val/irctest
1
0
Fork 0
mirror of https://github.com/progval/irctest.git synced 2025-04-06 07:19:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add tests for SCRAM.

Browse Source
This commit is contained in:
Valentin Lorentz
2017-01-11 00:07:25 +01:00
parent 2bdcba3da5
commit 6baee70852
4 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
irctest/authentication.py
View File

@ -8,9 +8,11 @@ class Mechanisms(enum.Enum):
def as_string(cls, mech): def as_string(cls, mech):
return {cls.plain: 'PLAIN', return {cls.plain: 'PLAIN',
cls.ecdsa_nist256p_challenge: 'ECDSA-NIST256P-CHALLENGE', cls.ecdsa_nist256p_challenge: 'ECDSA-NIST256P-CHALLENGE',
cls.scram_sha_256: 'SCRAM-SHA-256',
}[mech] }[mech]
plain = 1 plain = 1
ecdsa_nist256p_challenge = 2 ecdsa_nist256p_challenge = 2
scram_sha_256 = 3
Authentication = collections.namedtuple('Authentication', Authentication = collections.namedtuple('Authentication',
'mechanisms username password ecdsa_key') 'mechanisms username password ecdsa_key')

70
irctest/client_tests/test_sasl.py
View File

@ -1,5 +1,7 @@
import ecdsa import ecdsa
import base64 import base64
import pyxmpp2_scram as scram
from irctest import cases from irctest import cases
from irctest import authentication from irctest import authentication
from irctest.irc_utils.message_parser import Message from irctest.irc_utils.message_parser import Message
@ -153,6 +155,74 @@ class SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper,
m = self.negotiateCapabilities(['sasl'], False) m = self.negotiateCapabilities(['sasl'], False)
self.assertEqual(m, Message([], None, 'CAP', ['END'])) self.assertEqual(m, Message([], None, 'CAP', ['END']))
@cases.OptionalityHelper.skipUnlessHasMechanism('SCRAM-SHA-256')
def testScram(self):
"""Test SCRAM-SHA-256 authentication.
"""
auth = authentication.Authentication(
mechanisms=[authentication.Mechanisms.scram_sha_256],
username='jilles',
password='sesame',
)
class PasswdDb:
def get_password(self, *args):
return ('sesame', 'plain')
authenticator = scram.SCRAMServerAuthenticator('SHA-256',
channel_binding=False, password_database=PasswdDb())
m = self.negotiateCapabilities(['sasl'], auth=auth)
self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['SCRAM-SHA-256']))
self.sendLine('AUTHENTICATE +')
m = self.getMessage()
self.assertEqual(m.command, 'AUTHENTICATE', m)
client_first = base64.b64decode(m.params[0])
response = authenticator.start(properties={}, initial_response=client_first)
assert isinstance(response, bytes), response
self.sendLine('AUTHENTICATE :' + base64.b64encode(response).decode())
m = self.getMessage()
self.assertEqual(m.command, 'AUTHENTICATE', m)
msg = base64.b64decode(m.params[0])
r = authenticator.response(msg)
assert isinstance(r, tuple), r
assert len(r) == 2, r
(properties, response) = r
self.sendLine('AUTHENTICATE :' + base64.b64encode(response).decode())
self.assertEqual(properties, {'authzid': None, 'username': 'jilles'})
@cases.OptionalityHelper.skipUnlessHasMechanism('SCRAM-SHA-256')
def testScramBadPassword(self):
"""Test SCRAM-SHA-256 authentication with a bad password.
"""
auth = authentication.Authentication(
mechanisms=[authentication.Mechanisms.scram_sha_256],
username='jilles',
password='sesame',
)
class PasswdDb:
def get_password(self, *args):
return ('notsesame', 'plain')
authenticator = scram.SCRAMServerAuthenticator('SHA-256',
channel_binding=False, password_database=PasswdDb())
m = self.negotiateCapabilities(['sasl'], auth=auth)
self.assertEqual(m, Message([], None, 'AUTHENTICATE', ['SCRAM-SHA-256']))
self.sendLine('AUTHENTICATE +')
m = self.getMessage()
self.assertEqual(m.command, 'AUTHENTICATE', m)
client_first = base64.b64decode(m.params[0])
response = authenticator.start(properties={}, initial_response=client_first)
assert isinstance(response, bytes), response
self.sendLine('AUTHENTICATE :' + base64.b64encode(response).decode())
m = self.getMessage()
self.assertEqual(m.command, 'AUTHENTICATE', m)
msg = base64.b64decode(m.params[0])
with self.assertRaises(scram.NotAuthorizedException):
authenticator.response(msg)
class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper, class Irc302SaslTestCase(cases.BaseClientTestCase, cases.ClientNegociationHelper,
cases.OptionalityHelper): cases.OptionalityHelper):
@cases.OptionalityHelper.skipUnlessHasMechanism('PLAIN') @cases.OptionalityHelper.skipUnlessHasMechanism('PLAIN')

3
irctest/controllers/limnoria.py
View File

@ -9,6 +9,7 @@ TEMPLATE_CONFIG = """
supybot.directories.conf: {directory}/conf supybot.directories.conf: {directory}/conf
supybot.directories.data: {directory}/data supybot.directories.data: {directory}/data
supybot.directories.migrations: {directory}/migrations supybot.directories.migrations: {directory}/migrations
supybot.log.level: DEBUG
supybot.log.stdout.level: {loglevel} supybot.log.stdout.level: {loglevel}
supybot.networks: testnet supybot.networks: testnet
@ -27,7 +28,7 @@ supybot.networks.testnet.sasl.mechanisms: {mechanisms}
class LimnoriaController(BaseClientController, DirectoryBasedController): class LimnoriaController(BaseClientController, DirectoryBasedController):
software_name = 'Limnoria' software_name = 'Limnoria'
supported_sasl_mechanisms = { supported_sasl_mechanisms = {
'PLAIN', 'ECDSA-NIST256P-CHALLENGE', 'EXTERNAL', 'PLAIN', 'ECDSA-NIST256P-CHALLENGE', 'SCRAM-SHA-256', 'EXTERNAL',
} }
def create_config(self): def create_config(self):
super().create_config() super().create_config()

1
requirements.txt
View File

@ -1,3 +1,4 @@
limnoria > 2012.08.04 # Needs MultipleReplacer, from 1a64f105 limnoria > 2012.08.04 # Needs MultipleReplacer, from 1a64f105
psutil >= 3.1.0 # Fixes #640 psutil >= 3.1.0 # Fixes #640
ecdsa ecdsa
pyxmpp2_scram