def testPutWithExistingOwnerModified(self):
self.fvv.put()
fvv = models.FileVaultVolume(**self.fvv_data)
fvv.owner = 'new_owner1'
fvv.put()
fvv = models.FileVaultVolume(**self.fvv_data)
fvv.owner = 'new_owner2'
fvv.put()
def setUp(self):
super(FileVaultChangeOwnerAccessHandlerTest, self).setUp()
settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT
settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF
test_util.SetUpTestbedTestCase(self)
self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0'
self.user = models.User(
key_name='*****@*****.**', user=users.User('*****@*****.**'))
self.user.filevault_perms = [permissions.CHANGE_OWNER]
self.user.put()
fvv = models.FileVaultVolume(
hdd_serial='XX123456',
platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
serial='XX123456',
passphrase='SECRET',
volume_uuid=self.volume_uuid,
created_by=users.User('*****@*****.**'))
volume_id = fvv.put()
self.change_owner_url = '/api/internal/change-owner/filevault/%s/' % (
volume_id)
def testCheckAuthzCreatorOk(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
models.User(
key_name='*****@*****.**',
user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_CREATED_BY],
).put()
models.FileVaultVolume(
owner='stub3',
created_by=users.User('*****@*****.**'),
volume_uuid=vol_uuid,
passphrase=secret,
hdd_serial='stub',
platform_uuid='stub',
serial='stub',
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
with mock.patch.object(util, 'SendEmail') as _:
resp = gae_main.app.get_response('/filevault/%s?json=1' %
vol_uuid)
self.assertEqual(httplib.OK, resp.status_int)
self.assertIn('"passphrase": "%s"' % secret, resp.body)
def PutNewPassphrase(self, volume_uuid, passphrase, metadata):
"""Puts a new FileVaultVolume entity to Datastore.
Args:
volume_uuid: str, Volume UUID associated to the passphrase to put.
passphrase: str, FileVault2 passphrase / recovery token.
metadata: dict, dict of str metadata with keys matching
models.FileVaultVolume property names.
"""
# TODO(user): Enforce presence of XSRF token here.
# Without this, XSRF requests can create bogus extra records.
if not volume_uuid:
raise models.FileVaultAccessError('volume_uuid is required',
self.request)
entity = models.FileVaultVolume(key_name=volume_uuid,
volume_uuid=volume_uuid,
passphrase=str(passphrase))
for prop_name in entity.properties():
value = metadata.get(prop_name)
if value:
setattr(entity, prop_name, self.SanitizeString(value))
entity.put()
models.FileVaultAccessLog.Log(entity=entity,
message='PUT',
request=self.request)
self.response.out.write('Passphrase successfully escrowed!')
def testPutWithEmptyRequiredProperty(self):
self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name')
key_name = u'foo'
fvv = models.FileVaultVolume(key_name=key_name)
models.FileVaultVolume.get_by_key_name(key_name).AndReturn(None)
self.mox.ReplayAll()
self.assertRaises(models.FileVaultAccessError, fvv.put)
self.mox.VerifyAll()
def testPutWithExistingKeyName(self):
self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name')
key_name = u'foo'
fvv = models.FileVaultVolume(key_name=key_name)
models.FileVaultVolume.get_by_key_name(key_name).AndReturn('yes!')
self.mox.ReplayAll()
self.assertRaises(models.FileVaultAccessError, fvv.put)
self.mox.VerifyAll()
def setUp(self):
super(FileVaultVolumeTest, self).setUp()
self.fvv = models.FileVaultVolume(
key_name=u'foo',
hdd_serial='XX123456',
platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
serial='XX123456',
passphrase='SECRET',
volume_uuid='4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0',
created_by=users.User('*****@*****.**'))
def setUp(self):
super(FileVaultVolumeTest, self).setUp()
self.fvv_data = {
'hdd_serial': 'XX123456',
'platform_uuid': 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
'serial': 'XX123456',
'passphrase': 'SECRET',
'volume_uuid': '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0',
'created_by': users.User('*****@*****.**'),
}
self.fvv = models.FileVaultVolume(**self.fvv_data)
def testPutSuccess(self):
self.mox.StubOutWithMock(models.db.Model, 'put')
self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name')
key_name = u'foo'
fvv = models.FileVaultVolume(key_name=key_name)
models.FileVaultVolume.get_by_key_name(key_name).AndReturn(None)
for p in models.FileVaultVolume.REQUIRED_PROPERTIES:
setattr(fvv, p, 'something')
models.db.Model.put().AndReturn(None)
self.mox.ReplayAll()
fvv.put()
self.mox.VerifyAll()
def testVolumeUuidValid(self):
vol_uuid = str(uuid.uuid4()).upper()
models.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
key_name=vol_uuid, owner='stub',
volume_uuid=vol_uuid, passphrase='stub_pass1',
hdd_serial='stub', platform_uuid='stub', serial='stub',
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
resp = gae_main.app.get_response('/filevault/' + vol_uuid)
self.assertEqual(200, resp.status_int)
self.assertIn('{"passphrase": "stub_pass1"}', resp.body)
def testCheckAuthzOwnerFail(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
models.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
key_name=vol_uuid, owner='stub2',
volume_uuid=vol_uuid, passphrase=secret,
hdd_serial='stub', platform_uuid='stub', serial='stub',
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
with mock.patch.object(util, 'SendEmail') as _:
resp = gae_main.app.get_response('/filevault/' + vol_uuid)
self.assertEqual(400, resp.status_int)
self.assertIn('Not authorized', resp.body)
def testPutWithExistingDataModified(self):
self.fvv.put()
num_of_modifications = 1
for name, prop in self.fvv.properties().iteritems():
old_value = getattr(self.fvv, name)
if name == 'active':
continue
if isinstance(prop, db.DateTimeProperty):
continue
elif isinstance(prop, db.BooleanProperty):
new_value = not bool(old_value)
elif isinstance(prop, db.UserProperty):
new_value = users.User('*****@*****.**')
else:
new_value = 'JUNK'
fvv = models.FileVaultVolume(**self.fvv_data)
setattr(fvv, name, new_value)
fvv.put()
num_of_modifications += 1
volumes = models.FileVaultVolume.all().fetch(999)
self.assertEqual(num_of_modifications, len(volumes))
def testPutWithoutKeyName(self):
fvv = models.FileVaultVolume()
self.assertRaises(models.FileVaultAccessError, fvv.put)
def _CreateNewSecretEntity(self, owner, volume_uuid, secret):
return models.FileVaultVolume(key_name=volume_uuid,
owner=owner,
volume_uuid=volume_uuid,
passphrase=str(secret))
def testPutSuccess(self):
fvv = models.FileVaultVolume()
for p in models.FileVaultVolume.REQUIRED_PROPERTIES:
setattr(fvv, p, 'something')
fvv.put()
def testPutWithEmptyRequiredProperty(self):
key_name = u'foo'
fvv = models.FileVaultVolume(key_name=key_name)
self.assertRaises(models.FileVaultAccessError, fvv.put)
