Commit e159aa7e authored by johan's avatar johan

Fix nodejs test server

- remove the user digest auth as it was
-- broken
-- useless: testing user auth is not in scope of lime v2 lib
parent a251d736
......@@ -6,7 +6,7 @@ Sesame, double ratchet and X3DH. https://signal.org/docs/
Lime can run the Signal Protocol using elliptic curve 25519 or curve 448-goldilocks.
It is designed to work jointly with *Linphone*[1]
It is designed to work jointly with *Linphone*[1] in a multiple devices per user and multiple users per device environment.
Dependencies
------------
......@@ -45,12 +45,6 @@ Testing
- A php/mysql (on docker) version of UNSECURE X3DH server is provided in *tester/server/php*
See README from this directory for instructions.
A test instance of the nodejs X3DH server shall be running on sip5.linphone.org.
The main difference between the two versions of test server is that nodejs will
request user authentification (accepting any command with some test credentials)
while the PHP version is not performing any sort of user authentication.
Library settings
----------------
Some mostly harmless settings are available in src/lime_settings.hpp
......
No preview for this file type
......@@ -452,12 +452,7 @@ any session-based message encryption algorithm that meets certain conditions.}\t
\textit{initiator} being the device who initiates the session (Alice in the X3DH spec) by fetching a keys bundle on the X3DH server and \textit{receiver} being the recipient device of the first message (Bob in the X3DH spec).
\subsubsection{X3DH test server}
\paragraph*{PHP}: An X3DH test server running on nginx/mysql/php docker container is provided with the lime library source code. This server is not meant to be used in production and its purpose is for testing only. This server lacks user authentication layer, which in real use case is provided by the linphone ecosystem.
\paragraph*{Nodejs}: An X3DH test server running on nodejs is provided with the Lime library source code. This server is not meant to be used in production and its purpose is for testing only. It includes a basic user authentication(to the purpose of testing the correct implementation of it in a client) but let any authenticated user run commands in the name of others.Open instances of this version of the test server shall be running on https://sip5.linphone.org:25519 (operating with curve 25519) and https://sip5.linphone.org:25520 (operating with curve 448) accepting connection identified as anyone using the credentials:
\begin{itemize}
\item username: "alice"
\item password: "you see the problem is this"
\end{itemize}
\paragraph*{Nodejs}: An X3DH test server running on nodejs is provided with the Lime library source code. This server is not meant to be used in production and its purpose is for testing only. This server lacks user authentication layer, which in real use case is provided by the linphone ecosystem.
\subsection{Sesame}
\paragraph{}The Sesame requirements are fulfilled as follow:
\begin{itemize}
......
......@@ -164,13 +164,6 @@ int wait_for(belle_sip_stack_t*s1,int* counter,int value,int timeout);
extern template void dr_sessionsInit<C448>(std::shared_ptr<DR<C448>> &alice, std::shared_ptr<DR<C448>> &bob, std::shared_ptr<lime::Db> &localStorageAlice, std::shared_ptr<lime::Db> &localStorageBob, std::string dbFilenameAlice, std::string dbFilenameBob, bool initStorage, std::shared_ptr<RNG> RNG_context);
extern template void dr_devicesInit<C448>(std::string dbBaseFilename, std::vector<std::vector<std::vector<std::vector<sessionDetails<C448>>>>> &users, std::vector<std::string> &usernames, std::vector<std::string> &createdDBfiles, std::shared_ptr<RNG> RNG_context);
#endif
// the test server has only one user registered but accept commands from any users using this credentials
// a real server would obviously not do that and execute commands based on the username given as credentials
// not based on the From field of HTPP packets
const std::string test_server_user_name{"alice"};
const std::string test_server_user_password{"you see the problem is this"};
} // namespace lime_tester
#endif
......@@ -89,12 +89,10 @@ static void process_auth_requested (void *data, belle_sip_auth_event_t *event){
// and set it as username to retrieve the correct credentials and send them back
LIME_LOGI<<"Accessing credentials for user "<<std::string(userData->username.data());
// for test purpose we use a server which accept commands in name of any user using credentials of the only one user active on it
// so we will set the username with the one test server accepts but real life example shall use the correct credentials
belle_sip_auth_event_set_username(event, lime_tester::test_server_user_name.data());
// In real world we shall provide the password for the requested user as below
belle_sip_auth_event_set_passwd(event, lime_tester::test_server_user_password.data());
// for test purpose we use a server which accept commands in name of any user without credentials
// just do nothing here while we shall put password and username
// belle_sip_auth_event_set_username(event, <place here the username>);
// belle_sip_auth_event_set_passwd(event, <place here the user password>);
}
static void process_io_error(void *data, const belle_sip_io_error_event_t *event) noexcept{
......
......@@ -59,18 +59,6 @@ static int http_after_all(void) {
return 0;
}
/* This is the callback used for authentication on the test server.
* Test server holds only one user which is used for all connections(which MUST not work on a real server)
*/
static void process_auth_requested (void *data, belle_sip_auth_event_t *event){
// for test purpose we use a server which accept commands in name of any user using credential of the only one user active on it
// so we will crash the username with the one test server accepts
belle_sip_auth_event_set_username(event, lime_tester::test_server_user_name.data());
// In real world we shall provide the password for the requested user as below
belle_sip_auth_event_set_passwd(event, lime_tester::test_server_user_password.data());
}
struct C_Callback_userData {
const limeX3DHServerResponseProcess responseProcess;
const std::string username; // the username sending message, used for logs
......@@ -132,7 +120,6 @@ static limeX3DHServerPostData X3DHServerPost([](const std::string &url, const st
belle_sip_message_set_body_handler(BELLE_SIP_MESSAGE(req),BELLE_SIP_BODY_HANDLER(bh));
cbs.process_response=process_response;
cbs.process_io_error=process_io_error;
cbs.process_auth_requested=process_auth_requested;
// store a reference to the responseProcess function in a wrapper as belle-sip request C-style callbacks with a void * user data parameter, C++ implementation shall
// use lambda and capture the function.
C_Callback_userData *userData = new C_Callback_userData(responseProcess, from); // create on the heap a copy of the responseProcess closure so it's available when we're called back by belle-sip
......
......@@ -61,18 +61,6 @@ static int http_after_all(void) {
return 0;
}
/* This is the callback used for authentication on the test server.
* Test server holds only one user which is used for all connections(which MUST not work on a real server)
*/
static void process_auth_requested (void *data, belle_sip_auth_event_t *event){
// for test purpose we use a server which accept commands in name of any user using credential of the only one user active on it
// so we will crash the username with the one test server accepts
belle_sip_auth_event_set_username(event, lime_tester::test_server_user_name.data());
// In real world we shall provide the password for the requested user as below
belle_sip_auth_event_set_passwd(event, lime_tester::test_server_user_password.data());
}
struct C_Callback_userData {
const limeX3DHServerResponseProcess responseProcess;
const std::string username; // the username sending message, used for logs
......@@ -134,7 +122,6 @@ static limeX3DHServerPostData X3DHServerPost([](const std::string &url, const st
belle_sip_message_set_body_handler(BELLE_SIP_MESSAGE(req),BELLE_SIP_BODY_HANDLER(bh));
cbs.process_response=process_response;
cbs.process_io_error=process_io_error;
cbs.process_auth_requested=process_auth_requested;
// store a reference to the responseProcess function in a wrapper as belle-sip request C-style callbacks with a void * user data parameter, C++ implementation shall
// use lambda and capture the function.
C_Callback_userData *userData = new C_Callback_userData(responseProcess, from); // create on the heap a copy of the responseProcess closure so it's available when we're called back by belle-sip
......
......@@ -13,14 +13,8 @@ Requirements
- sqlite3
- certificate(default x3dh-cert.pem)
- associated private key(default x3dh-key.pem)
- password file(htpasswd)
The certificate must also be accessible to tester client.
Tester client must connect using the credentials in password file.
Default credentials are:
username : "alice"
password : "you see the problem is this"
Install
-------
......
alice:limeTester:5a8428abbb669f03a8f28750fb2a6c6f
......@@ -5,10 +5,9 @@
"main": "x3dh.js",
"dependencies": {
"rwlock": "^5.0.0",
"sqlite3": "^3.1.13",
"sqlite3": "^4.0.2",
"yargs": "^9.0.1",
"http-auth": "^3.2.3"
},
,
"devDependencies": {},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
......
......@@ -75,11 +75,6 @@ const yargs = require('yargs')
.argv;
const https = require('https');
const auth = require('http-auth');
var digest = auth.digest({
realm: "limeTester",
file: yargs.resource_dir+"/"+yargs.passwords
});
const fs = require('fs');
const sqlite3 = require('sqlite3').verbose();
const ReadWriteLock = require('rwlock');
......@@ -201,7 +196,7 @@ function deleteUser(userId) {
// start https server
console.log("X3DH server on, listening port "+yargs.port);
https.createServer(digest, options, (req, res) => {
https.createServer(options, (req, res) => {
function returnError(code, errorMessage) {
console.log("return an error message code "+code+" : "+errorMessage);
var errorBuffer = Buffer.from([X3DH_protocolVersion, enum_messageTypes.error, curveId, code]); // build the X3DH response header, append the error code
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment