def test_improper_key(self):
key = jwe.kdf(b"Testing", b"Pepper")
data = b"Just some data"
encrypted = jwe.encrypt(data, key)
with pytest.raises(InvalidTag):
# TODO make this a custom exception
jwe.decrypt(encrypted, jwe.kdf(b"somekey", b"Salt")) == data
def test_invalid_header_json(self):
with pytest.raises(jwe.exceptions.MalformedData) as e:
jwe.decrypt(
jwe.encrypt(b"Just Some Data", jwe.kdf(b"key", b"Salt"))[3:], # Cut out some of the JSON
jwe.kdf(b"key", b"Salt"),
)
assert e.value.args[0] == "Header is not valid JSON"
def test_no_key_wrapping(self):
data = jwe.encrypt(b"Just Some Data", jwe.kdf(b"key", b"Salt")).split(b".")
data[1] = b"cmFwcGE="
with pytest.raises(jwe.exceptions.UnsupportedOption) as e:
jwe.decrypt(b".".join(data), jwe.kdf(b"key", b"Salt"))
assert e.value.args[0] == "Key wrapping is currently not supported"
def test_improper_key(self):
key = jwe.kdf(b'Testing', b'Pepper')
data = b'Just some data'
encrypted = jwe.encrypt(data, key)
with pytest.raises(InvalidTag):
# TODO make this a custom exception
jwe.decrypt(encrypted, jwe.kdf(b'somekey', b'Salt')) == data
def test_invalid_header_json(self):
with pytest.raises(jwe.exceptions.MalformedData) as e:
jwe.decrypt(
jwe.encrypt(b'Just Some Data',
jwe.kdf(b'key',
b'Salt'))[3:], # Cut out some of the JSON
jwe.kdf(b'key', b'Salt'))
assert e.value.args[0] == 'Header is not valid JSON'
def test_no_key_wrapping(self):
data = jwe.encrypt(b'Just Some Data', jwe.kdf(b'key',
b'Salt')).split(b'.')
data[1] = b'cmFwcGE='
with pytest.raises(jwe.exceptions.UnsupportedOption) as e:
jwe.decrypt(b'.'.join(data), jwe.kdf(b'key', b'Salt'))
assert e.value.args[0] == 'Key wrapping is currently not supported'
def test_encrypt_decrypt(self):
key = jwe.kdf(b"Testing", b"Pepper")
data = b"Just some data"
encrypted = jwe.encrypt(data, key)
assert encrypted != data
assert jwe.decrypt(encrypted, key) == data
def test_encrypt_decrypt(self):
key = jwe.kdf(b'Testing', b'Pepper')
data = b'Just some data'
encrypted = jwe.encrypt(data, key)
assert encrypted != data
assert jwe.decrypt(encrypted, key) == data
def setUp(self):
super(TestSloanMetrics, self).setUp()
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.preprint = PreprintFactory(creator=self.user, is_public=True)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id).decode()
self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
def setUp(self):
super(TestAddonAuth, self).setUp()
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
self.configure_addon()
self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
def setUp(self):
super(TestAddonAuth, self).setUp()
self.user = AuthUserFactory()
self.auth_obj = Auth(user=self.user)
self.node = ProjectFactory(creator=self.user)
self.session = Session(data={'auth_user_id': self.user._id})
self.session.save()
self.cookie = itsdangerous.Signer(settings.SECRET_KEY).sign(self.session._id)
self.configure_addon()
self.JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
import datetime
import jwe
import jwt
import aiohttp
from waterbutler.core import exceptions
from waterbutler.auth.osf import settings
from waterbutler.core.auth import (BaseAuthHandler, AuthType)
JWE_KEY = jwe.kdf(settings.JWE_SECRET.encode(), settings.JWE_SALT.encode())
class OsfAuthHandler(BaseAuthHandler):
"""Identity lookup via the Open Science Framework"""
ACTION_MAP = {
'put': 'upload',
'get': 'download',
'head': 'metadata',
'delete': 'delete',
}
def build_payload(self, bundle, view_only=None, cookie=None):
query_params = {}
if cookie:
bundle['cookie'] = cookie
if view_only:
# View only must go outside of the jwt
query_params['view_only'] = view_only
import jwe
from modularodm.fields import StringField
from website import settings
SENSITIVE_DATA_KEY = jwe.kdf(settings.SENSITIVE_DATA_SECRET.encode('utf-8'),
settings.SENSITIVE_DATA_SALT.encode('utf-8'))
def encrypt(value):
if value:
return jwe.encrypt(bytes(value), SENSITIVE_DATA_KEY)
return None
def decrypt(value):
if value:
return jwe.decrypt(bytes(value), SENSITIVE_DATA_KEY)
return None
class EncryptedStringField(StringField):
def to_storage(self, value, translator=None):
value = encrypt(value)
return super(EncryptedStringField,
self).to_storage(value, translator=translator)
def from_storage(self, value, translator=None):
value = super(EncryptedStringField,
self).from_storage(value, translator=translator)
import jwe
from modularodm.fields import StringField
from website import settings
SENSITIVE_DATA_KEY = jwe.kdf(settings.SENSITIVE_DATA_SECRET.encode('utf-8'), settings.SENSITIVE_DATA_SALT.encode('utf-8'))
def ensure_bytes(value):
"""Helper function to ensure all inputs are encoded to the proper value utf-8 value regardless of input type"""
if isinstance(value, bytes):
return value
return value.encode('utf-8')
def encrypt(value):
if value:
value = ensure_bytes(value)
return jwe.encrypt(bytes(value), SENSITIVE_DATA_KEY)
return None
def decrypt(value):
if value:
value = ensure_bytes(value)
return jwe.decrypt(bytes(value), SENSITIVE_DATA_KEY)
return None
class EncryptedStringField(StringField):
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY', 'c^0=k9r3i2@kh=*=(w2r_-sc#fd!+b23y%)gs+^0l%=bt_dst0')
SALT = os.environ.get('SALT', 'r_-78y%c^(w2_ds0d*=t!+c=s+^0l=bt%2isc#f2@kh=0k5r)g')
SENSITIVE_DATA_KEY = jwe.kdf(SECRET_KEY.encode('utf-8'), SALT.encode('utf-8'))
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(os.environ.get('DEBUG', True))
VERSION = __version__
ALLOWED_HOSTS = [h for h in os.environ.get('ALLOWED_HOSTS', '').split(' ') if h]
AUTH_USER_MODEL = 'share.ShareUser'
JSON_API_FORMAT_KEYS = 'camelize'
# Application definition
def test_invalid_data(self):
with pytest.raises(jwe.exceptions.MalformedData):
jwe.decrypt(b"junkdata", jwe.kdf(b"key", b"Salt"))
# import so that associated listener is instantiated and gets emails
from website.notifications.events.files import FileEvent # noqa
FILE_GONE_ERROR_MESSAGE = u'''
<style>
.file-download{{display: none;}}
.file-share{{display: none;}}
.file-delete{{display: none;}}
</style>
<div class="alert alert-info" role="alert">
This link to the file "{file_name}" is no longer valid.
</div>'''
WATERBUTLER_JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'), settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
@decorators.must_have_permission('write')
@decorators.must_not_be_registration
def disable_addon(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
addon_name = kwargs.get('addon')
if addon_name is None:
raise HTTPError(httplib.BAD_REQUEST)
deleted = node.delete_addon(addon_name, auth)
return {'deleted': deleted}
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# https://docs.djangoproject.com/en/1.9/howto/static-files/
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get(
'SECRET_KEY', 'c^0=k9r3i2@kh=*=(w2r_-sc#fd!+b23y%)gs+^0l%=bt_dst0')
SALT = os.environ.get('SALT',
'r_-78y%c^(w2_ds0d*=t!+c=s+^0l=bt%2isc#f2@kh=0k5r)g')
SENSITIVE_DATA_KEY = jwe.kdf(SECRET_KEY.encode('utf-8'), SALT.encode('utf-8'))
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(os.environ.get('DEBUG', True))
if 'VERSION' not in os.environ and DEBUG:
try:
VERSION = subprocess.check_output(['git', 'describe']).decode().strip()
except subprocess.CalledProcessError:
VERSION = 'UNKNOWN'
else:
VERSION = os.environ.get('VERSION') or 'UNKNOWN'
ALLOWED_HOSTS = [
h for h in os.environ.get('ALLOWED_HOSTS', '').split(' ') if h
]
import asyncio
import datetime
import jwe
import jwt
import aiohttp
from waterbutler.core import auth
from waterbutler.core import exceptions
from waterbutler.auth.osf import settings
JWE_KEY = jwe.kdf(settings.JWE_SECRET.encode(), settings.JWE_SALT.encode())
class OsfAuthHandler(auth.BaseAuthHandler):
"""Identity lookup via the Open Science Framework"""
ACTION_MAP = {
'put': 'upload',
'post': 'upload', # TODO copyfrom
'get': 'download',
'head': 'metadata',
'delete': 'delete',
}
def build_payload(self, bundle, view_only=None, cookie=None):
query_params = {}
if cookie:
bundle['cookie'] = cookie
def test_invalid_data(self):
with pytest.raises(jwe.exceptions.MalformedData):
jwe.decrypt(b'junkdata', jwe.kdf(b'key', b'Salt'))
This {provider} link to the file "{file_name}" is currently unresponsive.
The provider ({provider}) may currently be unavailable or "{file_name}" may have been removed from {provider} through another interface.
</p>
<p>
You may wish to verify this through {provider}'s website.
</p>""",
'FILE_SUSPENDED':
u"""
<style>
#toggleBar{{display: none;}}
</style>
<div class="alert alert-info" role="alert">
This content has been removed."""
}
WATERBUTLER_JWE_KEY = jwe.kdf(settings.WATERBUTLER_JWE_SECRET.encode('utf-8'),
settings.WATERBUTLER_JWE_SALT.encode('utf-8'))
@decorators.must_have_permission(permissions.WRITE)
@decorators.must_not_be_registration
def disable_addon(auth, **kwargs):
node = kwargs['node'] or kwargs['project']
addon_name = kwargs.get('addon')
if addon_name is None:
raise HTTPError(http_status.HTTP_400_BAD_REQUEST)
deleted = node.delete_addon(addon_name, auth)
return {'deleted': deleted}
def getEncode():
return jwe.kdf(str.encode(config.secret), str.encode(config.salt))
