def test_update_signatures(self, mocker, mock_logger):
# Make sure the test environment is clean. This test is invalid otherwise.
assert Recipe.objects.all().count() == 0
# Mock the Autographer
mock_autograph = mocker.patch('normandy.recipes.models.Autographer')
mock_autograph.return_value.sign_data.return_value = [
{
'signature': 'fake signature 1'
},
{
'signature': 'fake signature 2'
},
]
# Make and sign two recipes
(recipe1, recipe2) = RecipeFactory.create_batch(2)
Recipe.objects.all().update_signatures()
# Assert that the signature update is logged.
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe1.id), str(recipe2.id)),
extra={
'code': INFO_REQUESTING_RECIPE_SIGNATURES,
'recipe_ids': Whatever.contains(recipe1.id, recipe2.id)
})
# Assert the autographer was used as expected
assert mock_autograph.called
assert mock_autograph.return_value.sign_data.called_with(
[Whatever(), Whatever()])
signatures = list(Recipe.objects.all().values_list(
'signature__signature', flat=True))
assert signatures == ['fake signature 1', 'fake signature 2']
def test_update_signatures(self, mocker, mock_logger):
# Make sure the test environment is clean. This test is invalid otherwise.
assert Action.objects.all().count() == 0
# Mock the Autographer
mock_autograph = mocker.patch('normandy.recipes.models.Autographer')
mock_autograph.return_value.sign_data.return_value = [
{
'signature': 'fake signature 1'
},
{
'signature': 'fake signature 2'
},
]
# Make and sign two actions
(action1, action2) = ActionFactory.create_batch(2)
Action.objects.all().update_signatures()
# Assert that the signature update is logged.
mock_logger.info.assert_called_with(
Whatever.contains(action1.name, action2.name),
extra={
'code': INFO_REQUESTING_ACTION_SIGNATURES,
'action_names': Whatever.contains(action1.name, action2.name),
})
# Assert the autographer was used as expected
assert mock_autograph.called
assert mock_autograph.return_value.sign_data.called_with(
[Whatever(), Whatever()])
signatures = list(Action.objects.all().values_list(
'signature__signature', flat=True))
assert signatures == ['fake signature 1', 'fake signature 2']
def test_log_failure_no_username(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = None
request = RequestFactory().get("/")
user = LoggingModelBackend().authenticate(request, password="******")
assert user is None
mock_logger.warning.assert_called_with(
Whatever.contains("no username provided"), extra={"code": WARNING_LOGIN_FAILURE}
)
def test_log_success(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = True
user = LoggingModelBackend().authenticate(username='******', password='******')
assert user
mock_logger.info.assert_called_with(
Whatever.contains('fakeuser'),
extra={'code': INFO_LOGIN_SUCCESS}
)
def test_log_failure_no_username(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = None
user = LoggingModelBackend().authenticate(password='******')
assert user is None
mock_logger.warning.assert_called_with(
Whatever.contains('no username provided'),
extra={'code': WARNING_LOGIN_FAILURE}
)
def test_log_success(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = True
request = RequestFactory().get("/")
user = LoggingModelBackend().authenticate(request,
username="******",
password="******")
assert user
mock_logger.info.assert_called_with(Whatever.contains("fakeuser"),
extra={"code": INFO_LOGIN_SUCCESS})
def test_log_failure_no_username(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = None
request = RequestFactory().get("/")
user = LoggingModelBackend().authenticate(request,
password="******")
assert user is None
mock_logger.warning.assert_called_with(
Whatever.contains("no username provided"),
extra={"code": WARNING_LOGIN_FAILURE})
def test_log_success(self, mock_logger, mock_authenticate):
mock_authenticate.return_value = True
request = RequestFactory().get("/")
user = LoggingModelBackend().authenticate(
request, username="******", password="******"
)
assert user
mock_logger.info.assert_called_with(
Whatever.contains("fakeuser"), extra={"code": INFO_LOGIN_SUCCESS}
)
def test_update_signature(self, mock_logger, mocked_autograph):
recipe = RecipeFactory(enabler=UserFactory(), approver=UserFactory())
recipe.signature = None
recipe.update_signature()
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe.id)),
extra={"code": INFO_REQUESTING_RECIPE_SIGNATURES, "recipe_ids": [recipe.id]},
)
mocked_autograph.return_value.sign_data.assert_called_with(
[Whatever(lambda s: json.loads(s)["id"] == recipe.id)]
)
assert recipe.signature is not None
def test_update_signature(self, mock_logger, mocked_autograph):
recipe = RecipeFactory(enabler=UserFactory(), approver=UserFactory())
recipe.signature = None
recipe.update_signature()
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe.id)),
extra={"code": INFO_REQUESTING_RECIPE_SIGNATURES, "recipe_ids": [recipe.id]},
)
mocked_autograph.return_value.sign_data.assert_called_with(
[Whatever(lambda s: json.loads(s)["id"] == recipe.id)]
)
assert recipe.signature is not None
def test_update_signature(self, mocker, mock_logger):
# Mock the Autographer
mock_autograph = mocker.patch("normandy.recipes.models.Autographer")
mock_autograph.return_value.sign_data.return_value = [{"signature": "fake signature"}]
action = ActionFactory(signed=False)
action.update_signature()
mock_logger.info.assert_called_with(
Whatever.contains(action.name),
extra={"code": INFO_REQUESTING_ACTION_SIGNATURES, "action_names": [action.name]},
)
action.save()
assert action.signature is not None
assert action.signature.signature == "fake signature"
def test_update_signature(self, mocker, mock_logger):
# Mock the Autographer
mock_autograph = mocker.patch("normandy.recipes.models.Autographer")
mock_autograph.return_value.sign_data.return_value = [{"signature": "fake signature"}]
action = ActionFactory(signed=False)
action.update_signature()
mock_logger.info.assert_called_with(
Whatever.contains(action.name),
extra={"code": INFO_REQUESTING_ACTION_SIGNATURES, "action_names": [action.name]},
)
action.save()
assert action.signature is not None
assert action.signature.signature == "fake signature"
def test_update_signature(self, mocker, mock_logger):
# Mock the Autographer
mock_autograph = mocker.patch('normandy.recipes.models.Autographer')
mock_autograph.return_value.sign_data.return_value = [
{
'signature': 'fake signature'
},
]
recipe = RecipeFactory(signed=False)
recipe.update_signature()
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe.id)),
extra={
'code': INFO_REQUESTING_RECIPE_SIGNATURES,
'recipe_ids': [recipe.id]
})
recipe.save()
assert recipe.signature is not None
assert recipe.signature.signature == 'fake signature'
def test_it_interacts_with_autograph_correctly(self, settings,
mock_logger):
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
autographer = signing.Autographer()
autographer.session = MagicMock()
autographer.session.post.return_value.json.return_value = [{
'content-signature':
('x5u="https://example.com/fake_x5u_1";p384ecdsa=fake_signature_1'
),
'x5u':
'https://example.com/fake_x5u_1',
'hash_algorithm':
'sha384',
'ref':
'fake_ref_1',
'signature':
'fake_signature_1',
'public_key':
'fake_pubkey_1',
}, {
'content-signature':
('x5u="https://example.com/fake_x5u_2";p384ecdsa=fake_signature_2'
),
'x5u':
'https://example.com/fake_x5u_2',
'hash_algorithm':
'sha384',
'ref':
'fake_ref_2',
'signature':
'fake_signature_2',
'public_key':
'fake_pubkey_2',
}]
url = self.test_settings['URL'] + 'sign/data'
foo_base64 = base64.b64encode(b'foo').decode('utf8')
bar_base64 = base64.b64encode(b'bar').decode('utf8')
# Assert the correct data is returned
assert autographer.sign_data([b'foo', b'bar']) == [{
'timestamp':
Whatever(),
'signature':
'fake_signature_1',
'x5u':
'https://example.com/fake_x5u_1',
'public_key':
'fake_pubkey_1',
}, {
'timestamp':
Whatever(),
'signature':
'fake_signature_2',
'x5u':
'https://example.com/fake_x5u_2',
'public_key':
'fake_pubkey_2',
}]
# Assert that logging happened
mock_logger.info.assert_called_with(
Whatever.contains('2'),
extra={'code': signing.INFO_RECEIVED_SIGNATURES})
# Assert the correct request was made
assert autographer.session.post.called_once_with([
url,
[
{
'template': 'content-signature',
'input': foo_base64
},
{
'template': 'content-signature',
'input': bar_base64
},
]
])
def test_update_logging(self, mock_logger):
recipe = RecipeFactory(name="my name")
recipe.revise(name="my name", force=True)
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe.id)),
extra={"code": INFO_CREATE_REVISION})
def test_it_interacts_with_autograph_correctly(self, settings,
mock_logger):
settings.AUTOGRAPH_URL = "https://autograph.example.com"
settings.AUTOGRAPH_HAWK_ID = "hawk id"
settings.AUTOGRAPH_HAWK_SECRET_KEY = "hawk secret key"
autographer = signing.Autographer()
autographer.session = MagicMock()
autographer.session.post.return_value.json.return_value = [
{
"content-signature":
('x5u="https://example.com/fake_x5u_1";p384ecdsa=fake_signature_1'
),
"x5u":
"https://example.com/fake_x5u_1",
"hash_algorithm":
"sha384",
"ref":
"fake_ref_1",
"signature":
"fake_signature_1",
"public_key":
"fake_pubkey_1",
},
{
"content-signature":
('x5u="https://example.com/fake_x5u_2";p384ecdsa=fake_signature_2'
),
"x5u":
"https://example.com/fake_x5u_2",
"hash_algorithm":
"sha384",
"ref":
"fake_ref_2",
"signature":
"fake_signature_2",
"public_key":
"fake_pubkey_2",
},
]
url = self.test_settings["URL"] + "sign/data"
foo_base64 = base64.b64encode(b"foo").decode("utf8")
bar_base64 = base64.b64encode(b"bar").decode("utf8")
# Assert the correct data is returned
assert autographer.sign_data([b"foo", b"bar"]) == [
{
"timestamp": Whatever(),
"signature": "fake_signature_1",
"x5u": "https://example.com/fake_x5u_1",
"public_key": "fake_pubkey_1",
},
{
"timestamp": Whatever(),
"signature": "fake_signature_2",
"x5u": "https://example.com/fake_x5u_2",
"public_key": "fake_pubkey_2",
},
]
# Assert that logging happened
mock_logger.info.assert_called_with(
Whatever.contains("2"),
extra={"code": signing.INFO_RECEIVED_SIGNATURES})
# Assert the correct request was made
assert autographer.session.post.called_once_with([
url,
[
{
"template": "content-signature",
"input": foo_base64
},
{
"template": "content-signature",
"input": bar_base64
},
],
])
def test_update_logging(self, mock_logger):
recipe = RecipeFactory(name="my name")
recipe.revise(name="my name", force=True)
mock_logger.info.assert_called_with(
Whatever.contains(str(recipe.id)), extra={"code": INFO_CREATE_REVISION}
)
def test_it_interacts_with_autograph_correctly(self, settings, mock_logger):
settings.AUTOGRAPH_URL = "https://autograph.example.com"
settings.AUTOGRAPH_HAWK_ID = "hawk id"
settings.AUTOGRAPH_HAWK_SECRET_KEY = "hawk secret key"
autographer = signing.Autographer()
autographer.session = MagicMock()
autographer.session.post.return_value.json.return_value = [
{
"content-signature": (
'x5u="https://example.com/fake_x5u_1";p384ecdsa=fake_signature_1'
),
"x5u": "https://example.com/fake_x5u_1",
"hash_algorithm": "sha384",
"ref": "fake_ref_1",
"signature": "fake_signature_1",
"public_key": "fake_pubkey_1",
},
{
"content-signature": (
'x5u="https://example.com/fake_x5u_2";p384ecdsa=fake_signature_2'
),
"x5u": "https://example.com/fake_x5u_2",
"hash_algorithm": "sha384",
"ref": "fake_ref_2",
"signature": "fake_signature_2",
"public_key": "fake_pubkey_2",
},
]
url = self.test_settings["URL"] + "sign/data"
foo_base64 = base64.b64encode(b"foo").decode("utf8")
bar_base64 = base64.b64encode(b"bar").decode("utf8")
# Assert the correct data is returned
assert autographer.sign_data([b"foo", b"bar"]) == [
{
"timestamp": Whatever(),
"signature": "fake_signature_1",
"x5u": "https://example.com/fake_x5u_1",
"public_key": "fake_pubkey_1",
},
{
"timestamp": Whatever(),
"signature": "fake_signature_2",
"x5u": "https://example.com/fake_x5u_2",
"public_key": "fake_pubkey_2",
},
]
# Assert that logging happened
mock_logger.info.assert_called_with(
Whatever.contains("2"), extra={"code": signing.INFO_RECEIVED_SIGNATURES}
)
# Assert the correct request was made
assert autographer.session.post.called_once_with(
[
url,
[
{"template": "content-signature", "input": foo_base64},
{"template": "content-signature", "input": bar_base64},
],
]
)