LOC-17 Start creating README
LOC-17 Start creating README

Creating the root level README, currently only containing details on the recommended deployment methodology

file:b/README.md (new)
--- /dev/null
+++ b/README.md
@@ -1,1 +1,120 @@
+# LocalChat
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Deployment Options
+
+LocalChat is not designed to be publicly accessible and discoverable. It's been written to be relatively light-weight for ease of deployment (and subsequent destruction).
+
+Under no circumstances should you configure it to bind to `0.0.0.0` as doing so would allow adversaries to not only discover it, but to start probing it in order to try and establish whether it's in use (and who's using it). There should *always* be some additional step (i.e. being able to SSH into a server, or knowing exactly where to find it) required before access is available.
+
+Over time, it will likely be hardened further, but it's unlikely it will ever be considered safe for completely unrestricted access - allowing discoverability would allow adversaries to establish likely meeting places in advance.
+
+
+
+### Direct Communication
+
+The most simple deployment method is to run the server component somewhere, and then simply run the client on the same system. The problem with this is it means that the E2E encryption keys are in memory on the same system as the server.
+
+    ./server/LocalChat.py
+    ./client/LocalChatClient.py
+
+
+So, it's recommended that you run the client on a seperate system and use a SSH tunnel to allow communication
+
+    user@server1 $ ./server/LocalChat.py
+
+    remuser@mymachine $ ssh -L 8090:127.0.0.1:8090 user@server1
+    remuser@mymachine $ ./client/LocalChatClient.py
+
+This ensures that anyone able to observe memory on the server cannot see the E2E keys.
+
+As a variation of this, if you do not want the server component to appear on the server's filesystem (you will still need to install dependancies though) then you can also create a reverse tunnel back to another machine. Just be aware that if the connection drops, the server will be unavailable, so ensure you've a reliable connection
+
+
+    user@server2 $ ./server/LocalChat.py
+    user@server2 $ ssh -R 127.0.0.1:8090:127.0.0.1:8090 user@server1
+
+    remuser@mymachine $ ssh -L 8090:127.0.0.1:8090 user@server1
+    remuser@mymachine $ ./client/LocalChatClient.py
+    
+
+    
+### Proxied Communications
+
+It may be that you decide it's better to "hide" the server within an existing website, so that chat connections are mixed in with traffic to that site.
+
+To do this, you simply need to proxy a path on that website back to the server. So you may have an existing Nginx server block like this:
+
+    server {
+            listen 443;
+
+            root /usr/share/nginx/example.com/;
+            index index.html;
+
+            server_name example.com;
+
+            ssl                  on;
+            ssl_certificate      /etc/pki/tls/certs/example.com.crt;
+            ssl_certificate_key  /etc/pki/tls/private/example.com.key;
+
+            ssl_session_timeout  5m;
+
+            location / {
+                try_files $uri $uri/ =404;
+            }
+
+    }
+
+You'd then add a `location` statement with a hard to guess path to handle the chat client
+
+    server {
+            listen 443;
+
+            root /usr/share/nginx/example.com/;
+            index index.html;
+
+            server_name example.com;
+
+            ssl                  on;
+            ssl_certificate      /etc/pki/tls/certs/example.com.crt;
+            ssl_certificate_key  /etc/pki/tls/private/example.com.key;
+
+            ssl_session_timeout  5m;
+
+            location / {
+                try_files $uri $uri/ =404;
+            }
+            
+            
+            location /SM9vbtNrnZ0d6WQa1ByLjZEX/ {
+                proxy_pass https://127.0.0.1:8090/;
+            }        
+
+    }
+
+And make the server component available on that port (either by running directly, or using a SSH reverse tunnel as described above).
+
+Assuming `example.com` serves a publicly signed and trusted certificate (you'd hope it does), we'll also want to re-enable cert verification. So the client is called with verification enabled and being passed the URL to use for requests
+
+    ./client/LocalChatClient.py --verify https://example.com/SM9vbtNrnZ0d6WQa1ByLjZEX/
+ 
+Later versions will implement the ability to include auth headers in the request so that you can 404 unauthorised requests to the 'hidden' path. Until then, unless there's a particularly strong reason not to, the SSH methods described above are the recommended routes of access.
+
+
+
+
+
+

--- a/client/LocalChatClient.py
+++ b/client/LocalChatClient.py
@@ -18,18 +18,15 @@
 import ssl
 import string
 import random
-
+import sys
 import datetime as dt
 
 import gnupg
 
 
 
-# We'll get these from the commandline later
-USER='ben2'
+# This can be changed from the commandline
 SERVER='https://127.0.0.1:8090'
-ROOMNAME='BenTest'
-
 
 class msgHandler(object):
     
@@ -41,6 +38,7 @@
         self.roompass = False
         self.sesskey = False
         self.syskey = False
+        self.verifycert = False
         self.gpg = gnupg.GPG()
     
     
@@ -386,12 +384,12 @@
         data = json.dumps(data)
         
         try:
-            # The cert the other end will be considered invalid
-            #
-            # Ignore it
-            ctx = ssl.create_default_context()
-            ctx.check_hostname = False
-            ctx.verify_mode = ssl.CERT_NONE
+            
+            ctx = ssl.create_default_context()            
+            
+            if not self.verifycert:
+                ctx.check_hostname = False
+                ctx.verify_mode = ssl.CERT_NONE
 
             req = urllib2.Request(self.server, data, {'Content-Type': 'application/json'})
             f = urllib2.urlopen(req,context=ctx)
@@ -796,11 +794,25 @@
         
 
 
+def handle_cmdline_opts(argv,msg):
+    ''' Process  any commandline options
+    '''
+    
+    if argv[-1][0:2] == 'ht':
+        msg.server=argv[-1]
+        
+    if "--verify" in argv:
+        msg.verifycert = True
+
+    return msg
+
     
 if __name__=='__main__':
-    
-    
+        
     msg = msgHandler()
+    
+    if len(sys.argv) > 1:
+        msg = handle_cmdline_opts(sys.argv,msg)
     
     
     class TestCmd(Command):

--- a/server/LocalChat.py
+++ b/server/LocalChat.py
@@ -858,18 +858,19 @@
 
 if __name__ == '__main__':
     
-    # LOC-15
-    testingmode = False
-    if '--testing-mode-enable' in sys.argv:
-        testingmode = True
-    
-    
     # These will be handled properly later
     passw = ''.join(random.SystemRandom().choice(string.ascii_letters + string.digits).encode('utf-8') for _ in range(64))
     bindpoint = "https://127.0.0.1:8090" 
     purgeinterval = 600 # Wipe messages older than 10 mins
     closethresh = 3600 * 6 # Auto-close rooms after 6 hours of inactivity
-
+    
+    # LOC-15
+    testingmode = False
+    if '--testing-mode-enable' in sys.argv:
+        testingmode = True
+        purgeinterval = 30
+        closethresh = 180
+    
     # Create a global instance of the wrapper so that state can be retained
     #
     # We pass in the password we generated for the scheduler thread to use

--- a/tests/run_tests.py
+++ b/tests/run_tests.py
@@ -11,6 +11,7 @@
 import sqlite3
 import traceback
 import json
+import datetime
 
 
 try:
@@ -143,7 +144,8 @@
     test_results = []
     tests = ['test_one','test_two','test_three','test_four',
              'test_five','test_six','test_seven','test_eight',
-             'test_nine','test_ten','test_eleven','test_twelve']
+             'test_nine','test_ten','test_eleven','test_twelve',
+             'test_thirteen','test_fourteen','test_fifteen']
     x = 1
     for test in tests:
         print "Running %s " % (test,)
@@ -719,14 +721,12 @@
     # Re-join as testuser2
     n = STORAGE['testuser2']['clientInstance'].joinRoom(STORAGE['testuser2']['User'],
                                                         STORAGE['testuser2']['room'],STORAGE['testuser2']['pass'])
-    
     if not n:
         result['Notes'] = 'TestUser2 could not join'
         return [result,isFatal]
     
     # Now have the admin ban them
     msg.kickUser('testuser2',True)
-    
     
     # Check that a failure message was written
     CONN,CURSOR = opendb()
@@ -781,7 +781,247 @@
     return [result,isFatal]
 
 
-    
+def test_thirteen(msg):
+    ''' Check that /leave works
+    
+    Essentially, we send a message, wait 240 seconds and then check if it's gone
+    
+    In testing mode, closure is after 3 mins, but we wait an extra minute to make sure the scheduler has run
+    
+    
+    '''
+    result = {'Test' : 'Leave a room','Result' : 'FAIL', 'Notes': '' }
+    isFatal = False
+    
+    newmsg = getClientInstance()
+
+    n = msg.inviteUser('testuser3')
+    if not n:
+        result['Notes'] = 'Could not invite testuser'
+        return [result,isFatal]
+    
+    if len(n) < 4:
+        result['Notes'] = 'Client returned too short response'
+        return [result,isFatal]
+        
+    # Otherwise, we've got details for a new user to be able to join
+    #
+    # Store them for a later test
+    
+    STORAGE['testuser3'] = {
+        'room':n[0],
+        'pass':"%s:%s" % (n[1],n[2]),
+        'User':n[3]
+        }
+
+    n = newmsg.joinRoom(STORAGE['testuser3']['User'],STORAGE['testuser3']['room'],STORAGE['testuser3']['pass'])
+    
+    if not n:
+        result['Notes'] = 'Could not join'
+        return [result,isFatal]
+    
+    STORAGE['testuser3']['clientInstance'] = newmsg
+    
+    CONN,CURSOR = opendb()
+    
+    # Check the DB to ensure They're now active
+    CURSOR.execute("SELECT * from users where username=? and active=1",(STORAGE['testuser3']['User'],))
+    r = CURSOR.fetchone()
+    CONN.close()
+    
+    if not r:
+        result['Notes'] = 'Not Active in DB'
+        return [result,isFatal]
+    
+
+
+    # Now have them leave the room and check they drop out of the DB
+    if not newmsg.leaveRoom():
+        result['Notes'] = 'API reported failure'
+        return [result,isFatal]
+
+
+
+    # They should no longer be in the DB
+    CONN,CURSOR = opendb()
+    
+    # Check the DB to ensure They're now active
+    CURSOR.execute("SELECT * from users where username=? and active=1",(STORAGE['testuser3']['User'],))
+    r = CURSOR.fetchone()
+    CONN.close()
+
+    if r:
+        result['Notes'] = 'We left but are still active in the DB'
+        return [result,isFatal]
+    
+    # Verify the client cleared it's stored info
+    if newmsg.room or newmsg.roompass:
+        result['Notes'] = 'Client still stores room info'
+        return [result,isFatal]
+        
+    
+    # Otherwise, we're good
+    result['Result'] = 'Pass'
+    return [result,isFatal]
+
+
+
+def test_fourteen(msg):
+    ''' Check that message purging is actually happening
+    
+    Essentially, we send a message, wait 90 seconds and then check if it's gone
+    
+    '''
+    result = {'Test' : 'Automated message expiration','Result' : 'FAIL', 'Notes': '' }
+    isFatal = False
+    
+    msg.sendMsg('This is a test message')
+    
+    # Open the DB and verify there are messages in the queue now
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from messages")
+    r = CURSOR.fetchone()
+    CONN.close()
+    
+    if not r or r[0] < 1:
+        result['Notes'] = 'Messages not getting into queue'
+        return [result,isFatal]  
+     
+    # Now, we wait
+    time.sleep(90)
+    
+    # Re-open the database and the messages should be gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from messages")
+    r = CURSOR.fetchone()
+    CONN.close()
+    
+    if r and r[0] > 0:
+        result['Notes'] = 'Messages not purged'
+        return [result,isFatal]  
+         
+    # Otherwise, we're good
+    result['Result'] = 'Pass'
+    return [result,isFatal]
+
+
+
+def test_fifteen(msg):
+    ''' Check that auto room closure happens
+    
+    Essentially, we send a message, wait 240 seconds and then check if it's gone
+    
+    In testing mode, closure is after 3 mins, but we wait an extra minute to make sure the scheduler has run
+    
+    
+    '''
+    result = {'Test' : 'Automated Room Closure','Result' : 'FAIL', 'Notes': '' }
+    isFatal = False
+    
+    newmsg = getClientInstance()
+
+    n = newmsg.createRoom('TestRoom2','testadmin2')
+    if not n:
+        result['Notes'] = 'Empty Response'
+        return [result,isFatal]
+
+    # The client should have given us two passwords
+    if len(n) < 2:
+        result['Notes'] = 'Response too small'
+        return [result,isFatal]
+
+    # Seperate out the return value
+    roompass = n[0]
+    userpass = n[1] # user specific password
+
+    n = newmsg.joinRoom('testadmin2','TestRoom2',
+                    "%s:%s" % (n[0],n[1])
+                    )
+    if not n:
+        result['Notes'] = 'Could not join'
+        return [result,isFatal]
+    
+    # Get the room ID
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT id from rooms where name=?",('TestRoom2',))
+    r = CURSOR.fetchone()
+    CONN.close()    
+    
+    room = r[0]
+    
+    newmsg.sendMsg('This is a test message')
+    
+    # Open the DB and verify there are messages in the queue now
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from messages where room=?",(room,))
+    r = CURSOR.fetchone()
+    CONN.close()
+    
+    if not r or r[0] < 1:
+        result['Notes'] = 'Messages not getting into queue'
+        return [result,isFatal]  
+     
+    # Now, we wait
+    time.sleep(240)
+    
+    # Re-open the database and the messages should be gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from messages where room=?",(room,))
+    r = CURSOR.fetchone()
+    CONN.close()
+    
+    if r and r[0] > 0:
+        result['Notes'] = 'Messages not purged'
+        return [result,isFatal]  
+
+    # The room should be gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from rooms where name=?",('TestRoom2',))
+    r = CURSOR.fetchone()
+    CONN.close()
+
+    if r and r[0] > 0:
+        result['Notes'] = 'Room record not deleted'
+        return [result,isFatal]          
+
+    # Check the user records have gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from users where room=?",(room,))
+    r = CURSOR.fetchone()
+    CONN.close()
+
+    if r and r[0] > 0:
+        result['Notes'] = 'User records not deleted'
+        return [result,isFatal]          
+    
+    # Check Failure messages have gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from failuremsgs where room=?",(room,))
+    r = CURSOR.fetchone()
+    CONN.close()
+
+    if r and r[0] > 0:
+        result['Notes'] = 'Failure Messages not deleted'
+        return [result,isFatal]          
+    
+    # Check Sessions have gone
+    CONN,CURSOR = opendb()
+    CURSOR.execute("SELECT count(*) from sessions where sesskey like 'TestRoom2-%'")
+    r = CURSOR.fetchone()
+    CONN.close()
+
+    if r and r[0] > 0:
+        result['Notes'] = 'User Sessions not deleted'
+        return [result,isFatal]          
+    
+    # Otherwise, we're good
+    result['Result'] = 'Pass'
+    return [result,isFatal]
+
+
+
+
+
 
 
 if __name__ == '__main__':
@@ -798,7 +1038,13 @@
         # I don't like generic catchall exceptions
         # but, we want to make sure we kill the background
         # process if there is one.
+        cmd = "git show | head -n1"
+        ps = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE,stderr=subprocess.STDOUT)
+        revision = ps.communicate()[0].split(" ")[1]
+        now = datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S")
+        print """Test Run %s-%s""" % (now,revision)
         results = run_tests()
+        
     except Exception as e:
         print traceback.format_exc()
         print e