Skip to content
This repository has been archived by the owner on Jan 2, 2020. It is now read-only.

Commit

Permalink
[#935] Authentication using account recovery code
Browse files Browse the repository at this point in the history
  • Loading branch information
Sriram Viswanathan committed Apr 18, 2017
1 parent b92b32e commit 20ae5e6
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 25 deletions.
19 changes: 2 additions & 17 deletions service/pixelated/account_recovery_authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,29 +14,14 @@
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.

from leap.bitmask.bonafide.provider import Api
from leap.bitmask.bonafide.session import Session

from twisted.cred.error import UnauthorizedLogin
from twisted.internet.defer import inlineCallbacks, returnValue

from authentication import Authenticator, Authentication
from authentication import Authenticator


class AccountRecoveryAuthenticator(Authenticator):
def __init__(self, leap_provider):
super(AccountRecoveryAuthenticator, self).__init__(leap_provider)
super(AccountRecoveryAuthenticator, self).__init__(leap_provider, recovery=True)

def _auth_error(self):
raise UnauthorizedLogin("User typed wrong recovery-code/username combination.")

@inlineCallbacks
def _bonafide_auth(self, credentials):
srp_provider = Api(self._leap_provider.api_uri)
self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate_with_recovery_code()
returnValue(Authentication(credentials.username,
self.bonafide_session.token,
self.bonafide_session.uuid,
'session_id',
{'is_admin': False}))
5 changes: 3 additions & 2 deletions service/pixelated/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,11 @@


class Authenticator(object):
def __init__(self, leap_provider):
def __init__(self, leap_provider, recovery=False):
self._leap_provider = leap_provider
self.domain = leap_provider.server_name
self.bonafide_session = None
self.recovery = recovery

@inlineCallbacks
def authenticate(self, username, password):
Expand All @@ -52,7 +53,7 @@ def _srp_auth(self, credentials):
def _bonafide_auth(self, credentials):
srp_provider = Api(self._leap_provider.api_uri)
self.bonafide_session = Session(credentials, srp_provider, self._leap_provider.local_ca_crt)
yield self.bonafide_session.authenticate()
yield self.bonafide_session.authenticate(recovery=self.recovery)
returnValue(Authentication(credentials.username,
self.bonafide_session.token,
self.bonafide_session.uuid,
Expand Down
8 changes: 8 additions & 0 deletions service/test/unit/test_account_recovery_authenticator.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,11 @@ def test_bonafide_srp_exceptions_should_raise_unauthorized_login(self):
except UnauthorizedLogin as e:
self.assertEqual("User typed wrong recovery-code/username combination.", e.message)
raise

def test_bonafide_auth_called_with_recovery_as_true(self):
auth = AccountRecoveryAuthenticator(self._leap_provider)
mock_bonafide_session = MagicMock()

with patch('pixelated.authentication.Session', return_value=mock_bonafide_session):
auth.authenticate('username', 'password')
mock_bonafide_session.authenticate.assert_called_with(recovery=True)
Original file line number Diff line number Diff line change
Expand Up @@ -68,17 +68,24 @@ def test_domain_name_is_stripped_before_making_bonafide_srp_auth(self):
def test_successful_bonafide_auth_should_return_the_user_authentication_object(self):
auth = Authenticator(self._leap_provider)
mock_bonafide_session = Mock()
mock_srp_auth = Mock()
mock_srp_auth.token = 'some_token'
mock_srp_auth.uuid = 'some_uuid'
mock_bonafide_session.authenticate = Mock(return_value=mock_srp_auth)
with patch('pixelated.authentication.Session', return_value=mock_srp_auth):
mock_bonafide_session.token = 'some_token'
mock_bonafide_session.uuid = 'some_uuid'

with patch('pixelated.authentication.Session', return_value=mock_bonafide_session):
resulting_auth = yield auth.authenticate('username@domain.org', 'password')
self.assertIsInstance(resulting_auth, Authentication)
self.assertEquals('username', resulting_auth.username)
self.assertEquals('some_token', resulting_auth.token)
self.assertEquals('some_uuid', resulting_auth.uuid)
self.assertEquals(mock_srp_auth, auth.bonafide_session)
self.assertEquals(mock_bonafide_session, auth.bonafide_session)

def test_bonafide_auth_called_with_recovery_as_false(self):
auth = Authenticator(self._leap_provider)
mock_bonafide_session = Mock()

with patch('pixelated.authentication.Session', return_value=mock_bonafide_session):
auth.authenticate('username', 'password')
mock_bonafide_session.authenticate.assert_called_with(recovery=False)

def test_username_without_domain_is_not_changed(self):
username_without_domain = 'username'
Expand Down

0 comments on commit 20ae5e6

Please sign in to comment.