snappass/tests.py
Emilien GUILMINEAU 05cd81c671
🚧 Add a 'modern' REST API
2024-03-29 11:46:56 +01:00

349 lines
13 KiB
Python

import re
import time
import unittest
import uuid
from unittest import TestCase
from unittest import mock
from urllib.parse import unquote
from cryptography.fernet import Fernet
from freezegun import freeze_time
from werkzeug.exceptions import BadRequest
from fakeredis import FakeStrictRedis
# noinspection PyPep8Naming
import snappass.main as snappass
__author__ = 'davedash'
class SnapPassTestCase(TestCase):
@mock.patch('redis.client.StrictRedis', FakeStrictRedis)
def test_get_password(self):
password = "melatonin overdose 1337!$"
key = snappass.set_password(password, 30)
self.assertEqual(password, snappass.get_password(key))
# Assert that we can't look this up a second time.
self.assertIsNone(snappass.get_password(key))
def test_password_is_not_stored_in_plaintext(self):
password = "trustno1"
token = snappass.set_password(password, 30)
redis_key = token.split(snappass.TOKEN_SEPARATOR)[0]
stored_password_text = snappass.redis_client.get(redis_key).decode('utf-8')
self.assertNotIn(password, stored_password_text)
def test_returned_token_format(self):
password = "trustsome1"
token = snappass.set_password(password, 30)
token_fragments = token.split(snappass.TOKEN_SEPARATOR)
self.assertEqual(2, len(token_fragments))
redis_key, encryption_key = token_fragments
self.assertEqual(32 + len(snappass.REDIS_PREFIX), len(redis_key))
try:
Fernet(encryption_key.encode('utf-8'))
except ValueError:
self.fail('the encryption key is not valid')
def test_encryption_key_is_returned(self):
password = "trustany1"
token = snappass.set_password(password, 30)
token_fragments = token.split(snappass.TOKEN_SEPARATOR)
redis_key, encryption_key = token_fragments
stored_password = snappass.redis_client.get(redis_key)
fernet = Fernet(encryption_key.encode('utf-8'))
decrypted_password = fernet.decrypt(stored_password).decode('utf-8')
self.assertEqual(password, decrypted_password)
def test_unencrypted_passwords_still_work(self):
unencrypted_password = "trustevery1"
storage_key = uuid.uuid4().hex
snappass.redis_client.setex(storage_key, 30, unencrypted_password)
retrieved_password = snappass.get_password(storage_key)
self.assertEqual(unencrypted_password, retrieved_password)
def test_password_is_decoded(self):
password = "correct horse battery staple"
key = snappass.set_password(password, 30)
self.assertFalse(isinstance(snappass.get_password(key), bytes))
def test_clean_input(self):
# Test Bad Data
with snappass.app.test_request_context(
"/", data={'password': 'foo', 'ttl': 'bar'}, method='POST'):
self.assertRaises(BadRequest, snappass.clean_input)
# No Password
with snappass.app.test_request_context(
"/", method='POST'):
self.assertRaises(BadRequest, snappass.clean_input)
# No TTL
with snappass.app.test_request_context(
"/", data={'password': 'foo'}, method='POST'):
self.assertRaises(BadRequest, snappass.clean_input)
with snappass.app.test_request_context(
"/", data={'password': 'foo', 'ttl': 'hour'}, method='POST'):
self.assertEqual((3600, 'foo'), snappass.clean_input())
def test_password_before_expiration(self):
password = 'fidelio'
key = snappass.set_password(password, 1)
self.assertEqual(password, snappass.get_password(key))
def test_password_after_expiration(self):
password = 'open sesame'
key = snappass.set_password(password, 1)
time.sleep(1.5)
self.assertIsNone(snappass.get_password(key))
class SnapPassRoutesTestCase(TestCase):
# noinspection PyPep8Naming
def setUp(self):
snappass.app.config['TESTING'] = True
self.app = snappass.app.test_client()
def test_health_check(self):
response = self.app.get('/_/_/health')
self.assertEqual('200 OK', response.status)
self.assertEqual('{}', response.get_data(as_text=True).strip())
def test_preview_password(self):
password = "I like novelty kitten statues!"
key = snappass.set_password(password, 30)
rv = self.app.get('/{0}'.format(key))
self.assertNotIn(password, rv.get_data(as_text=True))
def test_show_password(self):
password = "I like novelty kitten statues!"
key = snappass.set_password(password, 30)
rv = self.app.post('/{0}'.format(key))
self.assertIn(password, rv.get_data(as_text=True))
def test_url_prefix(self):
password = "I like novelty kitten statues!"
snappass.URL_PREFIX = "/test/prefix"
rv = self.app.post('/', data={'password': password, 'ttl': 'hour'})
self.assertIn("localhost/test/prefix/", rv.get_data(as_text=True))
def test_set_password(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post('/', data={'password': password, 'ttl': 'two weeks'})
html_content = rv.data.decode("ascii")
key = re.search(r'id="password-link" value="https://localhost/([^"]+)', html_content).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_json(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/',
headers={'Accept': 'application/json'},
data={'password': password, 'ttl': 'two weeks'},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_api(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/set_password/',
headers={'Accept': 'application/json'},
json={'password': password, 'ttl': '1209600'},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_api_default_ttl(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/set_password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_api_v2(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords/',
headers={'Accept': 'application/json'},
json={'password': password, 'ttl': '1209600'},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_api_v2_default_ttl(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/set_password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
frozen_time.move_to("2020-05-22 11:59:59")
self.assertEqual(snappass.get_password(key), password)
frozen_time.move_to("2020-05-22 12:00:00")
self.assertIsNone(snappass.get_password(key))
def test_set_password_api_v2_no_password(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
rv = self.app.post(
'/api/set_password/',
headers={'Accept': 'application/json'},
json={'password': None},
)
self.assertEqual(rv.status, 400)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
# TODO : Search for ProblemDetails propreties about Password
def test_set_password_api_v2_too_big_ttl(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/passwords/',
headers={'Accept': 'application/json'},
json={'password': password, 'ttl': '1209600000'},
)
self.assertEqual(rv.status, 400)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
# TODO : Search for ProblemDetails propreties about TTL
def test_check_password_api_v2(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
rvc = self.app.head('/api/v2/password/' + quote(key))
self.assertEqual(rv.status, 200)
def test_check_password_api_v2_bad_keys(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
rvc = self.app.head('/api/v2/password/' + quote(key + key))
self.assertEqual(rv.status, 404)
# TODO : Search for ProblemDetails propreties about Password
def test_retrieve_password_api_v2(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
rvc = self.app.get('/api/v2/password/' + quote(key))
self.assertEqual(rv.status, 200)
json_content_retrieved = rvc.get_json()
retrieved_password = json_content['password']
self.assertEqual(retrieved_password, password)
def test_retrieve_password_api_v2_bad_keys(self):
with freeze_time("2020-05-08 12:00:00") as frozen_time:
password = 'my name is my passport. verify me.'
rv = self.app.post(
'/api/v2/password/',
headers={'Accept': 'application/json'},
json={'password': password},
)
json_content = rv.get_json()
key = re.search(r'https://localhost/([^"]+)', json_content['link']).group(1)
key = unquote(key)
rvc = self.app.head('/api/v2/password/' + quote(key + key))
self.assertEqual(rv.status, 404)
# TODO : Search for ProblemDetails propreties about Password
if __name__ == '__main__':
unittest.main()