// Test that the signup with saving the secret, logout, then login
// flow works.
func TestSignupWithStoreThenLogin(t *testing.T) {
tc := SetupEngineTest(t, "signup with store then login")
defer tc.Cleanup()
fu := NewFakeUserOrBust(tc.T, "lssl")
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
arg := MakeTestSignupEngineRunArg(fu)
arg.StoreSecret = true
_ = SignupFakeUserWithArg(tc, fu, arg)
Logout(tc)
// TODO: Mock out the SecretStore and make sure that it's
// actually consulted.
if err := tc.G.LoginState().LoginWithStoredSecret(fu.Username, nil); err != nil {
t.Error(err)
}
if err := libkb.ClearStoredSecret(tc.G, fu.NormalizedUsername()); err != nil {
t.Error(err)
}
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
}
func (e *ResetEngine) Run(ctx *Context) (err error) {
username := e.G().Env.GetUsername()
if clearSecretErr := libkb.ClearStoredSecret(username); clearSecretErr != nil {
e.G().Log.Warning("ClearStoredSecret error: %s", clearSecretErr)
}
if err = e.G().Logout(); err != nil {
return
}
if _, err = e.G().LocalDb.Nuke(); err != nil {
return
}
return
}
func (e *DeprovisionEngine) Run(ctx *Context) (err error) {
// Deprovision steps
// =================
// 1. If the user is logged in:
// a) Revoke all the current device's keys.
// b) Log out.
// 2. Delete all the user's secret keys!!!
// 3. Delete the user from the config file.
// 4. Db nuke.
if e.doRevoke {
err = e.attemptLoggedInRevoke(ctx)
if err != nil {
return
}
}
if clearSecretErr := libkb.ClearStoredSecret(e.G(), e.username); clearSecretErr != nil {
e.G().Log.Warning("ClearStoredSecret error: %s", clearSecretErr)
}
// XXX: Delete the user's secret keyring. It's very important that we never
// do this to the wrong user. Please do not copy this code :)
ctx.LogUI.Info("Deleting %s's secret keys file...", e.username.String())
filename := e.G().SKBFilenameForUser(e.username)
err = os.Remove(filename)
if err != nil {
return fmt.Errorf("Failed to delete secret key file: %s", err)
}
ctx.LogUI.Info("Deleting %s from config.json...", e.username.String())
if err = e.G().Env.GetConfigWriter().NukeUser(e.username); err != nil {
return
}
// The config entries we just nuked could still be in memory. Clear them.
e.G().Env.GetConfigWriter().SetUserConfig(nil, true /* overwrite; ignored */)
ctx.LogUI.Info("Clearing the local cache db...")
if _, err = e.G().LocalDb.Nuke(); err != nil {
return
}
ctx.LogUI.Info("Deprovision finished.")
return
}
// Test that the login flow with passphrase and with saving the secret
// works.
func TestLoginWithPassphraseWithStore(t *testing.T) {
// TODO: Get this working on non-OS X platforms (by mocking
// out the SecretStore).
if !libkb.HasSecretStore() {
t.Skip("Skipping test since there is no secret store")
}
tc := SetupEngineTest(t, "login with passphrase (with store)")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "lwpws")
Logout(tc)
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
if err := tc.G.LoginState().LoginWithPassphrase(fu.Username, fu.Passphrase, true, nil); err != nil {
t.Error(err)
}
Logout(tc)
if !userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly does not have a stored secret", fu.Username)
}
// TODO: Mock out the SecretStore and make sure that it's
// actually consulted.
if err := tc.G.LoginState().LoginWithStoredSecret(fu.Username, nil); err != nil {
t.Error(err)
}
if err := libkb.ClearStoredSecret(fu.NormalizedUsername()); err != nil {
t.Error(err)
}
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
}
func (h *LoginHandler) ClearStoredSecret(_ context.Context, arg keybase1.ClearStoredSecretArg) error {
return libkb.ClearStoredSecret(h.G(), libkb.NewNormalizedUsername(arg.Username))
}
func (e *DeprovisionEngine) Run(ctx *Context) (err error) {
// Deprovision steps
// =================
// 1. If the user is logged in:
// a) Revoke all the current device's keys.
// b) Log out.
// 2. Delete all the user's secret keys!!!
// 3. Delete the user from the config file.
// 4. Db nuke.
// If the user to deprovision is currently logged in, we need to revoke
// their keys and then log out.
isLoggedIn, err := IsLoggedIn(e, ctx)
if err != nil {
return err
}
if e.G().Env.GetUsername().Eq(e.username) && isLoggedIn {
revokeArg := RevokeDeviceEngineArgs{
ID: e.G().Env.GetDeviceID(),
Force: true,
}
revokeEng := NewRevokeDeviceEngine(revokeArg, e.G())
err = revokeEng.Run(ctx)
if err != nil {
return err
}
ctx.LogUI.Info("Logging out...")
if err = e.G().Logout(); err != nil {
return
}
} else {
ctx.LogUI.Warning("User %s is not logged in, so we aren't revoking their keys on the server.", e.username)
ctx.LogUI.Warning("To do that yourself, use `keybase device remove` from a logged in device.")
}
if clearSecretErr := libkb.ClearStoredSecret(e.G(), e.username); clearSecretErr != nil {
e.G().Log.Warning("ClearStoredSecret error: %s", clearSecretErr)
}
// XXX: Delete the user's secret keyring. It's very important that we never
// do this to the wrong user. Please do not copy this code :)
ctx.LogUI.Info("Deleting %s's secret keys file...", e.username.String())
filename := e.G().SKBFilenameForUser(e.username)
err = os.Remove(filename)
if err != nil {
return fmt.Errorf("Failed to delete secret key file: %s", err)
}
ctx.LogUI.Info("Deleting %s from config.json...", e.username.String())
if err = e.G().Env.GetConfigWriter().NukeUser(e.username); err != nil {
return
}
// The config entries we just nuked could still be in memory. Clear them.
e.G().Env.GetConfigWriter().SetUserConfig(nil, true /* overwrite; ignored */)
ctx.LogUI.Info("Clearing the local cache db...")
if _, err = e.G().LocalDb.Nuke(); err != nil {
return
}
ctx.LogUI.Info("Deprovision finished.")
return
}
// Test that the login flow using the secret store works.
func TestLoginWithStoredSecret(t *testing.T) {
// TODO: Get this working on non-OS X platforms (by mocking
// out the SecretStore).
if !libkb.HasSecretStore() {
t.Skip("Skipping test since there is no secret store")
}
tc := SetupEngineTest(t, "login with stored secret")
defer tc.Cleanup()
fu := CreateAndSignupFakeUser(tc, "lwss")
Logout(tc)
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
mockGetPassphrase := &GetKeybasePassphraseMock{
Passphrase: fu.Passphrase,
StoreSecret: true,
}
if err := tc.G.LoginState().LoginWithPrompt("", nil, mockGetPassphrase, nil); err != nil {
t.Fatal(err)
}
mockGetPassphrase.CheckLastErr(t)
if !mockGetPassphrase.Called {
t.Errorf("secretUI.GetKeybasePassphrase() unexpectedly not called")
}
Logout(tc)
if !userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly does not have a stored secret", fu.Username)
}
// TODO: Mock out the SecretStore and make sure that it's
// actually consulted.
if err := tc.G.LoginState().LoginWithStoredSecret(fu.Username, nil); err != nil {
t.Error(err)
}
Logout(tc)
if err := libkb.ClearStoredSecret(fu.NormalizedUsername()); err != nil {
t.Error(err)
}
if userHasStoredSecret(&tc, fu.Username) {
t.Errorf("User %s unexpectedly has a stored secret", fu.Username)
}
if err := tc.G.LoginState().LoginWithStoredSecret(fu.Username, nil); err == nil {
t.Error("Did not get expected error")
}
if err := tc.G.LoginState().LoginWithStoredSecret("", nil); err == nil {
t.Error("Did not get expected error")
}
fu = CreateAndSignupFakeUser(tc, "lwss")
Logout(tc)
if err := tc.G.LoginState().LoginWithStoredSecret(fu.Username, nil); err == nil {
t.Error("Did not get expected error")
}
}