def test_verify_phone_valid_code(app):
responses.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={
'message': 'Verification code is correct.',
'success': True
})
args = {
'eth_address': str_eth(sample_eth_address),
'country_calling_code': '1',
'phone': '12341234',
'code': '123456'
}
with mock.patch('logic.attestation_service.session', dict()) as session:
session['phone_verification_method'] = 'sms'
with app.test_request_context():
response = VerificationService.verify_phone(**args)
assert isinstance(response, VerificationServiceResponse)
assert response.data['signature']['version'] == '1.0.0'
assert len(response.data['signature']['bytes']) == SIGNATURE_LENGTH
assert response.data[
'schemaId'] == 'https://schema.originprotocol.com/attestation_1.0.0.json'
validate_issuer(response.data['data']['issuer'])
assert response.data['data']['issueDate']
assert response.data['data']['attestation']['verificationMethod']['sms']
assert response.data['data']['attestation']['phone']['verified']
attestations = Attestation.query.all()
assert (len(attestations)) == 1
assert (attestations[0].method) == AttestationTypes.PHONE
assert (attestations[0].value) == "1 12341234"
def test_email_verify(mock_send_email_using_sendgrid, client):
mock_send_email_using_sendgrid.return_value = True
data = {
'email': '*****@*****.**'
}
response = post_json(client, '/api/attestations/email/generate-code', data)
assert response.status_code == 200
assert 'email_attestation' in session
verification_code = session['email_attestation']['code']
data['identity'] = str_eth(sample_eth_address)
data['code'] = verification_code
response = post_json(client, '/api/attestations/email/verify', data)
assert response.status_code == 200
response_json = json_of_response(response)
assert len(response_json['signature']['bytes']) == SIGNATURE_LENGTH
assert response_json['schemaId'] == 'https://schema.originprotocol.com/attestation_1.0.0.json'
validate_issuer(response_json['data']['issuer'])
assert response_json['data']['issueDate']
assert response_json['data']['attestation']['verificationMethod']['email']
assert response_json['data']['attestation']['email']['verified']
def test_twitter_verify(client):
response_content = b'oauth_token=peaches&oauth_token_secret=pears'
with responses.RequestsMock() as rsps:
rsps.add(
responses.POST,
twitter_request_token_url,
body=response_content,
status=200
)
rsps.add(
responses.POST,
twitter_access_token_url,
body=b'screen_name=originprotocol',
status=200
)
response = client.get("/api/attestations/twitter/auth-url")
assert response.status_code == 200
assert "oauth_token=peaches" in json_of_response(response)['url']
response = post_json(
client,
"/api/attestations/twitter/verify",
{
"identity": str_eth(sample_eth_address),
"oauth-verifier": "abcde12345"
}
)
response_json = json_of_response(response)
assert response.status_code == 200
assert len(response_json['signature']) == 132
assert response_json['data'] == 'twitter verified'
def test_verify_email_invalid_email():
session_dict = {
'email_attestation': {
'email': generate_password_hash('*****@*****.**'),
'code': '12345',
'expiry': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}
}
args = {
'eth_address': str_eth(sample_eth_address),
'email': '*****@*****.**',
'code': '54321'
}
with mock.patch('logic.attestation_service.session', session_dict):
with pytest.raises(EmailVerificationError) as verification_err:
VerificationService.verify_email(**args)
assert(verification_err.value.message) == \
'No verification code was found for that email.'
# Verify attestation not stored
attestations = Attestation.query.all()
assert(len(attestations)) == 0
def test_verify_phone(client):
with responses.RequestsMock() as rsps:
rsps.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={
'message': 'Verification code is correct.',
'success': True
}
)
args = {
'country_calling_code': '1',
'phone': '12341234',
'code': '123456',
'identity': str_eth(sample_eth_address)
}
with mock.patch('logic.attestation_service.session', dict()) as session:
session['phone_verification_method'] = 'sms'
response = post_json(client, '/api/attestations/phone/verify', args)
assert response.status_code == 200
response_json = json_of_response(response)
assert len(response_json['signature']['bytes']) == SIGNATURE_LENGTH
assert response_json['schemaId'] == \
'https://schema.originprotocol.com/attestation_1.0.0.json'
validate_issuer(response_json['data']['issuer'])
assert response_json['data']['issueDate']
assert response_json['data']['attestation']['verificationMethod']['sms']
assert response_json['data']['attestation']['phone']['verified']
def test_verify_phone_valid_code():
responses.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={
'message': 'Verification code is correct.',
'success': True
}
)
args = {
'eth_address': str_eth(sample_eth_address),
'country_calling_code': '1',
'phone': '12341234',
'code': '123456'
}
response = VerificationService.verify_phone(**args)
assert isinstance(response, VerificationServiceResponse)
assert len(response.data['signature']) == SIGNATURE_LENGTH
assert response.data['claim_type'] == CLAIM_TYPES['phone']
assert response.data['data'] == 'phone verified'
attestations = Attestation.query.all()
assert(len(attestations)) == 1
assert(attestations[0].method) == AttestationTypes.PHONE
assert(attestations[0].value) == "1 12341234"
def test_verify_email_invalid_code(mock_session):
session_dict = {
'email_attestation': {
'email': generate_password_hash('*****@*****.**'),
'code': '12345',
'expiry': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}
}
args = {
'eth_address': str_eth(sample_eth_address),
'email': '*****@*****.**',
'code': '54321'
}
with mock.patch('logic.attestation_service.session', session_dict):
with pytest.raises(ValidationError) as validation_err:
VerificationService.verify_email(**args)
assert(validation_err.value.messages[0]
) == 'Verification code is incorrect.'
assert(validation_err.value.field_names[0]) == 'code'
# Verify attestation not stored
attestations = Attestation.query.all()
assert(len(attestations)) == 0
def test_facebook_verify(client):
response = client.get("/api/attestations/facebook/auth-url")
expected_url = ("?client_id=facebook-client-id&redirect_uri"
"=https://testhost.com/redirects/facebook/")
assert response.status_code == 200
assert expected_url in json_of_response(response)['url']
with responses.RequestsMock() as rsps:
auth_url = 'https://graph.facebook.com/v2.12/oauth/access_token' + \
'?client_id=facebook-client-id' + \
'&client_secret=facebook-client-secret' + \
'&redirect_uri=https%3A%2F%2Ftesthost.com%2Fredirects%2Ffacebook%2F' + \
'&code=abcde12345'
verify_url = 'https://graph.facebook.com/me?access_token=12345'
rsps.add(
responses.GET,
auth_url,
json={'access_token': '1234abc'},
)
rsps.add(responses.GET,
verify_url,
json={'name': 'Origin Protocol'},
status=200)
response = post_json(client, "/api/attestations/facebook/verify", {
"identity": str_eth(sample_eth_address),
"code": "abcde12345"
})
response_json = json_of_response(response)
assert response.status_code == 200
assert len(response_json['signature']) == 132
assert response_json['data'] == 'facebook verified'
def test_twitter_verify(mock_ipfs, client):
response_content = b'oauth_token=peaches&oauth_token_secret=pears'
mock_ipfs.return_value.add_json.return_value = \
'QmYpVLAyQ2SV7NLATdN3xnHTewoQ3LYN85LAcvN1pr2k3z'
with responses.RequestsMock() as rsps:
rsps.add(responses.POST,
twitter_request_token_url,
body=response_content,
status=200)
rsps.add(responses.POST,
twitter_access_token_url,
body=b'screen_name=originprotocol',
status=200)
response = client.get("/api/attestations/twitter/auth-url")
assert response.status_code == 200
assert "oauth_token=peaches" in json_of_response(response)['url']
response = post_json(
client, "/api/attestations/twitter/verify", {
"identity": str_eth(sample_eth_address),
"oauth-verifier": "abcde12345"
})
response_json = json_of_response(response)
assert response.status_code == 200
assert len(response_json['signature']) == 132
assert response_json['data'] \
== 'QmYpVLAyQ2SV7NLATdN3xnHTewoQ3LYN85LAcvN1pr2k3z'
def test_verify_email_valid_code(mock_session):
session_dict = {
'email_attestation': {
'email': generate_password_hash('*****@*****.**'),
'code': '12345',
'expiry': datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}
}
args = {
'eth_address': str_eth(sample_eth_address),
'email': '*****@*****.**',
'code': '12345'
}
with mock.patch('logic.attestation_service.session', session_dict):
response = VerificationService.verify_email(**args)
assert isinstance(response, VerificationServiceResponse)
assert len(response.data['signature']) == SIGNATURE_LENGTH
assert response.data['claim_type'] == CLAIM_TYPES['email']
assert response.data['data'] == 'email verified'
# Verify attestation stored in database
attestations = Attestation.query.all()
assert(len(attestations)) == 1
assert(attestations[0].method) == AttestationTypes.EMAIL
assert(attestations[0].value) == "*****@*****.**"
def test_new_endpoint(db):
eth_address = str_eth(sample_eth_address)
notify_token = "SAMPLE_APN_TOKEN"
register_eth_notification(
eth_address,
EthNotificationTypes.APN,
notify_token)
assert(EthNotificationEndpoint.query.filter_by(
eth_address=eth_address).count() == 1)
def test_verify_phone_wrong_code(session, mock_normalize_number):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
args = {
'eth_address': str_eth(sample_eth_address),
'phone': vc_obj.phone,
'code': 'garbage'
}
with pytest.raises(PhoneVerificationError) as service_err:
VerificationService.verify_phone(**args)
assert str(service_err.value) == 'The code you provided is invalid.'
def test_verify_phone_phone_not_found(session, mock_normalize_number):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
args = {
'eth_address': str_eth(sample_eth_address),
'phone': 'garbage',
'code': vc_obj.code
}
with pytest.raises(PhoneVerificationError) as service_err:
VerificationService.verify_phone(**args)
assert str(service_err.value) == 'The given phone number was not found.'
def test_verify_phone_expired_code(session, mock_normalize_number):
vc_obj = VerificationCodeFactory.build()
vc_obj.expires_at = utcnow() - datetime.timedelta(days=1)
session.add(vc_obj)
session.commit()
args = {
'eth_address': str_eth(sample_eth_address),
'phone': vc_obj.phone,
'code': vc_obj.code
}
with pytest.raises(PhoneVerificationError) as service_err:
VerificationService.verify_phone(**args)
assert str(service_err.value) == 'The code you provided has expired.'
def test_verify_email_email_not_found(mock_now, session):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
args = {
'eth_address': str_eth(sample_eth_address),
'email': 'garbage',
'code': vc_obj.code
}
mock_now.return_value = vc_obj.expires_at - datetime.timedelta(minutes=1)
with pytest.raises(EmailVerificationError) as service_err:
VerificationService.verify_email(**args)
assert str(service_err.value) == 'The given email was not found.'
def test_verify_email_wrong_code(mock_now, session):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
req = {
'eth_address': str_eth(sample_eth_address),
'email': vc_obj.email,
'code': 'garbage'
}
mock_now.return_value = vc_obj.expires_at - datetime.timedelta(minutes=1)
with pytest.raises(EmailVerificationError) as service_err:
VerificationService.verify_email(**req)
assert str(service_err.value) == 'The code you provided is invalid.'
def test_verify_email_valid_code(mock_now, session):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
req = {
'eth_address': str_eth(sample_eth_address),
'email': vc_obj.email.upper(),
'code': vc_obj.code
}
mock_now.return_value = vc_obj.expires_at - datetime.timedelta(minutes=1)
resp = VerificationService.verify_email(**req)
resp_data = resp.data
assert len(resp_data['signature']) == SIGNATURE_LENGTH
assert resp_data['claim_type'] == CLAIM_TYPES['email']
assert resp_data['data'] == 'email verified'
def test_verify_email_no_verification_sent():
args = {
'eth_address': str_eth(sample_eth_address),
'email': '*****@*****.**',
'code': '54321'
}
with mock.patch('logic.attestation_service.session', dict()):
with pytest.raises(EmailVerificationError) as verification_err:
VerificationService.verify_email(**args)
assert(verification_err.value.message) == \
'No verification code was found.'
# Verify attestation not stored
attestations = Attestation.query.all()
assert(len(attestations)) == 0
def test_verify_phone_valid_code(session, mock_normalize_number):
vc_obj = VerificationCodeFactory.build()
session.add(vc_obj)
session.commit()
args = {
'eth_address': str_eth(sample_eth_address),
'phone': vc_obj.phone,
'code': vc_obj.code
}
resp = VerificationService.verify_phone(**args)
assert isinstance(resp, VerificationServiceResponse)
resp_data = resp.data
assert len(resp_data['signature']) == SIGNATURE_LENGTH
assert resp_data['claim_type'] == CLAIM_TYPES['phone']
assert resp_data['data'] == 'phone verified'
def test_email_verify(MockHttpClient, client):
email = '*****@*****.**'
resp = post_json(client,
"/api/attestations/email/generate-code",
{"email": email})
db_code = VC.query.filter(VC.email == email).first()
assert db_code.code is not None
resp = post_json(client,
"/api/attestations/email/verify",
{"email": email,
"identity": str_eth(sample_eth_address),
'code': db_code.code})
resp_json = json_of_response(resp)
assert resp.status_code == 200
assert len(resp_json['signature']) == 132
assert resp_json['data'] == 'email verified'
def test_verify_phone_invalid_code():
responses.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={'error_code': '60022'}, # No pending verification
status=401)
args = {
'eth_address': str_eth(sample_eth_address),
'country_calling_code': '1',
'phone': '12341234',
'code': 'garbage'
}
with pytest.raises(ValidationError) as validation_err:
VerificationService.verify_phone(**args)
assert (
validation_err.value.messages[0]) == 'Verification code is incorrect.'
assert (validation_err.value.field_names[0]) == 'code'
def test_twitter_verify(mock_requests, client):
response_content = b'oauth_token=peaches&oauth_token_secret=pears'
mock_requests.post().content = response_content
mock_requests.post().status_code = 200
resp = client.get(
"/api/attestations/twitter/auth-url")
expected_url = "oauth_token=peaches"
assert resp.status_code == 200
assert expected_url in json_of_response(resp)['url']
resp = post_json(client,
"/api/attestations/twitter/verify",
{"identity": str_eth(sample_eth_address),
"oauth-verifier": "abcde12345"})
resp_json = json_of_response(resp)
assert resp.status_code == 200
assert len(resp_json['signature']) == 132
assert resp_json['data'] == 'twitter verified'
def test_phone_verify(client, mock_send_sms, mock_normalize_number):
phone = "6666666666"
resp = post_json(client,
"/api/attestations/phone/generate-code",
{"phone": phone})
assert resp.status_code == 200
assert json_of_response(resp) == {}
db_code = VC.query.filter(VC.phone == phone).first()
assert db_code.code is not None
resp = post_json(client,
"/api/attestations/phone/verify",
{"phone": phone,
"identity": str_eth(sample_eth_address),
'code': db_code.code})
resp_json = json_of_response(resp)
assert resp.status_code == 200
assert len(resp_json['signature']) == 132
assert resp_json['data'] == 'phone verified'
def test_verify_phone_expired_code():
responses.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={'error_code': '60023'}, # No pending verification
status=404)
args = {
'eth_address': str_eth(sample_eth_address),
'country_calling_code': '1',
'phone': '12341234',
'code': '123456'
}
with mock.patch('logic.attestation_service.session', dict()) as session:
session['phone_verification_method'] = 'call'
with pytest.raises(ValidationError) as validation_err:
VerificationService.verify_phone(**args)
assert (
validation_err.value.messages[0]) == 'Verification code has expired.'
assert (validation_err.value.field_names[0]) == 'code'
def test_email_verify(mock_send_email_using_sendgrid, client):
mock_send_email_using_sendgrid.return_value = True
data = {'email': '*****@*****.**'}
response = post_json(client, '/api/attestations/email/generate-code', data)
assert response.status_code == 200
assert 'email_attestation' in session
verification_code = session['email_attestation']['code']
data['identity'] = str_eth(sample_eth_address)
data['code'] = verification_code
response = post_json(client, '/api/attestations/email/verify', data)
assert response.status_code == 200
response_json = json_of_response(response)
assert len(response_json['signature']) == 132
assert response_json['data'] == 'email verified'
def test_twitter_verify(client):
response_content = b'oauth_token=peaches&oauth_token_secret=pears'
with responses.RequestsMock() as rsps:
rsps.add(
responses.POST,
twitter_request_token_url,
body=response_content,
status=200
)
rsps.add(
responses.POST,
twitter_access_token_url,
body=b'screen_name=originprotocol',
status=200
)
response = client.get("/api/attestations/twitter/auth-url")
assert response.status_code == 200
assert "oauth_token=peaches" in json_of_response(response)['url']
response = post_json(
client,
"/api/attestations/twitter/verify",
{
"identity": str_eth(sample_eth_address),
"oauth-verifier": "abcde12345"
}
)
response_json = json_of_response(response)
assert response.status_code == 200
assert len(response_json['signature']['bytes']) == SIGNATURE_LENGTH
assert response_json['schemaId'] == \
'https://schema.originprotocol.com/attestation_1.0.0.json'
validate_issuer(response_json['data']['issuer'])
assert response_json['data']['issueDate']
assert response_json['data']['attestation']['verificationMethod']['oAuth']
assert response_json['data']['attestation']['site']['siteName'] == 'twitter.com'
assert response_json['data']['attestation']['site']['userId']['raw'] == 'originprotocol'
def test_verify_phone(client):
with responses.RequestsMock() as rsps:
rsps.add(
responses.GET,
'https://api.authy.com/protected/json/phones/verification/check',
json={
'message': 'Verification code is correct.',
'success': True
})
args = {
'country_calling_code': '1',
'phone': '12341234',
'code': '123456',
'identity': str_eth(sample_eth_address)
}
response = post_json(client, '/api/attestations/phone/verify', args)
assert response.status_code == 200
response_json = json_of_response(response)
assert len(response_json['signature']) == 132
assert response_json['data'] == 'phone verified'
def test_facebook_verify(MockHttpConnection, client):
mock_http_conn = mock.Mock()
mock_get_response = mock.Mock()
mock_get_response.read.return_value = '{"access_token": "foo"}'
mock_http_conn.getresponse.return_value = mock_get_response
MockHttpConnection.return_value = mock_http_conn
resp = client.get(
"/api/attestations/facebook/auth-url")
expected_url = ("?client_id=facebook-client-id&redirect_uri"
"=https://testhost.com/redirects/facebook/")
assert resp.status_code == 200
assert expected_url in json_of_response(resp)['url']
resp = post_json(client,
"/api/attestations/facebook/verify",
{"identity": str_eth(sample_eth_address),
"code": "abcde12345"})
resp_json = json_of_response(resp)
assert resp.status_code == 200
assert len(resp_json['signature']) == 132
assert resp_json['data'] == 'facebook verified'
def test_verify_email_valid_code(mock_session, app):
session_dict = {
'email_attestation': {
'email': generate_password_hash('*****@*****.**'),
'code': '12345',
'expiry':
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}
}
args = {
'eth_address': str_eth(sample_eth_address),
'email': '*****@*****.**',
'code': '12345'
}
with mock.patch('logic.attestation_service.session', session_dict):
with app.test_request_context():
response = VerificationService.verify_email(**args)
assert isinstance(response, VerificationServiceResponse)
assert response.data['signature']['version'] == '1.0.0'
assert len(response.data['signature']['bytes']) == SIGNATURE_LENGTH
assert response.data[
'schemaId'] == 'https://schema.originprotocol.com/attestation_1.0.0.json'
validate_issuer(response.data['data']['issuer'])
assert response.data['data']['issueDate']
assert response.data['data']['attestation']['verificationMethod']['email']
assert response.data['data']['attestation']['email']['verified']
# Verify attestation stored in database
attestations = Attestation.query.all()
assert (len(attestations)) == 1
assert (attestations[0].method) == AttestationTypes.EMAIL
assert (attestations[0].value) == "*****@*****.**"
