summaryrefslogtreecommitdiff
path: root/tools/communityauth/test_auth.py
blob: 716ed775246f82826549d62bba9c1a67398a424e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

#!/usr/bin/env python3

#
# This script generates a URL valid for a test authentication,
# so the full website integration isn't necessary.
#

import sys
from Cryptodome import Random
from Cryptodome.Cipher import AES
import base64
import time
import urllib.parse
from optparse import OptionParser


if __name__ == "__main__":
    parser = OptionParser()
    parser.add_option("-k", "--key", dest="key")
    parser.add_option("-u", "--user", dest="user")
    parser.add_option("-f", "--first", dest="first")
    parser.add_option("-l", "--last", dest="last")
    parser.add_option("-e", "--email", dest="email")

    (options, args) = parser.parse_args()

    if len(args) != 0:
        parser.print_usage()
        sys.exit(1)

    if not options.key:
        options.key = input("Enter key (BASE64 encoded): ")
    if not options.user:
        options.user = input("Enter username: ")
    if not options.first:
        options.first = "FirstName"
    if not options.last:
        options.last = "LastName"
    if not options.email:
        options.email = "test@example.com"

    # This is basically a rip of the view in accounts/views.py
    info = {
        'u': options.user,
        'f': options.first,
        'l': options.last,
        'e': options.email,
    }

    # Turn this into an URL. Make sure the timestamp is always first, that makes
    # the first block more random..
    # Since this is a fake authentication, put it 5 minutes into the future to
    # give more time to copy/paste it.
    s = "t=%s&%s" % (int(time.time() + 300), urllib.parse.urlencode(info))

    r = Random.new()
    nonce = r.read(16)
    encryptor = AES.new(
        base64.b64decode(options.key),
        AES.MODE_SIV,
        nonce=nonce,
    )
    cipher, tag = encryptor.encrypt_and_digest(s.encode('ascii'))

    redirparams = {
        'd': base64.urlsafe_b64encode(cipher).decode('ascii'),
        'n': base64.urlsafe_b64encode(nonce).decode('ascii'),
        't': base64.urlsafe_b64encode(tag).decode('ascii'),
    }

    print("Paste the following after the receiving url:")
    print("?" + urllib.parse.urlencode(redirparams))
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-18 09:45:06 +0000