def test_adding_assurance_with_invalid_hash_and_email_fails(self): badhash = self.createHash() form = self.prepareLoginForm(digest=badhash) self.assertReportedError( self.controller.doAddAssurance,[form], 400, ['This user does not have that digest']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def test_adding_assurance_with_invalid_hash_and_no_email_fails(self): badhash = self.createHash() form = self.prepareLoginForm(digest=badhash,email=False) self.assertReportedError( self.controller.doAddAssurance,[form], 400, ['No user with this hash']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def shownDataForUser(self, user): return dict( email=user.email, userid=user.userid, assurances=Assurance.getByUser(user), hash=user.hash, credentials=Credential.getByUser_as_dictlist(user))
def test_in_assured_collision_the_hash_of_the_user_is_deleted(self): self.doHashCollision() assurances = Assurance.getByUser(self.anotherUser) assurer = assurances['test'][0]['assurer'] self.assertEqual(assurer, self.controller.getCurrentUser().email) self.assertEqual(self.targetUser.hash, self.digest) self.assertEqual(self.anotherUser.hash, None)
def your_assurances_are_deleted_in_deregistration(self): with app.test_client() as c: self.login(c) user = User.getByEmail(self.usercreation_email) Assurance.new(user, "test", user) assurances = Assurance.getByUser(user) self.assertTrue(len(assurances) > 0) data = dict( csrf_token = self.getCSRF(c), credentialType= "password", identifier= self.usercreation_userid, secret = self.usercreation_password ) c.post(config.base_url+'/deregister', data=data) user = User.getByEmail(self.usercreation_email) assurances = Assurance.getByUser(user) self.assertTrue(len(assurances) == 0)
def _do_get_by_email(self, email): assurances = Assurance.getByUser(self.getCurrentUser()) if assurances.has_key('assurer'): user = User.getByEmail(email) if user is None: raise ReportedError(["no such user"], status=404) return self.as_dict(user) raise ReportedError(["no authorization"], status=403)
def test_adding_assurance_with_email_and_hash_of_someone_other_fails(self): otherHash = self.createHash() form = self.prepareLoginForm(digest=otherHash) self.anotherUser = self.createUserWithCredentials().user self.anotherUser.hash = otherHash self.assertReportedError(self.controller.doAddAssurance, [form], 400, ['This user does not have that digest']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def test_email_validation_gives_emailverification_assurance(self): self.setupRandom() with app.test_client(): email = self.registerAndObtainValidationUri() self.assertTrue(self.validateUri.startswith(config.BASE_URL + "/v1/verify_email")) with app.test_client() as client: user = User.getByEmail(email) creds = Credential.getByUser(user) assurances = Assurance.getByUser(user) self.assertTrue(emailVerification not in assurances) resp = client.get(self.validateUri) self.assertEqual(resp.status_code, 200) self.assertEqual(user.email, email) newcreds = Credential.getByUser(user) self.assertEqual(len(creds) - 1 , len(newcreds)) assurances = Assurance.getByUser(user) self.assertTrue(assurances[emailVerification] is not None) user.rm()
def test_adding_assurance_with_email_and_hash_of_someone_other_fails(self): otherHash = self.createHash() form = self.prepareLoginForm(digest=otherHash) self.anotherUser = self.createUserWithCredentials().user self.anotherUser.hash = otherHash self.assertReportedError( self.controller.doAddAssurance,[form], 400, ['This user does not have that digest']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def doGetByEmail(self, email): current_user = self.getCurrentUser() assurances = Assurance.getByUser(current_user) if 'assurer' in assurances: user = User.getByEmail(email) if user is None: raise ReportedError([noSuchUser], status=404) return self.as_dict(user) raise ReportedError([noAuthorization], status=403)
def as_dict(self, user, **kwargs): kwargs.update({'email':user.email, 'userid':user.userid, 'assurances':Assurance.getByUser(user), 'hash': user.hash, 'credentials': Credential.getByUser_as_dictlist(user) }) ret = json.dumps(kwargs) return self.make_response(ret,200)
def adding_assurance_is_possible_using_the_hash_only(self): with app.test_client() as c: target = self._setupTest(c) data = dict( digest = target.hash, assurance = "test", csrf_token = self.getCSRF(c)) resp = c.post(config.base_url + '/v1/add_assurance', data = data) self.assertEquals(200, resp.status_code) self.assertEquals(Assurance.getByUser(target)['test'][0]['assurer'], current_user.email)
def getShownUser(self, userid, authuser, isHerself): if userid == 'me': shownUser = authuser elif isHerself: if Assurance.getByUser(authuser).has_key('assurer'): shownUser = User.get(userid) else: raise ReportedError(["no authorization to show other users"], status=403) else: raise ReportedError(["no authorization to show other users"], status=403) return shownUser
def test_email_validation_gives_emailverification_assurance(self): self.setupRandom() with app.test_client(): email = self.registerAndObtainValidationUri() self.assertTrue( self.validateUri.startswith(config.BASE_URL + "/v1/verify_email")) with app.test_client() as client: user = User.getByEmail(email) creds = Credential.getByUser(user) assurances = Assurance.getByUser(user) self.assertTrue(emailVerification not in assurances) resp = client.get(self.validateUri) self.assertEqual(resp.status_code, 200) self.assertEqual(user.email, email) newcreds = Credential.getByUser(user) self.assertEqual(len(creds) - 1, len(newcreds)) assurances = Assurance.getByUser(user) self.assertTrue(assurances[emailVerification] is not None) user.rm()
def email_validation_gives_emailverification_assurance(self): self.setupRandom() with app.test_client() as c: resp, outbox = self.register(c) email = self.registered_email logout_user() self.assertUserResponse(resp) self.validateUri=re.search('href="([^"]*)',outbox[0].body).group(1) self.assertTrue(self.validateUri.startswith(config.base_url + "/v1/verify_email/")) with app.test_client() as c: user = User.getByEmail(email) creds = Credential.getByUser(user) assurances = Assurance.getByUser(user) self.assertTrue(assurances.has_key(emailVerification) is False) resp = c.get(self.validateUri) self.assertEqual(user.email, email) newcreds = Credential.getByUser(user) self.assertEquals(len(creds) - 1 , len(newcreds)) assurances = Assurance.getByUser(user) self.assertTrue(assurances[emailVerification] is not None) user.rm()
def test_if_hash_is_same_no_assurances_deleted(self): digest = self.createHash() user = self.createUserWithCredentials().user data = dict( digest=digest ) self.controller.checkAndUpdateHash(FakeForm(data), user) Assurance.new(user, "test", user) self.controller.checkAndUpdateHash(FakeForm(data), user) assurances = Assurance.getByUser(user) self.assertTrue("test" in assurances.keys()) self.assertTrue("hashgiven" in assurances.keys())
def getDataOfUserForAuthenticator(self, userid, authuser, authenticator): user = User.get(userid) if not user: raise ReportedError([noSuchUser], status=404) if self.doesUserAskOwnData(userid, authenticator): return self.shownDataForUser(user) if self.doesUserAskForOthersData(authuser, authenticator): assurances = Assurance.getByUser(authuser) if 'assurer' in assurances: return self.shownDataForAssurer(user) else: raise ReportedError([noShowAuthorization], status=403) return self.shownDataForApp(user, authenticator)
def the_assurances_are_overwritten_on_hash_update(self): with app.test_client() as c: resp = self.login(c) self.assertUserResponse(resp) user = User.getByEmail(self.usercreation_email) Assurance.new(user, "test", user, time.time()) oldHash = self.createHash() user.hash = oldHash userToCheck = User.getByEmail(self.usercreation_email) self.assertEqual(len(Assurance.getByUser(userToCheck)), 1) self.setupRandom() digest = oldHash csrf = self.getCSRF(c) data = dict( digest= digest, csrf_token= csrf ) resp = c.post(config.base_url+'/v1/users/me/update_hash', data=data) self.assertEqual(200,resp.status_code) userAfter = User.getByEmail(self.usercreation_email) self.assertEqual(len(Assurance.getByUser(userAfter)), 0)
def adding_assurance_with_invalid_hash_and_email_fails(self): with app.test_client() as c: target = self._setupTest(c) self.setupRandom() data = dict( digest = self.createHash(), assurance = "test", email = target.email, csrf_token = self.getCSRF(c)) resp = c.post(config.base_url + '/v1/add_assurance', data = data) self.assertEquals(400, resp.status_code) self.assertEquals(self.fromJson(resp)['errors'],'This user does not have that digest') self.assertFalse(Assurance.getByUser(target).has_key('test'))
def addUserDataToDict(self, user, kwargs): return kwargs.update({ 'email': user.email, 'userid': user.userid, 'assurances': Assurance.getByUser(user), 'hash': user.hash, 'credentials': Credential.getByUser_as_dictlist(user) })
def test_assurers_with_appropriate_credential_can_add_assurance_to_user_using_hash(self): """ the appropriate credential is an assurance in the form "assurer.<assurance_name>" where assurance_name is the assurance to be added """ with app.test_client() as client: target = self._setupTest(client) data = dict( digest = target.hash, assurance = "test", email = target.email, csrf_token = self.getCSRF(client)) resp = client.post(config.BASE_URL + '/v1/add_assurance', data = data) self.assertEqual(200, resp.status_code) self.assertEqual(Assurance.getByUser(target)['test'][0]['assurer'], current_user.email)
def test_assurers_with_appropriate_credential_can_add_assurance_to_user_using_hash( self): """ the appropriate credential is an assurance in the form "assurer.<assurance_name>" where assurance_name is the assurance to be added """ with app.test_client() as client: target = self._setupTest(client) data = dict(digest=target.hash, assurance="test", email=target.email, csrf_token=self.getCSRF(client)) resp = client.post(config.BASE_URL + '/v1/add_assurance', data=data) self.assertEqual(200, resp.status_code) self.assertEqual( Assurance.getByUser(target)['test'][0]['assurer'], current_user.email)
def when_an_assurance_added_with_hash_and_email___and_there_is_another_user_with_the_same_hash___the_hash_from_the_other_user_is_deleted(self): with app.test_client() as c: target = self._setupTest(c) anotherUser = self.createUserWithCredentials() anotherEmail = self.usercreation_email anotherUser.hash = target.hash targetHash = target.hash anotherUser.save() data = dict( digest = target.hash, assurance = "test", email = target.email, csrf_token = self.getCSRF(c)) resp = c.post(config.base_url + '/v1/add_assurance', data = data) self.assertEquals(200, resp.status_code) self.assertEquals(Assurance.getByUser(target)['test'][0]['assurer'], current_user.email) anotherUser = User.getByEmail(anotherEmail) self.assertEqual(anotherUser.hash, None) user = User.getByEmail(target.email) self.assertEqual(user.hash, targetHash)
def doUpdateHashForUser(self, client, assurance="test", addDigest=True, digest=None): resp = self.login(client) self.assertUserResponse(resp) user = User.getByEmail(self.userCreationEmail) Assurance.new(user, assurance, user, time.time()) oldHash = self.createHash() user.hash = oldHash user.save() userToCheck = User.getByEmail(self.userCreationEmail) assurancesBefore = Assurance.getByUser(userToCheck) self.assertEqual(len(assurancesBefore), 1) self.setupRandom() csrf = self.getCSRF(client) data = dict(csrf_token=csrf) if addDigest: if digest is None: data['digest'] = self.createHash() else: data['digest'] = digest resp = client.post(config.BASE_URL + '/v1/users/me/update_hash', data=data) return resp
def assureUserHaveTheGivingAssurancesFor(self, neededAssurance): assurances = Assurance.getByUser(self.getCurrentUser()) assurerAssurance = "assurer.{0}".format(neededAssurance) if not (assurances.has_key('assurer') and assurances.has_key(assurerAssurance)): raise ReportedError(["no authorization"], 403)
def test_your_assurances_are_deleted_in_deregistration(self): self._doDeregistrationDoit() user = User.getByEmail(self.userCreationEmail) assurances = Assurance.getByUser(user) self.assertTrue(len(assurances) == 0)
def _assureHaveCredentialsAndAssurances(self, user): creds = Credential.getByUser(user) self.assertTrue(len(creds) > 0) assurances = Assurance.getByUser(user) self.assertTrue(len(assurances) > 0)
def test_adding_assurance_with_invalid_hash_and_no_email_fails(self): badhash = self.createHash() form = self.prepareLoginForm(digest=badhash, email=False) self.assertReportedError(self.controller.doAddAssurance, [form], 400, ['No user with this hash']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def _setupTestWithoutAssurance(self, client): self.login(client) target = self._createUserWithHash() self.assertTrue('test' not in Assurance.getByUser(target)) return target
def assureUserHaveTheGivingAssurancesFor(self, neededAssurance): assurances = Assurance.getByUser(self.getCurrentUser()) if not self.isAssuredToAddAssurance(assurances, neededAssurance): raise ReportedError([noAuthorization], 403)
def _setupTestWithoutAssurance(self, c): self.login(c) target = self._createUserWithHash() self.assertTrue(Assurance.getByUser(target).has_key('test') is False) return target
def handAssured(self, anotherUser: User) -> bool: for assurance in Assurance.getByUser(anotherUser): if assurance not in [emailVerification]: return True return False
def addUserDataToDict(self, user, kwargs): return kwargs.update({'email':user.email, 'userid':user.userid, 'assurances':Assurance.getByUser(user), 'hash':user.hash, 'credentials':Credential.getByUser_as_dictlist(user)})
def test_adding_assurance_with_invalid_hash_and_email_fails(self): badhash = self.createHash() form = self.prepareLoginForm(digest=badhash) self.assertReportedError(self.controller.doAddAssurance, [form], 400, ['This user does not have that digest']) self.assertFalse('test' in Assurance.getByUser(self.targetUser))
def isAnyoneHandAssurredOf(self, anotherUsers): for anotherUser in anotherUsers: for assurance in Assurance.getByUser(anotherUser): if assurance not in [emailVerification]: return True return False
def updateHashForUser(self, client, assurance="test", addDigest=True, digest=None): resp = self.doUpdateHashForUser(client, assurance, addDigest, digest) self.assertEqual(200, resp.status_code) self.userAfter = User.getByEmail(self.userCreationEmail) assurances = Assurance.getByUser(self.userAfter) return assurances
def test_confirmChangeEmail_adds_a_emailverification_assurance_if_called_with_changeemailandverify_secret(self): self.doConfirmChangeEmail(useverifysecret=True) self.assertIn("emailverification",Assurance.getByUser(self.user))