def setUp(self): super().setUp() # Create a UserKey for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() # Create a SessionKey for the user self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) # Append the session key to the test client's request header self.header['HTTP_X_SESSION_KEY'] = base64.b64encode(session_key.key) site = Site.objects.create(name='Site 1', slug='site-1') manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1') devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1') device = Device.objects.create(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) secret_roles = ( SecretRole(name='Secret Role 1', slug='secret-role-1'), SecretRole(name='Secret Role 2', slug='secret-role-2'), ) SecretRole.objects.bulk_create(secret_roles) secrets = ( Secret(device=device, role=secret_roles[0], name='Secret 1', plaintext='ABC'), Secret(device=device, role=secret_roles[0], name='Secret 2', plaintext='DEF'), Secret(device=device, role=secret_roles[0], name='Secret 3', plaintext='GHI'), ) for secret in secrets: secret.encrypt(self.master_key) secret.save() self.create_data = [ { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 4', 'plaintext': 'JKL', }, { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 5', 'plaintext': 'MNO', }, { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 6', 'plaintext': 'PQR', }, ]
def setUp(self): super().setUp() # Set up a master key for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key)
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintext = { 'secret1': 'Secret #1 Plaintext', 'secret2': 'Secret #2 Plaintext', 'secret3': 'Secret #3 Plaintext', } site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create(name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintext['secret1']) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintext['secret2']) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintext['secret3']) self.secret3.encrypt(self.master_key) self.secret3.save()
def setUp(self): user = create_test_user(permissions=[ 'secrets.view_secret', 'secrets.add_secret', ]) # Set up a master key userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.client = Client() self.client.force_login(user) site = Site(name='Site 1', slug='site-1') site.save() manufacturer = Manufacturer(name='Manufacturer 1', slug='manufacturer-1') manufacturer.save() devicetype = DeviceType(manufacturer=manufacturer, model='Device Type 1') devicetype.save() devicerole = DeviceRole(name='Device Role 1', slug='device-role-1') devicerole.save() device = Device(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) device.save() secretrole = SecretRole(name='Secret Role 1', slug='secret-role-1') secretrole.save() Secret.objects.bulk_create([ Secret(device=device, role=secretrole, name='Secret 1', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 2', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 3', ciphertext=b'1234567890'), ])
def setUp(self): # Create a non-superuser test user self.user = create_test_user('testuser', permissions=( 'secrets.add_secret', 'secrets.change_secret', 'secrets.delete_secret', 'secrets.view_secret', )) self.token = Token.objects.create(user=self.user) self.header = {'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key)} userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintexts = ( 'Secret #1 Plaintext', 'Secret #2 Plaintext', 'Secret #3 Plaintext', ) site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create( name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole ) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintexts[0] ) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintexts[1] ) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintexts[2] ) self.secret3.encrypt(self.master_key) self.secret3.save()
def create(self, request): # Read private key private_key = request.POST.get('private_key', None) if private_key is None: return HttpResponseBadRequest(ERR_PRIVKEY_MISSING) # Validate user key try: user_key = UserKey.objects.get(user=request.user) except UserKey.DoesNotExist: return HttpResponseBadRequest(ERR_USERKEY_MISSING) if not user_key.is_active(): return HttpResponseBadRequest(ERR_USERKEY_INACTIVE) # Validate private key master_key = user_key.get_master_key(private_key) if master_key is None: return HttpResponseBadRequest(ERR_PRIVKEY_INVALID) try: current_session_key = SessionKey.objects.get( userkey__user_id=request.user.pk) except SessionKey.DoesNotExist: current_session_key = None if current_session_key and request.GET.get('preserve_key', False): # Retrieve the existing session key key = current_session_key.get_session_key(master_key) else: # Create a new SessionKey SessionKey.objects.filter(userkey__user=request.user).delete() sk = SessionKey(userkey=user_key) sk.save(master_key=master_key) key = sk.key # Encode the key using base64. (b64decode() returns a bytestring under Python 3.) encoded_key = base64.b64encode(key).decode() # Craft the response response = Response({ 'session_key': encoded_key, }) # If token authentication is not in use, assign the session key as a cookie if request.auth is None: response.set_cookie('session_key', value=encoded_key) return response
def setUp(self): super().setUp() userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), }
def create(self, request): # Read private key private_key = request.POST.get('private_key', None) if private_key is None: return HttpResponseBadRequest(ERR_PRIVKEY_MISSING) # Validate user key try: user_key = UserKey.objects.get(user=request.user) except UserKey.DoesNotExist: return HttpResponseBadRequest(ERR_USERKEY_MISSING) if not user_key.is_active(): return HttpResponseBadRequest(ERR_USERKEY_INACTIVE) # Validate private key master_key = user_key.get_master_key(private_key) if master_key is None: return HttpResponseBadRequest(ERR_PRIVKEY_INVALID) try: current_session_key = SessionKey.objects.get(userkey__user_id=request.user.pk) except SessionKey.DoesNotExist: current_session_key = None if current_session_key and request.GET.get('preserve_key', False): # Retrieve the existing session key key = current_session_key.get_session_key(master_key) else: # Create a new SessionKey SessionKey.objects.filter(userkey__user=request.user).delete() sk = SessionKey(userkey=user_key) sk.save(master_key=master_key) key = sk.key # Encode the key using base64. (b64decode() returns a bytestring under Python 3.) encoded_key = base64.b64encode(key).decode() # Craft the response response = Response({ 'session_key': encoded_key, }) # If token authentication is not in use, assign the session key as a cookie if request.auth is None: response.set_cookie('session_key', value=encoded_key) return response
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), }
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintext = { 'secret1': 'Secret #1 Plaintext', 'secret2': 'Secret #2 Plaintext', 'secret3': 'Secret #3 Plaintext', } site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create( name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole ) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintext['secret1'] ) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintext['secret2'] ) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintext['secret3'] ) self.secret3.encrypt(self.master_key) self.secret3.save()
class GetSessionKeyTest(HttpStatusMixin, APITestCase): def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), } def test_get_session_key(self): encoded_session_key = base64.b64encode(self.session_key.key).decode() url = reverse('secrets-api:get-session-key-list') data = { 'private_key': PRIVATE_KEY, } response = self.client.post(url, data, **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) self.assertIsNotNone(response.data.get('session_key')) self.assertNotEqual(response.data.get('session_key'), encoded_session_key) def test_get_session_key_preserved(self): encoded_session_key = base64.b64encode(self.session_key.key).decode() url = reverse( 'secrets-api:get-session-key-list') + '?preserve_key=True' data = { 'private_key': PRIVATE_KEY, } response = self.client.post(url, data, **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) self.assertEqual(response.data.get('session_key'), encoded_session_key)
class GetSessionKeyTest(HttpStatusMixin, APITestCase): def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), } def test_get_session_key(self): encoded_session_key = base64.b64encode(self.session_key.key).decode() url = reverse('secrets-api:get-session-key-list') data = { 'private_key': PRIVATE_KEY, } response = self.client.post(url, data, **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) self.assertIsNotNone(response.data.get('session_key')) self.assertNotEqual(response.data.get('session_key'), encoded_session_key) def test_get_session_key_preserved(self): encoded_session_key = base64.b64encode(self.session_key.key).decode() url = reverse('secrets-api:get-session-key-list') + '?preserve_key=True' data = { 'private_key': PRIVATE_KEY, } response = self.client.post(url, data, **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) self.assertEqual(response.data.get('session_key'), encoded_session_key)
class SecretTestCase(StandardTestCases.Views): model = Secret # Disable inapplicable tests test_create_object = None # TODO: Check permissions enforcement on secrets.views.secret_edit test_edit_object = None @classmethod def setUpTestData(cls): site = Site.objects.create(name='Site 1', slug='site-1') manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1') devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1') devices = ( Device(name='Device 1', site=site, device_type=devicetype, device_role=devicerole), Device(name='Device 2', site=site, device_type=devicetype, device_role=devicerole), Device(name='Device 3', site=site, device_type=devicetype, device_role=devicerole), ) Device.objects.bulk_create(devices) secretroles = ( SecretRole(name='Secret Role 1', slug='secret-role-1'), SecretRole(name='Secret Role 2', slug='secret-role-2'), ) SecretRole.objects.bulk_create(secretroles) # Create one secret per device to allow bulk-editing of names (which must be unique per device/role) Secret.objects.bulk_create(( Secret(device=devices[0], role=secretroles[0], name='Secret 1', ciphertext=b'1234567890'), Secret(device=devices[1], role=secretroles[0], name='Secret 2', ciphertext=b'1234567890'), Secret(device=devices[2], role=secretroles[0], name='Secret 3', ciphertext=b'1234567890'), )) cls.form_data = { 'device': devices[1].pk, 'role': secretroles[1].pk, 'name': 'Secret X', } cls.bulk_edit_data = { 'role': secretroles[1].pk, 'name': 'New name', } def setUp(self): super().setUp() # Set up a master key for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) def test_import_objects(self): self.add_permissions('secrets.add_secret') csv_data = ( "device,role,name,plaintext", "Device 1,Secret Role 1,Secret 4,abcdefghij", "Device 1,Secret Role 1,Secret 5,abcdefghij", "Device 1,Secret Role 1,Secret 6,abcdefghij", ) # Set the session_key cookie on the request session_key = base64.b64encode(self.session_key.key).decode('utf-8') self.client.cookies['session_key'] = session_key response = self.client.post(reverse('secrets:secret_import'), {'csv': '\n'.join(csv_data)}) self.assertHttpStatus(response, 200) self.assertEqual(Secret.objects.count(), 6)
class SecretTestCase(TestCase): def setUp(self): user = create_test_user(permissions=[ 'secrets.view_secret', 'secrets.add_secret', ]) # Set up a master key userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.client = Client() self.client.force_login(user) site = Site(name='Site 1', slug='site-1') site.save() manufacturer = Manufacturer(name='Manufacturer 1', slug='manufacturer-1') manufacturer.save() devicetype = DeviceType(manufacturer=manufacturer, model='Device Type 1') devicetype.save() devicerole = DeviceRole(name='Device Role 1', slug='device-role-1') devicerole.save() device = Device(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) device.save() secretrole = SecretRole(name='Secret Role 1', slug='secret-role-1') secretrole.save() Secret.objects.bulk_create([ Secret(device=device, role=secretrole, name='Secret 1', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 2', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 3', ciphertext=b'1234567890'), ]) def test_secret_list(self): url = reverse('secrets:secret_list') params = { "role": SecretRole.objects.first().slug, } response = self.client.get('{}?{}'.format( url, urllib.parse.urlencode(params)), follow=True) self.assertEqual(response.status_code, 200) def test_secret(self): secret = Secret.objects.first() response = self.client.get(secret.get_absolute_url(), follow=True) self.assertEqual(response.status_code, 200) def test_secret_import(self): csv_data = ( "device,role,name,plaintext", "Device 1,Secret Role 1,Secret 4,abcdefghij", "Device 1,Secret Role 1,Secret 5,abcdefghij", "Device 1,Secret Role 1,Secret 6,abcdefghij", ) # Set the session_key cookie on the request session_key = base64.b64encode(self.session_key.key).decode('utf-8') self.client.cookies['session_key'] = session_key response = self.client.post(reverse('secrets:secret_import'), {'csv': '\n'.join(csv_data)}) self.assertEqual(response.status_code, 200) self.assertEqual(Secret.objects.count(), 6)
class SecretTestCase(ViewTestCases.GetObjectViewTestCase, ViewTestCases.GetObjectChangelogViewTestCase, ViewTestCases.DeleteObjectViewTestCase, ViewTestCases.ListObjectsViewTestCase, ViewTestCases.BulkEditObjectsViewTestCase, ViewTestCases.BulkDeleteObjectsViewTestCase): model = Secret @classmethod def setUpTestData(cls): site = Site.objects.create(name='Site 1', slug='site-1') manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1') devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1') devices = ( Device(name='Device 1', site=site, device_type=devicetype, device_role=devicerole), Device(name='Device 2', site=site, device_type=devicetype, device_role=devicerole), Device(name='Device 3', site=site, device_type=devicetype, device_role=devicerole), ) Device.objects.bulk_create(devices) secretroles = ( SecretRole(name='Secret Role 1', slug='secret-role-1'), SecretRole(name='Secret Role 2', slug='secret-role-2'), ) SecretRole.objects.bulk_create(secretroles) # Create one secret per device to allow bulk-editing of names (which must be unique per device/role) Secret.objects.bulk_create(( Secret(assigned_object=devices[0], role=secretroles[0], name='Secret 1', ciphertext=b'1234567890'), Secret(assigned_object=devices[1], role=secretroles[0], name='Secret 2', ciphertext=b'1234567890'), Secret(assigned_object=devices[2], role=secretroles[0], name='Secret 3', ciphertext=b'1234567890'), )) cls.form_data = { 'assigned_object_type': 'dcim.device', 'assigned_object_id': devices[1].pk, 'role': secretroles[1].pk, 'name': 'Secret X', } cls.bulk_edit_data = { 'role': secretroles[1].pk, 'name': 'New name', } def setUp(self): super().setUp() # Set up a master key for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_import_objects(self): self.add_permissions('secrets.add_secret') device = Device.objects.get(name='Device 1') csv_data = ( "device,role,name,plaintext", f"{device.name},Secret Role 1,Secret 4,abcdefghij", f"{device.name},Secret Role 1,Secret 5,abcdefghij", f"{device.name},Secret Role 1,Secret 6,abcdefghij", ) # Set the session_key cookie on the request session_key = base64.b64encode(self.session_key.key).decode('utf-8') self.client.cookies['session_key'] = session_key response = self.client.post(reverse('secrets:secret_import'), {'csv': '\n'.join(csv_data)}) self.assertHttpStatus(response, 200) self.assertEqual(Secret.objects.count(), 6)