def test_hashing():
# Encrypted password generate different hashes/salts every time
hashed_pw, salt = utils.make_hash(A_PASSWORD)
hashed_pw2, salt2 = utils.make_hash(A_PASSWORD)
assert hashed_pw != hashed_pw2
assert salt != salt2
# Both hashes are valid
assert utils.verify_hash(A_PASSWORD, hashed_pw, salt)
assert utils.verify_hash(A_PASSWORD, hashed_pw2, salt2)
# Mixed hashes are not valid:
assert not utils.verify_hash(A_PASSWORD, hashed_pw2, salt)
# Strings are acceptable parameters
assert utils.verify_hash(A_PASSWORD, hashed_pw2, salt2)
def organization_admin(app, organization):
p_hash, p_salt = make_hash(USER_PASSWORD)
user = User(
uuid=uuid.uuid4().hex,
email="*****@*****.**",
first_name="firstname",
last_name="lastname",
password_hash=p_hash,
password_salt=p_salt,
is_system_admin=False,
)
db.session.add(user)
db.session.commit()
role = find_organization_role(ROLE_ADMINISTRATOR_CODE)
db.session.add(role)
db.session.commit()
membership = OrganizationMember(
uuid=uuid.uuid4().hex,
organization_id=organization.id,
user_id=user.id,
organization_role_id=role.id,
)
db.session.add(membership)
db.session.commit()
return user
def user_two(app):
p_hash, p_salt = make_hash(USER_TWO_PASSWORD)
return User(
uuid=uuid.uuid4().hex,
email="*****@*****.**",
first_name="Bob",
last_name="Thomas",
password_hash=p_hash,
password_salt=p_salt,
is_system_admin=False,
)
def admin(app):
p_hash, p_salt = make_hash(ADMIN_PASSWORD)
user = User(
uuid=uuid.uuid4().hex,
email=ADMIN_EMAIL,
first_name=ADMIN_FIRST_NAME,
last_name=ADMIN_LAST_NAME,
password_hash=p_hash,
password_salt=p_salt,
is_system_admin=True,
)
db.session.add(user)
db.session.commit()
return user
def user(app):
p_hash, p_salt = make_hash(USER_PASSWORD)
user = User(
uuid=uuid.uuid4().hex,
email="*****@*****.**",
first_name="firstname",
last_name="lastname",
password_hash=p_hash,
password_salt=p_salt,
is_system_admin=False,
)
db.session.add(user)
db.session.commit()
return user
def approvep(self, bag, approve, comment):
roles_filter = []
for role_id in g.user.roles_id:
roles_filter.append(
db.Document.approval.contains(type_coerce({'approval_roles': [{"role_id": role_id}]}, JSONB)))
query = g.tran.query(db.Document).filter_by(_id=bag[ID] if ID in bag else bag['_id'], _deleted='infinity') \
.filter(or_(and_(db.Document.document_status == "approval", or_(*roles_filter)),
and_(db.Document.document_status == "approved",
db.Document.data.contains(type_coerce({'executor_id': g.user.id}, JSONB))),
and_(db.Document.document_status == 'draft',
db.Document.data.contains(type_coerce({'user_id': g.user.id}, JSONB)))))
document = query.first()
if document is None:
raise CbsException(USER_NO_ACCESS)
doc_data = orm_to_json(document)
del doc_data["_created"]
del doc_data["_deleted"]
del doc_data["entry_user_id"]
dd_hash = make_hash(doc_data)
bag_hash = make_hash(bag)
if doc_data['document_status'] == 'draft':
doc_data['document_status'] = 'approval' if \
'required' in doc_data['approval'] and doc_data['approval']['required'] == True else 'approved'
pg_db = PostgresDatabase()
doc_data['type'] = 'Document'
del doc_data["_created"]
del doc_data["_deleted"]
_id, _rev = pg_db.store(doc_data)
return {"id": _id, "rev": _rev}
elif doc_data['document_`status'] == 'approval':
approval_position = 0
for approval_role in doc_data['approval']["approval_roles"]:
if g.user.roles_id.index(approval_role["role_id"]) >= 0 and "approved" not in approval_role:
if "approval_users" in approval_role:
for approval_users in approval_role["approval_users"]:
if approval_users["user_id"] == g.user.id:
raise CbsException(GENERIC_ERROR, u'Вы уже одобряли документ')
approval_role["approval_users"].append({
"user_id": g.user.id,
"approved": approve
})
else:
approval_role["approval_users"] = []
approval_role["approval_users"].append({
"user_id": g.user.id,
"approved": approve
})
if approve is True:
if doc_data['approval']["approval_type"] == 'all':
users_count = g.tran.query(db.User).filter_by(_deleted='infinity') \
.filter(db.User.roles_id.contains(type_coerce(approval_role["role_id"], JSONB)))
if users_count == len(approval_role["approval_users"]):
approval_role["approved"] = True
try:
if approval_position == len(
doc_data['approval']["approval_roles"]) - 1:
doc_data['document_status'] = 'approved'
except IndexError:
pass
else:
approval_role["approved"] = True
try:
if approval_position == len(
doc_data['approval']["approval_roles"]) - 1:
doc_data['document_status'] = 'approved'
except IndexError:
pass
else:
approval_role["approved"] = False
doc_data['document_status'] = 'rejected'
break
approval_position += 1
pg_db = PostgresDatabase()
if comment:
pg_db.store({
"type": "DocumentComments",
"document_id": doc_data['_id'],
"data": {
"comment_type": "approval" if approve is True else "rejection",
"comment": comment
}
})
doc_data['type'] = 'Document'
if dd_hash == bag_hash:
_id, _rev = pg_db.store(doc_data)
return {"id": _id, "rev": _rev}
else:
ar_indexes = []
ar_index = 0
for ar in doc_data['approval']['approval_roles']:
if "approval_users" not in ar:
ar_indexes.append(ar_index)
ar_index += 1
for index in ar_indexes:
del doc_data['approval']['approval_roles'][index]
for role_id in doc_data['approval']['roles_id']:
doc_data['approval']['approval_roles'].append({
"role_id": role_id
})
bag['type'] = 'Document'
bag['document_status'] = 'approval'
bag['approval'] = doc_data['approval']
bag['data']['executor_id'] = None
bag['data']['user_id'] = doc_data['data']['user_id']
_id, _rev = pg_db.store(bag)
return {"id": _id, "rev": _rev}
elif doc_data['document_status'] == 'approved':
pg_db = PostgresDatabase()
if comment:
pg_db.store({
"type": "DocumentComments",
"document_id": doc_data['_id'],
"data": {
"comment_type": "commit",
"comment": comment
}
})
if doc_data['data']["executor_id"] == g.user.id and\
(dd_hash == bag_hash or 'roles_id' not in doc_data['approval']):
return self.commit(bag)
elif doc_data['data']["executor_id"] == g.user.id and dd_hash != bag_hash:
for role_id in doc_data['approval']['roles_id']:
doc_data['approval']['approval_roles'].append({
"role_id": role_id
})
bag['type'] = 'Document'
bag['document_status'] = 'approval'
bag['approval'] = doc_data['approval']
bag['data']['executor_id'] = doc_data['data']['executor_id']
bag['data']['user_id'] = doc_data['data']['user_id']
_id, _rev = pg_db.store(bag)
return {"id": _id, "rev": _rev}
raise CbsException(GENERIC_ERROR, u'Не подходящий статус документа')
def test_verify_hash():
pw = "password"
hash_p, hash_s = make_hash(pw)
assert verify_hash(pw, hash_p, hash_s) is True
def test_make_hash_w_salt():
mock_salt = secrets.token_urlsafe(32)
hash_p, hash_s = make_hash("password", mock_salt)
assert hash_p is not None
assert hash_s is not None
def test_make_hash():
hash_p, hash_s = make_hash("password")
assert hash_p is not None
assert hash_s is not None