def test_secret(db, config, encrypt): """ If encryption is enabled, ensure that: * secrets are encrypted. * secrets are decrypted correctly on retrieval. * secrets are bytes. """ config["ENCRYPT_SECRETS"] = encrypt bytes_secret = b"\xff\x00\xf1" unicode_secret = u"foo\u00a0" secret = Secret() secret.type = "password" secret.secret = bytes_secret db.session.add(secret) db.session.commit() secret = db.session.query(Secret).get(secret.id) if encrypt: assert secret._secret != bytes_secret, "secret is not encrypted" else: assert secret._secret == bytes_secret assert secret.secret == bytes_secret, "secret not decrypted correctly" secret.secret = unicode_secret assert secret.secret == unicode_secret.encode("utf8")
def test_secret(db, config, encrypt): """ If encryption is enabled, ensure that: * secrets are encrypted. * secrets are decrypted correctly on retrieval. * secrets are bytes. """ config['ENCRYPT_SECRETS'] = encrypt bytes_secret = b'\xff\x00\xf1' unicode_secret = u'foo\u00a0' secret = Secret() secret.type = 'password' secret.secret = bytes_secret db.session.add(secret) db.session.commit() secret = db.session.query(Secret).get(secret.id) if encrypt: assert secret._secret != bytes_secret, 'secret is not encrypted' else: assert secret._secret == bytes_secret assert secret.secret == bytes_secret, 'secret not decrypted correctly' with pytest.raises(TypeError) as e: secret.secret = unicode_secret assert e.typename == 'TypeError', 'secret cannot be unicode'
def test_secret(db, config): """ Ensure secrets are encrypted. Ensure secret are decrypted correctly on retrieval. Ensure secrets are bytes. """ bytes_secret = b'\xff\x00\xf1' unicode_secret = u'foo\u00a0' secret = Secret() secret.type = 'password' secret.secret = bytes_secret db.session.add(secret) db.session.commit() secret = db.session.query(Secret).get(secret.id) assert secret._secret != bytes_secret, 'secret is not encrypted' assert secret.secret == bytes_secret, 'secret not decrypted correctly' with pytest.raises(TypeError) as e: secret.secret = unicode_secret assert e.typename == 'TypeError', 'secret cannot be unicode'
def set_secret(self, secret_type, secret_value): # type: (SecretType, bytes) -> None if not self.secret: self.secret = Secret() self.secret.type = secret_type.value self.secret.secret = secret_value
def imap_password(self, value): # type: (Union[str, bytes]) -> None value = self.valid_password(value) # type: bytes if not self.imap_secret: self.imap_secret = Secret() self.imap_secret.secret = value self.imap_secret.type = "password"
def upgrade(): from inbox.ignition import main_engine engine = main_engine(pool_size=1, max_overflow=0) Base = sa.ext.declarative.declarative_base() Base.metadata.reflect(engine) from inbox.models.session import session_scope from inbox.models.secret import Secret if 'easaccount' in Base.metadata.tables: op.add_column('easaccount', sa.Column('password_id', sa.Integer())) class EASAccount(Base): __table__ = Base.metadata.tables['easaccount'] with session_scope(ignore_soft_deletes=False, versioned=False) as \ db_session: accounts = db_session.query(EASAccount).all() print '# EAS accounts: ', len(accounts) for a in accounts: value = a.password if isinstance(value, unicode): value = value.encode('utf-8') if b'\x00' in value: print 'Invalid password for account_id: {0}, skipping'.\ format(a.id) continue secret = Secret() secret.secret = value secret.type = 'password' a.password_id = secret.id db_session.add(secret) db_session.add(a) assert a.password == value db_session.commit() op.drop_column('easaccount', 'password')
def refresh_token(self, value): # Must be a valid UTF-8 byte sequence without NULL bytes. if isinstance(value, unicode): value = value.encode('utf-8') try: unicode(value, 'utf-8') except UnicodeDecodeError: raise ValueError('Invalid refresh_token') if b'\x00' in value: raise ValueError('Invalid refresh_token') #TODO[k]: Session should not be grabbed here with session_scope() as db_session: secret = Secret() secret.secret = value secret.type = 'token' db_session.add(secret) db_session.commit() self.refresh_token_id = secret.id
def refresh_token(self, value): # Must be a valid UTF-8 byte sequence without NULL bytes. if isinstance(value, unicode): value = value.encode('utf-8') try: unicode(value, 'utf-8') except UnicodeDecodeError: raise ValueError('Invalid refresh_token') if b'\x00' in value: raise ValueError('Invalid refresh_token') if not self.refresh_token_secret: self.refresh_token_secret = Secret() self.refresh_token_secret.secret = value self.refresh_token_secret.type = 'token'
def set_secret(self, secret_type, secret_value): if not self.secret: self.secret = Secret() self.secret.type = secret_type.value self.secret.secret = secret_value
def smtp_password(self, value): value = self.valid_password(value) if not self.smtp_secret: self.smtp_secret = Secret() self.smtp_secret.secret = value self.smtp_secret.type = "password"
def imap_password(self, value): value = self.valid_password(value) if not self.imap_secret: self.imap_secret = Secret() self.imap_secret.secret = value self.imap_secret.type = 'password'
def put(self, value, type=0, acl=0): with session_scope() as db_session: secret = Secret(secret=value, type=type, acl_id=acl) db_session.add(secret) db_session.commit() return secret.id