def test_only_signed_when_approved_and_enabled(self, mocked_autograph):
sign_data_mock = mocked_autograph.return_value.sign_data
# This uses the signer, so do it first
action = ActionFactory()
sign_data_mock.reset_mock()
sign_data_mock.side_effect = Exception("Can't sign yet")
recipe = RecipeFactory(name="unchanged", action=action)
assert not recipe.enabled
assert not recipe.is_approved
assert recipe.signature is None
# Updating does not generate a signature
recipe.revise(name="changed")
assert recipe.signature is None
# Approving does not sign the recipe
rev = recipe.latest_revision
approval_request = rev.request_approval(UserFactory())
approval_request.approve(UserFactory(), "r+")
recipe.refresh_from_db()
assert recipe.signature is None
mocked_autograph.return_value.sign_data.assert_not_called()
# Enabling signs the recipe
mocked_autograph.return_value.sign_data.side_effect = fake_sign
rev.enable(UserFactory())
recipe.refresh_from_db()
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
assert mocked_autograph.return_value.sign_data.called_once()
def test_only_signed_when_approved_and_enabled(self, mocked_autograph):
sign_data_mock = mocked_autograph.return_value.sign_data
# This uses the signer, so do it first
action = ActionFactory()
sign_data_mock.reset_mock()
sign_data_mock.side_effect = Exception("Can't sign yet")
recipe = RecipeFactory(name="unchanged", action=action)
assert not recipe.enabled
assert not recipe.is_approved
assert recipe.signature is None
# Updating does not generate a signature
recipe.revise(name="changed")
assert recipe.signature is None
# Approving does not sign the recipe
rev = recipe.latest_revision
approval_request = rev.request_approval(UserFactory())
approval_request.approve(UserFactory(), "r+")
recipe.refresh_from_db()
assert recipe.signature is None
mocked_autograph.return_value.sign_data.assert_not_called()
# Enabling signs the recipe
mocked_autograph.return_value.sign_data.side_effect = fake_sign
rev.enable(UserFactory())
recipe.refresh_from_db()
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
assert mocked_autograph.return_value.sign_data.called_once()
def test_signatures_update_correctly_on_enable(self, mocked_autograph):
recipe = RecipeFactory(signed=False, approver=UserFactory())
recipe.approved_revision.enable(user=UserFactory())
recipe.refresh_from_db()
assert recipe.signature is not None
assert recipe.signature.signature == fake_sign([recipe.canonical_json()])[0]["signature"]
def test_signatures_update_correctly_on_enable(self, mocked_autograph):
recipe = RecipeFactory(signed=False, approver=UserFactory())
recipe.approved_revision.enable(user=UserFactory())
recipe.refresh_from_db()
assert recipe.signature is not None
assert recipe.signature.signature == fake_sign([recipe.canonical_json()])[0]["signature"]
def test_signature_is_updated_if_autograph_available(self, mocked_autograph):
recipe = RecipeFactory(name="unchanged", approver=UserFactory(), enabler=UserFactory())
original_signature = recipe.signature
assert original_signature is not None
recipe.revise(name="changed")
assert recipe.latest_revision.name == "changed"
assert recipe.signature is not original_signature
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
def test_signature_is_updated_if_autograph_available(self, mocked_autograph):
recipe = RecipeFactory(name="unchanged", approver=UserFactory(), enabler=UserFactory())
original_signature = recipe.signature
assert original_signature is not None
recipe.revise(name="changed")
assert recipe.latest_revision.name == "changed"
assert recipe.signature is not original_signature
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
def test_enabled_updates_signatures(self, mocked_autograph):
recipe = RecipeFactory(name="first")
ar = recipe.latest_revision.request_approval(UserFactory())
ar.approve(approver=UserFactory(), comment="r+")
recipe = Recipe.objects.get()
recipe.approved_revision.enable(UserFactory())
recipe.refresh_from_db()
data_to_sign = recipe.canonical_json()
signature_of_data = fake_sign([data_to_sign])[0]["signature"]
signature_in_db = recipe.signature.signature
assert signature_of_data == signature_in_db
def test_enabled_updates_signatures(self, mocked_autograph):
recipe = RecipeFactory(name="first")
ar = recipe.latest_revision.request_approval(UserFactory())
ar.approve(approver=UserFactory(), comment="r+")
recipe = Recipe.objects.get()
recipe.approved_revision.enable(UserFactory())
recipe.refresh_from_db()
data_to_sign = recipe.canonical_json()
signature_of_data = fake_sign([data_to_sign])[0]["signature"]
signature_in_db = recipe.signature.signature
assert signature_of_data == signature_in_db
def verify_signatures(self, api_client, expected_count=None):
res = api_client.get('/api/v1/recipe/signed/')
assert res.status_code == 200
signed_data = res.json()
if expected_count is not None:
assert len(signed_data) == expected_count
for recipe_and_signature in signed_data:
recipe = recipe_and_signature['recipe']
expected_signature = recipe_and_signature['signature']['signature']
data = canonical_json_dumps(recipe).encode()
actual_signature = fake_sign([data])[0]['signature']
assert actual_signature == expected_signature
def test_signature_is_correct_on_creation_if_autograph_available(
self, mocked_autograph):
recipe = RecipeFactory(approver=UserFactory(), enabler=UserFactory())
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
def test_signature_is_correct_on_creation_if_autograph_available(self, mocked_autograph):
recipe = RecipeFactory(approver=UserFactory(), enabler=UserFactory())
expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"]
assert recipe.signature.signature == expected_sig
