class TestEncryption(unittest.TestCase):
def setUp(self):
secret_key = os.urandom(32)
self.cipher = DataCipher(secret_key)
def test_it_encrypts_and_decrypts(self):
secret = {"to_happiness": "money"}
encrypted = self.cipher.encrypt(secret)
assert type(encrypted) == bytes
decrypted = self.cipher.decrypt(encrypted)
assert decrypted["to_happiness"] == secret["to_happiness"]
def test_other_data_types(self):
a = [1, 2, 3, 4, 5, 6]
assert a == self.cipher.decrypt(self.cipher.encrypt(a))
b = 123456.78
assert b == self.cipher.decrypt(self.cipher.encrypt(b))
c = "a secret message"
assert c == self.cipher.decrypt(self.cipher.encrypt(c))
def post(self):
"""
Attempts to log in to the OECI web site using the provided username
and password if successful, encrypt those credentials and return them
in a cookie. If the credentials
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["oeci_username", "oeci_password"])
credentials = {"oeci_username": data["oeci_username"], "oeci_password": data["oeci_password"]}
cipher = DataCipher(key=current_app.config.get("SECRET_KEY"))
encrypted_credentials = cipher.encrypt(credentials)
response = make_response()
# TODO: We will need an OECILogout endpoint to remove httponly=true cookies from frontend
response.set_cookie(
"oeci_token",
secure=os.getenv("TIER") == "production",
httponly=False,
samesite="strict",
expires=time.time() + 15 * 60, # 15 minutes
value=encrypted_credentials,
)
return response, 201
def post(self):
"""
Attempts to log in to the OECI web site using the provided username
and password if successful, encrypt those credentials and return them
in a cookie. If the credentials
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["oeci_username", "oeci_password"])
credentials = {"oeci_username": data["oeci_username"], "oeci_password": data["oeci_password"]}
crawler_session = requests.Session()
try:
Crawler.attempt_login(crawler_session, credentials["oeci_username"], credentials["oeci_password"])
except InvalidOECIUsernamePassword as e:
error(401, str(e))
except OECIUnavailable as e:
error(404, str(e))
finally:
crawler_session.close()
cipher = DataCipher(key=current_app.config.get("SECRET_KEY"))
encrypted_credentials = cipher.encrypt(credentials)
response = make_response()
# TODO: We will need an OECILogout endpoint to remove httponly=true cookies from frontend
response.set_cookie(
"oeci_token",
secure=os.getenv("TIER") == "production",
httponly=False,
samesite="strict",
expires=time.time() + 2 * 60 * 60, # type: ignore # 2 hour lifetime
value=encrypted_credentials,
)
return response, 201
def post(self):
"""
Attempts to log in to the OECI web site using the provided username
and password if successful, encrypt those credentials and return them
in a cookie. If the credentials
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["oeci_username", "oeci_password"])
credentials = {
"oeci_username": data["oeci_username"],
"oeci_password": data["oeci_password"]
}
login_result = (data["oeci_username"] == "username"
and data["oeci_password"] == "password")
if not login_result:
error(401, "Invalid OECI username or password.")
cipher = DataCipher(key=current_app.config.get("JWT_SECRET_KEY"))
encrypted_credentials = cipher.encrypt(credentials)
response = make_response()
response.set_cookie(
"oeci_token",
# currently nginx/flask app are running as HTTP
# secure=True requires HTTPS to maintain secure cookies
# https://resources.infosecinstitute.com/securing-cookies-httponly-secure-flags/#gref
# We will need an OECILogout endpoint to remove httponly=true cookies from frontend
secure=False,
httponly=False,
samesite="strict",
expires=time.time() + 15 * 60, # 15 minutes
value=encrypted_credentials)
return response, 201
def post(self):
"""
Attempts to log in to the OECI web site using the provided username
and password if successful, encrypt those credentials and return them
in a cookie. If the credentials
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["oeci_username", "oeci_password"])
credentials = {"oeci_username": data["oeci_username"],
"oeci_password": data["oeci_password"]}
login_result = Crawler().login(
credentials["oeci_username"],
credentials["oeci_password"],
close_session=True)
if not login_result:
error(401, "Invalid OECI username or password.")
cipher = DataCipher(
key=current_app.config.get("JWT_SECRET_KEY"))
encrypted_credentials = cipher.encrypt(credentials)
response = make_response()
response.set_cookie(
"oeci_token",
secure=True,
httponly=True,
samesite="strict",
expires=time.time() + 15 * 60, # 15 minutes
value=encrypted_credentials)
return response, 201