basic server test for SCRAM-SHA-256 (progval#84)

.github/workflows/test-devel.yml

@@ -394,6 +394,7 @@ jobs:
         python-version: 3.7
     - name: Install dependencies
       run: pip install git+https://github.com/ProgVal/Limnoria.git@testing cryptography
+        pyxmpp2-scram
     - name: Install Atheme
       run: sudo apt-get install atheme-services
     - name: Install irctest dependencies

.github/workflows/test-stable.yml

@@ -497,7 +497,7 @@ jobs:
       with:
         python-version: 3.7
     - name: Install dependencies
-      run: pip install limnoria==2021.06.15 cryptography
+      run: pip install limnoria==2021.06.15 cryptography pyxmpp2-scram
     - name: Install Atheme
       run: sudo apt-get install atheme-services
     - name: Install irctest dependencies

.pre-commit-config.yaml

@@ -1,3 +1,5 @@
+exclude: ^irctest/scram
+
 repos:
   - repo: https://github.com/psf/black
     rev: 20.8b1

Makefile

@@ -98,7 +98,7 @@ UNREALIRCD_SELECTORS := \
 all: flakes charybdis ergo inspircd mammon limnoria sopel solanum unrealircd
 
 flakes:
-	pyflakes3 irctest
+	find irctest/ -name "*.py" -not -path "irctest/scram/*" -print0 | xargs -0 pyflakes3
 
 charybdis:
 	$(PYTEST) $(PYTEST_ARGS) \

irctest/client_tests/test_sasl.py

@@ -8,12 +8,7 @@
 except ImportError:
     ecdsa = None
 
-try:
-    import pyxmpp2_scram as scram
-except ImportError:
-    scram = None
-
-from irctest import authentication, cases
+from irctest import authentication, cases, scram
 from irctest.irc_utils.message_parser import Message
 
 ECDSA_KEY = """
@@ -182,7 +177,6 @@ def testEcdsa(self):
         m = self.negotiateCapabilities(["sasl"], False)
         self.assertEqual(m, Message({}, None, "CAP", ["END"]))
 
-    @pytest.mark.skipif(scram is None, reason="pyxmpp2-scram is not available")
     @cases.OptionalityHelper.skipUnlessHasMechanism("SCRAM-SHA-256")
     def testScram(self):
         """Test SCRAM-SHA-256 authentication."""
@@ -225,7 +219,6 @@ def get_password(self, *args):
         self.assertEqual(m.command, "AUTHENTICATE", m)
         self.assertEqual(m.params, ["+"], m)
 
-    @pytest.mark.skipif(scram is None, reason="pyxmpp2-scram is not available")
     @cases.OptionalityHelper.skipUnlessHasMechanism("SCRAM-SHA-256")
     def testScramBadPassword(self):
         """Test SCRAM-SHA-256 authentication with a bad password."""

irctest/controllers/ergo.py

@@ -136,7 +136,7 @@ def hash_password(password: Union[str, bytes]) -> str:
 class ErgoController(BaseServerController, DirectoryBasedController):
     software_name = "Ergo"
     _port_wait_interval = 0.01
-    supported_sasl_mechanisms = {"PLAIN"}
+    supported_sasl_mechanisms = {"PLAIN", "SCRAM-SHA-256"}
     supports_sts = True
     extban_mute_char = "m"
 

irctest/scram/__init__.py

@@ -0,0 +1,2 @@
+from .scram import *
+from .exceptions import *

irctest/scram/core.py

@@ -0,0 +1,9 @@
+import uuid
+
+def default_nonce_factory():
+    """Generate a random string for digest authentication challenges.
+    The string should be cryptographicaly secure random pattern.
+    :return: the string generated.
+    :returntype: `bytes`
+    """
+    return uuid.uuid4().hex.encode("us-ascii")

irctest/scram/exceptions.py

@@ -0,0 +1,17 @@
+class ScramException(Exception):
+    pass
+
+class BadChallengeException(ScramException):
+    pass
+
+class ExtraChallengeException(ScramException):
+    pass
+
+class ServerScramError(ScramException):
+    pass
+
+class BadSuccessException(ScramException):
+    pass
+
+class NotAuthorizedException(ScramException):
+    pass