def test_encrypt_object_withIVR(self): u = User.objects.get(username="******") opub = OwnerPublicKey.objects.get_pubkey(owner=u, keytype=RSA_IVR) m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub) # Set up a fake request object. request = HttpRequest() request.session = dict() response = HttpResponse() request.user = u store_user_key(request, response, self.ivr_pin) request.COOKIES['ss'] = response.cookies['ss'].value m_get = SecureTestMessage.objects.get(pk=m.pk) m_body = decrypt_object(request, m_get, ivr=True) self.assertEqual(m_body, self.clear_text) # Set up a fake IVR request object. ivr_request = HttpRequest() ivr_request.session = dict() ivr_response = HttpResponse() ivr_request.user = u store_user_key(ivr_request, ivr_response, self.ivr_pin) ivr_request.COOKIES['ss'] = ivr_response.cookies['ss'].value ivr_m_get = SecureTestMessage.objects.get(pk=m.pk) ivr_m_body = decrypt_object(ivr_request, ivr_m_get, ivr=True) self.assertEqual(ivr_m_body, self.clear_text)
def test_bad_password(self): self.request.post('/login/', { 'username': self.provider.username, 'password': '******' }) sender = authenticate(username=self.provider.username, password='******') msg = Message(sender=sender, sender_site=None, subject="pandas") recipient = User.objects.get(id=self.provider2.id) msg.urgent = False msg.message_type = 'NM' msg.save() body = "i am indeed a talking panda. how are you?" msg_body = msg.save_body(body) MessageRecipient(message=msg, user=recipient).save() self.request.logout() test = CalledTest() models.sendSMS_Twilio_newMessage = test msg.send(self.request, msg_body, []) self.assertTrue(test.was_called) response = self.request.post('/login/', { 'username': self.provider2.username, 'password': '******' }) clean_msg_body = MessageBody.objects.get(message=msg) self.request.user = recipient store_user_key(self.request, response, 'wrongpassword') self.request.COOKIES = {'ss': response.cookies['ss'].value} self.assertRaises(KeyInvalidException, clean_msg_body.decrypt, self.request) self.request.logout()
def test_bad_password(self): self.request.post('/login/', {'username': self.provider.username, 'password': '******'}) sender = authenticate(username=self.provider.username, password='******') msg = Message(sender=sender, sender_site=None, subject="pandas") recipient = User.objects.get(id=self.provider2.id) msg.urgent = False msg.message_type = 'NM' msg.save() body = "i am indeed a talking panda. how are you?" msg_body = msg.save_body(body) MessageRecipient(message=msg, user=recipient).save() self.request.logout() test = CalledTest() models.sendSMS_Twilio_newMessage = test msg.send(self.request, msg_body, []) self.assertTrue(test.was_called) response = self.request.post('/login/', {'username': self.provider2.username, 'password': '******'}) clean_msg_body = MessageBody.objects.get(message=msg) self.request.user = recipient store_user_key(self.request, response, 'wrongpassword') self.request.COOKIES = {'ss': response.cookies['ss'].value} self.assertRaises(KeyInvalidException, clean_msg_body.decrypt, self.request) self.request.logout()
def test_encrypt_object_noIVR(self): u = MHLUser.objects.get(username="******") opub = OwnerPublicKey.objects.get_pubkey(owner=u) m = encrypt_object(SecureTestMessage, {}, self.clear_text, opub) # Set up a fake request object. request = HttpRequest() request.session = dict() response = HttpResponse() request.user = u store_user_key(request, response, self.password) request.COOKIES['ss'] = response.cookies['ss'].value m_get = SecureTestMessage.objects.get(pk=m.pk) m_body = decrypt_object(request, m_get) self.assertEqual(m_body, self.clear_text)
def change_pass(form, request, response): # TESTING_KMS_INTEGRATION uprivs = UserPrivateKey.objects.filter(user=form.user, credtype=CRED_WEBAPP, gfather=False) recrypt_keys(uprivs, form.cleaned_data['old_password'], form.cleaned_data['new_password1']) form.user.set_password(form.cleaned_data['new_password1']) form.user.save() request.session['password_change_time'] = form.user.password_change_time store_user_key(request, response, form.cleaned_data['new_password1']) device_assn = SmartPhoneAssn.objects.filter(user=request.user) for device in device_assn: device.usr_password_reset(request) return response
def login_user(request): context = RequestContext(request) context['error_msg'] = None if (request.method == 'POST'): form = LoginForm(request.POST) if request.user.is_authenticated(): logout(request) context['form'] = form if (form.is_valid()): user = authenticate(username=form.cleaned_data['username'], password=form.cleaned_data['password']) if (user): if(user_is_active(user)): LoginEvent().customInit(username=form.cleaned_data['username'], \ remote_ip=request.META['REMOTE_ADDR'], success=True, \ user=user) login(request, user) request.session['password_change_time'] = MHLUser.objects.filter( pk=request.user.pk).only("password_change_time").get().password_change_time if ('next' in form.cleaned_data and form.cleaned_data['next']): response = HttpResponseRedirect(form.cleaned_data['next']) else: response = HttpResponseRedirect('/') store_user_key(request, response, form.cleaned_data['password']) # TESTING_KMS_INTEGRATION check if user is g'fathered uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_WEBAPP, gfather=True) if uprivs.exists(): recrypt_keys(uprivs, settings.SECRET_KEY, form.cleaned_data['password']) return response else: LoginEvent().customInit(username=form.cleaned_data['username'], \ remote_ip=request.META['REMOTE_ADDR'], success=False, \ user=user) # Return a 'disabled account' error message context['error_msg'] = _("Account appears to be disabled") else: # User couldn't be found. context['error_msg'] = _("Invalid username or password") else: # Form was invalid. This shouldn't be possible. context['error_msg'] = _("Invalid username or password") # At this point, the login attempt has failed. if (settings.LOGIN_FAILED_REDIRECT): return HttpResponseRedirect(settings.LOGIN_FAILED_REDIRECT) else: # if (request.method != 'POST') if(request.user.is_authenticated()): return HttpResponseRedirect('/') next = '' if ('next' in request.GET): next = request.GET['next'] context['form'] = LoginForm(initial={'next': next}) if (settings.LOGIN_REDIRECT): return HttpResponseRedirect(settings.LOGIN_REDIRECT) context['STATIC_URL'] = ''.join([context['STATIC_URL'], 'temp/']) return render_to_response('temp/index.html', context)
def authenticateSession(request, twilioResponse=None): """ :param request: The standard Django request argument :param request.session Keys: config_id - The ID of the VMBox_Config object pertaining to the current voicemail session. :param twilioResponse: A twilio response object. Use this to pass in any verbs that should be run before the prompt. Note that any verbs passed in will be lost on subsequent runs through this function (e.g., when the user enters an incorrect pin) :returns: django.http.HttpResponse -- the result """ r = twilioResponse or twilio.Response() if (not 'pin_errCount' in request.session): request.session['pin_errCount'] = 0 if 'Digits' in request.POST: call_sid = request.POST['CallSid'] digits = request.POST['Digits'] p = re.compile('\d{4,8}#?$') if (p.match(digits)): if ('answering_service' in request.session and request.session['answering_service'] == 'yes'): practice = PracticeLocation.objects.get(id=request.session['practice_id']) if (practice.verify_pin(digits)): request.session['authenticated'] = True r.append(twilio.Redirect(reverse(request.session['ivr_call_stack'].pop()))) request.session.modified = True return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE) else: user = authenticate(config_id=request.session['config_id'], pin=digits) if (user): login(request, user) # TESTING_KMS_INTEGRATION uprivs = UserPrivateKey.objects.filter(user=user, credtype=CRED_IVRPIN, gfather=True) if uprivs.exists(): config = VMBox_Config.objects.get(id=request.session['config_id']) config.change_pin(request, new_pin=digits) request.session['authenticated'] = True event = callEvent(callSID=call_sid, event='V_ASU') event.save() r.append(twilio.Redirect(reverse(request.session['ivr_call_stack'].pop()))) request.session.modified = True response = HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE) store_user_key(request, response, digits) return response event = callEvent(callSID=call_sid, event='V_AFL') event.save() r.append(tts('An in valid pin was entered.')) request.session['pin_errCount'] += 1 if (request.session['pin_errCount'] >= 3): # give the user three erroneous pin entries. r.append(tts('Good bye.')) r.append(twilio.Hangup()) return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE) # This is the code that gets executed on the first run of this function. gather = twilio.Gather(numDigits=8, action=reverse('authenticateSession')) gather.append(tts(_("Please enter your pin number. Press pound to finish."))) r.append(gather) return HttpResponse(str(r), mimetype=settings.TWILIO_RESPONSE_MIMETYPE)
def login_user(request): context = RequestContext(request) context['error_msg'] = None if (request.method == 'POST'): form = LoginForm(request.POST) if request.user.is_authenticated(): logout(request) context['form'] = form if (form.is_valid()): user = authenticate(username=form.cleaned_data['username'], password=form.cleaned_data['password']) if (user): if (user_is_active(user)): LoginEvent().customInit(username=form.cleaned_data['username'], \ remote_ip=request.META['REMOTE_ADDR'], success=True, \ user=user) login(request, user) request.session[ 'password_change_time'] = MHLUser.objects.filter( pk=request.user.pk).only( "password_change_time").get( ).password_change_time if ('next' in form.cleaned_data and form.cleaned_data['next']): response = HttpResponseRedirect( form.cleaned_data['next']) else: response = HttpResponseRedirect('/') store_user_key(request, response, form.cleaned_data['password']) # TESTING_KMS_INTEGRATION check if user is g'fathered uprivs = UserPrivateKey.objects.filter( user=user, credtype=CRED_WEBAPP, gfather=True) if uprivs.exists(): recrypt_keys(uprivs, settings.SECRET_KEY, form.cleaned_data['password']) return response else: LoginEvent().customInit(username=form.cleaned_data['username'], \ remote_ip=request.META['REMOTE_ADDR'], success=False, \ user=user) # Return a 'disabled account' error message context['error_msg'] = _("Account appears to be disabled") else: # User couldn't be found. context['error_msg'] = _("Invalid username or password") else: # Form was invalid. This shouldn't be possible. context['error_msg'] = _("Invalid username or password") # At this point, the login attempt has failed. if (settings.LOGIN_FAILED_REDIRECT): return HttpResponseRedirect(settings.LOGIN_FAILED_REDIRECT) else: # if (request.method != 'POST') if (request.user.is_authenticated()): return HttpResponseRedirect('/') next = '' if ('next' in request.GET): next = request.GET['next'] context['form'] = LoginForm(initial={'next': next}) if (settings.LOGIN_REDIRECT): return HttpResponseRedirect(settings.LOGIN_REDIRECT) context['STATIC_URL'] = ''.join([context['STATIC_URL'], 'temp/']) return render_to_response('temp/index.html', context)