added farmer authentication time validation

StorjOld · Aug 19, 2015 · 175dbc1 · 175dbc1
1 parent 7c9985b
commit 175dbc1
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 16 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -0,0 +1,3 @@
+include requirements.txt                                                        
+include test_requirements.txt                                                   
+include develop_requirements.txt  
diff --git a/Makefile b/Makefile
@@ -28,12 +28,12 @@ clean:
 	find | grep -i ".*\.pyc$$" | xargs -r -L1 rm
 
 
-virtualenvs: clean
+virtualenv: clean
 	virtualenv -p /usr/bin/python$(PYTHON_VERSION) env
 	$(PIP) install wheel
 
 
-wheels: virtualenvs
+wheels: virtualenv
 	$(PIP) wheel --wheel-dir=$(WHEEL_DIR) -r requirements.txt
 	$(PIP) wheel --wheel-dir=$(WHEEL_DIR) -r test_requirements.txt
 	$(PIP) wheel --wheel-dir=$(WHEEL_DIR) -r develop_requirements.txt
@@ -44,7 +44,7 @@ wheel: test
 	mv dist/*.whl $(WHEEL_DIR)
 
 
-setup: virtualenvs
+setup: virtualenv
 	$(PIP) install $(USE_WHEEL) -r requirements.txt
 	$(PIP) install $(USE_WHEEL) -r test_requirements.txt
 	$(PIP) install $(USE_WHEEL) -r develop_requirements.txt

diff --git a/dataserv/Farmer.py b/dataserv/Farmer.py
@@ -1,8 +1,10 @@
 import json
 import hashlib
 import binascii
+from email.utils import parsedate
 from dataserv.run import db, app
 from datetime import datetime
+from datetime import timedelta
 from sqlalchemy import DateTime
 from btctxstore import BtcTxStore
 from dataserv.Validator import is_btc_address
@@ -36,14 +38,28 @@ def __repr__(self):
     def get_server_address(self):
         return app.config["ADDRESS"]
 
-    def authenticate(self, signature, timestamp):
-        # FIXME validate timestamp
+    def get_server_authentication_timeout(self):
+        return app.config["AUTHENTICATION_TIMEOUT"]
+
+    def authenticate(self, header_authorization, header_date):
+        if not header_authorization:
+            raise ValueError("Header authorization required!")
+        if not header_date:
+            raise ValueError("Header date required!")
+
+        # verify date
+        date = datetime(*parsedate(header_date)[:6])
+        timeout = self.get_server_authentication_timeout()
+        delta = datetime.now() - date
+        if delta > timedelta(seconds=timeout):
+            raise ValueError("Header date to old!")
 
         # verify signature
-        message = self.get_server_address() + "-" + timestamp
-        data = binascii.hexlify(message.encode("utf-8"))
-        if not BtcTxStore().verify_signature(self.btc_addr, signature, data):
-            raise ValueError("Invalid signature!")
+        message = self.get_server_address() + " " + header_date
+        if not BtcTxStore().verify_signature_unicode(self.btc_addr,
+                                                     header_authorization,
+                                                     message):
+            raise ValueError("Invalid header_authorization!")
         return True
 
 

diff --git a/dataserv/app.py b/dataserv/app.py
@@ -47,6 +47,15 @@ def index():
 
 @app.route('/api/register/<btc_addr>', methods=["GET"])
 def register(btc_addr):
+
+    # XXX
+    #from flask import request
+    #from email.utils import parsedate
+    #date = request.headers.get('Date')
+    #authorization = request.headers.get('Authorization')
+    #print("DATE", date, type(date))
+    #print("AUTHORIZATION", authorization, type(authorization))
+
     # create Farmer object to represent user
     user = Farmer(btc_addr)
 

diff --git a/dataserv/config.py b/dataserv/config.py
@@ -5,3 +5,4 @@
 BYTE_SIZE = 1024*1024*128  # 128 MB
 
 ADDRESS = "16ZcxFDdkVJR1P8GMNmWFyhS4EKrRMsWNG"  # unique per server address
+AUTHENTICATION_TIMEOUT = 10  # seconds
diff --git a/requirements.txt b/requirements.txt
@@ -2,4 +2,4 @@ Flask == 0.10.1
 Flask-SQLAlchemy == 2.0
 RandomIO == 0.2.1
 partialhash == 1.1.0
-btctxstore == 4.1.2
+btctxstore == 4.2.1
diff --git a/tests/test_Farmer.py b/tests/test_Farmer.py
@@ -1,10 +1,12 @@
 import json
 import unittest
-import binascii
 from btctxstore import BtcTxStore
 from dataserv.app import db
 from dataserv.Farmer import sha256
 from dataserv.Farmer import Farmer
+from email.utils import formatdate
+from datetime import datetime
+from time import mktime
 
 
 class FarmerTest(unittest.TestCase):
@@ -114,9 +116,9 @@ def test_authentication_success(self):
         farmer = Farmer(address)
 
         # first authentication
-        timestamp = "TODO timestamp"
-        message = farmer.get_server_address() + "-" + timestamp
-        data = binascii.hexlify(message.encode('utf-8'))
-        signature = blockchain.sign_data(wif, data)
-        self.assertTrue(farmer.authenticate(signature, timestamp))
+        header_date = formatdate(timeval=mktime(datetime.now().timetuple()),
+                                 localtime=True, usegmt=True)
+        message = farmer.get_server_address() + " " + header_date
+        header_authorization = blockchain.sign_unicode(wif, message)
+        self.assertTrue(farmer.authenticate(header_authorization, header_date))