snappass/tests.py

import re
import time
import unittest
import uuid
import json
from unittest import TestCase
from unittest import mock
from urllib.parse import unquote

from cryptography.fernet import Fernet
from freezegun import freeze_time
from werkzeug.exceptions import BadRequest
from fakeredis import FakeStrictRedis

# noinspection PyPep8Naming
import snappass.main as snappass

__author__ = 'davedash'


class SnapPassTestCase(TestCase):

    @mock.patch('redis.client.StrictRedis', FakeStrictRedis)
    def test_get_password(self):
        password = "melatonin overdose 1337!$"
        key = snappass.set_password(password, 30)
        self.assertEqual(password, snappass.get_password(key))
        # Assert that we can't look this up a second time.
        self.assertIsNone(snappass.get_password(key))

    def test_password_is_not_stored_in_plaintext(self):
        password = "trustno1"
        token = snappass.set_password(password, 30)
        redis_key = token.split(snappass.TOKEN_SEPARATOR)[0]
        stored_password_text = snappass.redis_client.get(redis_key).decode('utf-8')
        self.assertNotIn(password, stored_password_text)

    def test_returned_token_format(self):
        password = "trustsome1"
        token = snappass.set_password(password, 30)
        token_fragments = token.split(snappass.TOKEN_SEPARATOR)
        self.assertEqual(2, len(token_fragments))
        redis_key, encryption_key = token_fragments
        self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key))
        try:
            Fernet(encryption_key.encode('utf-8'))
        except ValueError:
            self.fail('the encryption key is not valid')

    def test_encryption_key_is_returned(self):
        password = "trustany1"
        token = snappass.set_password(password, 30)
        token_fragments = token.split(snappass.TOKEN_SEPARATOR)
        redis_key, encryption_key = token_fragments
        stored_password = snappass.redis_client.get(redis_key)
        fernet = Fernet(encryption_key.encode('utf-8'))
        decrypted_password = fernet.decrypt(stored_password).decode('utf-8')
        self.assertEqual(password, decrypted_password)

    def test_unencrypted_passwords_still_work(self):
        unencrypted_password = "trustevery1"
        storage_key = uuid.uuid4().hex
        snappass.redis_client.setex(storage_key, 30, unencrypted_password)
        retrieved_password = snappass.get_password(storage_key)
        self.assertEqual(unencrypted_password, retrieved_password)

    def test_password_is_decoded(self):
        password = "correct horse battery staple"
        key = snappass.set_password(password, 30)
        self.assertFalse(isinstance(snappass.get_password(key), bytes))

    def test_clean_input(self):
        # Test Bad Data
        with snappass.app.test_request_context(
                "/", data={'password': 'foo', 'ttl': 'bar'}, method='POST'):
            self.assertRaises(BadRequest, snappass.clean_input)

        # No Password
        with snappass.app.test_request_context(
                "/", method='POST'):
            self.assertRaises(BadRequest, snappass.clean_input)

        # No TTL
        with snappass.app.test_request_context(
                "/", data={'password': 'foo'}, method='POST'):
            self.assertRaises(BadRequest, snappass.clean_input)

        with snappass.app.test_request_context(
                "/", data={'password': 'foo', 'ttl': 'hour'}, method='POST'):
            self.assertEqual((3600, 'foo'), snappass.clean_input())

    def test_password_before_expiration(self):
        password = 'fidelio'
        key = snappass.set_password(password, 1)
        self.assertEqual(password, snappass.get_password(key))

    def test_password_after_expiration(self):
        password = 'open sesame'
        key = snappass.set_password(password, 1)
        time.sleep(1.5)
        self.assertIsNone(snappass.get_password(key))


class SnapPassRoutesTestCase(TestCase):
    # noinspection PyPep8Naming
    def setUp(self):
        snappass.app.config['TESTING'] = True
        self.app = snappass.app.test_client()

    def test_preview_password(self):
        password = "I like novelty kitten statues!"
        key = snappass.set_password(password, 30)
        rv = self.app.get('/{0}'.format(key))
        self.assertNotIn(password, rv.get_data(as_text=True))

    def test_show_password(self):
        password = "I like novelty kitten statues!"
        key = snappass.set_password(password, 30)
        rv = self.app.post('/{0}'.format(key))
        self.assertIn(password, rv.get_data(as_text=True))

    def test_url_prefix(self):
        password = "I like novelty kitten statues!"
        snappass.URL_PREFIX = "/test/prefix"
        rv = self.app.post('/', data={'password': password, 'ttl': 'hour'})
        self.assertIn("localhost/test/prefix/", rv.get_data(as_text=True))

    def test_set_password(self):
        with freeze_time("2020-05-08 12:00:00") as frozen_time:
            password = 'my name is my passport. verify me.'
            rv = self.app.post('/', data={'password': password, 'ttl': 'two weeks'})

            html_content = rv.data.decode("ascii")
            key = re.search(r'id="password-link" value="https://localhost/([^"]+)', html_content).group(1)
            key = unquote(key)

            frozen_time.move_to("2020-05-22 11:59:59")
            self.assertEqual(snappass.get_password(key), password)

            frozen_time.move_to("2020-05-22 12:00:00")
            self.assertIsNone(snappass.get_password(key))
    
    def test_set_password_json(self):
        with freeze_time("2020-05-08 12:00:00") as frozen_time:
            password = 'my name is my passport. verify me.'
            rv = self.app.post('/', headers={'Accept': 'application/json'}, data={'password': password, 'ttl': 'two weeks'})

            json_content = rv.get_json()
            key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
            key = unquote(key)

            frozen_time.move_to("2020-05-22 11:59:59")
            self.assertEqual(snappass.get_password(key), password)

            frozen_time.move_to("2020-05-22 12:00:00")
            self.assertIsNone(snappass.get_password(key))


if __name__ == '__main__':
    unittest.main()
Adds option for two-week timeout. (#120) Also includes: - Updated the versions in the requirements, as MarkupSafe did not install cleanly. - Integration test that sets a password via the website, and then verifies the timeout on the backend. - Basic Makefile, updates to the docs to use the Makefile. The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions). 2020-05-08 20:43:54 +02:00			`import re`
Add tests for password expiration 2016-10-25 01:21:08 +02:00			`import time`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`import unittest`
Add tests for the encryption Check that: - Password is not stored in plain text in Redis; - The token returned has the expected format; - The key returned is indeed the decryption key; - API backwards compatibility is maintained: passwords stored in plain text can be retrieved via the original URL token. `test_returned_token_format` superseeds `test_set_password`, which was only validating the key length. f 2017-05-11 06:40:24 +02:00			`import uuid`
Adding json-output for api-like functionality (#147) * adding json-template for api-like functionality * removing content-block * adding test * changing to flask.jsonify * deleting template * change from POST-param to Accept-Header 2022-04-11 21:37:19 +02:00			`import json`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`from unittest import TestCase`
Remove mock and nose development dependencies (#158) We don't need 'mock' now that we require Python 3.x. ... and nose is no longer used since we switched to pytest as our test runner a long time ago. 2022-05-17 19:57:35 +02:00			`from unittest import mock`
Remove dependency on six (#160) We no longer need six now that we require Python 3.x. 2022-05-17 20:10:58 +02:00			`from urllib.parse import unquote`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
Add tests for the encryption Check that: - Password is not stored in plain text in Redis; - The token returned has the expected format; - The key returned is indeed the decryption key; - API backwards compatibility is maintained: passwords stored in plain text can be retrieved via the original URL token. `test_returned_token_format` superseeds `test_set_password`, which was only validating the key length. f 2017-05-11 06:40:24 +02:00			`from cryptography.fernet import Fernet`
Adds option for two-week timeout. (#120) Also includes: - Updated the versions in the requirements, as MarkupSafe did not install cleanly. - Integration test that sets a password via the website, and then verifies the timeout on the backend. - Basic Makefile, updates to the docs to use the Makefile. The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions). 2020-05-08 20:43:54 +02:00			`from freezegun import freeze_time`
Fix tests 2016-07-18 22:36:06 +02:00			`from werkzeug.exceptions import BadRequest`
Migrate to fakeredis from mockredispy (#108) 2019-08-09 17:37:03 +02:00			`from fakeredis import FakeStrictRedis`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
Make flake8 test pass 2016-07-18 20:52:37 +02:00			`# noinspection PyPep8Naming`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`import snappass.main as snappass`

			`__author__ = 'davedash'`


			`class SnapPassTestCase(TestCase):`

Remove mock and nose development dependencies (#158) We don't need 'mock' now that we require Python 3.x. ... and nose is no longer used since we switched to pytest as our test runner a long time ago. 2022-05-17 19:57:35 +02:00			`@mock.patch('redis.client.StrictRedis', FakeStrictRedis)`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`def test_get_password(self):`
			`password = "melatonin overdose 1337!$"`
			`key = snappass.set_password(password, 30)`
			`self.assertEqual(password, snappass.get_password(key))`
			`# Assert that we can't look this up a second time.`
Use assertion methods introduced in Python 2.7 Since Python 2.6 support was dropped, we can use all these: https://docs.python.org/2/library/unittest.html#assert-methods 2018-05-08 03:20:54 +02:00			`self.assertIsNone(snappass.get_password(key))`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
Add tests for the encryption Check that: - Password is not stored in plain text in Redis; - The token returned has the expected format; - The key returned is indeed the decryption key; - API backwards compatibility is maintained: passwords stored in plain text can be retrieved via the original URL token. `test_returned_token_format` superseeds `test_set_password`, which was only validating the key length. f 2017-05-11 06:40:24 +02:00			`def test_password_is_not_stored_in_plaintext(self):`
			`password = "trustno1"`
			`token = snappass.set_password(password, 30)`
			`redis_key = token.split(snappass.TOKEN_SEPARATOR)[0]`
			`stored_password_text = snappass.redis_client.get(redis_key).decode('utf-8')`
Use assertion methods introduced in Python 2.7 Since Python 2.6 support was dropped, we can use all these: https://docs.python.org/2/library/unittest.html#assert-methods 2018-05-08 03:20:54 +02:00			`self.assertNotIn(password, stored_password_text)`
Add tests for the encryption Check that: - Password is not stored in plain text in Redis; - The token returned has the expected format; - The key returned is indeed the decryption key; - API backwards compatibility is maintained: passwords stored in plain text can be retrieved via the original URL token. `test_returned_token_format` superseeds `test_set_password`, which was only validating the key length. f 2017-05-11 06:40:24 +02:00
			`def test_returned_token_format(self):`
			`password = "trustsome1"`
			`token = snappass.set_password(password, 30)`
			`token_fragments = token.split(snappass.TOKEN_SEPARATOR)`
			`self.assertEqual(2, len(token_fragments))`
			`redis_key, encryption_key = token_fragments`
Add prefix to memcache 2018-07-01 19:19:56 +02:00			`self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key))`
Add tests for the encryption Check that: - Password is not stored in plain text in Redis; - The token returned has the expected format; - The key returned is indeed the decryption key; - API backwards compatibility is maintained: passwords stored in plain text can be retrieved via the original URL token. `test_returned_token_format` superseeds `test_set_password`, which was only validating the key length. f 2017-05-11 06:40:24 +02:00			`try:`
			`Fernet(encryption_key.encode('utf-8'))`
			`except ValueError:`
			`self.fail('the encryption key is not valid')`

			`def test_encryption_key_is_returned(self):`
			`password = "trustany1"`
			`token = snappass.set_password(password, 30)`
			`token_fragments = token.split(snappass.TOKEN_SEPARATOR)`
			`redis_key, encryption_key = token_fragments`
			`stored_password = snappass.redis_client.get(redis_key)`
			`fernet = Fernet(encryption_key.encode('utf-8'))`
			`decrypted_password = fernet.decrypt(stored_password).decode('utf-8')`
			`self.assertEqual(password, decrypted_password)`

			`def test_unencrypted_passwords_still_work(self):`
			`unencrypted_password = "trustevery1"`
			`storage_key = uuid.uuid4().hex`
			`snappass.redis_client.setex(storage_key, 30, unencrypted_password)`
			`retrieved_password = snappass.get_password(storage_key)`
			`self.assertEqual(unencrypted_password, retrieved_password)`

Improve string encoding for password retrieval - Prevent the password from displaying as b'...' in the app; - Use Flask's `get_data(as_test=True)` to read the data, in the tests; - Add test to ensure `get_password` is not returning bytes. 2016-08-12 03:50:37 +02:00			`def test_password_is_decoded(self):`
			`password = "correct horse battery staple"`
			`key = snappass.set_password(password, 30)`
			`self.assertFalse(isinstance(snappass.get_password(key), bytes))`

Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`def test_clean_input(self):`
			`# Test Bad Data`
			`with snappass.app.test_request_context(`
			`"/", data={'password': 'foo', 'ttl': 'bar'}, method='POST'):`
Fix tests 2016-07-18 22:36:06 +02:00			`self.assertRaises(BadRequest, snappass.clean_input)`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
			`# No Password`
			`with snappass.app.test_request_context(`
			`"/", method='POST'):`
Fix tests 2016-07-18 22:36:06 +02:00			`self.assertRaises(BadRequest, snappass.clean_input)`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
			`# No TTL`
			`with snappass.app.test_request_context(`
			`"/", data={'password': 'foo'}, method='POST'):`
Fix tests 2016-07-18 22:36:06 +02:00			`self.assertRaises(BadRequest, snappass.clean_input)`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
			`with snappass.app.test_request_context(`
			`"/", data={'password': 'foo', 'ttl': 'hour'}, method='POST'):`
			`self.assertEqual((3600, 'foo'), snappass.clean_input())`

Add tests for password expiration 2016-10-25 01:21:08 +02:00			`def test_password_before_expiration(self):`
			`password = 'fidelio'`
			`key = snappass.set_password(password, 1)`
			`self.assertEqual(password, snappass.get_password(key))`

			`def test_password_after_expiration(self):`
			`password = 'open sesame'`
			`key = snappass.set_password(password, 1)`
			`time.sleep(1.5)`
Use assertion methods introduced in Python 2.7 Since Python 2.6 support was dropped, we can use all these: https://docs.python.org/2/library/unittest.html#assert-methods 2018-05-08 03:20:54 +02:00			`self.assertIsNone(snappass.get_password(key))`
Add tests for password expiration 2016-10-25 01:21:08 +02:00
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
			`class SnapPassRoutesTestCase(TestCase):`
Make flake8 test pass 2016-07-18 20:52:37 +02:00			`# noinspection PyPep8Naming`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`def setUp(self):`
			`snappass.app.config['TESTING'] = True`
			`self.app = snappass.app.test_client()`

Bots that prefetch should not destroy the secret (#100) * Create preview view, remove sneaky-user-agents logic * unit tests * rename openSecret to viewSecret * code clean-up and style * rename view secret to reveal secret * update authors list * bump version to 1.5.0 2019-03-05 16:47:07 +01:00			`def test_preview_password(self):`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`password = "I like novelty kitten statues!"`
			`key = snappass.set_password(password, 30)`
Fix python2.6 support for tests - "{}".format('foo') does not work on python2.6, as the index needs to be explicitly specified. - assertIn(x, y) was only introduced in 2.7, reverting to assertTrue(x in y) Updated test environments definitions and docs accordingly. 2016-08-13 00:38:33 +02:00			`rv = self.app.get('/{0}'.format(key))`
Bots that prefetch should not destroy the secret (#100) * Create preview view, remove sneaky-user-agents logic * unit tests * rename openSecret to viewSecret * code clean-up and style * rename view secret to reveal secret * update authors list * bump version to 1.5.0 2019-03-05 16:47:07 +01:00			`self.assertNotIn(password, rv.get_data(as_text=True))`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
Bots that prefetch should not destroy the secret (#100) * Create preview view, remove sneaky-user-agents logic * unit tests * rename openSecret to viewSecret * code clean-up and style * rename view secret to reveal secret * update authors list * bump version to 1.5.0 2019-03-05 16:47:07 +01:00			`def test_show_password(self):`
			`password = "I like novelty kitten statues!"`
Return 404 to UserAgents matching list Empty User-Agent should not break Add test for 404 response to /bot/ Wrap User-Agent check in `request_is_valid` method 2016-12-20 06:08:56 +01:00			`key = snappass.set_password(password, 30)`
Bots that prefetch should not destroy the secret (#100) * Create preview view, remove sneaky-user-agents logic * unit tests * rename openSecret to viewSecret * code clean-up and style * rename view secret to reveal secret * update authors list * bump version to 1.5.0 2019-03-05 16:47:07 +01:00			`rv = self.app.post('/{0}'.format(key))`
			`self.assertIn(password, rv.get_data(as_text=True))`
Return 404 to UserAgents matching list Empty User-Agent should not break Add test for 404 response to /bot/ Wrap User-Agent check in `request_is_valid` method 2016-12-20 06:08:56 +01:00
Add url prefix for reverse proxies (#106) 2019-08-09 23:07:49 +02:00			`def test_url_prefix(self):`
			`password = "I like novelty kitten statues!"`
Adds option for two-week timeout. (#120) Also includes: - Updated the versions in the requirements, as MarkupSafe did not install cleanly. - Integration test that sets a password via the website, and then verifies the timeout on the backend. - Basic Makefile, updates to the docs to use the Makefile. The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions). 2020-05-08 20:43:54 +02:00			`snappass.URL_PREFIX = "/test/prefix"`
Add url prefix for reverse proxies (#106) 2019-08-09 23:07:49 +02:00			`rv = self.app.post('/', data={'password': password, 'ttl': 'hour'})`
			`self.assertIn("localhost/test/prefix/", rv.get_data(as_text=True))`
Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00
Adds option for two-week timeout. (#120) Also includes: - Updated the versions in the requirements, as MarkupSafe did not install cleanly. - Integration test that sets a password via the website, and then verifies the timeout on the backend. - Basic Makefile, updates to the docs to use the Makefile. The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions). 2020-05-08 20:43:54 +02:00			`def test_set_password(self):`
			`with freeze_time("2020-05-08 12:00:00") as frozen_time:`
			`password = 'my name is my passport. verify me.'`
			`rv = self.app.post('/', data={'password': password, 'ttl': 'two weeks'})`

			`html_content = rv.data.decode("ascii")`
			`key = re.search(r'id="password-link" value="https://localhost/([^"]+)', html_content).group(1)`
			`key = unquote(key)`

			`frozen_time.move_to("2020-05-22 11:59:59")`
			`self.assertEqual(snappass.get_password(key), password)`

			`frozen_time.move_to("2020-05-22 12:00:00")`
			`self.assertIsNone(snappass.get_password(key))`
Adding json-output for api-like functionality (#147) * adding json-template for api-like functionality * removing content-block * adding test * changing to flask.jsonify * deleting template * change from POST-param to Accept-Header 2022-04-11 21:37:19 +02:00
			`def test_set_password_json(self):`
			`with freeze_time("2020-05-08 12:00:00") as frozen_time:`
			`password = 'my name is my passport. verify me.'`
			`rv = self.app.post('/', headers={'Accept': 'application/json'}, data={'password': password, 'ttl': 'two weeks'})`

			`json_content = rv.get_json()`
			`key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)`
			`key = unquote(key)`

			`frozen_time.move_to("2020-05-22 11:59:59")`
			`self.assertEqual(snappass.get_password(key), password)`

			`frozen_time.move_to("2020-05-22 12:00:00")`
			`self.assertIsNone(snappass.get_password(key))`
Adds option for two-week timeout. (#120) Also includes: - Updated the versions in the requirements, as MarkupSafe did not install cleanly. - Integration test that sets a password via the website, and then verifies the timeout on the backend. - Basic Makefile, updates to the docs to use the Makefile. The requirements file was updated using pip freeze after I had updated the version of MarkupSafe. I don't know what the usual process is for this repo, so please let me know if I should use a different process there (that is why there are a few additions). 2020-05-08 20:43:54 +02:00

Prepare snappass for distribution. 2013-10-05 23:12:31 +02:00			`if __name__ == '__main__':`
			`unittest.main()`