simono41/snappass
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🎨 flake8

Browse source
This commit is contained in:
Emilien GUILMINEAU 2024-03-29 23:59:15 +01:00
parent 26b26f9c25
commit 04235c1edc
2 changed files with 109 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
snappass/main.py
View file

@ -102,6 +102,7 @@ def parse_token(token):
return storage_key, decryption_key
def as_validation_problem(request, problem_type, problem_title, invalid_params):
base_url = set_base_url(request)
@ -112,6 +113,7 @@ def as_validation_problem(request, problem_type, problem_title, invalid_params):
}
return as_problem_response(problem)
def as_not_found_problem(request, problem_type, problem_title, invalid_params):
base_url = set_base_url(request)
@ -248,6 +250,7 @@ def api_handle_password():
else:
abort(500)
@app.route('/api/v2/passwords', methods=['POST'])
def api_v2_set_password():
password = request.json.get('password')
@ -269,10 +272,15 @@ def api_v2_set_password():
if len(invalid_params) > 0:
# Return a ProblemDetails expliciting issue with Password and/or TTL
return as_validation_problem(request, "set-password-validation-error", "The password and/or the TTL are invalid.", invalid_params)
return as_validation_problem(
request,
"set-password-validation-error",
"The password and/or the TTL are invalid.",
invalid_params
)
token = set_password(password, ttl)
url_token= quote_plus(token)
url_token = quote_plus(token)
base_url = set_base_url(request)
link = urljoin(base_url, request.path + "/" + url_token)
response_content = {
@ -285,6 +293,7 @@ def api_v2_set_password():
}
return jsonify(response_content)
@app.route('/api/v2/passwords/<token>', methods=['HEAD'])
def api_v2_check_password(token):
token = unquote_plus(token)
@ -295,13 +304,19 @@ def api_v2_check_password(token):
# Return OK, to indicate that password still exists
return ('', 200)
@app.route('/api/v2/passwords/<token>', methods=['GET'])
def api_v2_retrieve_password(token):
token = unquote_plus(token)
password = get_password(token)
if not password:
# Return NotFound, to indicate that password does not exists (anymore or at all)
return as_not_found_problem(request, "get-password-error", "The password doesn't exist.", [{ "name": "token"}])
return as_not_found_problem(
request,
"get-password-error",
"The password doesn't exist.",
[{"name": "token"}]
)
else:
# Return OK and the password in JSON message
return jsonify(password=password)

190
tests.py
View file

@ -239,126 +239,118 @@ class SnapPassRoutesTestCase(TestCase):
self.assertIsNone(snappass.get_password(key))
def test_set_password_api_v2_no_password(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': ''},
)
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': ''},
)
self.assertEqual(rv.status_code, 400)
self.assertEqual(rv.status_code, 400)
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_password = invalid_params[0]
self.assertEqual(bad_password['name'], 'password')
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_password = invalid_params[0]
self.assertEqual(bad_password['name'], 'password')
def test_set_password_api_v2_too_big_ttl(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password, 'ttl': '1209600000'},
)
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password, 'ttl': '1209600000'},
)
self.assertEqual(rv.status_code, 400)
self.assertEqual(rv.status_code, 400)
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_ttl = invalid_params[0]
self.assertEqual(bad_ttl['name'], 'ttl')
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_ttl = invalid_params[0]
self.assertEqual(bad_ttl['name'], 'ttl')
def test_set_password_api_v2_no_password_and_too_big_ttl(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': '', 'ttl': '1209600000'},
)
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': '', 'ttl': '1209600000'},
)
self.assertEqual(rv.status_code, 400)
self.assertEqual(rv.status_code, 400)
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 2)
bad_password = invalid_params[0]
self.assertEqual(bad_password['name'], 'password')
bad_ttl = invalid_params[1]
self.assertEqual(bad_ttl['name'], 'ttl')
json_content = rv.get_json()
invalid_params = json_content['invalid-params']
self.assertEqual(len(invalid_params), 2)
bad_password = invalid_params[0]
self.assertEqual(bad_password['name'], 'password')
bad_ttl = invalid_params[1]
self.assertEqual(bad_ttl['name'], 'ttl')
def test_check_password_api_v2(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.head('/api/v2/passwords/' + quote(key))
self.assertEqual(rv.status_code, 200)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.head('/api/v2/passwords/' + quote(key))
self.assertEqual(rvc.status_code, 200)
def test_check_password_api_v2_bad_keys(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.head('/api/v2/passwords/' + quote(key[::-1]))
self.assertEqual(rvc.status_code, 404)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.head('/api/v2/passwords/' + quote(key[::-1]))
self.assertEqual(rvc.status_code, 404)
def test_retrieve_password_api_v2(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.get('/api/v2/passwords/' + quote(key))
self.assertEqual(rv.status_code, 200)
json_content = rv.get_json()
key = unquote(json_content['token'])
json_content_retrieved = rvc.get_json()
retrieved_password = json_content_retrieved['password']
self.assertEqual(retrieved_password, password)
rvc = self.app.get('/api/v2/passwords/' + quote(key))
self.assertEqual(rv.status_code, 200)
json_content_retrieved = rvc.get_json()
retrieved_password = json_content_retrieved['password']
self.assertEqual(retrieved_password, password)
def test_retrieve_password_api_v2_bad_keys(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.get('/api/v2/passwords/' + quote(key[::-1]))
self.assertEqual(rvc.status_code, 404)
json_content_retrieved = rvc.get_json()
invalid_params = json_content_retrieved['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_token = invalid_params[0]
self.assertEqual(bad_token['name'], 'token')
json_content = rv.get_json()
key = unquote(json_content['token'])
rvc = self.app.get('/api/v2/passwords/' + quote(key[::-1]))
self.assertEqual(rvc.status_code, 404)
json_content_retrieved = rvc.get_json()
invalid_params = json_content_retrieved['invalid-params']
self.assertEqual(len(invalid_params), 1)
bad_token = invalid_params[0]
self.assertEqual(bad_token['name'], 'token')
if __name__ == '__main__':