url1,
                             username=username1,
                             password=password1,
                             otpcode=otp2.generate(),
                             remember_password=False,
                             remember_device=False)

    # now use the right user by the wrong otpcode
    with pytest.raises(LoginError):
        wallet.send_password(url=login_url2,
                             username=username2,
                             password=password2,
                             otpcode=otp1.generate(),
                             remember_password=False,
                             remember_device=False)

    # now use the right user by the wrong password
    with pytest.raises(LoginError):
        wallet.send_password(url=login_url1,
                             username=username1,
                             password=password2,
                             otpcode=otp1.generate(),
                             remember_password=False,
                             remember_device=False)

    with pytest.raises(LoginError):
        wallet.send_password(url=login_url2,
                             username=username2,
                             password=password1,
                             otpcode=otp1.generate(),
                             remember_password=False,
                             remember_device=False)

    # now, get it right ;-)
    wallet.send_password(url=login_url1,
                         username=username1,
                         password=password1,
                         otpcode=otp1.generate(),
                         remember_password=False,
                         remember_device=False)

    wallet.send_password(url=login_url2,
                         username=username2,
                         password=password2,
                         otpcode=otp2.generate(),
                         remember_password=False,
                         remember_device=False)

    user1.logout()
    user2.logout()