xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit bad21ca093b427b200b3fbdcf2a2e1dd1820f93a

tests: added helper for totp enrollment
Author: Catalin(ux) M. BOIE
Author date (UTC): 2018-08-29 20:59
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2018-08-29 20:59
Parent(s): e761b36efaa37fc3c453e8382127e340bc736bc7
Signing key:
Tree: 68b8f091eadfabe64219aef6553769ea3f9f33a7
File Lines added Lines deleted
root/themes/default/admin/ldap/add_ok.html 0 3
tests/helpers.inc.php 3 1
tests/http_totp.php 7 62
tests/totp.inc.php 102 0
File root/themes/default/admin/ldap/add_ok.html deleted (index 81ed927..0000000)
1 <div class="mess ok">
2 Plan has been successfully added/edited.
3 </div>
File tests/helpers.inc.php changed (mode: 100644) (index 7d7e0ac..d6ba475)
1 1 <?php <?php
2 2 // Some helper functions dealing with users/repos/bugs/etc. // Some helper functions dealing with users/repos/bugs/etc.
3 3
4 include_once('totp.inc.php');
5
4 6 /* /*
5 7 * Creating a user * Creating a user
6 8 */ */
 
... ... function rg_test_create_user($db, &$rg_ui)
26 28 $new['realname'] = 'realname-' . $_user_id . '<xss>'; $new['realname'] = 'realname-' . $_user_id . '<xss>';
27 29 $new['email'] = 'email-' . $_user_id . '@embedromix.ro'; $new['email'] = 'email-' . $_user_id . '@embedromix.ro';
28 30 $new['is_admin'] = 0; $new['is_admin'] = 0;
29 $new['rights'] = '';
31 $new['rights'] = 'C';
30 32 $new['session_time'] = 3600; $new['session_time'] = 3600;
31 33 $new['confirm_token'] = ''; $new['confirm_token'] = '';
32 34 $new['confirmed'] = 0; $new['confirmed'] = 0;
File tests/http_totp.php changed (mode: 100644) (index 0f3e0b2..2eb88aa)
... ... rg_log_exit();
55 55
56 56
57 57 rg_log(''); rg_log('');
58 rg_log_enter("Do the login without login token (token=$good_token)...");
58 rg_log_enter("Do the login without login token (must fail)...");
59 59 $data = array( $data = array(
60 60 "doit" => 1, "doit" => 1,
61 61 "token" => $good_token, "token" => $good_token,
 
... ... rg_log_exit();
80 80
81 81
82 82 rg_log(''); rg_log('');
83 rg_log_enter("Do the login (token=$good_token login_token=$lt)...");
83 rg_log_enter("Do the login (token=$good_token login_token=$lt) (must work)...");
84 84 $data = array( $data = array(
85 85 "doit" => 1, "doit" => 1,
86 86 "token" => $good_token, "token" => $good_token,
 
... ... if (strstr($r['body'], "invalid user")) {
103 103 rg_log_exit(); rg_log_exit();
104 104
105 105
106 rg_log('');
107 rg_log_enter('Testing device enrollment...');
108 rg_log('Loading enroll form...');
109 $data = array();
110 $headers = array();
111 $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
112 if ($r === FALSE) {
113 rg_log("Cannot load enroll page!");
114 exit(1);
115 }
116 $good_token = $r['tokens']['user_totp_enroll'];
117 $key = isset($r['totp_secret']) ? $r['totp_secret'] : FALSE;
118 if ($key === FALSE) {
119 rg_log_ml('r: ' . print_r($r, TRUE));
120 rg_log("Cannot find totp::secret!");
121 exit(1);
122 }
123 rg_log('Posting the enroll form...');
124 $data = array(
125 'enroll' => 1,
126 'token' => $good_token,
127 'totp::name' => 'test',
128 'totp::secret' => $key,
129 'totp::ver' => rg_totp_compute($key, time() / 30, 6)
130 );
131 $headers = array();
132 $r = do_req($test_url . "/op/settings/totp/enroll", $data, $headers);
133 if (!strstr($r['body'], 'You enrolled your new device with success')) {
134 rg_log_ml('r: ' . print_r($r, TRUE));
135 rg_log("Cannot enroll!");
136 exit(1);
137 }
138 $sql = "SELECT 1 FROM login_tokens WHERE secret = '" . $key . "'";
139 $res = rg_sql_query($db, $sql);
140 $rows = rg_sql_num_rows($res);
141 rg_sql_free_result($res);
142 if ($rows != 1) {
143 rg_log("Seems the secret is not in the database!");
106 $r = totp_enroll($db);
107 if ($r['ok'] !== 1)
144 108 exit(1); exit(1);
145 }
146 rg_log_exit();
147 109
148 110
149 111 rg_log(''); rg_log('');
150 112 rg_log_enter('Testing the deletion of scratch codes'); rg_log_enter('Testing the deletion of scratch codes');
151 113 $sc1 = rg_test_sc_generate($db, $rg_ui); $sc1 = rg_test_sc_generate($db, $rg_ui);
152 sleep(1); // to not have the same itime
114 sleep(1); // to not have the same itime; TODO: we will add uids to scratch_codes table
153 115 $sc2 = rg_test_sc_generate($db, $rg_ui); $sc2 = rg_test_sc_generate($db, $rg_ui);
154 116 $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
155 117 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
 
... ... while (($row = rg_sql_fetch_array($res))) {
160 122 rg_sql_free_result($res); rg_sql_free_result($res);
161 123 rg_log_ml('list=' . print_r($list, TRUE)); rg_log_ml('list=' . print_r($list, TRUE));
162 124
163 $headers = array();
164 $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
165 if ($r === FALSE) {
166 rg_log("Cannot load sc page!");
125 $r = totp_scratch_delete($list);
126 if ($r['ok'] !== 1)
167 127 exit(1); exit(1);
168 }
169 $good_token = $r['tokens']['sc'];
170
171 $data = array(
172 'delete' => 1,
173 'token' => $good_token,
174 'delete_list[' . $list[0] . ']' => 'on',
175 'delete_list[' . $list[1] . ']' => 'on'
176 );
177 $headers = array();
178 $r = do_req($test_url . "/op/settings/totp/sc", $data, $headers);
179 if (!strstr($r['body'], 'success')) {
180 rg_log("Cannot delete scratch codes!");
181 exit(1);
182 }
183 128 $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid']; $sql = "SELECT DISTINCT itime FROM scratch_codes WHERE uid = " . $rg_ui['uid'];
184 129 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
185 130 $rows = rg_sql_num_rows($res); $rows = rg_sql_num_rows($res);
File tests/totp.inc.php added (mode: 100644) (index 0000000..3fac13e)
1 <?php
2 // Here are helpers for 2fa enrollment
3
4 /*
5 * Do the http 2fa enrollment
6 * Will return the key.
7 */
8 function totp_enroll($db)
9 {
10 global $test_url;
11
12 rg_log_enter('test_enroll');
13
14 $ret = array('ok' => 0);
15 while (1) {
16 rg_log('Loading enroll form...');
17 $data = array(); $headers = array();
18 $r = do_req($test_url . '/op/settings/totp/enroll', $data, $headers);
19 if ($r === FALSE) {
20 rg_log('Cannot load enroll page!');
21 break;
22 }
23 $good_token = $r['tokens']['user_totp_enroll'];
24 $key = isset($r['totp_secret']) ? $r['totp_secret'] : FALSE;
25 if ($key === FALSE) {
26 rg_log_ml('r: ' . print_r($r, TRUE));
27 rg_log('Cannot find totp::secret!');
28 break;
29 }
30 $ret['key'] = $key; // we may need it
31
32 rg_log('Posting the enroll form...');
33 $data = array(
34 'enroll' => 1,
35 'token' => $good_token,
36 'totp::name' => 'test',
37 'totp::secret' => $key,
38 'totp::ver' => rg_totp_compute($key, time() / 30, 6)
39 );
40 $headers = array();
41 $r = do_req($test_url . '/op/settings/totp/enroll', $data, $headers);
42 if (!strstr($r['body'], 'You enrolled your new device with success')) {
43 rg_log_ml('r: ' . print_r($r, TRUE));
44 rg_log('Cannot enroll!');
45 break;
46 }
47 $sql = "SELECT 1 FROM login_tokens WHERE secret = '" . $key . "'";
48 $res = rg_sql_query($db, $sql);
49 $rows = rg_sql_num_rows($res);
50 rg_sql_free_result($res);
51 if ($rows != 1) {
52 rg_log('Secret not found in the database!');
53 break;
54 }
55
56 $ret['ok'] = 1;
57 break;
58 }
59
60 rg_log_exit();
61 return $ret;
62 }
63
64 /*
65 * Deletes scratch codes
66 */
67 function totp_scratch_delete($list)
68 {
69 global $test_url;
70
71 rg_log_enter('totp_scratch_delete');
72
73 $ret = array('ok' => 0);
74 while (1) {
75 $headers = array();
76 $r = do_req($test_url . '/op/settings/totp/sc', $data, $headers);
77 if ($r === FALSE) {
78 rg_log('Cannot load sc page!');
79 break;
80 }
81 $good_token = $r['tokens']['sc'];
82
83 $data = array(
84 'delete' => 1,
85 'token' => $good_token
86 );
87 foreach ($list as $id)
88 $data['delete_list[' . $id . ']'] = 'on';
89 $headers = array();
90 $r = do_req($test_url . '/op/settings/totp/sc', $data, $headers);
91 if (!strstr($r['body'], 'success')) {
92 rg_log('Cannot delete scratch codes!');
93 break;
94 }
95
96 $ret['ok'] = 1;
97 break;
98 }
99
100 rg_log_exit();
101 return $ret;
102 }
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master