Skip to content
Maxime GRANDCOLAS edited this page Nov 24, 2022 · 1 revision

Debug Resana-Secure

Setup

Using existing devices

Resana-Secure needs devices. The easiest way to create those is to use the run_testenv.sh script from Parsec and use the config directory as input for Resana-Secure:

> source tests/scripts/run_testenv.sh 

Your environment will be configured with the following commands:

   export XDG_CACHE_HOME=/tmp/parsec-testenv-g9t2rikq/cache
   export XDG_DATA_HOME=/tmp/parsec-testenv-g9t2rikq/share
   export XDG_CONFIG_HOME=/tmp/parsec-testenv-g9t2rikq/config

Starting Parsec Backend on 127.0.0.1:6888 (db=MOCKED blockstore=MOCKED email=MOCKED telemetry=off backend_addr=parsec://localhost:6888?no_ssl=true)
A fresh backend server is now running: parsec://localhost:6888?no_ssl=true

Mount alice and bob drives using:

    $ parsec core run -P test -D 4f6  # Alice
    $ parsec core run -P test -D 46b  # Alice 2nd device
    $ parsec core run -P test -D 571  # Bob
> python -m resana_secure --config /tmp/parsec-testenv-g9t2rikq/config/parsec

You can now call /auth with alice@example.com and test.

Using a fresh org

Resana-Secure can bootstrap an organization.

import requests

RESANA_ADDR = "http://localhost:5775"
ORG_NAME = "MyOrg"
# Using the test Parsec backend
BOOTSTRAP_ADDR = "parsec://localhost:6888/{ORG_NAME}?no_ssl=true&action=bootstrap_organization"
EMAIL = "name@host.com"
PASSWORD = "P@ssw0rd"

r = requests.post(
    f"{RESANA_ADDR}/organization/bootstrap",
    json={
        "organization_url": bootstrap_addr,
        "email": EMAIL,
        "key": PASSWORD,
    },
)
assert r.status_code == 200

You can now call /auth with name@host.com and P@ssw0rd.

Authentication

Using web API

import requests

RESANA_ADDR = "http://localhost:5775"
ORG_NAME = "MyOrg"
EMAIL = "name@host.com"
PASSWORD = "P@ssw0rd"

r = requests.post(
    f"{RESANA_ADDR}/auth",
    json={
        "email": EMAIL,
        "key": PASSWORD,
        "organization": ORG_NAME,
    },
)
assert r.status_code == 200
AUTH_TOKEN = r.json()["token"]

You can now use this token for other API calls, passing it through the HTTP headers:

import requests

RESANA_ADDR = "http://localhost:5775"

headers = {}
headers["Authorization"] = f"Bearer {AUTH_TOKEN}"

r = requests.get(f"{RESANA_ADDR}/workspaces", headers=headers)
assert r.status_code == 200
assert r.json() == {"workspaces": []}

Using the GUI

It is possible to login using the GUI, to access the mountpoints for example.

> RESANA_DEBUG_GUI=true python -m resana_secure

The RESANA_DEBUG_GUI tells Resana-Secure to use the password given by the user as the device's password (that's not generally the case so we're cheating for debug purposes).

You can then use the Resana-Secure icon in the tray to login/logout with the available devices.

Mountpoints

Mountpoints on Resana-Secure are only present if the device is on a server matching a RIE address. The easiest way to indicate that they are is to pass the --rie-server-addr argument (or the equivalent RESANA_RIE_SERVER_ADDR env variable) using the netloc of the Parsec backend your devices are linked to. For example, using the devices created by run_testenv.sh:

> python -m resana_secure --rie-server-addr localhost:6888

Endpoints

All endspoints are tested in test_routes.py. This script can be used as a starting point to understand Resana-Secure.