func getFakeUsersBundlesList(tc libkb.TestContext, fu *FakeUser) []string {
arg := libkb.NewLoadUserForceArg(tc.G)
arg.Name = fu.Username
user, err := libkb.LoadUser(arg)
if err != nil {
tc.T.Fatal("Failed loading user", err)
}
return user.GetKeyFamily().BundlesForTesting
}
func paperDevs(tc libkb.TestContext, fu *FakeUser) (*libkb.User, []*libkb.Device) {
arg := libkb.NewLoadUserForceArg(tc.G)
arg.Name = fu.Username
u, err := libkb.LoadUser(arg)
if err != nil {
tc.T.Fatal(err)
}
cki := u.GetComputedKeyInfos()
if cki == nil {
tc.T.Fatal("no computed key infos")
}
return u, cki.PaperDevices()
}
func getFakeUsersKeyBundleFromServer(tc libkb.TestContext, fu *FakeUser) *libkb.PGPKeyBundle {
arg := libkb.NewLoadUserForceArg(tc.G)
arg.Name = fu.Username
user, err := libkb.LoadUser(arg)
if err != nil {
tc.T.Fatal("Failed loading user", err)
}
ckf := user.GetComputedKeyFamily()
keys := ckf.GetActivePGPKeys(true /* sibkeys */)
if len(keys) != 1 {
tc.T.Fatal("Expected only one key.")
}
return keys[0]
}
func (c *PassphraseChange) loadMe() (err error) {
c.me, err = libkb.LoadMe(libkb.NewLoadUserForceArg(c.G()))
return
}
// test pp change when user has multiple 3sec encrypted pgp keys.
func TestPassphraseChangePGP3SecMultiple(t *testing.T) {
tc := SetupEngineTest(t, "PassphraseChange")
defer tc.Cleanup()
u := createFakeUserWithPGPSibkeyPushed(tc)
// create/push another pgp key
parg := PGPKeyImportEngineArg{
Gen: &libkb.PGPGenArg{
PrimaryBits: 768,
SubkeyBits: 768,
},
PushSecret: true,
NoSave: true,
AllowMulti: true,
}
parg.Gen.MakeAllIds()
pctx := &Context{
LogUI: tc.G.UI.GetLogUI(),
SecretUI: u.NewSecretUI(),
}
peng := NewPGPKeyImportEngine(parg)
err := RunEngine(peng, pctx)
if err != nil {
t.Fatal(err)
}
// clear the passphrase stream cache to force a prompt
// for the existing passphrase.
tc.G.LoginState().Account(func(a *libkb.Account) {
a.ClearStreamCache()
}, "clear stream cache")
newPassphrase := "password1234"
arg := &keybase1.PassphraseChangeArg{
Passphrase: newPassphrase,
}
secui := u.NewSecretUI()
ctx := &Context{
SecretUI: secui,
}
eng := NewPassphraseChange(arg, tc.G)
if err := RunEngine(eng, ctx); err != nil {
t.Fatal(err)
}
verifyPassphraseChange(tc, u, newPassphrase)
if !secui.CalledGetKBPassphrase {
t.Errorf("get kb passphrase not called")
}
u.Passphrase = newPassphrase
assertLoadSecretKeys(tc, u, "passphrase change pgp")
assertLoadPGPKeys(tc, u)
me, err := libkb.LoadMe(libkb.NewLoadUserForceArg(tc.G))
if err != nil {
t.Fatal(err)
}
syncKeys, err := me.AllSyncedSecretKeys(nil)
if err != nil {
t.Fatal(err)
}
if len(syncKeys) != 2 {
t.Errorf("num pgp sync keys: %d, expected 2", len(syncKeys))
}
for _, key := range syncKeys {
unlocked, err := key.PromptAndUnlock(nil, "", "", nil, u.NewSecretUI(), nil, me)
if err != nil {
t.Fatal(err)
}
if unlocked == nil {
t.Fatal("failed to unlock key")
}
}
}
func (e *LoginEngine) postLogin(ctx *Context, lctx libkb.LoginContext) error {
// We might need to ID ourselves, so load us in here
var err error
arg := libkb.NewLoadUserForceArg(e.G())
arg.LoginContext = lctx
e.user, err = libkb.LoadMe(arg)
if err != nil {
_, ok := err.(libkb.NoKeyError)
if !ok {
return err
}
}
if e.SkipLocksmith {
ctx.LogUI.Debug("skipping locksmith as requested by LoginArg")
return nil
}
// create a locksmith engine to check the account
ctx.LoginContext = lctx
larg := &LocksmithArg{
User: e.user,
CheckOnly: true,
}
e.locksmith = NewLocksmith(larg, e.G())
if err := RunEngine(e.locksmith, ctx); err != nil {
return err
}
if e.locksmith.Status().CurrentDeviceOk {
if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
// not a fatal error, session will stay in memory
e.G().Log.Warning("error saving session file: %s", err)
}
return nil
}
// need to provision this device
// need to have passphrase stream cached in order to provision a device
if lctx.PassphraseStreamCache() == nil {
// this can happen if:
// 1. The user is logging in for the first time on a device.
// 2. Before the device is provisioned, the login is canceled or
// interrupted.
// 3. The daemon restarts (`ctl stop`, machine reboot, bug, etc.)
// 4. The login session is still valid, so the next login attempt
// does not require passphrase.
//
// (Note that pubkey login isn't an option until the device is
// provisioned.)
//
// 5. So they get to here without entering their passphrase
// and without a cached passphrase stream.
// Locksmith won't be able to provision the device without
// the passphrase stream, and we can't do
// LoginState.verifyPassphraseWithServer since that creates
// a new login request and we are in the middle of a login
// request.
//
// The best we can do here is to logout and tell the user to
// login again. This should be a rare scenario.
//
lctx.Logout()
ctx.LogUI.Info("Please run `keybase login` again. There was an unexpected error since your previous login.")
return libkb.ReloginRequiredError{}
}
larg.CheckOnly = false
e.locksmith = NewLocksmith(larg, e.G())
if err := RunEngine(e.locksmith, ctx); err != nil {
if _, canceled := err.(libkb.CanceledError); canceled {
lctx.Logout()
}
return err
}
if err := lctx.LocalSession().SetDeviceProvisioned(e.G().Env.GetDeviceID()); err != nil {
// not a fatal error, session will stay in memory
e.G().Log.Warning("error saving session file: %s", err)
}
return nil
}
func (p *Prove) loadMe() (err error) {
p.me, err = libkb.LoadMe(libkb.NewLoadUserForceArg(p.G()))
return
}
func (e *Doctor) login(ctx *Context) {
if e.runErr != nil {
return
}
ok, err := IsLoggedIn(e, ctx)
if err != nil {
e.runErr = err
return
}
if ok {
e.G().Log.Debug("logged in already")
e.user, err = libkb.LoadMe(libkb.NewLoadUserForceArg(e.G()))
if err != nil {
e.runErr = err
}
return
}
e.G().Log.Debug("login necessary")
c := e.G().Env.GetConfig()
if c == nil {
e.runErr = libkb.NoUserConfigError{}
return
}
current, other, err := c.GetAllUsernames()
if err != nil {
e.runErr = err
return
}
e.G().Log.Debug("current: %s", current)
e.G().Log.Debug("others: %v", other)
if len(current) == 0 && len(other) == 0 {
e.G().Log.Debug("no user accounts found on this device")
e.runErr = errors.New("No user accounts were found on this device. Run 'keybase signup' if you need an account or 'keybase login' if you already have one.")
return
}
// Export the NormalizedUsernames to regular strings
othersExp := []string{}
for _, o := range other {
othersExp = append(othersExp, o.String())
}
selected, err := ctx.DoctorUI.LoginSelect(context.TODO(), current.String(), othersExp)
if err != nil {
e.runErr = err
return
}
if len(selected) == 0 {
e.runErr = errors.New("no user selected for login")
return
}
e.G().Log.Debug("selected account %q for login", selected)
eng := NewLoginWithPromptEngineSkipLocksmith(selected, e.G())
if err := RunEngine(eng, ctx); err != nil {
e.runErr = err
return
}
e.G().Log.Debug("login as %q successful.", selected)
e.user = eng.User()
}