Example #1
0
    def test_improper_key(self):
        key = jwe.kdf(b"Testing", b"Pepper")
        data = b"Just some data"
        encrypted = jwe.encrypt(data, key)

        with pytest.raises(InvalidTag):
            # TODO make this a custom exception
            jwe.decrypt(encrypted, jwe.kdf(b"somekey", b"Salt")) == data
Example #2
0
    def test_invalid_header_json(self):
        with pytest.raises(jwe.exceptions.MalformedData) as e:
            jwe.decrypt(
                jwe.encrypt(b"Just Some Data", jwe.kdf(b"key", b"Salt"))[3:],  # Cut out some of the JSON
                jwe.kdf(b"key", b"Salt"),
            )

        assert e.value.args[0] == "Header is not valid JSON"
Example #3
0
    def test_no_key_wrapping(self):
        data = jwe.encrypt(b"Just Some Data", jwe.kdf(b"key", b"Salt")).split(b".")
        data[1] = b"cmFwcGE="

        with pytest.raises(jwe.exceptions.UnsupportedOption) as e:
            jwe.decrypt(b".".join(data), jwe.kdf(b"key", b"Salt"))

        assert e.value.args[0] == "Key wrapping is currently not supported"
Example #4
0
    def test_improper_key(self):
        key = jwe.kdf(b'Testing', b'Pepper')
        data = b'Just some data'
        encrypted = jwe.encrypt(data, key)

        with pytest.raises(InvalidTag):
            # TODO make this a custom exception
            jwe.decrypt(encrypted, jwe.kdf(b'somekey', b'Salt')) == data
Example #5
0
    def test_invalid_header_json(self):
        with pytest.raises(jwe.exceptions.MalformedData) as e:
            jwe.decrypt(
                jwe.encrypt(b'Just Some Data',
                            jwe.kdf(b'key',
                                    b'Salt'))[3:],  # Cut out some of the JSON
                jwe.kdf(b'key', b'Salt'))

        assert e.value.args[0] == 'Header is not valid JSON'
Example #6
0
    def test_no_key_wrapping(self):
        data = jwe.encrypt(b'Just Some Data', jwe.kdf(b'key',
                                                      b'Salt')).split(b'.')
        data[1] = b'cmFwcGE='

        with pytest.raises(jwe.exceptions.UnsupportedOption) as e:
            jwe.decrypt(b'.'.join(data), jwe.kdf(b'key', b'Salt'))

        assert e.value.args[0] == 'Key wrapping is currently not supported'
Example #7
0
    def test_encrypt_decrypt(self):
        key = jwe.kdf(b"Testing", b"Pepper")
        data = b"Just some data"
        encrypted = jwe.encrypt(data, key)

        assert encrypted != data
        assert jwe.decrypt(encrypted, key) == data
Example #8
0
    def test_encrypt_decrypt(self):
        key = jwe.kdf(b'Testing', b'Pepper')
        data = b'Just some data'
        encrypted = jwe.encrypt(data, key)

        assert encrypted != data
        assert jwe.decrypt(encrypted, key) == data
Example #9
0
 def setUp(self):
     super(TestSloanMetrics, self).setUp()
     self.user = AuthUserFactory()
     self.auth_obj = Auth(user=self.user)
     self.preprint = PreprintFactory(creator=self.user, is_public=True)
     self.session = Session(data={'auth_user_id': self.user._id})
     self.session.save()
     self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id).decode()
     self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
Example #10
0
 def setUp(self):
     super(TestAddonAuth, self).setUp()
     self.user = AuthUserFactory()
     self.auth_obj = Auth(user=self.user)
     self.node = ProjectFactory(creator=self.user)
     self.session = Session(data={'auth_user_id': self.user._id})
     self.session.save()
     self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
     self.configure_addon()
     self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
Example #11
0
 def setUp(self):
     super(TestAddonAuth, self).setUp()
     self.user = AuthUserFactory()
     self.auth_obj = Auth(user=self.user)
     self.node = ProjectFactory(creator=self.user)
     self.session = Session(data={'auth_user_id': self.user._id})
     self.session.save()
     self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
     self.configure_addon()
     self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
Example #12
0
import datetime

import jwe
import jwt
import aiohttp

from waterbutler.core import exceptions
from waterbutler.auth.osf import settings
from waterbutler.core.auth import (BaseAuthHandler, AuthType)

JWE_KEY = jwe.kdf(settings.JWE_SECRET.encode(), settings.JWE_SALT.encode())


class OsfAuthHandler(BaseAuthHandler):
    """Identity lookup via the Open Science Framework"""
    ACTION_MAP = {
        'put': 'upload',
        'get': 'download',
        'head': 'metadata',
        'delete': 'delete',
    }

    def build_payload(self, bundle, view_only=None, cookie=None):
        query_params = {}

        if cookie:
            bundle['cookie'] = cookie

        if view_only:
            # View only must go outside of the jwt
            query_params['view_only'] = view_only
Example #13
0
import jwe

from modularodm.fields import StringField

from website import settings

SENSITIVE_DATA_KEY = jwe.kdf(settings.SENSITIVE_DATA_SECRET.encode('utf-8'),
                             settings.SENSITIVE_DATA_SALT.encode('utf-8'))


def encrypt(value):
    if value:
        return jwe.encrypt(bytes(value), SENSITIVE_DATA_KEY)
    return None


def decrypt(value):
    if value:
        return jwe.decrypt(bytes(value), SENSITIVE_DATA_KEY)
    return None


class EncryptedStringField(StringField):
    def to_storage(self, value, translator=None):
        value = encrypt(value)
        return super(EncryptedStringField,
                     self).to_storage(value, translator=translator)

    def from_storage(self, value, translator=None):
        value = super(EncryptedStringField,
                      self).from_storage(value, translator=translator)
Example #14
0
import jwe

from modularodm.fields import StringField

from website import settings

SENSITIVE_DATA_KEY = jwe.kdf(settings.SENSITIVE_DATA_SECRET.encode('utf-8'), settings.SENSITIVE_DATA_SALT.encode('utf-8'))


def ensure_bytes(value):
    """Helper function to ensure all inputs are encoded to the proper value utf-8 value regardless of input type"""
    if isinstance(value, bytes):
        return value
    return value.encode('utf-8')


def encrypt(value):
    if value:
        value = ensure_bytes(value)
        return jwe.encrypt(bytes(value), SENSITIVE_DATA_KEY)
    return None


def decrypt(value):
    if value:
        value = ensure_bytes(value)
        return jwe.decrypt(bytes(value), SENSITIVE_DATA_KEY)
    return None


class EncryptedStringField(StringField):
Example #15
0
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_ROOT = os.path.join(BASE_DIR, 'static')

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY', 'c^0=k9r3i2@kh=*=(w2r_-sc#fd!+b23y%)gs+^0l%=bt_dst0')

SALT = os.environ.get('SALT', 'r_-78y%c^(w2_ds0d*=t!+c=s+^0l=bt%2isc#f2@kh=0k5r)g')

SENSITIVE_DATA_KEY = jwe.kdf(SECRET_KEY.encode('utf-8'), SALT.encode('utf-8'))


# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(os.environ.get('DEBUG', True))

VERSION = __version__

ALLOWED_HOSTS = [h for h in os.environ.get('ALLOWED_HOSTS', '').split(' ') if h]

AUTH_USER_MODEL = 'share.ShareUser'

JSON_API_FORMAT_KEYS = 'camelize'

# Application definition
Example #16
0
 def test_invalid_data(self):
     with pytest.raises(jwe.exceptions.MalformedData):
         jwe.decrypt(b"junkdata", jwe.kdf(b"key", b"Salt"))
Example #17
0

# import so that associated listener is instantiated and gets emails
from website.notifications.events.files import FileEvent  # noqa

FILE_GONE_ERROR_MESSAGE = u'''
<style>
.file-download{{display: none;}}
.file-share{{display: none;}}
.file-delete{{display: none;}}
</style>
<div class="alert alert-info" role="alert">
This link to the file "{file_name}" is no longer valid.
</div>'''

WATERBUTLER_JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))


@decorators.must_have_permission('write')
@decorators.must_not_be_registration
def disable_addon(auth, **kwargs):
    node = kwargs['node'] or kwargs['project']

    addon_name = kwargs.get('addon')
    if addon_name is None:
        raise HTTPError(httplib.BAD_REQUEST)

    deleted = node.delete_addon(addon_name, auth)

    return {'deleted': deleted}
Example #18
0
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_ROOT = os.path.join(BASE_DIR, 'static')

# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get(
    'SECRET_KEY', 'c^0=k9r3i2@kh=*=(w2r_-sc#fd!+b23y%)gs+^0l%=bt_dst0')

SALT = os.environ.get('SALT',
                      'r_-78y%c^(w2_ds0d*=t!+c=s+^0l=bt%2isc#f2@kh=0k5r)g')

SENSITIVE_DATA_KEY = jwe.kdf(SECRET_KEY.encode('utf-8'), SALT.encode('utf-8'))

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(os.environ.get('DEBUG', True))

if 'VERSION' not in os.environ and DEBUG:
    try:
        VERSION = subprocess.check_output(['git', 'describe']).decode().strip()
    except subprocess.CalledProcessError:
        VERSION = 'UNKNOWN'
else:
    VERSION = os.environ.get('VERSION') or 'UNKNOWN'

ALLOWED_HOSTS = [
    h for h in os.environ.get('ALLOWED_HOSTS', '').split(' ') if h
]
Example #19
0
import asyncio
import datetime

import jwe
import jwt
import aiohttp

from waterbutler.core import auth
from waterbutler.core import exceptions

from waterbutler.auth.osf import settings


JWE_KEY = jwe.kdf(settings.JWE_SECRET.encode(), settings.JWE_SALT.encode())


class OsfAuthHandler(auth.BaseAuthHandler):
    """Identity lookup via the Open Science Framework"""
    ACTION_MAP = {
        'put': 'upload',
        'post': 'upload',  # TODO copyfrom
        'get': 'download',
        'head': 'metadata',
        'delete': 'delete',
    }

    def build_payload(self, bundle, view_only=None, cookie=None):
        query_params = {}

        if cookie:
            bundle['cookie'] = cookie
Example #20
0
 def test_invalid_data(self):
     with pytest.raises(jwe.exceptions.MalformedData):
         jwe.decrypt(b'junkdata', jwe.kdf(b'key', b'Salt'))
Example #21
0
This {provider} link to the file "{file_name}" is currently unresponsive.
The provider ({provider}) may currently be unavailable or "{file_name}" may have been removed from {provider} through another interface.
</p>
<p>
You may wish to verify this through {provider}'s website.
</p>""",
    'FILE_SUSPENDED':
    u"""
<style>
#toggleBar{{display: none;}}
</style>
<div class="alert alert-info" role="alert">
This content has been removed."""
}

WATERBUTLER_JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'),
                              settings.WATERBUTLER_JWE_SALT.encode('utf-8'))


@decorators.must_have_permission(permissions.WRITE)
@decorators.must_not_be_registration
def disable_addon(auth, **kwargs):
    node = kwargs['node'] or kwargs['project']

    addon_name = kwargs.get('addon')
    if addon_name is None:
        raise HTTPError(http_status.HTTP_400_BAD_REQUEST)

    deleted = node.delete_addon(addon_name, auth)

    return {'deleted': deleted}
Example #22
0
def getEncode():
    return jwe.kdf(str.encode(config.secret), str.encode(config.salt))