def test_already_has_key_from_owner(app_and_ctx, attr_auth_access_token_one,
attr_auth_access_token_two):
app, ctx = app_and_ctx
with app.app_context():
owner = AttrAuthUser.get_by_id(1)
receiver = AttrAuthUser.get_by_id(2)
assert already_has_key_from_owner(receiver, owner)
def test_replace_existing_key(app_and_ctx, attr_auth_access_token_one,
attr_auth_access_token_two):
app, ctx = app_and_ctx
attr_list = ["TODAY", "TOMORROW"]
dummy_serialized_key = b'key'
with app.app_context():
owner = AttrAuthUser.get_by_id(1)
receiver = AttrAuthUser.get_by_id(2)
replace_existing_key(receiver, dummy_serialized_key, owner, attr_list)
modified_key = receiver.private_keys[0]
assert modified_key.data == dummy_serialized_key
assert modified_key.attributes[0].value == "TODAY"
def test_doesnt_have_key_from_owner(app_and_ctx, attr_auth_access_token_two):
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(2)
owner = AttrAuthUser()
assert not already_has_key_from_owner(receiver, owner)
def test_set_username(client, app_and_ctx, attr_auth_access_token_one):
data = {
"access_token": attr_auth_access_token_one,
"api_username": "******"
}
assert_got_data_from_post(client, '/attr_auth/set_username', data)
app, ctx = app_and_ctx
with app.app_context():
user = AttrAuthUser.get_by_id(1)
assert user.api_username == "Changed"
data = {
"access_token": attr_auth_access_token_one,
"api_username": "******"
}
assert_got_data_from_post(client, '/attr_auth/set_username', data)
user = AttrAuthUser.get_by_id(1)
assert user.api_username == "MartinHeinz"
def test_keygen_already_has_key_from_owner(client, app_and_ctx,
attr_auth_access_token_one,
attr_auth_access_token_two):
data = {
"access_token": attr_auth_access_token_one,
"attr_list": "1 1-2 1-GUEST",
"api_username": "******",
"device_id": "1"
}
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(2) # TestUser access_token
old_private_key = next(key for key in receiver.private_keys
if key.challenger_id == 1)
old_private_key_data = old_private_key.data
old_private_key_key_update = old_private_key.key_update
private_keys_num = len(receiver.private_keys)
assert_got_data_from_post(client, '/attr_auth/user/keygen', data)
receiver = AttrAuthUser.get_by_id(2) # TestUser access_token
new_private_key = next(key for key in sorted(
receiver.private_keys, key=lambda p: p.key_update, reverse=True)
if key.challenger_id == 1)
assert old_private_key_data != new_private_key.data
assert old_private_key_key_update < new_private_key.key_update
assert len(receiver.private_keys) > private_keys_num
# Try to encrypt and decrypt
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
plaintext = "Hello World"
data_owner = AttrAuthUser.get_by_id(1)
policy_str = '(1-GUEST)'
public_key = deserialize_charm_object(
data_owner.master_keypair.data_public, pairing_group)
new_private_key = deserialize_charm_object(new_private_key.data,
pairing_group)
ciphertext = cp_abe.encrypt(public_key, plaintext, policy_str)
decrypted_msg = cp_abe.decrypt(public_key, new_private_key, ciphertext)
assert plaintext == decrypted_msg.decode("utf-8")
def test_key_setup(client, app_and_ctx, attr_auth_access_token_one):
data = {"access_token": attr_auth_access_token_one}
status_code, json_data = get_data_from_get(client, '/attr_auth/setup',
data)
assert status_code == 200
serialized_public_key_response = json_data["public_key"]
app, ctx = app_and_ctx
with app.app_context():
serialized_public_key_from_db = AttrAuthUser.get_by_id(
1).master_keypair.data_public.decode("utf-8")
assert serialized_public_key_response == serialized_public_key_from_db
def test_keygen_replaces_old_key(client, app_and_ctx,
attr_auth_access_token_one,
attr_auth_access_token_two):
data = {
"access_token": attr_auth_access_token_one,
"attr_list": "1 1-2 1-GUEST",
"api_username": "******",
"device_id": "99"
}
app, ctx = app_and_ctx
with app.app_context():
assert_got_data_from_post(client, '/attr_auth/user/keygen', data)
receiver = AttrAuthUser.get_by_id(2)
old_private_key = next(
key for key in receiver.private_keys
if key.challenger_id == 1 and key.device_id == 99)
old_private_key_data = old_private_key.data
old_private_key_key_update = old_private_key.key_update
old_private_keys_num = len(receiver.private_keys)
assert_got_data_from_post(
client, '/attr_auth/user/keygen',
data) # This should replace old_private_key_data
receiver = AttrAuthUser.get_by_id(2)
new_private_key = next(
key for key in receiver.private_keys
if key.challenger_id == 1 and key.device_id == 99)
new_private_key_data = new_private_key.data
new_private_key_key_update = new_private_key.key_update
assert old_private_key_data != new_private_key_data
assert old_private_key_key_update < new_private_key_key_update
assert old_private_keys_num == len(receiver.private_keys)
db.session.delete(new_private_key)
db.session.commit()
def test_keygen_doesnt_have_key_from_owner(client, app_and_ctx,
attr_auth_access_token_one,
attr_auth_access_token_two):
data = {
"access_token": attr_auth_access_token_two,
"attr_list": "2 2-1 2-GUEST",
"api_username": "******",
"device_id": "1"
}
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(1)
num_of_old_keys = len(receiver.private_keys)
assert_got_data_from_post(client, '/attr_auth/user/keygen', data)
receiver = AttrAuthUser.get_by_id(1)
new_private_key = next(key for key in receiver.private_keys
if key.challenger_id == 2)
assert len(receiver.private_keys) == num_of_old_keys + 1
# Try to encrypt and decrypt
pairing_group = create_pairing_group()
cp_abe = create_cp_abe()
plaintext = "Hello World"
data_owner = AttrAuthUser.get_by_id(2)
policy_str = '(2-GUEST)'
public_key = deserialize_charm_object(
data_owner.master_keypair.data_public, pairing_group)
new_private_key = deserialize_charm_object(new_private_key.data,
pairing_group)
ciphertext = cp_abe.encrypt(public_key, plaintext, policy_str)
decrypted_msg = cp_abe.decrypt(public_key, new_private_key, ciphertext)
assert plaintext == decrypted_msg.decode("utf-8")
def validate_token(bind, token):
s = Serializer(current_app.config['SECRET_KEY'])
try:
data = s.loads(token)
except SignatureExpired:
return False # valid token, but expired
except BadSignature:
return False # invalid token
if bind is None:
user = User.get_by_id(data['id'])
else:
user = AttrAuthUser.get_by_id(data['id'])
if user is not None:
return bcrypt.verify(data["token"], user.access_token)
return False