def test_get_signed_documents_post_raises(client, monkeypatch):
from edusign_webapp.api_client import APIClient
def mock_post(*args, **kwargs):
raise Exception("ho ho ho")
monkeypatch.setattr(APIClient, '_post', mock_post)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with run.app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
doc_data = {
'csrf_token': csrf_token,
'payload': {
'sign_response': 'Dummy Sign Response',
'relay_state': '09d91b6f-199c-4388-a4e5-230807dd4ac4'
},
}
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
response = client.post(
'/sign/get-signed',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
resp_data = json.loads(response.data)
assert resp_data[
'message'] == 'There was an error. Please try again, or contact the site administrator.'
def _test_create_multi_sign_request(app,
environ_base,
monkeypatch,
sample_doc_1,
doc_data,
mock_add_document=None):
_, app = app
client = app.test_client()
client.environ_base.update(environ_base)
if mock_add_document is not None:
from edusign_webapp.doc_store import DocStore
monkeypatch.setattr(DocStore, 'add_document', mock_add_document)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
doc_data['csrf_token'] = csrf_token
return client.post(
'/sign/create-multi-sign',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
def _create_sign_request(client, monkeypatch, data_payload, csrf_token=None):
response1 = client.get('/sign/')
assert response1.status == '200 OK'
if csrf_token is None:
with run.app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
else:
user_key = 'dummy key'
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
doc_data = {
'csrf_token': csrf_token,
'payload': data_payload,
}
if csrf_token == 'rm':
del doc_data['csrf_token']
response = client.post(
'/sign/create-sign-request',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
return json.loads(response.data)
def _test_send_reminders(app, environ_base, monkeypatch, sample_doc_1):
_, app = app
client = app.test_client()
client.environ_base.update(environ_base)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
doc_data = {
'csrf_token': csrf_token,
'payload': {
'document':
sample_doc_1,
'owner':
'*****@*****.**',
'text':
'Dummy invitation text',
'sendsigned':
True,
'invites': [
{
'name': 'invite0',
'email': '*****@*****.**'
},
{
'name': 'invite1',
'email': '*****@*****.**'
},
],
},
}
response = client.post(
'/sign/create-multi-sign',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
reminder_data = {
'csrf_token': csrf_token,
'payload': {
'text': 'Test text',
'key': sample_doc_1['key'],
},
}
response = client.post(
'/sign/send-multisign-reminder',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=reminder_data,
)
return json.loads(response.data)
def test_create_sign_request_bad_api_response(client, monkeypatch):
from edusign_webapp.api_client import APIClient
def mock_post(*args, **kwargs):
return {'errorCode': 'dummy code', 'message': 'dummy message'}
monkeypatch.setattr(APIClient, '_post', mock_post)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with run.app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
doc_data = {
'csrf_token': csrf_token,
'payload': {
'documents': [{
'key':
str(uuid.uuid4()),
'name':
'test.pdf',
'type':
'application/pdf',
'ref':
'd2a05a27-6913-47ed-82f5-fd0e89ee5f07',
'sign_requirement':
'{"fieldValues": {"idp": "https://login.idp.eduid.se/idp.xml"}, "page": 2, "scale": -74, "signerName": {"formatting": null, "signerAttributes": [{"name": "urn:oid:2.5.4.42"}, {"name": "urn:oid:2.5.4.4"}, {"name": "urn:oid:0.9.2342.19200300.100.1.3"}]}, "templateImageRef": "eduSign-image", "xposition": 37, "yposition": 165}',
}]
},
}
response = client.post(
'/sign/create-sign-request',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
resp_data = json.loads(response.data)
assert resp_data['message'] == 'dummy message'
assert resp_data['error']
def test_recreate_sign_request_bad_api_response(client, monkeypatch,
sample_doc_1):
from edusign_webapp.api_client import APIClient
def mock_post(self, url, *args, **kwargs):
if 'prepare' in url:
return {
'policy': 'edusign-test',
'updatedPdfDocumentReference':
'ba26478f-f8e0-43db-991c-08af7c65ed58',
'visiblePdfSignatureRequirement': {
'fieldValues': {
'idp': 'https://login.idp.eduid.se/idp.xml'
},
'page': 2,
'scale': -74,
'signerName': {
'formatting':
None,
'signerAttributes': [
{
'name': 'urn:oid:2.5.4.42'
},
{
'name': 'urn:oid:2.5.4.4'
},
{
'name': 'urn:oid:0.9.2342.19200300.100.1.3'
},
],
},
'templateImageRef': 'eduSign-image',
'xposition': 37,
'yposition': 165,
},
}
return {'errorCode': 'dummy', 'message': 'dummy message'}
monkeypatch.setattr(APIClient, '_post', mock_post)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with run.app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
doc_data = {
'csrf_token': csrf_token,
'payload': {
'documents': {
'local': [{
'name': 'test.pdf',
'size': 100,
'type': 'application/pdf',
'blob': sample_doc_1['blob'],
'key': sample_doc_1['key'],
}],
'owned': [],
'invited': [],
}
},
}
response = client.post(
'/sign/recreate-sign-request',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
resp_data = json.loads(response.data)
assert resp_data['error']
assert resp_data['message'] == 'dummy message'
def _test_final_sign_multi_sign_request(
app,
environ_base,
monkeypatch,
sample_doc_1,
mock_invitation,
create_sign_request=True,
prepare_data=None,
create_data=None,
error_creation=False,
):
_, app = app
client = app.test_client()
client.environ_base.update(environ_base)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
if create_sign_request:
doc_data = {
'csrf_token': csrf_token,
'payload': {
'document':
sample_doc_1,
'owner':
'*****@*****.**',
'invites': [
{
'name': 'invite0',
'email': '*****@*****.**'
},
{
'name': 'invite1',
'email': '*****@*****.**'
},
],
},
}
response = client.post(
'/sign/create-multi-sign',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
from edusign_webapp.api_client import APIClient
def mock_post(self, url, *args, **kwargs):
if 'prepare' in url:
if prepare_data is not None:
return prepare_data
return {
'policy': 'edusign-test',
'updatedPdfDocumentReference':
'ba26478f-f8e0-43db-991c-08af7c65ed58',
'visiblePdfSignatureRequirement': {
'fieldValues': {
'idp': 'https://login.idp.eduid.se/idp.xml'
},
'page': 2,
'scale': -74,
'signerName': {
'formatting':
None,
'signerAttributes': [
{
'name': 'urn:oid:2.5.4.42'
},
{
'name': 'urn:oid:2.5.4.4'
},
{
'name': 'urn:oid:0.9.2342.19200300.100.1.3'
},
],
},
'templateImageRef': 'eduSign-image',
'xposition': 37,
'yposition': 165,
},
}
if error_creation:
raise Exception()
if create_data is not None:
return create_data
return {
'binding': 'POST/XML/1.0',
'destinationUrl': 'https://sig.idsec.se/sigservice-dev/request',
'relayState': '31dc573b-ab7d-496c-845e-cae8792ba063',
'signRequest': 'DUMMY SIGN REQUEST',
'state': {
'id': '31dc573b-ab7d-496c-845e-cae8792ba063'
},
}
monkeypatch.setattr(APIClient, '_post', mock_post)
def mock_get_invitation(*args):
return mock_invitation
monkeypatch.setattr(DocStore, 'get_signed_document', mock_get_invitation)
doc = deepcopy(sample_doc_1)
del doc['blob']
payload_data = {
'documents': {
'owned': [doc],
'local': [],
'invited': []
},
}
doc_data = {
'csrf_token': csrf_token,
'payload': payload_data,
}
if csrf_token == 'rm':
del doc_data['csrf_token']
response = client.post(
'/sign/recreate-sign-request',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
assert response.status == '200 OK'
return json.loads(response.data)
def _test_get_signed_documents(client, monkeypatch, process_data=None):
from edusign_webapp.api_client import APIClient
def mock_post(*args, **kwargs):
if process_data is not None:
return process_data
return {
'correlationId':
'2a08e13e-8719-4b53-8586-662037f153ec',
'id':
'09d91b6f-199c-4388-a4e5-230807dd4ac4',
'signedDocuments': [{
'id': '6e46692d-7d34-4954-b760-96ee6ce48f61',
'mimeType': 'application/pdf',
'signedContent': 'Dummy signed content',
}],
'signerAssertionInformation': {
'assertion':
'Dummy signer assertion',
'assertionReference':
'id-9bts2Fze4U1amT7GF',
'authnContextRef':
'https://www.swamid.se/specs/id-fido-u2f-ce-transports',
'authnInstant':
1611062701000,
'authnServiceID':
'https://login.idp.eduid.se/idp.xml',
'authnType':
'saml',
'signerAttributes': [
{
'name': 'urn:oid:2.16.840.1.113730.3.1.241',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'Testing Tester',
},
{
'name': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': '*****@*****.**',
},
{
'name': 'urn:oid:2.5.4.42',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'Testing',
},
{
'name': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.9',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': '*****@*****.**',
},
{
'name': 'urn:oid:2.5.4.6',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'se',
},
{
'name': 'urn:oid:0.9.2342.19200300.100.1.43',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'Sweden',
},
{
'name': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.13',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': '*****@*****.**',
},
{
'name': 'urn:oid:1.3.6.1.4.1.5923.1.1.1.11',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'http://www.swamid.se/policy/assurance/al1',
},
{
'name': 'urn:oid:2.5.4.3',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'Testing Tester',
},
{
'name': 'urn:oid:2.5.4.4',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': 'Tester',
},
{
'name': 'urn:oid:0.9.2342.19200300.100.1.3',
'nameFormat':
'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
'type': 'saml',
'value': '*****@*****.**',
},
],
},
}
monkeypatch.setattr(APIClient, '_post', mock_post)
response1 = client.get('/sign/')
assert response1.status == '200 OK'
with run.app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)['csrf_token']
user_key = sess['user_key']
doc_data = {
'csrf_token': csrf_token,
'payload': {
'sign_response': 'Dummy Sign Response',
'relay_state': '09d91b6f-199c-4388-a4e5-230807dd4ac4'
},
}
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == 'user_key':
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, '__getitem__', mock_getitem)
return client.post(
'/sign/get-signed',
headers={
'X-Requested-With': 'XMLHttpRequest',
'Origin': 'https://test.localhost',
'X-Forwarded-Host': 'test.localhost',
},
json=doc_data,
)
def _test_create_invited_signature(
app,
environ_base,
monkeypatch,
sample_doc_1,
sample_invites_1,
mock_invitation,
doc_is_locked=False,
):
_, app = app
client = app.test_client()
client.environ_base.update(environ_base)
response1 = client.get("/sign/")
assert response1.status == "200 OK"
new_doc = deepcopy(sample_doc_1)
del new_doc['owner']
with app.test_request_context():
with client.session_transaction() as sess:
csrf_token = ResponseSchema().get_csrf_token(
{}, sess=sess)["csrf_token"]
user_key = sess["user_key"]
from flask.sessions import SecureCookieSession
def mock_getitem(self, key):
if key == "user_key":
return user_key
self.accessed = True
return super(SecureCookieSession, self).__getitem__(key)
monkeypatch.setattr(SecureCookieSession, "__getitem__", mock_getitem)
doc_data = {
"csrf_token": csrf_token,
"payload": {
"document": new_doc,
"owner": "*****@*****.**",
"invites": sample_invites_1,
"text": "text to send",
"sendsigned": True,
},
}
response = client.post(
"/sign/create-multi-sign",
headers={
"X-Requested-With": "XMLHttpRequest",
"Origin": "https://test.localhost",
"X-Forwarded-Host": "test.localhost",
},
json=doc_data,
)
assert response.status == "200 OK"
from edusign_webapp.api_client import APIClient
def mock_post(self, url, *args, **kwargs):
if "prepare" in url:
return {
"policy": "edusign-test",
"updatedPdfDocumentReference":
"ba26478f-f8e0-43db-991c-08af7c65ed58",
"visiblePdfSignatureRequirement": {
"fieldValues": {
"idp": "https://login.idp.eduid.se/idp.xml"
},
"page": 2,
"scale": -74,
"signerName": {
"formatting":
None,
"signerAttributes": [
{
"name": "urn:oid:2.5.4.42"
},
{
"name": "urn:oid:2.5.4.4"
},
{
"name": "urn:oid:0.9.2342.19200300.100.1.3"
},
],
},
"templateImageRef": "eduSign-image",
"xposition": 37,
"yposition": 165,
},
}
return {
"binding": "POST/XML/1.0",
"destinationUrl": "https://sig.idsec.se/sigservice-dev/request",
"relayState": "31dc573b-ab7d-496c-845e-cae8792ba063",
"signRequest": "DUMMY SIGN REQUEST",
"state": {
"id": "31dc573b-ab7d-496c-845e-cae8792ba063"
},
}
monkeypatch.setattr(APIClient, "_post", mock_post)
return client.get(
'/sign/config',
headers={
"X-Requested-With": "XMLHttpRequest",
"Origin": "https://test.localhost",
"X-Forwarded-Host": "test.localhost",
},
)