Commit graph

13 commits

Author SHA1 Message Date
Nicholas Charriere
2b4a6a4b50 Merge pull request #65 from samueldg/feature/secure_password_storage
Feature/secure password storage
2017-05-16 10:08:17 -07:00
Guewen Baconnier
7b5f804551 Add Iframely in sneaky user-agents
This "embeds as a service" is used by many apps/websites. Discovered
when my pass got eaten by the HipChat preview.
2017-05-12 08:27:52 +02:00
Samuel Dion-Girardeau
076b271be2 Use assertEqual, not assertEquals (deprecated)
Removes the following warning:

```
tests.py:96: DeprecationWarning: Please use assertEqual instead.
  self.assertEquals(rv.status_code, 404)
```
2017-05-11 21:39:26 -04:00
Samuel Dion-Girardeau
e4f5aed4fa Add tests for the encryption
Check that:

- Password is not stored in plain text in Redis;
- The token returned has the expected format;
- The key returned is indeed the decryption key;
- API backwards compatibility is maintained: passwords stored in plain text
  can be retrieved via the original URL token.

`test_returned_token_format` superseeds `test_set_password`, which
was only validating the key length.

f
2017-05-11 21:38:43 -04:00
Carlos Moreno
e0a03dc484 added skype to sneaky_bots test 2017-02-17 21:48:10 -06:00
Joseph Boiteau
58f4658154
Fix code according to @jparise comments
- Refactor is_valid_request code
- Add "Facebot/1.0" User-Agent string
2017-01-11 13:50:42 +11:00
Joseph Boiteau
1651ac4bd5
Return 404 to UserAgents matching list
Empty User-Agent should not break
Add test for 404 response to /bot/
Wrap User-Agent check in `request_is_valid` method
2017-01-11 09:48:54 +11:00
Samuel Dion-Girardeau
5801007738 Add tests for password expiration 2016-10-24 19:21:08 -04:00
Samuel Dion-Girardeau
00f6964a90 Fix python2.6 support for tests
- "{}".format('foo') does not work on python2.6, as the index needs to be explicitly specified.
- assertIn(x, y) was only introduced in 2.7, reverting to assertTrue(x in y)

Updated test environments definitions and docs accordingly.
2016-08-12 18:47:02 -04:00
Samuel Dion-Girardeau
a46fc40aa3 Improve string encoding for password retrieval
- Prevent the password from displaying as b'...' in the app;
 - Use Flask's `get_data(as_test=True)` to read the data, in the tests;
 - Add test to ensure `get_password` is not returning bytes.
2016-08-11 22:05:35 -04:00
Nicholas Charriere
a9fc727240 Fix tests 2016-07-18 13:36:06 -07:00
Nicholas Charriere
db1ef7673e Make flake8 test pass 2016-07-18 11:53:34 -07:00
Dave Dash
eefe2bdc76 Prepare snappass for distribution. 2013-10-05 23:10:50 -07:00