def test_secure_field(app):
class SecureSchema(Schema):
token = SecureField()
schema = SecureSchema()
# case 1: plaintext
data = {'token': 'abc'}
result = schema.load(data)
assert result.data['token'] == 'abc'
# case 2: valid secure token
data = {'token': {'secure': SecureToken.encrypt('def')}}
result = schema.load(data)
assert result.data['token'] == 'def'
# case 3: invalid secure token
data = {
'token': {
'secure':
'gAAAAABYmoldCp-EQGUKCppiqmVOu2jLrAKUz6E2e4aOMMD8Vu0VKswmJexHX6vUEoxVYKFUlSonPb91QKXZBEZdBezHzJMCHg=='
}
} # NOQA
result = schema.load(data)
assert result.data['token'] == ''
def _decrypt(self, token):
from cryptography.fernet import InvalidToken
try:
return SecureToken.decrypt(token)
except InvalidToken:
logger.warning('Invalid secure token: %s', token)
return ''
def encrypt(text):
'''Generate secure token from text'''
from badwolf.wsgi import app
from badwolf.security import SecureToken
with app.app_context():
token = SecureToken.encrypt(text)
click.echo(token)
def test_parse_secure_env(app):
s = """env:
- secure: {}""".format(to_text(SecureToken.encrypt('X=1 Y=2 Z=3')))
f = io.StringIO(s)
spec = Specification.parse_file(f)
assert len(spec.environments) == 1
env0 = spec.environments[0]
assert env0['X'] == '1'
assert env0['Y'] == '2'
assert env0['Z'] == '3'
def test_secure_token(app):
plaintext = 'super secret'
token = SecureToken.encrypt(plaintext)
decrypted = SecureToken.decrypt(token)
assert plaintext == decrypted