Commit Graph

429 Commits

Author SHA1 Message Date
Brian Warner
bf0c93eddc more flake8 fixes 2018-12-23 15:22:57 -05:00
Brian Warner
34686a346a add dilation code
(this compresses several months of false starts and rearchitecting)
2018-12-23 15:21:08 -05:00
Brian Warner
6cfabba31a add reactor/cooperator to Wormhole and Boss calls 2018-12-23 15:20:25 -05:00
Brian Warner
a693b1fc48 Boss/Receive: add 'side' to got_message
this will be used later by Dilation
2018-12-23 15:20:25 -05:00
Brian Warner
eb7c04e366 observer.py: add EmptyableSet 2018-12-23 15:18:38 -05:00
Brian Warner
e6b4ccb565 Merge branch 'pr318' 2018-12-09 14:28:56 -08:00
Edward Betts
010d1843c0 Correct spelling mistakes 2018-11-23 07:38:21 +00:00
Mario Rodas
504ddb0d91 Add inlineCallbacks decorator to test_wormholes testcase 2018-11-19 23:38:29 -05:00
Brian Warner
4e97bb041a fix/hush some flake8 warnings
test_ipaddrs.py had an invalid regexp, caught by the latest version of flake8

The new flake8 complains about both W503 (line break inside a conditional
before a binary operator) and W504 (line break *after* the operator). I think
break-before is the new preferred style, but for now I'm just going to ignore
them both and leave the code alone.
2018-11-13 10:21:41 -08:00
Brian Warner
6d4eb8e69b add test_keys to nail down symmetric encryption format
This establishes what our mailbox protocol does to encrypt the
individual (post-SPAKE2) messages, which combines NaCl SecretBox and our own
key-derivation choices. I'd like to move off of NaCl/libsodium and I think
some RFC7539-implementing library might be compatible, and with these test
vectors I can check that. I also want to copy these tests into the Rust port.
2018-08-21 10:12:23 -07:00
Brian Warner
41fabd39ba test_machines: remove no-longer relevant comment
The flake8 config excludes E741, which would complain about using
'l' (lower-case ell) as a variable name. We use this for the Lister object in
one test that uses single-character variable names for all the machines ('b'
for Boss, 'm' for Mailbox, etc). That comment was added before excluding
E741. If we ever restore that warning, we might want to rename the variable.
2018-06-16 16:33:27 -07:00
Brian Warner
dada79d85c fix remaining pep8 complaints 2018-06-16 16:19:38 -07:00
Vasudev Kamath
12dcd6a184 Make code pep-8 compliant 2018-04-21 13:00:08 +05:30
Brian Warner
0dd3a12546 cosmetic changes, remove debug print 2018-04-03 17:05:33 -07:00
Baime
e77a2d605b bind passes tuple, fixed implementation issues 2018-03-23 17:33:48 +01:00
Baeumla
4f8aa5a69e report clinet version on bind 2018-03-08 11:54:27 +01:00
Brian Warner
be47f53e7c wormhole: switch to observers for all APIs
Tests can pass an EventualQueue into wormhole.create(), to override the
default. This lets the tests flush the queue without using a haphazard
real-time delay.

closes #23

(in fact, we added multiple-Deferreds-per-API a while ago, but this does it
in a much cleaner fashion, and with the safety of an eventual-send)
2018-02-26 17:50:40 -08:00
Brian Warner
caabb3510c add OneShotObserver and SequenceObserver, with tests
This factors out the various "give me a Deferred for an value that may or may
not eventually be successfully generated" routines in _DeferredWormhole. It
uses an eventual-send to fire the Deferreds to avoid plan-coordination
hazards when the attached callbacks then call back into the Wormhole object
before the rest of the state transition has finished.
2018-02-26 17:50:40 -08:00
Brian Warner
43965d5289 add eventual-send queue
We defer starting a new timer until we've completely emptied the queue, since
we know we'll get to any new events added inside one of our callbacks. The
old design in Foolscap (which copied the list, cleared the original, then
fired everything in the copy) didn't look at these new events. OTOH, this
pop(0)-until-empty approach makes it easier to get into an infinite loop (any
callback which queues a new callback will get priority over anything else).
But the code is simpler.
2018-02-26 17:50:40 -08:00
Brian Warner
1c21119a73 add test_ipaddrs, adapted from tahoe's test_iputil 2018-02-22 21:32:44 -08:00
Brian Warner
e7d0dbbb88 oops, typo 2018-02-21 01:57:07 -08:00
Brian Warner
9ae2307a72 fix tests 2018-02-21 00:38:19 -08:00
Brian Warner
37a7ed7adc WIP: remove unused server tests, minor syntax fixes. still fails. 2018-02-20 23:54:28 -08:00
Brian Warner
9957044a99 WIP: start replacing ServerBase with imported server
doesn't work yet at all
2018-02-20 23:46:29 -08:00
Brian Warner
d42ac47ac8 let tests override KEY_TIMER/VERIFY_TIMER to tolerate slow test hosts
I've seen intermittent failures in
test_cli.PregeneratedCode.test_text_subprocess where the host was slow (or
overloaded) enough that the "Waiting for sender.." pacifier message was
displayed, which flunks the test because we're looking for a specific output
string. We patch this 1-second timer in the non-subprocess tests, but you
can't patch across a process boundary.

This patch adds an undocumented environment variable that lets you override
the timer values. The test then sets it to something large.

For future consideration: another approach would be to change the test to
tolerate the extra message. This would be trickier to validate, though.
2018-02-20 18:14:57 -08:00
Brian Warner
af406a600e _rlcompleter: use blockingCallFromThread for all Helper APIs
We were missing two (the calls to choose_nameplate() and choose_words() that
happen after the input() function has finished, but while we're still inside
the thread that makes it safe for input() to block). This almost certainly
caused the crash seen in issue #280.

Update the tests to match: CodeInputter.finish must now be called with
deferToThread from inside tests, or the internal blockingCallFromThread must
be stubbed out.
2018-02-14 01:13:30 -08:00
Brian Warner
67253bde55 test_cli: make timers more reliable
A slow Travis-CI host caused one the 1.0s KEY_TIMER to fire by accident,
making the test fail because it wasn't expecting to see the "please be
patient" message. Fixed this by increasing the timeout to a very large value
when we aren't explicitly testing it.
2017-12-19 13:41:05 -08:00
Brian Warner
c7c7c0381c update -0 and --text output too 2017-12-19 12:54:16 -08:00
David Harrigan
9b1f99b994 Change the send command output to help copy and pasting to others
A tiny update to show the command to execute along with the code required on
the same line, rather than split across two lines. This small change helps
when sending the information to others using copy and paste.

Fixes #266

-=david=-
2017-12-14 21:13:12 +00:00
Brian Warner
1bbd756fa6 test_transit: fix the miscaptured-loop-variable bug I always make 2017-12-01 13:00:05 -08:00
Brian Warner
8a7c6faf4a more test simplification with assertNoResult 2017-11-29 16:54:03 -06:00
Brian Warner
8227d963a3 test_transit: simplify by using successResultOf/failureResultOf 2017-11-29 15:03:03 -06:00
Brian Warner
d87792a7c7 finish removing Transit from code and CLI command args 2017-11-13 12:03:21 -08:00
Brian Warner
a804365536 remove most of Transit server, use external package instead 2017-11-13 11:34:17 -08:00
Brian Warner
1c5f29337e add notes, make test TODO instead of SKIP 2017-11-01 17:46:09 -07:00
Brian Warner
d727531e6d send: use normpath() on argument to remove trailing slashes
This ought to help with #251, where bash-on-windows makes it easy to add a
forward-slash, and os.path.normpath() knows how to remove them, but os.sep is
a backslash.
2017-11-01 17:46:09 -07:00
Jaye Doepke
b362adf7ca Relay and transit url conf from env vars
Added the click option to look for relay and transit urls in environment
variables. If you're running your own relay/transit servers (such as
inside a corporate firewall), this will make client's lives easier.
2017-10-04 14:38:00 -05:00
Brian Warner
0aeae9ce10 tor_manager: expose errors when --tor-control-port= is provided
If you pass --tor-control-port= and we can't use it, throw an error that will
kill the whole process, instead of falling back to the default SOCKS port.

If you omit --tor-control-port=, then if all default control port connections
fail, we'll fall back to the default SOCKS port.

Also, test each combination separately, and improve the status messages.
2017-09-14 16:46:26 -07:00
Brian Warner
ed420e0001 tor_manager: pass endpoints to txtorcon.connect(), not descriptors
This was breaking any uses of --tor-control-port=: the client would always
fall back to using the default SOCKS port.
2017-09-14 15:48:35 -07:00
Brian Warner
b9d1d11b03 server.py: windows doesn't even have the 'resource' module
I thought it might exist, but be empty. But it doesn't even exist on windows,
so we must guard against an ImportError.
2017-07-31 15:56:55 -07:00
Brian Warner
d44c7d2c1a server: increase RLIMIT_NOFILE to let us use more sockets
Linux defaults to a soft limit of 1024, which limits us to 512 simultaneous
non-transit-using connections. The transit relay runs in the same process, so
long-running relayed transfers will compete for those sockets too.

This raises the soft limit to equal the hard limit (if possible), or as much
as we can manage, if the soft limit was less than 10k. If the
resource.setrlimit calls aren't available (e.g. windows), or some other error
happens, this will log a message and continue without changing the limits.

closes #238
2017-07-31 14:16:26 -07:00
Brian Warner
8b0a245e19 reject invalid codes with KeyFormatError
refs #212
2017-07-23 00:02:09 -05:00
Brian Warner
de0af837cc test_cli: fix unicode problems
should fix #223
2017-07-22 23:19:43 -05:00
Brian Warner
b3b6e1ba8a test_cli: one more test, with argument split off from the name
This is probably an easier way to pass in JSON with embedded spaces:

 wormhole-server start --websocket-protocol-option 'x=["foo": "bar"]'
2017-07-15 17:39:02 -07:00
Jean-Paul Calderone
ba0e8997c5 accept protocol options and set them on the ws factory 2017-07-15 17:30:59 -07:00
Jean-Paul Calderone
aa7013e6f5 Factor duplicate RelayServer construction out 2017-07-15 17:30:59 -07:00
Jean-Paul Calderone
55b4b333dc accept some options on the cli 2017-07-15 17:30:59 -07:00
Brian Warner
fb03620fe9 test_cli: hush Click unicode_literals warnings 2017-07-15 17:27:11 -07:00
Brian Warner
1ca51168c5 add test for 'wormhole help' 2017-07-15 17:27:11 -07:00
Jean-Paul Calderone
efb77443bf Avoid corrupting state if creating a new db fails 2017-07-15 17:05:35 -07:00
Brian Warner
13b4a1793f server: OPEN/CLOSE on crowded mailbox should provoke "crowded" error
The Mailbox object throws CrowdedError, but WebSocketRendezvous wasn't
handling it specifically. The server responded by dropping the connection and
logging an "Unhandled Error", so the client would reconnect and then get the
same error again and again.

This changes WebSocketRendezvous to handle CrowdedError by sending a
"crowded" error response. The client should react to this by giving up on the
connection entirely, and not reconnecting.
2017-07-01 01:17:48 -07:00
Jean-Paul Calderone
6b20cb760a Take cli args for db and stats paths 2017-06-26 21:26:32 +01:00
Jean-Paul Calderone
777d722b0d Let me use FakeConfig in another test method 2017-06-26 21:26:32 +01:00
Brian Warner
5b3e816620 tests: cover enough of RendezvousConnector to exercise that last fix 2017-06-26 18:55:31 +01:00
Brian Warner
fa9382c716 handle WebSocket protocol errors correctly
The previous behavior was to throw an Automat exception, when a state machine
was given a LOST event from the initial non-connected state, and it didn't
have a handler for it. This version throws ServerConnectionError instead.

Still needs a test

refs #180
2017-06-26 18:55:31 +01:00
Brian Warner
4169545c28 server-restart: add failing test
"wormhole-server restart" was broken by the addition of --disallow-list,
because the Click parser wasn't update to include the argument. This test
should exercise that a basic no-argv invocation of both "start" and "restart"
can at least build the Service object successfully.

refs #151
2017-06-26 17:49:34 +01:00
Brian Warner
f282649f81 tests/ServerBase: control advertise_version=
we'll disable this for most tests, but a few want to see it in the welcome
message
2017-06-26 15:20:36 +01:00
Brian Warner
2f4232a0e7 server: only advertise the CLI version if requested
with --advertise-version=

refs #179
2017-06-26 13:49:24 +01:00
Brian Warner
758dd5b9de use click.Path to make args.what unicode
refs #157 (unicode paths cause 'wormhole send' to crash), might fix it
2017-06-24 15:07:43 +01:00
Brian Warner
8f97e4e7e2 if the first connection fails, abandon the wormhole
This provides a clear error in case the user doesn't have an internet
connection at all, or something is so broken with their DNS or routing that
they can't reach the server. I think this is better than waiting and
retrying (silently) forever.

If the first connection succeeds, but is then lost, subsequent retries occur
without fanfare.

closes #68
2017-06-14 10:40:46 +01:00
Brian Warner
269faf190a fall backs to SOCKS if we can't reach control port 2017-05-24 16:49:06 -07:00
Brian Warner
46a9c9eeb9 rewrite tor support
This shifts most reponsibility to the new txtorcon "Controller" object, where
it belongs. We no longer need a list of likely control-port locations, nor do
we need to keep track of the SOCKS port ourselves.

The one downside is that if a control-port is not reachable, then this does
not fall back to using a plain SOCKS port (usually tcp:localhost:9050).
txtorcon no longer uses txsocksx, so it no longer advertises a simple way to
use Tor without the control port. This shouldn't affect users who run the
TorBrowserBundle, or who are running a tor daemon which they can control
directly, but it may break for users who want to use a pre-existing tor
daemon that they don't have permissions to speak control-port to.
2017-05-24 16:49:06 -07:00
Atul Varma
8c2e739dcd Make test_broken_symlink_raises_err resilient across OS's/locales. 2017-05-24 12:10:22 -07:00
Atul Varma
ecfd46d16d Add test_broken_symlink_is_ignored. 2017-05-24 12:10:22 -07:00
Atul Varma
067b47fceb Add test_broken_symlink. 2017-05-24 12:10:22 -07:00
meejah
6b31517b67 Add an allow_list option to control nameplate-listings 2017-05-16 17:17:11 -06:00
Brian Warner
95651f24f9 improve test coverage on get_welcome() API 2017-05-15 16:10:22 -07:00
Brian Warner
7955a36bfd switch to new API
This renames all the existing API methods, to use a consistent
"d=get_XYZ()" (for Deferred mode) or "dg.wormhole_got_XYZ()" (for Delegated
mode). It updates cmd_send/cmd_receive/cmd_ssh to use the new API.

Since we now have get_welcome(), apps handle the Welcome message with a
Deferred callback instead of registering a "welcome handler". This lets us
make sure we've finished printing any server message-of-the-day or "you
should update your client" message to stdout before using stdio to ask for
the wormhole code. (Previously, the code-input prompt was overwritten by the
server message, and it was ugly). refs #145. This approach adds an extra
roundtrip to the receiver, but we can fix that (see #145 for details).

Because of that change, the server-is-being-slow message is printed at a
slightly different time, so those tests needed some extra work to exercise it
properly.
2017-05-15 02:13:24 -07:00
Brian Warner
23c16717aa test_util: tolerate os.statvfs missing on windows
The code in util.py can tolerate a missing os.statvfs, but the code which
tests that code's ability to tolerate a missing os.statvfs was itself unable
to tolerate a missing os.statvfs. Sigh.
2017-05-09 21:35:12 -07:00
Brian Warner
d6d6669b23 cli._dispatch_command: improve test coverage 2017-04-23 16:01:05 -04:00
Brian Warner
77bb7f5be7 test_wormhole: improve tests of derive_key() 2017-04-19 10:50:52 -04:00
Brian Warner
654bba4d3e test_wormhole: use assertRaises as context manager 2017-04-19 10:50:46 -04:00
Brian Warner
d0fb7a834d tests: exercise DelegatedWormhole 2017-04-19 10:50:31 -04:00
Brian Warner
f541930110 tests: exercise set_trace 2017-04-19 10:49:12 -04:00
Brian Warner
0774ac8c36 test_wormhole: more coverage 2017-04-18 14:05:46 -04:00
Brian Warner
16c47de61b test_util.py: fully cover util.py 2017-04-18 14:05:46 -04:00
Brian Warner
556ae663cb test_transit: fully cover transit.py 2017-04-18 14:05:46 -04:00
Brian Warner
afe9f7152d test_transit: improve coverage
and fix py2/py3-isms in ipaddr tests
2017-04-18 14:05:39 -04:00
Brian Warner
478405cb6a test_cli: exercise -0 mode 2017-04-18 13:43:07 -04:00
Brian Warner
1bb4e9278a CLI: remove log.err(), remove flushLoggedErrors from tests
I think we're better off without this: the CLI commands propagate the Failure
up to their callers (rather than eating it silently), the callers are using
task.react (which reacts to Failures by exiting with rc!=0), so nothing
should get lost. And doing an extra log.err() just creates more cleanup work
for test cases to flush, and makes the CLI commands double-print the any
errors (maybe task.react also points logging at stderr?).
2017-04-16 16:45:09 -04:00
Brian Warner
b4e39edb3f cmd_receive: rename TwistedReceiver to just Receiver 2017-04-16 16:28:46 -04:00
Brian Warner
9dde091f2b test_wormhole.py: remove dead code 2017-04-16 10:56:17 -04:00
Brian Warner
469c94dc4e test_cli: on win32, force en_US.UTF-8 rather than running locale -e 2017-04-07 11:18:32 -07:00
Brian Warner
781d791e03 test server-reconnection: it worked already
Cool, it actually worked without changes. Closes #42
2017-04-07 09:48:48 -07:00
Brian Warner
992db1846c minor TODO comments 2017-04-06 19:44:27 -07:00
Brian Warner
6aa7fe7c82 Welcome: handle local dev versions (with +, not -) correctly
The Welcome class prints a message if the server recommends a CLI version
that's newer than what the client is currently using, but only if the client
is running a "release" version, not a "local" development one. "local"
versions have a "+" in them (at least when Versioneer creates it), but
Welcome was looking for "-" as an indicator. So it was printing the warning
when it shouldn't be.
2017-04-06 19:32:05 -07:00
Brian Warner
1a7b3baaf2 rewrite waiting-for-sender pacifier messages
re-enable the test, and add an extra one

The comments in cmd_send/cmd_receive now enumerate the four cases where we
might notice that things are taking too long, the three cases where we say
something about it, and the two cases where it might be appropriate to give
up automatically (although we don't do that anywhere yet).
2017-04-06 19:17:11 -07:00
Brian Warner
83e55f1f3e add w.when_key(), fix w.when_verified() to fire later
Previously, w.when_verified() was documented to fire only after a valid
encrypted message was received, but in fact it fired as soon as the shared
key was derived (before any encrypted messages are seen, so no actual
"verification" could occur yet).

This fixes that, and also adds a new w.when_key() API call which fires at the
earlier point. Having something which fires early is useful for the CLI
commands that want to print a pacifier message when the peer is responding
slowly. In particular it helps detect the case where 'wormhole send' has quit
early (after depositing the PAKE message on the server, but before the
receiver has started). In this case, the receiver will compute the shared
key, but then wait forever hoping for a VERSION that will never come. By
starting a timer when w.when_key() fires, and cancelling it when
w.when_verified() fires, we have a good place to tell the user that something
is taking longer than it should have.

This shifts responsibility for notifying Boss.got_verifier, out of Key and
into Receive, since Receive is what notices the first valid encrypted
message. It also shifts the Boss's ordering expectations: it now receives
B.happy() before B.got_verifier(), and consequently got_verifier ought to
arrive in the S2_happy state rather than S1_lonely.
2017-04-06 18:27:41 -07:00
Brian Warner
67d53f1388 wordlist: fix "1-word- TAB" case 2017-04-06 15:05:37 -07:00
Brian Warner
3f878fb981 rename test_scripts to test_cli 2017-04-06 12:30:56 -07:00
Brian Warner
e787d0ffc5 move Welcome into test_scripts, remove test_cli 2017-04-06 12:29:58 -07:00
Brian Warner
f957e9b2fb test_wormhole: check when_verified() being called late 2017-04-06 12:26:52 -07:00
Brian Warner
3cd4d31c0b journal: add test coverage 2017-04-06 12:22:45 -07:00
Brian Warner
df1b2338b1 tests: exercise Key receiving PAKE before set_code 2017-04-06 12:22:45 -07:00
Brian Warner
d331c51c03 change completion API
* InputHelper returns full words, not just suffixes. I liked the fact that
  suffixes made it impossible to violate the "all matches will start with
  your prefix" invariant, but in practice it was fiddly to work with.
* add ih.when_wordlist_is_available(), so the frontend can block (after
  claiming the nameplate) until it can return a complete wordlist to
  readline. This helps the user experience, because readline wasn't really
  built to work with completions that change over time
* make the Wordlist responsible for appending hyphens to all non-final word
  completions. InputHelper remains responsible for hyphens on nameplates.
  This makes the frontend simpler, but I may change it again in the future if
  it helps non-readline GUI frontends.
* CodeInputter: after claiming, wait for the wordlist rather than returning
  an empty list
* PGPWordList: change to match

This has the unfortunate side-effect that e.g. typing "3-yucatan-tu TAB"
shows you completions that include the entire phrase: "3-yucatan-tumor
3-yucatan-tunnel", rather than only mentioning the final word. I'd like to
fix this eventually.
2017-04-06 12:22:45 -07:00
Brian Warner
04926d0be8 minor test improvement 2017-04-06 12:22:45 -07:00
Brian Warner
7699ed2291 tell wordlist how many words to expect, add hyphens to matches
I'm still undecided about whether to add this to the mailbox
properties (revealing it to attackers) or continue to require non-default
wordcounts to be provided as a --code-length= argument to the receiver. So
for now the only place that says count=2 is in the default argument on
get_completions().
2017-04-06 12:22:45 -07:00
Brian Warner
bdef446ad4 get mostly-full coverage for rlcompleter, rename, export 2017-04-06 12:22:45 -07:00
Brian Warner
8882e6f64e merge test_wormhole_new into test_wormhole 2017-04-06 12:22:45 -07:00
Brian Warner
8d47194612 check when_version() can be called late as well as early 2017-04-06 12:22:45 -07:00