From ac7fe67b7e7f23d5ea5e245c12f50da3ef9b8a20 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 13 Oct 2016 23:11:21 +0200
Subject: [PATCH 01/22] add support for passing over macaroons into the
 Authorization header; also force application/json on all passthru responses

---
 cmd/snapweb/handlers.go      | 31 +++++++++++++++++++++++++++++++
 cmd/snapweb/handlers_test.go | 16 ++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index cd286804..0958de39 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -18,6 +18,7 @@
 package main
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -150,6 +151,7 @@ func initURLHandlers(log *log.Logger) {
 
 	http.Handle("/api/v2/packages/", snappyHandler.MakeMuxer("/api/v2/packages"))
 	http.HandleFunc("/api/v2/create-user", passThru)
+	http.HandleFunc("/api/v2/login", passThru)
 
 	http.HandleFunc("/api/v2/time-info", handleTimeInfo)
 	http.HandleFunc("/api/v2/device-info", handleDeviceInfo)
@@ -165,12 +167,33 @@ func initURLHandlers(log *log.Logger) {
 	http.HandleFunc("/", makeMainPageHandler())
 }
 
+// Name of cookies transporting the macaroon and discharge to authenticate snapd requests
+const (
+	SnapwebMacaroonCookieName  = "SnapwebMacaroon"
+	SnapwebDischargeCookieName = "SnapwebDischarge"
+)
+
+// Writes the 'Authorization' header
+// with macaroon and discharges extracted from mere cookies
+func setAuthorizationHeader(req *http.Request, outreq *http.Request) {
+	mc, _ := req.Cookie(SnapwebMacaroonCookieName)
+	dc, _ := req.Cookie(SnapwebDischargeCookieName)
+	if mc != nil && dc != nil {
+		var buf bytes.Buffer
+		fmt.Fprintf(&buf, `Macaroon root="%s"`, mc.Value)
+		fmt.Fprintf(&buf, `, discharge="%s"`, dc.Value)
+		outreq.Header.Set("Authorization", buf.String())
+	}
+}
+
 func makePassthroughHandler(socketPath string, prefix string) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		c := &http.Client{
 			Transport: &http.Transport{Dial: unixDialer(socketPath)},
 		}
 
+		log.Println(r.Method, r.URL.Path)
+
 		// need to remove the RequestURI field
 		// and remove the /api prefix from snapweb URLs
 		r.URL.Scheme = "http"
@@ -183,14 +206,22 @@ func makePassthroughHandler(socketPath string, prefix string) http.HandlerFunc {
 			return
 		}
 
+		setAuthorizationHeader(r, outreq)
+
 		resp, err := c.Do(outreq)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 
+		// Note: the client.Do method above only returns JSON responses
+		//       even if it doesn't say so
+		hdr := w.Header()
+		hdr.Set("Content-Type", "application/json")
 		w.WriteHeader(resp.StatusCode)
+
 		io.Copy(w, resp.Body)
+
 	})
 }
 
diff --git a/cmd/snapweb/handlers_test.go b/cmd/snapweb/handlers_test.go
index f5998c5d..649374e4 100644
--- a/cmd/snapweb/handlers_test.go
+++ b/cmd/snapweb/handlers_test.go
@@ -222,6 +222,7 @@ func (s *HandlersSuite) TestPassthroughHandler(c *C) {
 	body := rec.Body.String()
 	c.Assert(rec.Code, Equals, http.StatusOK)
 	c.Check(strings.Contains(body, "42"), Equals, true)
+	// TODO: check that we receive Content-Type: json/application
 }
 
 func (s *HandlersSuite) TestModelInfoHandler(c *C) {
@@ -250,3 +251,18 @@ func (s *HandlersSuite) TestModelInfoHandler(c *C) {
 	c.Assert(deviceInfos["model"], Equals, "Model")
 	c.Assert(deviceInfos["serial"], Equals, "Serial Number")
 }
+
+func (s *HandlersSuite) TestSetAuthorization(c *C) {
+	r, err := http.NewRequest("GET", "/api/dummy", nil)
+	c.Assert(err, IsNil)
+
+	r.AddCookie(&http.Cookie{Name: SnapwebMacaroonCookieName, Value: "expected"})
+	r.AddCookie(&http.Cookie{Name: SnapwebDischargeCookieName, Value: "expected"})
+
+	outreq, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
+	c.Assert(err, IsNil)
+
+	setAuthorizationHeader(r, outreq)
+	c.Check(outreq.Header["Authorization"][0], Equals,
+		"Macaroon root=\"expected\", discharge=\"expected\"")
+}

From b91ca31438dc5afedc35f632d764b9714562f39c Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 13 Oct 2016 23:13:25 +0200
Subject: [PATCH 02/22] new simple login page using snapd's /v2/login end-point
 and returning a store macaroon/discharge

---
 www/src/js/controllers/simple-login.js | 18 +++++
 www/src/js/models/simple-login.js      | 32 +++++++++
 www/src/js/routers/router.js           |  8 +++
 www/src/js/templates/simple-login.hbs  | 60 ++++++++++++++++
 www/src/js/views/simple-login.js       | 95 ++++++++++++++++++++++++++
 www/tests/simpleLoginSpec.js           | 77 +++++++++++++++++++++
 6 files changed, 290 insertions(+)
 create mode 100644 www/src/js/controllers/simple-login.js
 create mode 100644 www/src/js/models/simple-login.js
 create mode 100644 www/src/js/templates/simple-login.hbs
 create mode 100644 www/src/js/views/simple-login.js
 create mode 100644 www/tests/simpleLoginSpec.js

diff --git a/www/src/js/controllers/simple-login.js b/www/src/js/controllers/simple-login.js
new file mode 100644
index 00000000..c5baa68d
--- /dev/null
+++ b/www/src/js/controllers/simple-login.js
@@ -0,0 +1,18 @@
+var $ = require('jquery');
+var Backbone = require('backbone');
+Backbone.$ = $;
+var Marionette = require('backbone.marionette');
+var Radio = require('backbone.radio');
+var SimpleLoginView = require('../views/simple-login.js');
+var SimpleLoginModel = require('../models/simple-login.js');
+
+module.exports = {
+  index: function() {
+    var chan = Radio.channel('root');
+    var model = new SimpleLoginModel();
+    var view = new SimpleLoginView({
+      model: model,
+    });
+    chan.command('set:content', view);
+  }
+};
diff --git a/www/src/js/models/simple-login.js b/www/src/js/models/simple-login.js
new file mode 100644
index 00000000..61e92e03
--- /dev/null
+++ b/www/src/js/models/simple-login.js
@@ -0,0 +1,32 @@
+// create-user API
+
+var Backbone = require('backbone');
+var Marionette = require('backbone.marionette');
+
+module.exports = Backbone.Model.extend({
+  url: '/api/v2/login',
+
+  // forces POST requests on every model update
+  isNew: function() {
+    return true;
+  },
+
+  validate: function(attrs) {
+    var emailPattern = /^[\w\-]{1,}([\w\-\+.]{1,1}[\w\-]{1,}){0,}[@][\w\-]{1,}([.]([\w\-]{1,})){1,3}$/;
+    if (typeof attrs.email == 'undefined') {
+      return 'Empty email';
+    }
+    if (!attrs.email.match(emailPattern)) {
+      return 'Invalid email';
+    }
+    if (typeof attrs.password == 'undefined') {
+      return 'Empty password';
+    }
+  },
+
+  setMacaroonCookiesFromResponse: function(result) {
+    document.cookie = "SnapwebMacaroon=" + result.macaroon +
+      "; path=/; SnapwebDischarge=" + result.discharges[0] + "; path=/";
+  },
+  
+});
diff --git a/www/src/js/routers/router.js b/www/src/js/routers/router.js
index 7afb0ddc..8adcc054 100644
--- a/www/src/js/routers/router.js
+++ b/www/src/js/routers/router.js
@@ -9,6 +9,7 @@ var searchController = require('../controllers/search.js');
 var storeController = require('../controllers/store.js');
 var settingsController = require('../controllers/settings.js');
 var snapController = require('../controllers/snaps.js');
+var loginController = require('../controllers/simple-login.js');
 
 module.exports = {
 
@@ -26,6 +27,13 @@ module.exports = {
     }
   }),
 
+  login: new Marionette.AppRouter({
+    controller: loginController,
+    appRoutes: {
+      'login': 'index'
+    }
+  }),
+
   store: new Marionette.AppRouter({
     controller: storeController,
     appRoutes: {
diff --git a/www/src/js/templates/simple-login.hbs b/www/src/js/templates/simple-login.hbs
new file mode 100644
index 00000000..c5bafa39
--- /dev/null
+++ b/www/src/js/templates/simple-login.hbs
@@ -0,0 +1,60 @@
+<div class="region-login">
+  <div class="inner-wrapper">
+    <div class="b-headline seven-col last-col">
+      <div class="row" id="login-form">
+        <h2>Login</h2>
+        <div class="p-card--highlighted" style="display:block">
+          <p>
+            You are currently not logged in.
+          </p>
+          <form>
+            <fieldset>
+            <p>
+              Please login with an Ubuntu SSO account registered on this all-snap  Ubuntu Core system to perform privileged operations.
+            </p>
+            <p>
+              <label for="emailSSO">Email</label>
+              <input type="text" id="emailSSO" placeholder="Enter an email address from your account in the store...">
+            </p>
+            <p>
+              <label for="password">Password</label>
+              <input type="password" id="password">
+            </p>
+            <p style="display: none" class="otpfield">
+              <label for="otp">OTP</label>
+              <input type="text" id="otp" placeholder="Enter your One-Time-Password...">
+            </p>
+            <p>
+              <button class="p-button--positive" id="btn-login" style="margin-bottom: 1em;">
+                Login
+              </button>
+              <label class="statusmessage" style="display: inline-block; margin-left: 1em">
+              </label>
+            </p>
+          </fieldset>
+        </form>
+      </div>
+      </div>
+      <div class="row" style="display:none" id="firstboot-step-2">
+        <h2>Configuration Complete</h2>
+        <p>
+          This device is registered to {{email}}.
+        <p>
+          Remote access was enabled via authentification with SSO user {{username}}.
+          Public SSH keys were added to the device for remote access.
+        </p>
+        <p>
+          {{email}} can connect remotely to this device via SSH:
+        </p>
+        <p>
+          <pre>
+            ssh {{username}}@{{ipaddress}}
+          </pre>
+        </p>
+        <a class="button--primary" id="btn-manage" href="/">
+          Manage your device
+        </a>
+        <p></p>
+      </div>
+    </div>
+</div>
diff --git a/www/src/js/views/simple-login.js b/www/src/js/views/simple-login.js
new file mode 100644
index 00000000..3ecdf5b3
--- /dev/null
+++ b/www/src/js/views/simple-login.js
@@ -0,0 +1,95 @@
+// simple-login view
+var Backbone = require('backbone');
+var Marionette = require('backbone.marionette');
+var template = require('../templates/simple-login.hbs');
+
+module.exports = Backbone.Marionette.LayoutView.extend({
+
+  className: 'b-layout__container',
+
+  ui: {
+    statusmessage: '.statusmessage',
+    otpfield: '.otpfield',
+    btncreate: '.btn-create',
+  },
+
+  events: {
+    'click #btn-login': 'handleLogin',
+  },
+
+  modelEvents: {
+    'invalid': function(model, error) {
+      this.setErrorStatus(error);
+    },
+    'two-factor-required': function(msg) {
+      this.setWarningStatus(msg);
+      this.ui.otpfield.show();
+    },
+    'two-factor-failed': function(msg) {
+      this.setWarningStatus(msg);
+    },
+    'login-required': function(msg) {
+      this.setErrorStatus(msg);
+    },
+    'invalid-auth-data': function(msg) {
+      this.setErrorStatus(msg);
+    },
+    'success': function() {
+      this.setStatus('OK');
+      // TODO: wait, then redirect
+    },
+  },
+
+  clearStatus: function() {
+    this.ui.statusmessage.hide();
+  },
+  setStatus: function(msg) {
+    this.ui.statusmessage.text(msg);
+    this.ui.statusmessage.removeClass('has-warning');
+    this.ui.statusmessage.removeClass('has-error');
+    this.ui.statusmessage.show();
+  },
+  setWarningStatus: function(msg) {
+    this.ui.statusmessage.text(msg);
+    this.ui.statusmessage.addClass('has-warning');
+    this.ui.statusmessage.removeClass('has-error');
+    this.ui.statusmessage.show();
+  },
+  setErrorStatus: function(msg) {
+    this.ui.statusmessage.text(msg);
+    this.ui.statusmessage.removeClass('has-warning');
+    this.ui.statusmessage.addClass('has-error');
+    this.ui.statusmessage.show();
+  },
+
+  handleLogin: function(event) {
+    event.preventDefault();
+    event.stopPropagation();
+    this.model.set({
+      email: this.$('#emailSSO').val(),
+      password: this.$('#password').val(),
+      otp: this.$('#otp').val(),
+    });
+    if (this.model.isValid()) {
+      this.setStatus('Authentication...'); // via snapd...
+      this.model.save({}, {
+        success: function(model, response) {
+          model.trigger('success');
+        },
+        error: function(model, response) {
+          if (response.status == 401) {
+            model.trigger(response.responseJSON.result.kind,
+                         response.responseJSON.result.message);
+          } else {
+            model.trigger('invalid', model, response);
+          }
+        }
+      });
+    }
+  },
+
+  template : function(model) {
+    return template(model);
+  },
+
+});
diff --git a/www/tests/simpleLoginSpec.js b/www/tests/simpleLoginSpec.js
new file mode 100644
index 00000000..037258c2
--- /dev/null
+++ b/www/tests/simpleLoginSpec.js
@@ -0,0 +1,77 @@
+var LoginModel = require('../src/js/models/simple-login.js');
+var Backbone = require('backbone');
+var LoginView = require('../src/js/views/simple-login.js');
+
+describe('Login', function() {
+
+  describe('LoginModel', function() {
+
+    beforeEach(function() {
+      this.model = new LoginModel({});
+    });
+
+    afterEach(function() {
+      delete this.model;
+    });
+
+    it('should be an instance of Backbone.Model', function() {
+      expect(LoginModel).toBeDefined();
+      expect(this.model).toEqual(jasmine.any(Backbone.Model));
+    });    
+
+    it('should block empty or invalid email', function() {
+      expect(this.model.validate({})).toBeDefined();
+      expect(this.model.validate({email: 'bad-email'})).toBeDefined();
+    });
+
+    // FIXME: jasmine.Ajax makes karma go crazy and fail to parse a JSON string in snap.js !?
+    xit('should validate on save', function() {
+      jasmine.Ajax.install();
+      spyOn(this.model, 'save').and.callThrough();
+      spyOn(this.model, 'validate').and.callThrough();
+      this.model.save();
+      expect(this.model.validate).toHaveBeenCalled();
+      jasmine.Ajax.uninstall();
+    });
+
+  });
+
+  describe('LoginView', function() {
+
+    beforeEach(function() {
+      this.model = new LoginModel({});
+      this.view = new LoginView({
+        model: this.model
+      });
+      this.view.render();
+      
+      this.emailSSO = this.view.$el.find('#emailSSO'); 
+      this.btnLogin = this.view.$el.find('#btn-login');
+    });
+    
+    afterEach(function() {
+      this.view.remove();
+      delete this.model;
+      delete this.view;
+    });
+    
+    it('should be an instance of Backbone.View', function() {
+      expect(LoginView).toBeDefined();
+      expect(this.view).toEqual(jasmine.any(Backbone.View));
+    });
+    
+    it('should have some key input fields', function() {
+      expect(this.emailSSO).toBeDefined();
+      expect(this.btnLogin).toBeDefined();
+    });
+
+    xit('should submit valid forms', function() {
+    });
+    
+    xit('should display error feedback', function() {
+
+    });
+    
+  });
+
+});

From bd2dde5714203c839a56a8353eab78e0b4bd2685 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 10:35:54 +0200
Subject: [PATCH 03/22] adjust unit test to use jamine.Ajax spies

---
 www/tests/simpleLoginSpec.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/www/tests/simpleLoginSpec.js b/www/tests/simpleLoginSpec.js
index 037258c2..e064a202 100644
--- a/www/tests/simpleLoginSpec.js
+++ b/www/tests/simpleLoginSpec.js
@@ -8,10 +8,15 @@ describe('Login', function() {
 
     beforeEach(function() {
       this.model = new LoginModel({});
+      // NOTE: it seems we don't need to do jasmine.Ajax.install() anymore
+      //       before installing the spies; not sure why
+      spyOn(this.model, 'save').and.callThrough();
+      spyOn(this.model, 'validate').and.callThrough();
     });
 
     afterEach(function() {
       delete this.model;
+      this.model = null;
     });
 
     it('should be an instance of Backbone.Model', function() {
@@ -24,14 +29,9 @@ describe('Login', function() {
       expect(this.model.validate({email: 'bad-email'})).toBeDefined();
     });
 
-    // FIXME: jasmine.Ajax makes karma go crazy and fail to parse a JSON string in snap.js !?
-    xit('should validate on save', function() {
-      jasmine.Ajax.install();
-      spyOn(this.model, 'save').and.callThrough();
-      spyOn(this.model, 'validate').and.callThrough();
+    it('should validate on save', function() {
       this.model.save();
       expect(this.model.validate).toHaveBeenCalled();
-      jasmine.Ajax.uninstall();
     });
 
   });

From e7c23a43d4553771b3604678901d6ed5af3d5d65 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 17:39:07 +0200
Subject: [PATCH 04/22] write the whole macaroon result JSON in the cookie;
 redirect to / on success; use js-cookie

---
 package.json                      | 1 +
 www/src/js/models/simple-login.js | 4 ++--
 www/src/js/views/simple-login.js  | 8 +++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index 0a1a6fdd..15204fea 100644
--- a/package.json
+++ b/package.json
@@ -30,6 +30,7 @@
     "istanbul": "^0.4.3",
     "jasmine-core": "~2.2.0",
     "jquery": "~2.1.3",
+    "js-cookie": "~2.1.3",
     "karma": "~0.12.31",
     "karma-browserify": "~4.0.0",
     "karma-chrome-launcher": "^0.1.7",
diff --git a/www/src/js/models/simple-login.js b/www/src/js/models/simple-login.js
index 61e92e03..569690bc 100644
--- a/www/src/js/models/simple-login.js
+++ b/www/src/js/models/simple-login.js
@@ -2,6 +2,7 @@
 
 var Backbone = require('backbone');
 var Marionette = require('backbone.marionette');
+var Cookies = require("js-cookie");
 
 module.exports = Backbone.Model.extend({
   url: '/api/v2/login',
@@ -25,8 +26,7 @@ module.exports = Backbone.Model.extend({
   },
 
   setMacaroonCookiesFromResponse: function(result) {
-    document.cookie = "SnapwebMacaroon=" + result.macaroon +
-      "; path=/; SnapwebDischarge=" + result.discharges[0] + "; path=/";
+    Cookies.set('SM', result);
   },
   
 });
diff --git a/www/src/js/views/simple-login.js b/www/src/js/views/simple-login.js
index 3ecdf5b3..b2260225 100644
--- a/www/src/js/views/simple-login.js
+++ b/www/src/js/views/simple-login.js
@@ -1,4 +1,5 @@
 // simple-login view
+var _ = require('lodash');
 var Backbone = require('backbone');
 var Marionette = require('backbone.marionette');
 var template = require('../templates/simple-login.hbs');
@@ -36,7 +37,6 @@ module.exports = Backbone.Marionette.LayoutView.extend({
     },
     'success': function() {
       this.setStatus('OK');
-      // TODO: wait, then redirect
     },
   },
 
@@ -74,7 +74,13 @@ module.exports = Backbone.Marionette.LayoutView.extend({
       this.setStatus('Authentication...'); // via snapd...
       this.model.save({}, {
         success: function(model, response) {
+          model.setMacaroonCookiesFromResponse(response.result);
           model.trigger('success');
+          // wait a bit to let the user read the confirmation message
+          _.delay(function() {
+            // redirect to home for now
+            window.location = '/';
+          }, 200)
         },
         error: function(model, response) {
           if (response.status == 401) {

From 10e1902b05153300d62b93dcf9a7c64fa06e0b48 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 17:39:39 +0200
Subject: [PATCH 05/22] further unit tests to check the login model, view, and
 cookies

---
 www/tests/simpleLoginSpec.js | 50 ++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/www/tests/simpleLoginSpec.js b/www/tests/simpleLoginSpec.js
index e064a202..254efa28 100644
--- a/www/tests/simpleLoginSpec.js
+++ b/www/tests/simpleLoginSpec.js
@@ -1,5 +1,7 @@
-var LoginModel = require('../src/js/models/simple-login.js');
+var _ = require('lodash');
+var CONF = require('../src/js/config.js');
 var Backbone = require('backbone');
+var LoginModel = require('../src/js/models/simple-login.js');
 var LoginView = require('../src/js/views/simple-login.js');
 
 describe('Login', function() {
@@ -33,7 +35,7 @@ describe('Login', function() {
       this.model.save();
       expect(this.model.validate).toHaveBeenCalled();
     });
-
+    
   });
 
   describe('LoginView', function() {
@@ -46,6 +48,7 @@ describe('Login', function() {
       this.view.render();
       
       this.emailSSO = this.view.$el.find('#emailSSO'); 
+      this.password = this.view.$el.find('#password'); 
       this.btnLogin = this.view.$el.find('#btn-login');
     });
     
@@ -69,7 +72,50 @@ describe('Login', function() {
     });
     
     xit('should display error feedback', function() {
+    });
+    
+    it('should set the macaroon cookies', function() {
+      spyOn(this.model, 'save').and.callThrough();
+      spyOn(this.model, 'setMacaroonCookiesFromResponse').and.callThrough();
 
+      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
+        status: 200,
+        statusText: "OK",
+        contentType: "application/json",
+        responseText: '{"type":"sync","status-code":200,"status":"OK","result":{"macaroon":"protect the innoncent","discharges":["serve the public trust"]}}',
+      });
+      
+      this.emailSSO.val('valid@email.com');
+      this.password.val('not empty');
+      var stubbedEvent = {
+        preventDefault: function() {},
+        stopPropagation: function() {}
+      };
+      this.view.handleLogin(stubbedEvent);
+      
+      expect(this.model.save).toHaveBeenCalled();
+      expect(this.model.setMacaroonCookiesFromResponse).toHaveBeenCalled();
+    });
+    
+    it('should send the macaroon cookie in new requests', function() {
+      this.model.setMacaroonCookiesFromResponse({"macaroon":"protect the innoncent",
+                                                 "discharges":["serve the public trust"]});
+
+      var doneFn = jasmine.createSpy("success");
+      var xhr = new XMLHttpRequest();
+      xhr.onreadystatechange = function(args) {
+        if (this.readyState == this.DONE) {
+          doneFn(this.responseText);
+        }
+      };
+
+      xhr.open("GET", "/some/api/call");
+      xhr.send();
+      
+      request = jasmine.Ajax.requests.mostRecent();
+      expect(request.url).toBe('/some/api/call');
+      expect(request.method).toBe('GET');
+      // TODO: check that cookies are sent properly; no time to finish that now :/
     });
     
   });

From 715b458e498b1df955ed561cd3222cc19813a6be Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 20:02:33 +0200
Subject: [PATCH 06/22] decode a json cookie instead of 2 strings

---
 cmd/snapweb/handlers.go      | 35 ++++++++++++++++++++++++++---------
 cmd/snapweb/handlers_test.go | 12 ++++++++----
 2 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index 0958de39..16a4f6f4 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -25,7 +25,7 @@ import (
 	"log"
 	"net"
 	"net/http"
-	// "net/url"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -167,21 +167,38 @@ func initURLHandlers(log *log.Logger) {
 	http.HandleFunc("/", makeMainPageHandler())
 }
 
-// Name of cookies transporting the macaroon and discharge to authenticate snapd requests
+// Name of the cookie transporting the macaroon and discharge to authenticate snapd requests
 const (
-	SnapwebMacaroonCookieName  = "SnapwebMacaroon"
-	SnapwebDischargeCookieName = "SnapwebDischarge"
+	SnapwebCookieName  = "SM"
 )
 
+type MacaroonCookie struct {
+	Macaroon   string   `json:"macaroon,omitempty"`
+	Discharges []string `json:"discharges,omitempty"`
+}
+
 // Writes the 'Authorization' header
 // with macaroon and discharges extracted from mere cookies
 func setAuthorizationHeader(req *http.Request, outreq *http.Request) {
-	mc, _ := req.Cookie(SnapwebMacaroonCookieName)
-	dc, _ := req.Cookie(SnapwebDischargeCookieName)
-	if mc != nil && dc != nil {
+	cookie, _ := req.Cookie(SnapwebCookieName); if cookie != nil {
+		var mc MacaroonCookie
+		unescaped, err := url.QueryUnescape(cookie.Value)
+		if err != nil {
+			log.Println("Error trying to unescape cookie string", err)
+			return
+		}
+		dec := json.NewDecoder(strings.NewReader(unescaped))
+		if err := dec.Decode(&mc); err != nil {
+			// TODO: reset a broken cookie? just ignoring for now
+			log.Println("Error trying to decode cookie: ", err)
+			return
+		}
+
 		var buf bytes.Buffer
-		fmt.Fprintf(&buf, `Macaroon root="%s"`, mc.Value)
-		fmt.Fprintf(&buf, `, discharge="%s"`, dc.Value)
+		fmt.Fprintf(&buf, `Macaroon root="%s"`, mc.Macaroon)
+		for _, discharge := range mc.Discharges {
+			fmt.Fprintf(&buf, `, discharge="%s"`, discharge)
+		}
 		outreq.Header.Set("Authorization", buf.String())
 	}
 }
diff --git a/cmd/snapweb/handlers_test.go b/cmd/snapweb/handlers_test.go
index 649374e4..34c4f8df 100644
--- a/cmd/snapweb/handlers_test.go
+++ b/cmd/snapweb/handlers_test.go
@@ -27,11 +27,12 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
-
+	
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapweb/snappy"
@@ -256,13 +257,16 @@ func (s *HandlersSuite) TestSetAuthorization(c *C) {
 	r, err := http.NewRequest("GET", "/api/dummy", nil)
 	c.Assert(err, IsNil)
 
-	r.AddCookie(&http.Cookie{Name: SnapwebMacaroonCookieName, Value: "expected"})
-	r.AddCookie(&http.Cookie{Name: SnapwebDischargeCookieName, Value: "expected"})
+	example := `{ "macaroon": "expected", "discharges": ["expected-as-well"] }`
+	encodedValue := (&url.URL{Path: example}).EscapedPath()
+	fmt.Println("encodedValue:", encodedValue)
+	r.AddCookie(&http.Cookie{	Name: SnapwebCookieName, Value: encodedValue })
 
 	outreq, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
 	c.Assert(err, IsNil)
 
 	setAuthorizationHeader(r, outreq)
+	c.Assert(outreq.Header["Authorization"], NotNil)
 	c.Check(outreq.Header["Authorization"][0], Equals,
-		"Macaroon root=\"expected\", discharge=\"expected\"")
+		"Macaroon root=\"expected\", discharge=\"expected-as-well\"")
 }

From 05285f3588ab339da2838902f98b3ab08ba8161b Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 20:39:46 +0200
Subject: [PATCH 07/22] add a global error handler to trap 401 errors and
 redirect to /login

---
 www/src/js/app.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/www/src/js/app.js b/www/src/js/app.js
index 29d06d1b..bc2bdee5 100644
--- a/www/src/js/app.js
+++ b/www/src/js/app.js
@@ -6,6 +6,7 @@ var Backbone = require('backbone');
 Backbone.$ = $;
 var Marionette = require('backbone.marionette');
 var Radio = require('backbone.radio');
+
 if (window.__agent) {
   window.__agent.start(Backbone, Marionette);
 }
@@ -23,3 +24,9 @@ $(document).ready(function() {
 snapweb.on('start', function() {
   Backbone.history.start({pushState: true});
 });
+
+$( document ).ajaxError(function( event, jqxhr, settings, exception ) {
+    if ( jqxhr.status== 401 ) {
+      window.location = '/login';
+    }
+});

From e0e534e2a60935d64263ea8834f736ff9e41a5d8 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 21:09:09 +0200
Subject: [PATCH 08/22] control the presence of our auth cookie or redirect to
 login on API requests

---
 cmd/snapweb/handlers.go      | 28 ++++++++++++++++++++++++----
 cmd/snapweb/handlers_test.go | 10 ++++++++--
 snappy/handlers.go           | 23 +++++++++++++++++++++++
 snappy/handlers_test.go      |  5 +++++
 4 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index 16a4f6f4..d9d67f5c 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -83,6 +83,9 @@ type timeInfoResponse struct {
 }
 
 func handleTimeInfo(w http.ResponseWriter, r *http.Request) {
+
+	SimpleCookieCheckOrRedirect(w, r)
+
 	if r.Method == "GET" {
 		values, err := snappy.GetCoreConfig(
 			[]string{"Date", "Time", "Timezone", "NTPServer"})
@@ -119,6 +122,9 @@ type deviceInfoResponse struct {
 }
 
 func handleDeviceInfo(w http.ResponseWriter, r *http.Request) {
+
+	SimpleCookieCheckOrRedirect(w, r)
+
 	c := newSnapdClient()
 
 	modelInfo, err := snappy.GetModelInfo(c)
@@ -150,12 +156,15 @@ func initURLHandlers(log *log.Logger) {
 	passThru := makePassthroughHandler(dirs.SnapdSocket, "/api")
 
 	http.Handle("/api/v2/packages/", snappyHandler.MakeMuxer("/api/v2/packages"))
-	http.HandleFunc("/api/v2/create-user", passThru)
-	http.HandleFunc("/api/v2/login", passThru)
 
 	http.HandleFunc("/api/v2/time-info", handleTimeInfo)
 	http.HandleFunc("/api/v2/device-info", handleDeviceInfo)
 
+	// the URLs below shouldn't be using SimpleCookieCheckOrRedirect
+
+	http.HandleFunc("/api/v2/create-user", passThru)
+	http.HandleFunc("/api/v2/login", passThru)
+
 	http.Handle("/public/", loggingHandler(http.FileServer(http.Dir(filepath.Join(os.Getenv("SNAP"), "www")))))
 
 	if iconDir, relativePath, err := snappy.IconDir(); err == nil {
@@ -169,9 +178,10 @@ func initURLHandlers(log *log.Logger) {
 
 // Name of the cookie transporting the macaroon and discharge to authenticate snapd requests
 const (
-	SnapwebCookieName  = "SM"
+	SnapwebCookieName = "SM"
 )
 
+// The MacaroonCookie structure mirrors the User structure in snapd/client/login.go
 type MacaroonCookie struct {
 	Macaroon   string   `json:"macaroon,omitempty"`
 	Discharges []string `json:"discharges,omitempty"`
@@ -180,7 +190,8 @@ type MacaroonCookie struct {
 // Writes the 'Authorization' header
 // with macaroon and discharges extracted from mere cookies
 func setAuthorizationHeader(req *http.Request, outreq *http.Request) {
-	cookie, _ := req.Cookie(SnapwebCookieName); if cookie != nil {
+	cookie, _ := req.Cookie(SnapwebCookieName)
+	if cookie != nil {
 		var mc MacaroonCookie
 		unescaped, err := url.QueryUnescape(cookie.Value)
 		if err != nil {
@@ -203,6 +214,15 @@ func setAuthorizationHeader(req *http.Request, outreq *http.Request) {
 	}
 }
 
+// SimpleCookieCheckOrRedirect is a simplistic authorization mechanism
+func SimpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) {
+	// simply verifies the existence of a cookie for now
+	cookie, _ := r.Cookie(SnapwebCookieName)
+	if cookie == nil {
+		http.Redirect(w, r, "/login", 401)
+	}
+}
+
 func makePassthroughHandler(socketPath string, prefix string) http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		c := &http.Client{
diff --git a/cmd/snapweb/handlers_test.go b/cmd/snapweb/handlers_test.go
index 34c4f8df..ec17819d 100644
--- a/cmd/snapweb/handlers_test.go
+++ b/cmd/snapweb/handlers_test.go
@@ -32,7 +32,7 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
-	
+
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapweb/snappy"
@@ -139,6 +139,8 @@ func (s *HandlersSuite) TestMakeMainPageHandler(c *C) {
 	req, err := http.NewRequest("GET", "/", nil)
 	c.Assert(err, IsNil)
 
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+
 	http.DefaultServeMux.ServeHTTP(rec, req)
 	body := rec.Body.String()
 
@@ -219,6 +221,8 @@ func (s *HandlersSuite) TestPassthroughHandler(c *C) {
 	req, err := http.NewRequest("GET", "/api/v2/system-info", nil)
 	c.Assert(err, IsNil)
 
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+
 	handler(rec, req)
 	body := rec.Body.String()
 	c.Assert(rec.Code, Equals, http.StatusOK)
@@ -240,6 +244,8 @@ func (s *HandlersSuite) TestModelInfoHandler(c *C) {
 	req, err := http.NewRequest("GET", "/api/v2/device-info", nil)
 	c.Assert(err, IsNil)
 
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+
 	http.DefaultServeMux.ServeHTTP(rec, req)
 	body := rec.Body.String()
 
@@ -260,7 +266,7 @@ func (s *HandlersSuite) TestSetAuthorization(c *C) {
 	example := `{ "macaroon": "expected", "discharges": ["expected-as-well"] }`
 	encodedValue := (&url.URL{Path: example}).EscapedPath()
 	fmt.Println("encodedValue:", encodedValue)
-	r.AddCookie(&http.Cookie{	Name: SnapwebCookieName, Value: encodedValue })
+	r.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: encodedValue})
 
 	outreq, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
 	c.Assert(err, IsNil)
diff --git a/snappy/handlers.go b/snappy/handlers.go
index bfa44d67..0e62bc74 100644
--- a/snappy/handlers.go
+++ b/snappy/handlers.go
@@ -57,6 +57,20 @@ func (h *Handler) jsonResponseOrError(v interface{}, w http.ResponseWriter) {
 	}
 }
 
+// Name of the cookie transporting the macaroon and discharge to authenticate snapd requests
+const (
+	SnapwebCookieName = "SM"
+)
+
+// FIXME: the whole thing is ugly, but a stop gap measure; i'll clean up
+func simpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) {
+	// simply verifies the existence of a cookie for now
+	cookie, _ := r.Cookie(SnapwebCookieName)
+	if cookie == nil {
+		http.Redirect(w, r, "/login", 401)
+	}
+}
+
 func (h *Handler) snapOperationResponse(name string, err error, w http.ResponseWriter) {
 	msg := "Accepted"
 	status := http.StatusAccepted
@@ -72,6 +86,9 @@ func (h *Handler) snapOperationResponse(name string, err error, w http.ResponseW
 }
 
 func (h *Handler) getAll(w http.ResponseWriter, r *http.Request) {
+	// stop gap measure
+	simpleCookieCheckOrRedirect(w, r)
+
 	snapCondition := availableSnaps
 	if r.FormValue("installed_only") == "true" {
 		snapCondition = installedSnaps
@@ -94,6 +111,8 @@ func (h *Handler) getAll(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
+	simpleCookieCheckOrRedirect(w, r)
+
 	name := mux.Vars(r)["name"]
 
 	payload, err := h.packagePayload(name)
@@ -107,6 +126,8 @@ func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) add(w http.ResponseWriter, r *http.Request) {
+	simpleCookieCheckOrRedirect(w, r)
+
 	name := mux.Vars(r)["name"]
 
 	err := h.installPackage(name)
@@ -115,6 +136,8 @@ func (h *Handler) add(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) remove(w http.ResponseWriter, r *http.Request) {
+	simpleCookieCheckOrRedirect(w, r)
+
 	name := mux.Vars(r)["name"]
 
 	err := h.removePackage(name)
diff --git a/snappy/handlers_test.go b/snappy/handlers_test.go
index b774484e..42c0cc3f 100644
--- a/snappy/handlers_test.go
+++ b/snappy/handlers_test.go
@@ -54,6 +54,7 @@ func (s *HandlersSuite) TestGetAllError(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/", nil)
 	c.Assert(err, IsNil)
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusInternalServerError)
@@ -91,6 +92,7 @@ func (s *HandlersSuite) TestGetError(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/foo", nil)
 	c.Assert(err, IsNil)
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusNotFound)
@@ -102,6 +104,7 @@ func (s *HandlersSuite) TestGet(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/chatroom", nil)
 	c.Assert(err, IsNil)
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusOK)
@@ -118,6 +121,7 @@ func (s *HandlersSuite) TestAdd(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("PUT", "/chatroom", nil)
 	c.Assert(err, IsNil)
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusAccepted)
@@ -130,6 +134,7 @@ func (s *HandlersSuite) TestRemove(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("DELETE", "/chatroom", nil)
 	c.Assert(err, IsNil)
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusAccepted)

From 2f125c1aa00e8a4c4486a58f0de531eb42db52be Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 23:57:48 +0200
Subject: [PATCH 09/22] set the cookie expiration to 1 day

---
 www/src/js/models/simple-login.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/www/src/js/models/simple-login.js b/www/src/js/models/simple-login.js
index 569690bc..1251a024 100644
--- a/www/src/js/models/simple-login.js
+++ b/www/src/js/models/simple-login.js
@@ -26,7 +26,11 @@ module.exports = Backbone.Model.extend({
   },
 
   setMacaroonCookiesFromResponse: function(result) {
-    Cookies.set('SM', result);
+    // the cookie will expire in 1 /day/
+    // unfortunately Chrome's "continue where I left off
+    // prevents session cookies to expire as usual
+    // See https://bugs.chromium.org/p/chromium/issues/detail?id=130291
+    Cookies.set('SM', result, {expires: 1});
   },
   
 });

From af09b622256c6a0d221a3d23b8f81aa55e3d442f Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Fri, 14 Oct 2016 23:58:21 +0200
Subject: [PATCH 10/22] prevent the global ajax error handler from breaking the
 login flow

---
 www/src/js/app.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/src/js/app.js b/www/src/js/app.js
index bc2bdee5..f8bf0684 100644
--- a/www/src/js/app.js
+++ b/www/src/js/app.js
@@ -26,7 +26,7 @@ snapweb.on('start', function() {
 });
 
 $( document ).ajaxError(function( event, jqxhr, settings, exception ) {
-    if ( jqxhr.status== 401 ) {
+    if (jqxhr.status === 401 && window.location.pathname != '/login') {
       window.location = '/login';
     }
 });

From c4e63fc171fee961f1b04b3d38f061e1777d4356 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Sat, 15 Oct 2016 00:00:39 +0200
Subject: [PATCH 11/22] HTTPS support with dummy self-signed certificates; keep
 an HTTP end-point on :4200 to redirect clients to HTTPS

---
 cmd/snapweb/main.go | 25 ++++++++++++++++++++++---
 server.crt          | 19 +++++++++++++++++++
 server.key          | 27 +++++++++++++++++++++++++++
 3 files changed, 68 insertions(+), 3 deletions(-)
 create mode 100644 server.crt
 create mode 100644 server.key

diff --git a/cmd/snapweb/main.go b/cmd/snapweb/main.go
index 5693cb92..99fa382c 100644
--- a/cmd/snapweb/main.go
+++ b/cmd/snapweb/main.go
@@ -21,18 +21,28 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/snapcore/snapweb/avahi"
 )
 
 var logger *log.Logger
 
-const httpAddr string = ":4200"
+const (
+	httpAddr  string = ":4200"
+	httpsAddr string = ":4201"
+)
 
 func init() {
 	logger = log.New(os.Stderr, "Snapweb: ", log.Ldate|log.Ltime|log.Lshortfile)
 }
 
+func redir(w http.ResponseWriter, req *http.Request) {
+	http.Redirect(w, req,
+		"https://"+strings.Replace(req.Host, httpAddr, httpsAddr, -1),
+		http.StatusMovedPermanently)
+}
+
 func main() {
 	initURLHandlers(logger)
 
@@ -40,7 +50,16 @@ func main() {
 
 	logger.Println("Snapweb starting...")
 
-	if err := http.ListenAndServe(httpAddr, nil); err != nil {
-		logger.Printf("http.ListendAndServer() failed with %s\n", err)
+	// run the main service over HTTPS
+	go func() {
+		if err := http.ListenAndServeTLS(httpsAddr, "server.crt", "server.key", nil); err != nil {
+			logger.Fatalf("http.ListendAndServerTLS() failed with %v", err)
+		}
+	}()
+
+	// open a plain HTTP end-point on the "usual" 4200 port, and redirect to HTTPS
+	if err := http.ListenAndServe(httpAddr, http.HandlerFunc(redir)); err != nil {
+		log.Fatalf("ListenAndServe failed with: %v", err)
 	}
+
 }
diff --git a/server.crt b/server.crt
new file mode 100644
index 00000000..75a01490
--- /dev/null
+++ b/server.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQDOyQhN2x7KPTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE2MTAxNDIwMTUyM1oXDTE3MTAxNDIwMTUyM1owRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM5PBW0uMUjidCN2V7XRLGDL2LqRLQ77xZ+kSV4Gg0Gf6ElK6SCPfRYfsz+wTLlP
+XS0nbXyL1CAN3FpbXuTYdvaLQmMZtSAhBq5bIFIXkZV8R8GUFbPLEbDfEe88XPtf
+HjY4KDtX4orgLPmtJUB+72OG4XzSHqKANBr+7pho3UpV7PtTGZbhclOKyusG81Mv
+33DA0zPfMIvHZPzo0fxYbEv588M8pVMFIBzxkBSOHmO3CO0ux4llkKhRivwQVsg7
+hEjMSu/47OPkdChus/XYqtOlzxzuTRQKYMtUWskycFFbs8/Fh2iv1X2BoW19sVCp
+bA9MH31wmq+PvXjISozDiQkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAq5BuVWEs
+3aV+5kSLP4bBnTZbvMR4noSk9iU1TYkssqp1seaWxvM8+Gw0vP1aqn4MomAKuGzN
+YNjxWiAau34da6TLmkQa1rJJFRUKSJkU5HhW3cHThxMhvuHJb4uGAIWAzp44nqYC
+Z78roXhcAodokH7ddUFK7i69b8DmDtqhfneITTFbamc6HSQcP72YKe/7Zfxn9RPm
+GgJ/4gGvQog4U6S6G1i/StYftmVS5spUB398lP9aF1G6Cc9ZxGT0u0UQZhaLflaZ
+GmMqeVvQvR1d7QPJANdiqBgwLaFlMAzfLx/C/dAV+g6XPoiLM/jc4QGokSM4J2DY
+fbDlFJlM88Rjow==
+-----END CERTIFICATE-----
diff --git a/server.key b/server.key
new file mode 100644
index 00000000..40e90001
--- /dev/null
+++ b/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAzk8FbS4xSOJ0I3ZXtdEsYMvYupEtDvvFn6RJXgaDQZ/oSUrp
+II99Fh+zP7BMuU9dLSdtfIvUIA3cWlte5Nh29otCYxm1ICEGrlsgUheRlXxHwZQV
+s8sRsN8R7zxc+18eNjgoO1fiiuAs+a0lQH7vY4bhfNIeooA0Gv7umGjdSlXs+1MZ
+luFyU4rK6wbzUy/fcMDTM98wi8dk/OjR/FhsS/nzwzylUwUgHPGQFI4eY7cI7S7H
+iWWQqFGK/BBWyDuESMxK7/js4+R0KG6z9diq06XPHO5NFApgy1RayTJwUVuzz8WH
+aK/VfYGhbX2xUKlsD0wffXCar4+9eMhKjMOJCQIDAQABAoIBAAdhynbqpTbPa4pt
+TJwj3Oulv56FXVBg7+RTc5CauQ2bFCuzM35HxBkLj1VjEIu87D+WXpOLSU7QUCcn
+h9C2ciNGPlzfaZy5scyBVDm7wCjSJpslmlUxmfNzN+gQh98yuxkDj2T4MxH3DYTt
+jhytrhEonV7jAdecsMCaiJ0Je4mSUxB3IMBhtYp22hXuJZx4L9UtJ7yOmjg7yMj3
+dDJu6ziShEs5O8EN0Uky208WMJKc+vefY2yC2SwBS6jLun9OaVWR4JGytfHIbSvZ
+cHXL2b7F9CXFK9RoO9ik9PD+EonRRx4JZYumG8p5bzgIPrefL1AjRrLCkYaXYJYZ
+kdr0Q7UCgYEA7jdSIPV2/sg2VCugjhbgmFhWQOiysQD+kIa2Rur2ni0uhlTw9nG3
+1Sjza40smhX1wvm6IHXQAqAi73ahS2xhB0i8WvAoBjyur/m9JXYPL2Yipk2cVNTo
+/fkXzZ0/JLA4enrm09ZPrP/QDDgnUWXoG8HNStEcA+hRgB6Sbsslb8cCgYEA3bXm
+a2uLpaI2YeuWesic+QASs0s++NifBDIM3Lz7cWH2PHFLd5wG149u27g75BDjRTrs
+E+2sS+RS41gWJjXfcKqPblqBI0wDjclRkFRN2Cchrj5rOzZ/yf+sDsKZ8AyUVF73
+a0wb4T/hNroJHFs1lc7LtAchI7KC/xMD+Syy4K8CgYB6YoWZVUMLZsUyvS9BkNNW
+sZuuwV58vawLiIpBKRoG7eOHNECP/KCbrOxShzcw+rNGtpI/dwelMayBJot7enTn
+DyFl/xgxDCAbXM0mX98xVOHcWudEVhZV1RG7m1wDd12s31OT5fkNQmgavwbENPzo
+tcrI82HXSBYHIq3MqiXTpQKBgQDNWNjdzXI+KwvrjeSGPKEHD0ZCwgLFQP2nSSQY
+nwDUd0M1oEmhsuWzaann36+5ANs/F9/oZU4bzJHo94EsSuF03MSUFUdehd0Uyc29
+vBeNiFDtreproYKieSfHU/54E26e5oaK3qdD7YKOyaf+l4v+ANczGxdalNA3qEkZ
+1IipCQKBgQCeFpqk/9IWsw4z2CWBDld8ZcxfOWls9quf25Qr+OU9AAtY1HCHmaeM
+rjzkImzckK9es5GkyhXNAZ1jNjAlzg6lEMfyJCIvA34W3gxPh1K1kx9xvKy36UeE
+7n2kTOF6GTO3gQLS5cH4P/PxXD7b8sR7rNs8S2NYLP3UBGmOtFYrEA==
+-----END RSA PRIVATE KEY-----

From 3df176c2289128407d93f68e8c6c402d0197b329 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Sat, 15 Oct 2016 02:56:55 +0200
Subject: [PATCH 12/22] switch to generating a self-signed certificate at
 runtime; clean test

---
 cmd/snapweb/cert.go          | 117 +++++++++++++++++++++++++++++++++++
 cmd/snapweb/cert_test.go     |  47 ++++++++++++++
 cmd/snapweb/handlers_test.go |   1 -
 cmd/snapweb/main.go          |   9 ++-
 server.crt                   |  19 ------
 server.key                   |  27 --------
 6 files changed, 171 insertions(+), 49 deletions(-)
 create mode 100644 cmd/snapweb/cert.go
 create mode 100644 cmd/snapweb/cert_test.go
 delete mode 100644 server.crt
 delete mode 100644 server.key

diff --git a/cmd/snapweb/cert.go b/cmd/snapweb/cert.go
new file mode 100644
index 00000000..7333ba26
--- /dev/null
+++ b/cmd/snapweb/cert.go
@@ -0,0 +1,117 @@
+/*
+ * Copyright (C) 2014-2016 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"log"
+	"math/big"
+	"net"
+	"os"
+	"time"
+)
+
+
+func publicKey(priv interface{}) interface{} {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &k.PublicKey
+	case *ecdsa.PrivateKey:
+		return &k.PublicKey
+	default:
+		return nil
+	}
+}
+
+func pemBlockForKey(priv interface{}) *pem.Block {
+	switch k := priv.(type) {
+	case *rsa.PrivateKey:
+		return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
+	case *ecdsa.PrivateKey:
+		b, err := x509.MarshalECPrivateKey(k)
+		if err != nil {
+			log.Fatalf("Unable to marshal ECDSA private key: %v", err)
+		}
+		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
+	default:
+		return nil
+	}
+}
+
+// GenerateCertificate will generate a new self-signed certifiate at startup
+func GenerateCertificate() {
+	/* With help from https://golang.org/src/crypto/tls/generate_cert.go */
+
+	var priv interface{}
+	var err error
+	priv, err = rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		log.Fatalf("failed to generate private key: %s", err)
+	}
+
+	notBefore := time.Now()
+	validFor := 365 * 24 * time.Hour
+	notAfter := notBefore.Add(validFor)
+
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		log.Fatalf("failed to generate serial number: %s", err)
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			Organization: []string{"Acme Co"}, // FIXME
+		},
+		NotBefore:             notBefore,
+		NotAfter:              notAfter,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
+		BasicConstraintsValid: true,
+	}
+
+	// TODO: add other IP addresses and hostnames (check Avahi)
+	template.IPAddresses = append(template.IPAddresses, net.ParseIP("127.0.0.1"))
+	template.IsCA = false
+
+	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
+	if err != nil {
+		log.Fatalf("Failed to create certificate: %s", err)
+	}
+
+	certOut, err := os.Create("cert.pem")
+	if err != nil {
+		log.Fatalf("failed to open cert.pem for writing: %s", err)
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	certOut.Close()
+
+	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+	if err != nil {
+		log.Fatalf("failed to open key.pem for writing:", err)
+	}
+
+	pem.Encode(keyOut, pemBlockForKey(priv))
+	keyOut.Close()
+}
diff --git a/cmd/snapweb/cert_test.go b/cmd/snapweb/cert_test.go
new file mode 100644
index 00000000..640bde39
--- /dev/null
+++ b/cmd/snapweb/cert_test.go
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	. "gopkg.in/check.v1"
+)
+
+type CertSuite struct{}
+
+var _ = Suite(&CertSuite{})
+
+func (s *CertSuite) TestGenerate(c *C) {
+	tmp := c.MkDir()
+	os.Setenv("SNAP_DATA", tmp)
+	certFile := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")
+	keyFile := filepath.Join(os.Getenv("SNAP_DATA"), "key.pem")
+	
+	c.Assert(ioutil.WriteFile(certFile, []byte{}, os.ModePerm), IsNil)
+	c.Assert(ioutil.WriteFile(keyFile, []byte{}, os.ModePerm), IsNil)
+
+	GenerateCertificate()
+	_, err := ioutil.ReadFile(certFile)
+	c.Assert(err, IsNil)
+	_, err = ioutil.ReadFile(keyFile)
+	c.Assert(err, IsNil)
+}
+
diff --git a/cmd/snapweb/handlers_test.go b/cmd/snapweb/handlers_test.go
index ec17819d..92192a32 100644
--- a/cmd/snapweb/handlers_test.go
+++ b/cmd/snapweb/handlers_test.go
@@ -265,7 +265,6 @@ func (s *HandlersSuite) TestSetAuthorization(c *C) {
 
 	example := `{ "macaroon": "expected", "discharges": ["expected-as-well"] }`
 	encodedValue := (&url.URL{Path: example}).EscapedPath()
-	fmt.Println("encodedValue:", encodedValue)
 	r.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: encodedValue})
 
 	outreq, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
diff --git a/cmd/snapweb/main.go b/cmd/snapweb/main.go
index 99fa382c..20aa7115 100644
--- a/cmd/snapweb/main.go
+++ b/cmd/snapweb/main.go
@@ -21,6 +21,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"github.com/snapcore/snapweb/avahi"
@@ -44,6 +45,8 @@ func redir(w http.ResponseWriter, req *http.Request) {
 }
 
 func main() {
+	GenerateCertificate()
+
 	initURLHandlers(logger)
 
 	go avahi.InitMDNS(logger)
@@ -52,14 +55,16 @@ func main() {
 
 	// run the main service over HTTPS
 	go func() {
-		if err := http.ListenAndServeTLS(httpsAddr, "server.crt", "server.key", nil); err != nil {
+		certFile := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")
+		keyFile := filepath.Join(os.Getenv("SNAP_DATA"), "key.pem")
+		if err := http.ListenAndServeTLS(httpsAddr, certFile, keyFile, nil); err != nil {
 			logger.Fatalf("http.ListendAndServerTLS() failed with %v", err)
 		}
 	}()
 
 	// open a plain HTTP end-point on the "usual" 4200 port, and redirect to HTTPS
 	if err := http.ListenAndServe(httpAddr, http.HandlerFunc(redir)); err != nil {
-		log.Fatalf("ListenAndServe failed with: %v", err)
+		logger.Fatalf("ListenAndServe failed with: %v", err)
 	}
 
 }
diff --git a/server.crt b/server.crt
deleted file mode 100644
index 75a01490..00000000
--- a/server.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDBjCCAe4CCQDOyQhN2x7KPTANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMB4XDTE2MTAxNDIwMTUyM1oXDTE3MTAxNDIwMTUyM1owRTELMAkG
-A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
-IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM5PBW0uMUjidCN2V7XRLGDL2LqRLQ77xZ+kSV4Gg0Gf6ElK6SCPfRYfsz+wTLlP
-XS0nbXyL1CAN3FpbXuTYdvaLQmMZtSAhBq5bIFIXkZV8R8GUFbPLEbDfEe88XPtf
-HjY4KDtX4orgLPmtJUB+72OG4XzSHqKANBr+7pho3UpV7PtTGZbhclOKyusG81Mv
-33DA0zPfMIvHZPzo0fxYbEv588M8pVMFIBzxkBSOHmO3CO0ux4llkKhRivwQVsg7
-hEjMSu/47OPkdChus/XYqtOlzxzuTRQKYMtUWskycFFbs8/Fh2iv1X2BoW19sVCp
-bA9MH31wmq+PvXjISozDiQkCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAq5BuVWEs
-3aV+5kSLP4bBnTZbvMR4noSk9iU1TYkssqp1seaWxvM8+Gw0vP1aqn4MomAKuGzN
-YNjxWiAau34da6TLmkQa1rJJFRUKSJkU5HhW3cHThxMhvuHJb4uGAIWAzp44nqYC
-Z78roXhcAodokH7ddUFK7i69b8DmDtqhfneITTFbamc6HSQcP72YKe/7Zfxn9RPm
-GgJ/4gGvQog4U6S6G1i/StYftmVS5spUB398lP9aF1G6Cc9ZxGT0u0UQZhaLflaZ
-GmMqeVvQvR1d7QPJANdiqBgwLaFlMAzfLx/C/dAV+g6XPoiLM/jc4QGokSM4J2DY
-fbDlFJlM88Rjow==
------END CERTIFICATE-----
diff --git a/server.key b/server.key
deleted file mode 100644
index 40e90001..00000000
--- a/server.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAzk8FbS4xSOJ0I3ZXtdEsYMvYupEtDvvFn6RJXgaDQZ/oSUrp
-II99Fh+zP7BMuU9dLSdtfIvUIA3cWlte5Nh29otCYxm1ICEGrlsgUheRlXxHwZQV
-s8sRsN8R7zxc+18eNjgoO1fiiuAs+a0lQH7vY4bhfNIeooA0Gv7umGjdSlXs+1MZ
-luFyU4rK6wbzUy/fcMDTM98wi8dk/OjR/FhsS/nzwzylUwUgHPGQFI4eY7cI7S7H
-iWWQqFGK/BBWyDuESMxK7/js4+R0KG6z9diq06XPHO5NFApgy1RayTJwUVuzz8WH
-aK/VfYGhbX2xUKlsD0wffXCar4+9eMhKjMOJCQIDAQABAoIBAAdhynbqpTbPa4pt
-TJwj3Oulv56FXVBg7+RTc5CauQ2bFCuzM35HxBkLj1VjEIu87D+WXpOLSU7QUCcn
-h9C2ciNGPlzfaZy5scyBVDm7wCjSJpslmlUxmfNzN+gQh98yuxkDj2T4MxH3DYTt
-jhytrhEonV7jAdecsMCaiJ0Je4mSUxB3IMBhtYp22hXuJZx4L9UtJ7yOmjg7yMj3
-dDJu6ziShEs5O8EN0Uky208WMJKc+vefY2yC2SwBS6jLun9OaVWR4JGytfHIbSvZ
-cHXL2b7F9CXFK9RoO9ik9PD+EonRRx4JZYumG8p5bzgIPrefL1AjRrLCkYaXYJYZ
-kdr0Q7UCgYEA7jdSIPV2/sg2VCugjhbgmFhWQOiysQD+kIa2Rur2ni0uhlTw9nG3
-1Sjza40smhX1wvm6IHXQAqAi73ahS2xhB0i8WvAoBjyur/m9JXYPL2Yipk2cVNTo
-/fkXzZ0/JLA4enrm09ZPrP/QDDgnUWXoG8HNStEcA+hRgB6Sbsslb8cCgYEA3bXm
-a2uLpaI2YeuWesic+QASs0s++NifBDIM3Lz7cWH2PHFLd5wG149u27g75BDjRTrs
-E+2sS+RS41gWJjXfcKqPblqBI0wDjclRkFRN2Cchrj5rOzZ/yf+sDsKZ8AyUVF73
-a0wb4T/hNroJHFs1lc7LtAchI7KC/xMD+Syy4K8CgYB6YoWZVUMLZsUyvS9BkNNW
-sZuuwV58vawLiIpBKRoG7eOHNECP/KCbrOxShzcw+rNGtpI/dwelMayBJot7enTn
-DyFl/xgxDCAbXM0mX98xVOHcWudEVhZV1RG7m1wDd12s31OT5fkNQmgavwbENPzo
-tcrI82HXSBYHIq3MqiXTpQKBgQDNWNjdzXI+KwvrjeSGPKEHD0ZCwgLFQP2nSSQY
-nwDUd0M1oEmhsuWzaann36+5ANs/F9/oZU4bzJHo94EsSuF03MSUFUdehd0Uyc29
-vBeNiFDtreproYKieSfHU/54E26e5oaK3qdD7YKOyaf+l4v+ANczGxdalNA3qEkZ
-1IipCQKBgQCeFpqk/9IWsw4z2CWBDld8ZcxfOWls9quf25Qr+OU9AAtY1HCHmaeM
-rjzkImzckK9es5GkyhXNAZ1jNjAlzg6lEMfyJCIvA34W3gxPh1K1kx9xvKy36UeE
-7n2kTOF6GTO3gQLS5cH4P/PxXD7b8sR7rNs8S2NYLP3UBGmOtFYrEA==
------END RSA PRIVATE KEY-----

From 7c471eb93ebe48b2cb659506976724883393dab0 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Sat, 15 Oct 2016 02:57:44 +0200
Subject: [PATCH 13/22] bump the version number for the 0.21.1 point release

---
 cmd/snapweb/cert.go      | 1 -
 cmd/snapweb/cert_test.go | 3 +--
 pkg/meta/snap.yaml       | 2 +-
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/cmd/snapweb/cert.go b/cmd/snapweb/cert.go
index 7333ba26..c134a1b7 100644
--- a/cmd/snapweb/cert.go
+++ b/cmd/snapweb/cert.go
@@ -31,7 +31,6 @@ import (
 	"time"
 )
 
-
 func publicKey(priv interface{}) interface{} {
 	switch k := priv.(type) {
 	case *rsa.PrivateKey:
diff --git a/cmd/snapweb/cert_test.go b/cmd/snapweb/cert_test.go
index 640bde39..6b55c53c 100644
--- a/cmd/snapweb/cert_test.go
+++ b/cmd/snapweb/cert_test.go
@@ -34,7 +34,7 @@ func (s *CertSuite) TestGenerate(c *C) {
 	os.Setenv("SNAP_DATA", tmp)
 	certFile := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")
 	keyFile := filepath.Join(os.Getenv("SNAP_DATA"), "key.pem")
-	
+
 	c.Assert(ioutil.WriteFile(certFile, []byte{}, os.ModePerm), IsNil)
 	c.Assert(ioutil.WriteFile(keyFile, []byte{}, os.ModePerm), IsNil)
 
@@ -44,4 +44,3 @@ func (s *CertSuite) TestGenerate(c *C) {
 	_, err = ioutil.ReadFile(keyFile)
 	c.Assert(err, IsNil)
 }
-
diff --git a/pkg/meta/snap.yaml b/pkg/meta/snap.yaml
index efe0a2d5..c9908044 100644
--- a/pkg/meta/snap.yaml
+++ b/pkg/meta/snap.yaml
@@ -1,5 +1,5 @@
 name: snapweb
-version: "0.21"
+version: "0.21.1"
 summary: Beautiful and functional interface for snap management
 description: |
   This service allows you to manage your Ubuntu Core device from a web interface or REST API.

From dc8b9992d312c1b043846d207f87e4cabac7dffb Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Tue, 18 Oct 2016 16:52:53 +0200
Subject: [PATCH 14/22] ensure we also correcly display status messages for bad
 requests

---
 www/src/js/views/simple-login.js |  4 +--
 www/tests/simpleLoginSpec.js     | 50 +++++++++++++++++++++++++++-----
 2 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/www/src/js/views/simple-login.js b/www/src/js/views/simple-login.js
index b2260225..160e2deb 100644
--- a/www/src/js/views/simple-login.js
+++ b/www/src/js/views/simple-login.js
@@ -83,11 +83,11 @@ module.exports = Backbone.Marionette.LayoutView.extend({
           }, 200)
         },
         error: function(model, response) {
-          if (response.status == 401) {
+          if (response.status == 401 || response.status == 400) {
             model.trigger(response.responseJSON.result.kind,
                          response.responseJSON.result.message);
           } else {
-            model.trigger('invalid', model, response);
+            model.trigger('invalid', model, response.responseJSON.result.message);
           }
         }
       });
diff --git a/www/tests/simpleLoginSpec.js b/www/tests/simpleLoginSpec.js
index 254efa28..e53e5ad9 100644
--- a/www/tests/simpleLoginSpec.js
+++ b/www/tests/simpleLoginSpec.js
@@ -71,7 +71,44 @@ describe('Login', function() {
     xit('should submit valid forms', function() {
     });
     
-    xit('should display error feedback', function() {
+    it('should display error feedback (400)', function() {
+      spyOn(this.model, 'save').and.callThrough();
+
+      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
+        status: 400,
+        statusText: "Bad Request",
+        contentType: "application/json",
+        responseText: '{"type":"error","status-code":400,"status":"Bad Request","result":{"message":"please use a valid email address.","kind":"invalid-auth-data","value":{"email":["invalid"]}}}'
+      });
+
+      this.emailSSO.val('invalid@email.com');
+      this.password.val('pass');
+
+      this.view.$el.find('#btn-login').trigger('click');
+      
+      expect(this.model.save).toHaveBeenCalled();
+      expect(this.view.$el.find('.statusmessage').text()).toMatch('please use a valid email address.');
+      // TODO: check also that the element is visible
+    });
+    
+    it('should display error feedback (401)', function() {
+      spyOn(this.model, 'save').and.callThrough();
+
+      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
+        status: 400,
+        statusText: "Bad Request",
+        contentType: "application/json",
+        responseText: '{"type":"error","status-code":401,"status":"Unauthorized","result":{"message":"cannot authenticate to snap store: Provided email/password is not correct.","kind":"login-required"}}'
+      });
+
+      this.emailSSO.val('valid@email.com');
+      this.password.val('wrong');
+
+      this.view.$el.find('#btn-login').trigger('click');
+      
+      expect(this.model.save).toHaveBeenCalled();
+      expect(this.view.$el.find('.statusmessage').text()).toMatch('Provided email/password is not correct.');
+      // TODO: check also that the element is visible
     });
     
     it('should set the macaroon cookies', function() {
@@ -87,11 +124,8 @@ describe('Login', function() {
       
       this.emailSSO.val('valid@email.com');
       this.password.val('not empty');
-      var stubbedEvent = {
-        preventDefault: function() {},
-        stopPropagation: function() {}
-      };
-      this.view.handleLogin(stubbedEvent);
+      
+      this.view.$el.find('#btn-login').trigger('click');
       
       expect(this.model.save).toHaveBeenCalled();
       expect(this.model.setMacaroonCookiesFromResponse).toHaveBeenCalled();
@@ -115,7 +149,9 @@ describe('Login', function() {
       request = jasmine.Ajax.requests.mostRecent();
       expect(request.url).toBe('/some/api/call');
       expect(request.method).toBe('GET');
-      // TODO: check that cookies are sent properly; no time to finish that now :/
+      // FIXIME: check the Authorization header is set
+      // Note: the request headers are empty, jasmine-ajax doesn't really behave like
+      // in a normal browser, where cookies are effectively sent
     });
     
   });

From 7c2a725970d2b83df9b0784bab87a1a12ffd8212 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 03:14:54 +0200
Subject: [PATCH 15/22] add command to generate an access token

---
 build.sh                     |  3 ++
 cmd/generate-token/main.go   | 83 ++++++++++++++++++++++++++++++++++++
 pkg/meta/snap.yaml           |  2 +
 www/src/js/routers/router.js |  8 ++++
 4 files changed, 96 insertions(+)
 create mode 100644 cmd/generate-token/main.go

diff --git a/build.sh b/build.sh
index 75cf8089..bac65d52 100755
--- a/build.sh
+++ b/build.sh
@@ -44,6 +44,7 @@ gobuild() {
     mkdir -p $output_dir
     cd $output_dir
     GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -ldflags "-extld=${plat_abi}-gcc" github.com/snapcore/snapweb/cmd/snapweb
+    GOARCH=$arch GOARM=7 CGO_ENABLED=1 CC=${plat_abi}-gcc go build -o generate-token -ldflags "-extld=${plat_abi}-gcc" $srcdir/cmd/generate-token/main.go
     cd - > /dev/null
 }
 
@@ -60,10 +61,12 @@ go get launchpad.net/godeps
 godeps -u dependencies.tsv
 
 # build one snap per arch
+# for ARCH in amd64 ; do
 for ARCH in amd64 arm64 armhf i386; do
     builddir="${top_builddir}/${ARCH}"
     mkdir -p "$builddir"
 
+    srcdir=`pwd`
     cp -r pkg/. ${builddir}/
     mkdir $builddir/www
     cp -r www/public www/templates $builddir/www
diff --git a/cmd/generate-token/main.go b/cmd/generate-token/main.go
new file mode 100644
index 00000000..a792e133
--- /dev/null
+++ b/cmd/generate-token/main.go
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2016 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"math/rand"
+	"os"
+	"path/filepath"
+)
+
+var logger *log.Logger
+
+var shorHelp = "Creates an accesss token for using Snapweb on this system"
+
+var longHelp = `
+The generate-token command creates a new access token, to confirm that you are an authorized administrator of this system.
+
+The access token will be requested the first time you try to access the Snapweb interface.
+
+If the token expired or became invalid, you can use the command again to generate a new one.
+`
+
+func tokenFilename() string {
+	return filepath.Join(os.Getenv("SNAP_DATA"), "token.txt")
+}
+
+// checkUser verifies that the user running the command is administrator
+func checkUser() {
+	if os.Geteuid() != 0 {
+		fmt.Println("You need administrator privileges to run this command. Use:\n\nsudo snapweb.generate-token")
+		os.Exit(1)
+	}
+}
+
+// writeToken saves the token for later comparison by the snapweb token handler
+func writeToken(token string) {
+	targetFile := tokenFilename()
+	err := ioutil.WriteFile(targetFile, []byte(token), 0600)
+	if err != nil {
+		logger.Fatal(err)
+	}
+}
+
+const alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+func generateToken(n int) string {
+	b := make([]byte, n)
+	for i := range b {
+		b[i] = alphabet[rand.Intn(len(alphabet))]
+	}
+	return string(b)
+}
+
+func main() {
+	logger = log.New(os.Stderr, "generate-token: ", log.Ldate|log.Ltime|log.Lshortfile)
+
+	checkUser()
+
+	token := generateToken(64)
+
+	writeToken(token)
+
+	fmt.Printf("Snapweb Access Token:\n\n%s\n\n", token)
+	fmt.Printf("Use the above token in the Snapweb interface to be granted access.\n")
+}
diff --git a/pkg/meta/snap.yaml b/pkg/meta/snap.yaml
index c9908044..ef3d8a5b 100644
--- a/pkg/meta/snap.yaml
+++ b/pkg/meta/snap.yaml
@@ -16,3 +16,5 @@ apps:
     daemon: simple
     command: snapweb
     plugs: [network, network-bind, snapd-control, timeserver-control]
+  generate-token:
+    command: generate-token
diff --git a/www/src/js/routers/router.js b/www/src/js/routers/router.js
index 8adcc054..cddc0f53 100644
--- a/www/src/js/routers/router.js
+++ b/www/src/js/routers/router.js
@@ -10,6 +10,7 @@ var storeController = require('../controllers/store.js');
 var settingsController = require('../controllers/settings.js');
 var snapController = require('../controllers/snaps.js');
 var loginController = require('../controllers/simple-login.js');
+var tokenController = require('../controllers/token.js');
 
 module.exports = {
 
@@ -20,6 +21,13 @@ module.exports = {
     }
   }),
 
+  token: new Marionette.AppRouter({
+    controller: tokenController,
+    appRoutes: {
+      'access-control': 'index'
+    }
+  }),
+  
   init: new Marionette.AppRouter({
     controller: initController,
     appRoutes: {

From 75e03b5823507d9fd8e0be712db92c76f17661f4 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 03:17:47 +0200
Subject: [PATCH 16/22] add new access control verification step

---
 cmd/snapweb/cert.go                   |  2 +-
 cmd/snapweb/handlers.go               | 77 +++++++++++++--------------
 cmd/snapweb/handlers_test.go          | 36 +++++++------
 snappy/handlers.go                    | 65 +++++++++++++++-------
 snappy/handlers_test.go               | 24 +++++++--
 www/src/js/app.js                     |  4 +-
 www/src/js/controllers/token.js       | 18 +++++++
 www/src/js/models/token.js            | 18 +++++++
 www/src/js/routers/router.js          |  8 ---
 www/src/js/templates/submit-token.hbs | 33 ++++++++++++
 www/src/js/views/submit-token.js      | 50 +++++++++++++++++
 www/tests/simpleTokenSpec.js          | 41 ++++++++++++++
 12 files changed, 288 insertions(+), 88 deletions(-)
 create mode 100644 www/src/js/controllers/token.js
 create mode 100644 www/src/js/models/token.js
 create mode 100644 www/src/js/templates/submit-token.hbs
 create mode 100644 www/src/js/views/submit-token.js
 create mode 100644 www/tests/simpleTokenSpec.js

diff --git a/cmd/snapweb/cert.go b/cmd/snapweb/cert.go
index c134a1b7..86a81dc7 100644
--- a/cmd/snapweb/cert.go
+++ b/cmd/snapweb/cert.go
@@ -108,7 +108,7 @@ func GenerateCertificate() {
 
 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		log.Fatalf("failed to open key.pem for writing:", err)
+		log.Fatal("failed to open key.pem for writing:", err)
 	}
 
 	pem.Encode(keyOut, pemBlockForKey(priv))
diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index d9d67f5c..cb634f7b 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -18,14 +18,14 @@
 package main
 
 import (
-	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net"
 	"net/http"
-	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -123,7 +123,9 @@ type deviceInfoResponse struct {
 
 func handleDeviceInfo(w http.ResponseWriter, r *http.Request) {
 
-	SimpleCookieCheckOrRedirect(w, r)
+	if e := SimpleCookieCheckOrRedirect(w, r); e != nil {
+		return
+	}
 
 	c := newSnapdClient()
 
@@ -155,12 +157,14 @@ func initURLHandlers(log *log.Logger) {
 	snappyHandler := snappy.NewHandler()
 	passThru := makePassthroughHandler(dirs.SnapdSocket, "/api")
 
+	http.HandleFunc("/api/v2/validate-token", validateToken)
+
 	http.Handle("/api/v2/packages/", snappyHandler.MakeMuxer("/api/v2/packages"))
 
 	http.HandleFunc("/api/v2/time-info", handleTimeInfo)
 	http.HandleFunc("/api/v2/device-info", handleDeviceInfo)
 
-	// the URLs below shouldn't be using SimpleCookieCheckOrRedirect
+	// NOTE: the public URLs below shouldn't be using SimpleCookieCheckOrRedirect
 
 	http.HandleFunc("/api/v2/create-user", passThru)
 	http.HandleFunc("/api/v2/login", passThru)
@@ -176,50 +180,47 @@ func initURLHandlers(log *log.Logger) {
 	http.HandleFunc("/", makeMainPageHandler())
 }
 
-// Name of the cookie transporting the macaroon and discharge to authenticate snapd requests
+// Name of the cookie transporting the access token
 const (
 	SnapwebCookieName = "SM"
 )
 
-// The MacaroonCookie structure mirrors the User structure in snapd/client/login.go
-type MacaroonCookie struct {
-	Macaroon   string   `json:"macaroon,omitempty"`
-	Discharges []string `json:"discharges,omitempty"`
+func tokenFilename() string {
+	return filepath.Join(os.Getenv("SNAP_DATA"), "token.txt")
 }
 
-// Writes the 'Authorization' header
-// with macaroon and discharges extracted from mere cookies
-func setAuthorizationHeader(req *http.Request, outreq *http.Request) {
-	cookie, _ := req.Cookie(SnapwebCookieName)
+// SimpleCookieCheckOrRedirect is a simple authorization mechanism
+func SimpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) error {
+	cookie, _ := r.Cookie(SnapwebCookieName)
 	if cookie != nil {
-		var mc MacaroonCookie
-		unescaped, err := url.QueryUnescape(cookie.Value)
-		if err != nil {
-			log.Println("Error trying to unescape cookie string", err)
-			return
-		}
-		dec := json.NewDecoder(strings.NewReader(unescaped))
-		if err := dec.Decode(&mc); err != nil {
-			// TODO: reset a broken cookie? just ignoring for now
-			log.Println("Error trying to decode cookie: ", err)
-			return
-		}
-
-		var buf bytes.Buffer
-		fmt.Fprintf(&buf, `Macaroon root="%s"`, mc.Macaroon)
-		for _, discharge := range mc.Discharges {
-			fmt.Fprintf(&buf, `, discharge="%s"`, discharge)
+		token, err := ioutil.ReadFile(tokenFilename())
+		if err == nil {
+			if string(token) == cookie.Value {
+				// the auth-token and the cookie do match
+				// we can continue with the request
+				return nil
+			}
 		}
-		outreq.Header.Set("Authorization", buf.String())
 	}
+
+	// in any other case, refuse the request and redirect
+	http.Redirect(w, r, "/access-control", 401)
+
+	return errors.New("Unauthorized")
 }
 
-// SimpleCookieCheckOrRedirect is a simplistic authorization mechanism
-func SimpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) {
-	// simply verifies the existence of a cookie for now
-	cookie, _ := r.Cookie(SnapwebCookieName)
-	if cookie == nil {
-		http.Redirect(w, r, "/login", 401)
+func validateToken(w http.ResponseWriter, r *http.Request) {
+	log.Println(r.Method, r.URL.Path)
+	if err := SimpleCookieCheckOrRedirect(w, r); err == nil {
+		hdr := w.Header()
+		hdr.Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusOK)
+		fmt.Fprintf(w, "{}")
+	} else {
+		hdr := w.Header()
+		hdr.Set("Content-Type", "application/json")
+		w.WriteHeader(http.StatusUnauthorized)
+		fmt.Fprintf(w, "{}")
 	}
 }
 
@@ -243,8 +244,6 @@ func makePassthroughHandler(socketPath string, prefix string) http.HandlerFunc {
 			return
 		}
 
-		setAuthorizationHeader(r, outreq)
-
 		resp, err := c.Do(outreq)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
diff --git a/cmd/snapweb/handlers_test.go b/cmd/snapweb/handlers_test.go
index 92192a32..25fff01a 100644
--- a/cmd/snapweb/handlers_test.go
+++ b/cmd/snapweb/handlers_test.go
@@ -27,7 +27,6 @@ import (
 	"net"
 	"net/http"
 	"net/http/httptest"
-	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
@@ -46,6 +45,15 @@ type HandlersSuite struct {
 
 var _ = Suite(&HandlersSuite{})
 
+func (s *HandlersSuite) createAndSaveTestToken(c *C) string {
+	os.Setenv("SNAP_DATA", c.MkDir())
+	tokenData := "1234"
+	c.Assert(ioutil.WriteFile(filepath.Join(os.Getenv("SNAP_DATA"), "token.txt"),
+		[]byte(tokenData), os.ModePerm), IsNil)
+
+	return tokenData
+}
+
 func (s *HandlersSuite) SetUpTest(c *C) {
 	s.c = &snappy.FakeSnapdClient{}
 
@@ -56,6 +64,8 @@ func (s *HandlersSuite) SetUpTest(c *C) {
 	s.c.Version.Series = "16"
 
 	s.c.Err = nil
+
+	s.createAndSaveTestToken(c)
 }
 
 func (s *HandlersSuite) TearDownTest(c *C) {
@@ -139,7 +149,7 @@ func (s *HandlersSuite) TestMakeMainPageHandler(c *C) {
 	req, err := http.NewRequest("GET", "/", nil)
 	c.Assert(err, IsNil)
 
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	http.DefaultServeMux.ServeHTTP(rec, req)
 	body := rec.Body.String()
@@ -221,7 +231,7 @@ func (s *HandlersSuite) TestPassthroughHandler(c *C) {
 	req, err := http.NewRequest("GET", "/api/v2/system-info", nil)
 	c.Assert(err, IsNil)
 
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	handler(rec, req)
 	body := rec.Body.String()
@@ -244,7 +254,7 @@ func (s *HandlersSuite) TestModelInfoHandler(c *C) {
 	req, err := http.NewRequest("GET", "/api/v2/device-info", nil)
 	c.Assert(err, IsNil)
 
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	http.DefaultServeMux.ServeHTTP(rec, req)
 	body := rec.Body.String()
@@ -259,19 +269,15 @@ func (s *HandlersSuite) TestModelInfoHandler(c *C) {
 	c.Assert(deviceInfos["serial"], Equals, "Serial Number")
 }
 
-func (s *HandlersSuite) TestSetAuthorization(c *C) {
+func (s *HandlersSuite) TestCheckCookieToken(c *C) {
+	rec := httptest.NewRecorder()
+
 	r, err := http.NewRequest("GET", "/api/dummy", nil)
 	c.Assert(err, IsNil)
 
-	example := `{ "macaroon": "expected", "discharges": ["expected-as-well"] }`
-	encodedValue := (&url.URL{Path: example}).EscapedPath()
-	r.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: encodedValue})
-
-	outreq, err := http.NewRequest(r.Method, r.URL.String(), r.Body)
-	c.Assert(err, IsNil)
+	r.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: s.createAndSaveTestToken(c)})
 
-	setAuthorizationHeader(r, outreq)
-	c.Assert(outreq.Header["Authorization"], NotNil)
-	c.Check(outreq.Header["Authorization"][0], Equals,
-		"Macaroon root=\"expected\", discharge=\"expected-as-well\"")
+	handler := http.HandlerFunc(validateToken)
+	handler(rec, r)
+	c.Assert(rec.Code, Not(Equals), 401)
 }
diff --git a/snappy/handlers.go b/snappy/handlers.go
index 0e62bc74..38bbee8b 100644
--- a/snappy/handlers.go
+++ b/snappy/handlers.go
@@ -19,9 +19,13 @@ package snappy
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
+	"os"
+	"path/filepath"
 
 	"github.com/snapcore/snapweb/statustracker"
 
@@ -57,20 +61,6 @@ func (h *Handler) jsonResponseOrError(v interface{}, w http.ResponseWriter) {
 	}
 }
 
-// Name of the cookie transporting the macaroon and discharge to authenticate snapd requests
-const (
-	SnapwebCookieName = "SM"
-)
-
-// FIXME: the whole thing is ugly, but a stop gap measure; i'll clean up
-func simpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) {
-	// simply verifies the existence of a cookie for now
-	cookie, _ := r.Cookie(SnapwebCookieName)
-	if cookie == nil {
-		http.Redirect(w, r, "/login", 401)
-	}
-}
-
 func (h *Handler) snapOperationResponse(name string, err error, w http.ResponseWriter) {
 	msg := "Accepted"
 	status := http.StatusAccepted
@@ -87,7 +77,9 @@ func (h *Handler) snapOperationResponse(name string, err error, w http.ResponseW
 
 func (h *Handler) getAll(w http.ResponseWriter, r *http.Request) {
 	// stop gap measure
-	simpleCookieCheckOrRedirect(w, r)
+	if e := SimpleCookieCheckOrRedirect(w, r); e != nil {
+		return
+	}
 
 	snapCondition := availableSnaps
 	if r.FormValue("installed_only") == "true" {
@@ -111,7 +103,9 @@ func (h *Handler) getAll(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
-	simpleCookieCheckOrRedirect(w, r)
+	if e := SimpleCookieCheckOrRedirect(w, r); e != nil {
+		return
+	}
 
 	name := mux.Vars(r)["name"]
 
@@ -126,7 +120,9 @@ func (h *Handler) get(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) add(w http.ResponseWriter, r *http.Request) {
-	simpleCookieCheckOrRedirect(w, r)
+	if e := SimpleCookieCheckOrRedirect(w, r); e != nil {
+		return
+	}
 
 	name := mux.Vars(r)["name"]
 
@@ -136,7 +132,9 @@ func (h *Handler) add(w http.ResponseWriter, r *http.Request) {
 }
 
 func (h *Handler) remove(w http.ResponseWriter, r *http.Request) {
-	simpleCookieCheckOrRedirect(w, r)
+	if e := SimpleCookieCheckOrRedirect(w, r); e != nil {
+		return
+	}
 
 	name := mux.Vars(r)["name"]
 
@@ -170,3 +168,34 @@ func (h *Handler) MakeMuxer(prefix string) http.Handler {
 
 	return m
 }
+
+// TODO: refactor this copy from cmd/snapweb
+
+// Name of the cookie transporting the access token
+const (
+	SnapwebCookieName = "SM"
+)
+
+func tokenFilename() string {
+	return filepath.Join(os.Getenv("SNAP_DATA"), "token.txt")
+}
+
+// SimpleCookieCheckOrRedirect is a simple authorization mechanism
+func SimpleCookieCheckOrRedirect(w http.ResponseWriter, r *http.Request) error {
+	cookie, _ := r.Cookie(SnapwebCookieName)
+	if cookie != nil {
+		token, err := ioutil.ReadFile(tokenFilename())
+		if err == nil {
+			if string(token) == cookie.Value {
+				// the auth-token and the cookie do match
+				// we can continue with the request
+				return nil
+			}
+		}
+	}
+
+	// in any other case, refuse the request and redirect
+	http.Redirect(w, r, "/access-control", 401)
+
+	return errors.New("Unauthorized")
+}
diff --git a/snappy/handlers_test.go b/snappy/handlers_test.go
index 42c0cc3f..80c959a5 100644
--- a/snappy/handlers_test.go
+++ b/snappy/handlers_test.go
@@ -20,9 +20,11 @@ package snappy
 import (
 	"encoding/json"
 	"errors"
+	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"path/filepath"
 
 	"github.com/snapcore/snapd/client"
 	"github.com/snapcore/snapweb/statustracker"
@@ -40,6 +42,8 @@ var _ = Suite(&HandlersSuite{})
 func (s *HandlersSuite) SetUpTest(c *C) {
 	os.Setenv("SNAP_DATA", c.MkDir())
 	s.resetFakeSnapdClient()
+
+	s.createAndSaveTestToken(c)
 }
 
 func (s *HandlersSuite) resetFakeSnapdClient() {
@@ -48,13 +52,22 @@ func (s *HandlersSuite) resetFakeSnapdClient() {
 	s.h.statusTracker = statustracker.New()
 }
 
+func (s *HandlersSuite) createAndSaveTestToken(c *C) string {
+	os.Setenv("SNAP_DATA", c.MkDir())
+	tokenData := "1234"
+	c.Assert(ioutil.WriteFile(filepath.Join(os.Getenv("SNAP_DATA"), "token.txt"),
+		[]byte(tokenData), os.ModePerm), IsNil)
+
+	return tokenData
+}
+
 func (s *HandlersSuite) TestGetAllError(c *C) {
 	s.c.StoreErr = errors.New("fail")
 
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/", nil)
 	c.Assert(err, IsNil)
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusInternalServerError)
@@ -78,6 +91,7 @@ func (s *HandlersSuite) TestGetAll(c *C) {
 		rec := httptest.NewRecorder()
 		req, err := http.NewRequest("GET", tt.URL, nil)
 		c.Assert(err, IsNil)
+		req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 		s.h.getAll(rec, req)
 		c.Assert(s.c.CalledListSnaps, Equals, tt.CalledListSnaps)
@@ -92,7 +106,7 @@ func (s *HandlersSuite) TestGetError(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/foo", nil)
 	c.Assert(err, IsNil)
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusNotFound)
@@ -104,7 +118,7 @@ func (s *HandlersSuite) TestGet(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("GET", "/chatroom", nil)
 	c.Assert(err, IsNil)
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusOK)
@@ -121,7 +135,7 @@ func (s *HandlersSuite) TestAdd(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("PUT", "/chatroom", nil)
 	c.Assert(err, IsNil)
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusAccepted)
@@ -134,7 +148,7 @@ func (s *HandlersSuite) TestRemove(c *C) {
 	rec := httptest.NewRecorder()
 	req, err := http.NewRequest("DELETE", "/chatroom", nil)
 	c.Assert(err, IsNil)
-	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "auth"})
+	req.AddCookie(&http.Cookie{Name: SnapwebCookieName, Value: "1234"})
 
 	s.h.MakeMuxer("").ServeHTTP(rec, req)
 	c.Assert(rec.Code, Equals, http.StatusAccepted)
diff --git a/www/src/js/app.js b/www/src/js/app.js
index f8bf0684..36542b36 100644
--- a/www/src/js/app.js
+++ b/www/src/js/app.js
@@ -26,7 +26,7 @@ snapweb.on('start', function() {
 });
 
 $( document ).ajaxError(function( event, jqxhr, settings, exception ) {
-    if (jqxhr.status === 401 && window.location.pathname != '/login') {
-      window.location = '/login';
+    if (jqxhr.status === 401 && window.location.pathname != '/access-control') {
+      window.location = '/access-control';
     }
 });
diff --git a/www/src/js/controllers/token.js b/www/src/js/controllers/token.js
new file mode 100644
index 00000000..d4b02bb8
--- /dev/null
+++ b/www/src/js/controllers/token.js
@@ -0,0 +1,18 @@
+var $ = require('jquery');
+var Backbone = require('backbone');
+Backbone.$ = $;
+var Marionette = require('backbone.marionette');
+var Radio = require('backbone.radio');
+var AccessToken = require('../models/token.js');
+var SubmitTokenView = require('../views/submit-token.js');
+
+module.exports = {
+  index: function() {
+    var chan = Radio.channel('root');
+    var model = new AccessToken();
+    var view = new SubmitTokenView({
+      model: model,
+    });
+    chan.command('set:content', view);
+  }
+};
diff --git a/www/src/js/models/token.js b/www/src/js/models/token.js
new file mode 100644
index 00000000..b761ecdd
--- /dev/null
+++ b/www/src/js/models/token.js
@@ -0,0 +1,18 @@
+var Backbone = require('backbone');
+var Cookies = require("js-cookie");
+
+module.exports = Backbone.Model.extend({
+
+  url: '/api/v2/validate-token',
+
+  // forces POST requests on every model update
+  isNew: function() {
+    return true;
+  },
+
+  setCookie: function(token) {
+    Cookies.set('SM', token);    
+  },
+  
+});
+
diff --git a/www/src/js/routers/router.js b/www/src/js/routers/router.js
index cddc0f53..06861102 100644
--- a/www/src/js/routers/router.js
+++ b/www/src/js/routers/router.js
@@ -9,7 +9,6 @@ var searchController = require('../controllers/search.js');
 var storeController = require('../controllers/store.js');
 var settingsController = require('../controllers/settings.js');
 var snapController = require('../controllers/snaps.js');
-var loginController = require('../controllers/simple-login.js');
 var tokenController = require('../controllers/token.js');
 
 module.exports = {
@@ -35,13 +34,6 @@ module.exports = {
     }
   }),
 
-  login: new Marionette.AppRouter({
-    controller: loginController,
-    appRoutes: {
-      'login': 'index'
-    }
-  }),
-
   store: new Marionette.AppRouter({
     controller: storeController,
     appRoutes: {
diff --git a/www/src/js/templates/submit-token.hbs b/www/src/js/templates/submit-token.hbs
new file mode 100644
index 00000000..f24dc1aa
--- /dev/null
+++ b/www/src/js/templates/submit-token.hbs
@@ -0,0 +1,33 @@
+<div class="region-token">
+  <div class="inner-wrapper">
+    <div class="b-headline seven-col last-col">
+      <div class="row" id="token-submit-form">
+        <h2>Access Control</h2>
+        <div class="p-card--highlighted" style="display:block">
+          <p>
+            Please confirm that you are authorized to connect to this interface.
+          </p>
+          <form>
+            <fieldset>
+            <p>
+              <label for="token">Snapweb Access Token</label>
+              <input type="text" id="token" placeholder="Enter your token here...">
+            </p>
+            <p>
+              <button class="p-button--positive" id="submit" style="margin-bottom: 1em;">
+                Submit
+              </button>
+              <label class="statusmessage" style="display: inline-block; margin-left: 1em">
+              </label>
+            </p>
+          </fieldset>
+        </form>
+          <p>
+            To generate a new token, use the following command on the system you want to access (either on the console or via ssh) :
+            <pre>sudo snapweb.generate-token</pre>
+          </p>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
diff --git a/www/src/js/views/submit-token.js b/www/src/js/views/submit-token.js
new file mode 100644
index 00000000..9647aa2d
--- /dev/null
+++ b/www/src/js/views/submit-token.js
@@ -0,0 +1,50 @@
+var Backbone = require('backbone');
+var Marionette = require('backbone.marionette');
+var template = require('../templates/submit-token.hbs');
+ 
+module.exports = Backbone.Marionette.ItemView.extend({
+
+  className: 'b-layout__container',
+
+  template: function(model) {
+    return template(model);
+  },
+
+  ui: {
+    statusmessage: '.statusmessage',
+    btncreate: '#submit',
+  },
+
+  events: {
+    'click #submit': 'handleSubmit',
+  },
+
+  modelEvents: {
+    'invalid': function(model, error) {
+      this.setErrorStatus(error);
+    },
+  },
+  
+  setErrorStatus: function(msg) {
+    this.ui.statusmessage.text(msg);
+    this.ui.statusmessage.removeClass('has-warning');
+    this.ui.statusmessage.addClass('has-error');
+    this.ui.statusmessage.show();
+  },
+
+  handleSubmit: function(event) {
+    event.preventDefault();
+    event.stopPropagation();
+    this.model.setCookie(this.$('#token').val());
+    this.model.save({}, {
+      success: function() {
+          // redirect to home for now
+          window.location = '/';
+      },
+      error: function(model, response) {
+        model.trigger('invalid', model, 'Invalid');
+      }
+    });
+  },
+  
+});
diff --git a/www/tests/simpleTokenSpec.js b/www/tests/simpleTokenSpec.js
new file mode 100644
index 00000000..e7c155b6
--- /dev/null
+++ b/www/tests/simpleTokenSpec.js
@@ -0,0 +1,41 @@
+var Backbone = require('backbone');
+var AccessToken = require('../src/js/models/token.js');
+var SubmitTokenView = require('../src/js/views/submit-token.js');
+
+describe('AccessToken', function() {
+
+  beforeEach(function() {
+    this.model = new AccessToken({});
+    this.view = new SubmitTokenView();
+    this.view.render();
+  });
+
+  afterEach(function() {
+    this.view.remove();
+    delete this.view;
+    delete this.model;
+  });
+  
+  it('should have a model and a view', function() {
+    expect(this.model).toEqual(jasmine.any(Backbone.Model));
+    expect(this.view).toEqual(jasmine.any(Backbone.Marionette.ItemView));
+    expect(this.view.$el.find('#submit').length).toBeTruthy();
+  });
+
+  xit('should be able to submit a token form for validation', function() {
+    spyOn(this.model, 'save').and.callThrough();
+    jasmine.Ajax.stubRequest('/api/v2/validate-token').andReturn({
+      status: 302,
+      statusText: "Found",
+    });
+
+    this.view.$el.find('#token').val("not empty");
+    this.view.$el.find('#submit').trigger('click');
+    // TODO: understand why this fails, only in tests, on this.model.setCookie
+    // expect(this.model.save).toHaveBeenCalled();
+  });
+
+  xit('should indicate if a token is invalid', function() {
+  });
+
+});

From 92068609d8790d5d4e97514691f8c195a0d3e4a1 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 04:10:38 +0200
Subject: [PATCH 17/22] seed the random number generator properly; and lock
 that down with a unit test

---
 cmd/generate-token/main.go      |  3 ++
 cmd/generate-token/main_test.go | 51 +++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 cmd/generate-token/main_test.go

diff --git a/cmd/generate-token/main.go b/cmd/generate-token/main.go
index a792e133..0af4582a 100644
--- a/cmd/generate-token/main.go
+++ b/cmd/generate-token/main.go
@@ -24,6 +24,7 @@ import (
 	"math/rand"
 	"os"
 	"path/filepath"
+	"time"
 )
 
 var logger *log.Logger
@@ -62,6 +63,8 @@ func writeToken(token string) {
 const alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 
 func generateToken(n int) string {
+	rand.Seed(time.Now().UnixNano())
+
 	b := make([]byte, n)
 	for i := range b {
 		b[i] = alphabet[rand.Intn(len(alphabet))]
diff --git a/cmd/generate-token/main_test.go b/cmd/generate-token/main_test.go
new file mode 100644
index 00000000..b2832361
--- /dev/null
+++ b/cmd/generate-token/main_test.go
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2016 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	. "gopkg.in/check.v1"
+)
+
+func Test(t *testing.T) { TestingT(t) }
+
+type GenerateTokenSuite struct {
+}
+
+var _ = Suite(&GenerateTokenSuite{})
+
+func (s *GenerateTokenSuite) SetUpTest(c *C) {
+	os.Setenv("SNAP_DATA", c.MkDir())
+}
+
+func (s *GenerateTokenSuite) TestCreateDifferentTokens(c *C) {
+	token1 := generateToken(64)
+	token2 := generateToken(64)
+	c.Assert(token1, Not(Equals), token2)
+}
+
+func (s *GenerateTokenSuite) TestSaveToken(c *C) {
+	token := generateToken(64)
+	writeToken(token)
+	t, err := ioutil.ReadFile(tokenFilename())
+	c.Assert(err, IsNil)
+	c.Assert(string(t), Equals, token)
+}

From ff070b1d47de41aa5e5465788bb564e3025f5bef Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 16:13:10 +0200
Subject: [PATCH 18/22] switch to crypto/rand with better tests

---
 cmd/generate-token/main.go      | 13 +++++++++----
 cmd/generate-token/main_test.go |  6 ++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/cmd/generate-token/main.go b/cmd/generate-token/main.go
index 0af4582a..d047144e 100644
--- a/cmd/generate-token/main.go
+++ b/cmd/generate-token/main.go
@@ -18,13 +18,12 @@
 package main
 
 import (
+	"crypto/rand"
 	"fmt"
 	"io/ioutil"
 	"log"
-	"math/rand"
 	"os"
 	"path/filepath"
-	"time"
 )
 
 var logger *log.Logger
@@ -63,12 +62,18 @@ func writeToken(token string) {
 const alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
 
 func generateToken(n int) string {
-	rand.Seed(time.Now().UnixNano())
+	// rand.Seed(time.Now().UnixNano())
 
 	b := make([]byte, n)
+	_, err := rand.Read(b)
+	if err != nil {
+		logger.Fatal(err)
+	}
 	for i := range b {
-		b[i] = alphabet[rand.Intn(len(alphabet))]
+		index := int(b[i]) % len(alphabet)
+		b[i] = alphabet[index]
 	}
+
 	return string(b)
 }
 
diff --git a/cmd/generate-token/main_test.go b/cmd/generate-token/main_test.go
index b2832361..aca7304a 100644
--- a/cmd/generate-token/main_test.go
+++ b/cmd/generate-token/main_test.go
@@ -38,8 +38,10 @@ func (s *GenerateTokenSuite) SetUpTest(c *C) {
 
 func (s *GenerateTokenSuite) TestCreateDifferentTokens(c *C) {
 	token1 := generateToken(64)
-	token2 := generateToken(64)
-	c.Assert(token1, Not(Equals), token2)
+	for i := 0; i < 100000; i++ {
+		token2 := generateToken(64)
+		c.Assert(token1, Not(Equals), token2)
+	}
 }
 
 func (s *GenerateTokenSuite) TestSaveToken(c *C) {

From 539ed3e56d292577bf73bfc6fd2056db6d9f0afa Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 16:23:09 +0200
Subject: [PATCH 19/22] remove the other simple stuff

---
 cmd/snapweb/handlers.go                |   1 -
 www/src/js/controllers/simple-login.js |  18 -----
 www/src/js/models/simple-login.js      |  36 ---------
 www/src/js/templates/simple-login.hbs  |  60 ---------------
 www/src/js/views/simple-login.js       | 101 -------------------------
 5 files changed, 216 deletions(-)
 delete mode 100644 www/src/js/controllers/simple-login.js
 delete mode 100644 www/src/js/models/simple-login.js
 delete mode 100644 www/src/js/templates/simple-login.hbs
 delete mode 100644 www/src/js/views/simple-login.js

diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index cb634f7b..25d0ca59 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -167,7 +167,6 @@ func initURLHandlers(log *log.Logger) {
 	// NOTE: the public URLs below shouldn't be using SimpleCookieCheckOrRedirect
 
 	http.HandleFunc("/api/v2/create-user", passThru)
-	http.HandleFunc("/api/v2/login", passThru)
 
 	http.Handle("/public/", loggingHandler(http.FileServer(http.Dir(filepath.Join(os.Getenv("SNAP"), "www")))))
 
diff --git a/www/src/js/controllers/simple-login.js b/www/src/js/controllers/simple-login.js
deleted file mode 100644
index c5baa68d..00000000
--- a/www/src/js/controllers/simple-login.js
+++ /dev/null
@@ -1,18 +0,0 @@
-var $ = require('jquery');
-var Backbone = require('backbone');
-Backbone.$ = $;
-var Marionette = require('backbone.marionette');
-var Radio = require('backbone.radio');
-var SimpleLoginView = require('../views/simple-login.js');
-var SimpleLoginModel = require('../models/simple-login.js');
-
-module.exports = {
-  index: function() {
-    var chan = Radio.channel('root');
-    var model = new SimpleLoginModel();
-    var view = new SimpleLoginView({
-      model: model,
-    });
-    chan.command('set:content', view);
-  }
-};
diff --git a/www/src/js/models/simple-login.js b/www/src/js/models/simple-login.js
deleted file mode 100644
index 1251a024..00000000
--- a/www/src/js/models/simple-login.js
+++ /dev/null
@@ -1,36 +0,0 @@
-// create-user API
-
-var Backbone = require('backbone');
-var Marionette = require('backbone.marionette');
-var Cookies = require("js-cookie");
-
-module.exports = Backbone.Model.extend({
-  url: '/api/v2/login',
-
-  // forces POST requests on every model update
-  isNew: function() {
-    return true;
-  },
-
-  validate: function(attrs) {
-    var emailPattern = /^[\w\-]{1,}([\w\-\+.]{1,1}[\w\-]{1,}){0,}[@][\w\-]{1,}([.]([\w\-]{1,})){1,3}$/;
-    if (typeof attrs.email == 'undefined') {
-      return 'Empty email';
-    }
-    if (!attrs.email.match(emailPattern)) {
-      return 'Invalid email';
-    }
-    if (typeof attrs.password == 'undefined') {
-      return 'Empty password';
-    }
-  },
-
-  setMacaroonCookiesFromResponse: function(result) {
-    // the cookie will expire in 1 /day/
-    // unfortunately Chrome's "continue where I left off
-    // prevents session cookies to expire as usual
-    // See https://bugs.chromium.org/p/chromium/issues/detail?id=130291
-    Cookies.set('SM', result, {expires: 1});
-  },
-  
-});
diff --git a/www/src/js/templates/simple-login.hbs b/www/src/js/templates/simple-login.hbs
deleted file mode 100644
index c5bafa39..00000000
--- a/www/src/js/templates/simple-login.hbs
+++ /dev/null
@@ -1,60 +0,0 @@
-<div class="region-login">
-  <div class="inner-wrapper">
-    <div class="b-headline seven-col last-col">
-      <div class="row" id="login-form">
-        <h2>Login</h2>
-        <div class="p-card--highlighted" style="display:block">
-          <p>
-            You are currently not logged in.
-          </p>
-          <form>
-            <fieldset>
-            <p>
-              Please login with an Ubuntu SSO account registered on this all-snap  Ubuntu Core system to perform privileged operations.
-            </p>
-            <p>
-              <label for="emailSSO">Email</label>
-              <input type="text" id="emailSSO" placeholder="Enter an email address from your account in the store...">
-            </p>
-            <p>
-              <label for="password">Password</label>
-              <input type="password" id="password">
-            </p>
-            <p style="display: none" class="otpfield">
-              <label for="otp">OTP</label>
-              <input type="text" id="otp" placeholder="Enter your One-Time-Password...">
-            </p>
-            <p>
-              <button class="p-button--positive" id="btn-login" style="margin-bottom: 1em;">
-                Login
-              </button>
-              <label class="statusmessage" style="display: inline-block; margin-left: 1em">
-              </label>
-            </p>
-          </fieldset>
-        </form>
-      </div>
-      </div>
-      <div class="row" style="display:none" id="firstboot-step-2">
-        <h2>Configuration Complete</h2>
-        <p>
-          This device is registered to {{email}}.
-        <p>
-          Remote access was enabled via authentification with SSO user {{username}}.
-          Public SSH keys were added to the device for remote access.
-        </p>
-        <p>
-          {{email}} can connect remotely to this device via SSH:
-        </p>
-        <p>
-          <pre>
-            ssh {{username}}@{{ipaddress}}
-          </pre>
-        </p>
-        <a class="button--primary" id="btn-manage" href="/">
-          Manage your device
-        </a>
-        <p></p>
-      </div>
-    </div>
-</div>
diff --git a/www/src/js/views/simple-login.js b/www/src/js/views/simple-login.js
deleted file mode 100644
index 160e2deb..00000000
--- a/www/src/js/views/simple-login.js
+++ /dev/null
@@ -1,101 +0,0 @@
-// simple-login view
-var _ = require('lodash');
-var Backbone = require('backbone');
-var Marionette = require('backbone.marionette');
-var template = require('../templates/simple-login.hbs');
-
-module.exports = Backbone.Marionette.LayoutView.extend({
-
-  className: 'b-layout__container',
-
-  ui: {
-    statusmessage: '.statusmessage',
-    otpfield: '.otpfield',
-    btncreate: '.btn-create',
-  },
-
-  events: {
-    'click #btn-login': 'handleLogin',
-  },
-
-  modelEvents: {
-    'invalid': function(model, error) {
-      this.setErrorStatus(error);
-    },
-    'two-factor-required': function(msg) {
-      this.setWarningStatus(msg);
-      this.ui.otpfield.show();
-    },
-    'two-factor-failed': function(msg) {
-      this.setWarningStatus(msg);
-    },
-    'login-required': function(msg) {
-      this.setErrorStatus(msg);
-    },
-    'invalid-auth-data': function(msg) {
-      this.setErrorStatus(msg);
-    },
-    'success': function() {
-      this.setStatus('OK');
-    },
-  },
-
-  clearStatus: function() {
-    this.ui.statusmessage.hide();
-  },
-  setStatus: function(msg) {
-    this.ui.statusmessage.text(msg);
-    this.ui.statusmessage.removeClass('has-warning');
-    this.ui.statusmessage.removeClass('has-error');
-    this.ui.statusmessage.show();
-  },
-  setWarningStatus: function(msg) {
-    this.ui.statusmessage.text(msg);
-    this.ui.statusmessage.addClass('has-warning');
-    this.ui.statusmessage.removeClass('has-error');
-    this.ui.statusmessage.show();
-  },
-  setErrorStatus: function(msg) {
-    this.ui.statusmessage.text(msg);
-    this.ui.statusmessage.removeClass('has-warning');
-    this.ui.statusmessage.addClass('has-error');
-    this.ui.statusmessage.show();
-  },
-
-  handleLogin: function(event) {
-    event.preventDefault();
-    event.stopPropagation();
-    this.model.set({
-      email: this.$('#emailSSO').val(),
-      password: this.$('#password').val(),
-      otp: this.$('#otp').val(),
-    });
-    if (this.model.isValid()) {
-      this.setStatus('Authentication...'); // via snapd...
-      this.model.save({}, {
-        success: function(model, response) {
-          model.setMacaroonCookiesFromResponse(response.result);
-          model.trigger('success');
-          // wait a bit to let the user read the confirmation message
-          _.delay(function() {
-            // redirect to home for now
-            window.location = '/';
-          }, 200)
-        },
-        error: function(model, response) {
-          if (response.status == 401 || response.status == 400) {
-            model.trigger(response.responseJSON.result.kind,
-                         response.responseJSON.result.message);
-          } else {
-            model.trigger('invalid', model, response.responseJSON.result.message);
-          }
-        }
-      });
-    }
-  },
-
-  template : function(model) {
-    return template(model);
-  },
-
-});

From cfb8aa9b776a81c9f952495e861c621dceba766c Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 16:31:49 +0200
Subject: [PATCH 20/22] even better token testing and refactor

---
 cmd/generate-token/main.go      | 13 +++++++++----
 cmd/generate-token/main_test.go |  5 +++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/cmd/generate-token/main.go b/cmd/generate-token/main.go
index d047144e..f794b779 100644
--- a/cmd/generate-token/main.go
+++ b/cmd/generate-token/main.go
@@ -77,15 +77,20 @@ func generateToken(n int) string {
 	return string(b)
 }
 
+func saveToken() string {
+	token := generateToken(64)
+	writeToken(token)
+
+	return token
+}
+
 func main() {
 	logger = log.New(os.Stderr, "generate-token: ", log.Ldate|log.Ltime|log.Lshortfile)
 
 	checkUser()
 
-	token := generateToken(64)
-
-	writeToken(token)
-
+	token := saveToken()
+	
 	fmt.Printf("Snapweb Access Token:\n\n%s\n\n", token)
 	fmt.Printf("Use the above token in the Snapweb interface to be granted access.\n")
 }
diff --git a/cmd/generate-token/main_test.go b/cmd/generate-token/main_test.go
index aca7304a..d317aed2 100644
--- a/cmd/generate-token/main_test.go
+++ b/cmd/generate-token/main_test.go
@@ -38,6 +38,7 @@ func (s *GenerateTokenSuite) SetUpTest(c *C) {
 
 func (s *GenerateTokenSuite) TestCreateDifferentTokens(c *C) {
 	token1 := generateToken(64)
+	c.Assert(len(token1), Equals, 64)
 	for i := 0; i < 100000; i++ {
 		token2 := generateToken(64)
 		c.Assert(token1, Not(Equals), token2)
@@ -45,9 +46,9 @@ func (s *GenerateTokenSuite) TestCreateDifferentTokens(c *C) {
 }
 
 func (s *GenerateTokenSuite) TestSaveToken(c *C) {
-	token := generateToken(64)
-	writeToken(token)
+	token := saveToken()
 	t, err := ioutil.ReadFile(tokenFilename())
 	c.Assert(err, IsNil)
 	c.Assert(string(t), Equals, token)
+	c.Assert(len(string(t)), Equals, 64)
 }

From d231f89810ffca62013a89fd98fdc06fd1d6c798 Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 16:57:04 +0200
Subject: [PATCH 21/22] better cert name and unit tests

---
 cmd/generate-token/main.go   |   2 +-
 cmd/snapweb/cert.go          |   2 +-
 cmd/snapweb/cert_test.go     |   4 +-
 www/tests/simpleLoginSpec.js | 159 -----------------------------------
 4 files changed, 4 insertions(+), 163 deletions(-)
 delete mode 100644 www/tests/simpleLoginSpec.js

diff --git a/cmd/generate-token/main.go b/cmd/generate-token/main.go
index f794b779..30263cad 100644
--- a/cmd/generate-token/main.go
+++ b/cmd/generate-token/main.go
@@ -90,7 +90,7 @@ func main() {
 	checkUser()
 
 	token := saveToken()
-	
+
 	fmt.Printf("Snapweb Access Token:\n\n%s\n\n", token)
 	fmt.Printf("Use the above token in the Snapweb interface to be granted access.\n")
 }
diff --git a/cmd/snapweb/cert.go b/cmd/snapweb/cert.go
index 86a81dc7..df13e6b2 100644
--- a/cmd/snapweb/cert.go
+++ b/cmd/snapweb/cert.go
@@ -81,7 +81,7 @@ func GenerateCertificate() {
 	template := x509.Certificate{
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
-			Organization: []string{"Acme Co"}, // FIXME
+			Organization: []string{"snapweb"},
 		},
 		NotBefore:             notBefore,
 		NotAfter:              notAfter,
diff --git a/cmd/snapweb/cert_test.go b/cmd/snapweb/cert_test.go
index 6b55c53c..e3b5665f 100644
--- a/cmd/snapweb/cert_test.go
+++ b/cmd/snapweb/cert_test.go
@@ -35,8 +35,8 @@ func (s *CertSuite) TestGenerate(c *C) {
 	certFile := filepath.Join(os.Getenv("SNAP_DATA"), "cert.pem")
 	keyFile := filepath.Join(os.Getenv("SNAP_DATA"), "key.pem")
 
-	c.Assert(ioutil.WriteFile(certFile, []byte{}, os.ModePerm), IsNil)
-	c.Assert(ioutil.WriteFile(keyFile, []byte{}, os.ModePerm), IsNil)
+	c.Assert(ioutil.WriteFile(certFile, nil, 0600), IsNil)
+	c.Assert(ioutil.WriteFile(keyFile, nil, 0600), IsNil)
 
 	GenerateCertificate()
 	_, err := ioutil.ReadFile(certFile)
diff --git a/www/tests/simpleLoginSpec.js b/www/tests/simpleLoginSpec.js
deleted file mode 100644
index e53e5ad9..00000000
--- a/www/tests/simpleLoginSpec.js
+++ /dev/null
@@ -1,159 +0,0 @@
-var _ = require('lodash');
-var CONF = require('../src/js/config.js');
-var Backbone = require('backbone');
-var LoginModel = require('../src/js/models/simple-login.js');
-var LoginView = require('../src/js/views/simple-login.js');
-
-describe('Login', function() {
-
-  describe('LoginModel', function() {
-
-    beforeEach(function() {
-      this.model = new LoginModel({});
-      // NOTE: it seems we don't need to do jasmine.Ajax.install() anymore
-      //       before installing the spies; not sure why
-      spyOn(this.model, 'save').and.callThrough();
-      spyOn(this.model, 'validate').and.callThrough();
-    });
-
-    afterEach(function() {
-      delete this.model;
-      this.model = null;
-    });
-
-    it('should be an instance of Backbone.Model', function() {
-      expect(LoginModel).toBeDefined();
-      expect(this.model).toEqual(jasmine.any(Backbone.Model));
-    });    
-
-    it('should block empty or invalid email', function() {
-      expect(this.model.validate({})).toBeDefined();
-      expect(this.model.validate({email: 'bad-email'})).toBeDefined();
-    });
-
-    it('should validate on save', function() {
-      this.model.save();
-      expect(this.model.validate).toHaveBeenCalled();
-    });
-    
-  });
-
-  describe('LoginView', function() {
-
-    beforeEach(function() {
-      this.model = new LoginModel({});
-      this.view = new LoginView({
-        model: this.model
-      });
-      this.view.render();
-      
-      this.emailSSO = this.view.$el.find('#emailSSO'); 
-      this.password = this.view.$el.find('#password'); 
-      this.btnLogin = this.view.$el.find('#btn-login');
-    });
-    
-    afterEach(function() {
-      this.view.remove();
-      delete this.model;
-      delete this.view;
-    });
-    
-    it('should be an instance of Backbone.View', function() {
-      expect(LoginView).toBeDefined();
-      expect(this.view).toEqual(jasmine.any(Backbone.View));
-    });
-    
-    it('should have some key input fields', function() {
-      expect(this.emailSSO).toBeDefined();
-      expect(this.btnLogin).toBeDefined();
-    });
-
-    xit('should submit valid forms', function() {
-    });
-    
-    it('should display error feedback (400)', function() {
-      spyOn(this.model, 'save').and.callThrough();
-
-      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
-        status: 400,
-        statusText: "Bad Request",
-        contentType: "application/json",
-        responseText: '{"type":"error","status-code":400,"status":"Bad Request","result":{"message":"please use a valid email address.","kind":"invalid-auth-data","value":{"email":["invalid"]}}}'
-      });
-
-      this.emailSSO.val('invalid@email.com');
-      this.password.val('pass');
-
-      this.view.$el.find('#btn-login').trigger('click');
-      
-      expect(this.model.save).toHaveBeenCalled();
-      expect(this.view.$el.find('.statusmessage').text()).toMatch('please use a valid email address.');
-      // TODO: check also that the element is visible
-    });
-    
-    it('should display error feedback (401)', function() {
-      spyOn(this.model, 'save').and.callThrough();
-
-      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
-        status: 400,
-        statusText: "Bad Request",
-        contentType: "application/json",
-        responseText: '{"type":"error","status-code":401,"status":"Unauthorized","result":{"message":"cannot authenticate to snap store: Provided email/password is not correct.","kind":"login-required"}}'
-      });
-
-      this.emailSSO.val('valid@email.com');
-      this.password.val('wrong');
-
-      this.view.$el.find('#btn-login').trigger('click');
-      
-      expect(this.model.save).toHaveBeenCalled();
-      expect(this.view.$el.find('.statusmessage').text()).toMatch('Provided email/password is not correct.');
-      // TODO: check also that the element is visible
-    });
-    
-    it('should set the macaroon cookies', function() {
-      spyOn(this.model, 'save').and.callThrough();
-      spyOn(this.model, 'setMacaroonCookiesFromResponse').and.callThrough();
-
-      jasmine.Ajax.stubRequest('/api/v2/login').andReturn({
-        status: 200,
-        statusText: "OK",
-        contentType: "application/json",
-        responseText: '{"type":"sync","status-code":200,"status":"OK","result":{"macaroon":"protect the innoncent","discharges":["serve the public trust"]}}',
-      });
-      
-      this.emailSSO.val('valid@email.com');
-      this.password.val('not empty');
-      
-      this.view.$el.find('#btn-login').trigger('click');
-      
-      expect(this.model.save).toHaveBeenCalled();
-      expect(this.model.setMacaroonCookiesFromResponse).toHaveBeenCalled();
-    });
-    
-    it('should send the macaroon cookie in new requests', function() {
-      this.model.setMacaroonCookiesFromResponse({"macaroon":"protect the innoncent",
-                                                 "discharges":["serve the public trust"]});
-
-      var doneFn = jasmine.createSpy("success");
-      var xhr = new XMLHttpRequest();
-      xhr.onreadystatechange = function(args) {
-        if (this.readyState == this.DONE) {
-          doneFn(this.responseText);
-        }
-      };
-
-      xhr.open("GET", "/some/api/call");
-      xhr.send();
-      
-      request = jasmine.Ajax.requests.mostRecent();
-      expect(request.url).toBe('/some/api/call');
-      expect(request.method).toBe('GET');
-      // FIXIME: check the Authorization header is set
-      // Note: the request headers are empty, jasmine-ajax doesn't really behave like
-      // in a normal browser, where cookies are effectively sent
-    });
-    
-  });
-
-});

From 6202bffde60c1dfde9cce8e11590a98cb062b30c Mon Sep 17 00:00:00 2001
From: David Barth <david.barth@canonical.com>
Date: Thu, 20 Oct 2016 17:43:52 +0200
Subject: [PATCH 22/22] remove create-user api bridge for now

---
 cmd/snapweb/handlers.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/cmd/snapweb/handlers.go b/cmd/snapweb/handlers.go
index 25d0ca59..6336b6ae 100644
--- a/cmd/snapweb/handlers.go
+++ b/cmd/snapweb/handlers.go
@@ -31,7 +31,7 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/snapcore/snapd/dirs"
+	// "github.com/snapcore/snapd/dirs"
 
 	// most other handlers use the ClientAdapter for now
 	"github.com/snapcore/snapweb/snappy"
@@ -155,7 +155,7 @@ func handleDeviceInfo(w http.ResponseWriter, r *http.Request) {
 func initURLHandlers(log *log.Logger) {
 	log.Println("Initializing HTTP handlers...")
 	snappyHandler := snappy.NewHandler()
-	passThru := makePassthroughHandler(dirs.SnapdSocket, "/api")
+	// passThru := makePassthroughHandler(dirs.SnapdSocket, "/api")
 
 	http.HandleFunc("/api/v2/validate-token", validateToken)
 
@@ -166,8 +166,6 @@ func initURLHandlers(log *log.Logger) {
 
 	// NOTE: the public URLs below shouldn't be using SimpleCookieCheckOrRedirect
 
-	http.HandleFunc("/api/v2/create-user", passThru)
-
 	http.Handle("/public/", loggingHandler(http.FileServer(http.Dir(filepath.Join(os.Getenv("SNAP"), "www")))))
 
 	if iconDir, relativePath, err := snappy.IconDir(); err == nil {