func getFakeUsersBundlesList(tc libkb.TestContext, fu *FakeUser) []string {
	arg := libkb.NewLoadUserForceArg(tc.G)
	arg.Name = fu.Username
	user, err := libkb.LoadUser(arg)
	if err != nil {
		tc.T.Fatal("Failed loading user", err)
	}
	return user.GetKeyFamily().BundlesForTesting
}
Beispiel #2
0
func paperDevs(tc libkb.TestContext, fu *FakeUser) (*libkb.User, []*libkb.Device) {
	arg := libkb.NewLoadUserForceArg(tc.G)
	arg.Name = fu.Username
	u, err := libkb.LoadUser(arg)
	if err != nil {
		tc.T.Fatal(err)
	}
	cki := u.GetComputedKeyInfos()
	if cki == nil {
		tc.T.Fatal("no computed key infos")
	}
	return u, cki.PaperDevices()
}
func getFakeUsersKeyBundleFromServer(tc libkb.TestContext, fu *FakeUser) *libkb.PGPKeyBundle {
	arg := libkb.NewLoadUserForceArg(tc.G)
	arg.Name = fu.Username
	user, err := libkb.LoadUser(arg)
	if err != nil {
		tc.T.Fatal("Failed loading user", err)
	}
	ckf := user.GetComputedKeyFamily()
	keys := ckf.GetActivePGPKeys(true /* sibkeys */)
	if len(keys) != 1 {
		tc.T.Fatal("Expected only one key.")
	}
	return keys[0]
}
func (c *PassphraseChange) loadMe() (err error) {
	c.me, err = libkb.LoadMe(libkb.NewLoadUserForceArg(c.G()))
	return
}
Beispiel #5
0
// test pp change when user has multiple 3sec encrypted pgp keys.
func TestPassphraseChangePGP3SecMultiple(t *testing.T) {
	tc := SetupEngineTest(t, "PassphraseChange")
	defer tc.Cleanup()

	u := createFakeUserWithPGPSibkeyPushed(tc)

	// create/push another pgp key
	parg := PGPKeyImportEngineArg{
		Gen: &libkb.PGPGenArg{
			PrimaryBits: 768,
			SubkeyBits:  768,
		},
		PushSecret: true,
		NoSave:     true,
		AllowMulti: true,
	}
	parg.Gen.MakeAllIds()
	pctx := &Context{
		LogUI:    tc.G.UI.GetLogUI(),
		SecretUI: u.NewSecretUI(),
	}
	peng := NewPGPKeyImportEngine(parg)
	err := RunEngine(peng, pctx)
	if err != nil {
		t.Fatal(err)
	}

	// clear the passphrase stream cache to force a prompt
	// for the existing passphrase.
	tc.G.LoginState().Account(func(a *libkb.Account) {
		a.ClearStreamCache()
	}, "clear stream cache")

	newPassphrase := "password1234"
	arg := &keybase1.PassphraseChangeArg{
		Passphrase: newPassphrase,
	}
	secui := u.NewSecretUI()
	ctx := &Context{
		SecretUI: secui,
	}
	eng := NewPassphraseChange(arg, tc.G)
	if err := RunEngine(eng, ctx); err != nil {
		t.Fatal(err)
	}

	verifyPassphraseChange(tc, u, newPassphrase)

	if !secui.CalledGetKBPassphrase {
		t.Errorf("get kb passphrase not called")
	}

	u.Passphrase = newPassphrase
	assertLoadSecretKeys(tc, u, "passphrase change pgp")
	assertLoadPGPKeys(tc, u)

	me, err := libkb.LoadMe(libkb.NewLoadUserForceArg(tc.G))
	if err != nil {
		t.Fatal(err)
	}
	syncKeys, err := me.AllSyncedSecretKeys(nil)
	if err != nil {
		t.Fatal(err)
	}
	if len(syncKeys) != 2 {
		t.Errorf("num pgp sync keys: %d, expected 2", len(syncKeys))
	}
	for _, key := range syncKeys {
		unlocked, err := key.PromptAndUnlock(nil, "", "", nil, u.NewSecretUI(), nil, me)
		if err != nil {
			t.Fatal(err)
		}
		if unlocked == nil {
			t.Fatal("failed to unlock key")
		}
	}
}
Beispiel #6
0
func (e *LoginEngine) postLogin(ctx *Context, lctx libkb.LoginContext) error {
	// We might need to ID ourselves, so load us in here
	var err error
	arg := libkb.NewLoadUserForceArg(e.G())
	arg.LoginContext = lctx
	e.user, err = libkb.LoadMe(arg)
	if err != nil {
		_, ok := err.(libkb.NoKeyError)
		if !ok {
			return err
		}
	}

	if e.SkipLocksmith {
		ctx.LogUI.Debug("skipping locksmith as requested by LoginArg")
		return nil
	}

	// create a locksmith engine to check the account

	ctx.LoginContext = lctx
	larg := &LocksmithArg{
		User:      e.user,
		CheckOnly: true,
	}
	e.locksmith = NewLocksmith(larg, e.G())
	if err := RunEngine(e.locksmith, ctx); err != nil {
		return err
	}
	if e.locksmith.Status().CurrentDeviceOk {
		if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
			// not a fatal error, session will stay in memory
			e.G().Log.Warning("error saving session file: %s", err)
		}
		return nil
	}

	// need to provision this device

	// need to have passphrase stream cached in order to provision a device
	if lctx.PassphraseStreamCache() == nil {
		// this can happen if:
		// 1. The user is logging in for the first time on a device.
		// 2. Before the device is provisioned, the login is canceled or
		//    interrupted.
		// 3. The daemon restarts (`ctl stop`, machine reboot, bug, etc.)
		// 4. The login session is still valid, so the next login attempt
		//    does not require passphrase.
		//
		// (Note that pubkey login isn't an option until the device is
		// provisioned.)
		//
		// 5. So they get to here without entering their passphrase
		//    and without a cached passphrase stream.
		//    Locksmith won't be able to provision the device without
		//    the passphrase stream, and we can't do
		//    LoginState.verifyPassphraseWithServer since that creates
		//    a new login request and we are in the middle of a login
		//    request.
		//
		// The best we can do here is to logout and tell the user to
		// login again.  This should be a rare scenario.
		//
		lctx.Logout()
		ctx.LogUI.Info("Please run `keybase login` again.  There was an unexpected error since your previous login.")
		return libkb.ReloginRequiredError{}
	}

	larg.CheckOnly = false
	e.locksmith = NewLocksmith(larg, e.G())
	if err := RunEngine(e.locksmith, ctx); err != nil {
		if _, canceled := err.(libkb.CanceledError); canceled {
			lctx.Logout()
		}
		return err
	}

	if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
		// not a fatal error, session will stay in memory
		e.G().Log.Warning("error saving session file: %s", err)
	}
	return nil
}
Beispiel #7
0
func (p *Prove) loadMe() (err error) {
	p.me, err = libkb.LoadMe(libkb.NewLoadUserForceArg(p.G()))
	return
}
Beispiel #8
0
func (e *Doctor) login(ctx *Context) {
	if e.runErr != nil {
		return
	}

	ok, err := IsLoggedIn(e, ctx)
	if err != nil {
		e.runErr = err
		return
	}

	if ok {
		e.G().Log.Debug("logged in already")
		e.user, err = libkb.LoadMe(libkb.NewLoadUserForceArg(e.G()))
		if err != nil {
			e.runErr = err
		}
		return
	}

	e.G().Log.Debug("login necessary")

	c := e.G().Env.GetConfig()
	if c == nil {
		e.runErr = libkb.NoUserConfigError{}
		return
	}

	current, other, err := c.GetAllUsernames()
	if err != nil {
		e.runErr = err
		return
	}
	e.G().Log.Debug("current: %s", current)
	e.G().Log.Debug("others: %v", other)
	if len(current) == 0 && len(other) == 0 {
		e.G().Log.Debug("no user accounts found on this device")
		e.runErr = errors.New("No user accounts were found on this device.  Run 'keybase signup' if you need an account or 'keybase login' if you already have one.")
		return
	}

	// Export the NormalizedUsernames to regular strings
	othersExp := []string{}
	for _, o := range other {
		othersExp = append(othersExp, o.String())
	}

	selected, err := ctx.DoctorUI.LoginSelect(context.TODO(), current.String(), othersExp)
	if err != nil {
		e.runErr = err
		return
	}
	if len(selected) == 0 {
		e.runErr = errors.New("no user selected for login")
		return
	}
	e.G().Log.Debug("selected account %q for login", selected)

	eng := NewLoginWithPromptEngineSkipLocksmith(selected, e.G())
	if err := RunEngine(eng, ctx); err != nil {
		e.runErr = err
		return
	}

	e.G().Log.Debug("login as %q successful.", selected)
	e.user = eng.User()
}