Mercurial > libervia-backend
view src/test/test_memory_crypto.py @ 1030:15f43b54d697
core, memory, bridge: added profile password + password encryption:
/!\ This changeset updates the database version to 2 and modify the database content!
Description:
- new parameter General / Password to store the profile password
- profile password is initialized with XMPP password value, it is stored hashed
- bridge methods asyncCreateProfile/asyncConnect takes a new argument "password" (default = "")
- bridge method asyncConnect returns a boolean (True = connection already established, False = connection initiated)
- profile password is checked before initializing the XMPP connection
- new private individual parameter to store the personal encryption key of each profile
- personal key is randomly generated and encrypted with the profile password
- personal key is decrypted after profile authentification and stored in a Sessions instance
- personal key is used to encrypt/decrypt other passwords when they need to be retrieved/modified
- modifying the profile password re-encrypt the personal key
- Memory.setParam now returns a Deferred (the bridge method "setParam" is unchanged)
- Memory.asyncGetParamA eventually decrypts the password, Memory.getParamA would fail on a password parameter
TODO:
- if profile authentication is OK but XMPP authentication is KO, prompt the user for another XMPP password
- fix the method "registerNewAccount" (and move it to a plugin)
- remove bridge method "connect", sole "asyncConnect" should be used
| author | souliane <souliane@mailoo.org> |
|---|---|
| date | Wed, 07 May 2014 16:02:23 +0200 |
| parents | 127c96020022 |
| children | cbf917a90784 |
line wrap: on
line source
#!/usr/bin/python # -*- coding: utf-8 -*- # SAT: a jabber client # Copyright (C) 2009, 2010, 2011, 2012, 2013, 2014 Jérôme Poisson (goffi@goffi.org) # Copyright (C) 2013, 2014 Adrien Cossa (souliane@mailoo.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. """ Tests for the plugin radiocol """ from sat.test import helpers from sat.memory.crypto import BlockCipher, PasswordHasher from os import urandom from twisted.internet import defer class CryptoTest(helpers.SatTestCase): def setUp(self): self.host = helpers.FakeSAT() def test_encrypt_decrypt(self): d_list = [] for key_len in (0, 2, 8, 10, 16, 24, 30, 32, 40): key = urandom(key_len) for message_len in (0, 2, 16, 24, 32, 100): message = urandom(message_len) d = BlockCipher.encrypt(key, message) d.addCallback(lambda ciphertext: lambda key, cipher: BlockCipher.decrypt(key, ciphertext)) d.addCallback(lambda decrypted: lambda message, decrypted: self.assertEqual(message, decrypted)) d_list.append(d) return defer.DeferredList(d_list) def test_hash_verify(self): d_list = [] for password in (0, 2, 8, 10, 16, 24, 30, 32, 40): d = PasswordHasher.hash(password) def cb(hashed): d1 = PasswordHasher.verify(password, hashed) d1.addCallback(lambda result: self.assertTrue(result)) d_list.append(d1) attempt = urandom(10) d2 = PasswordHasher.verify(attempt, hashed) d2.addCallback(lambda result: self.assertFalse(result)) d_list.append(d2) d.addCallback(cb) return defer.DeferredList(d_list)