def test_it_checks_settings(self, settings):
"""Test that each required key is required individually"""
# Leave out URL
settings.AUTOGRAPH_URL = None
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
with pytest.raises(ImproperlyConfigured) as exc:
Autographer()
assert 'AUTOGRAPH_URL' in str(exc)
# Leave out HAWK_ID
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = None
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
with pytest.raises(ImproperlyConfigured) as exc:
Autographer()
assert 'AUTOGRAPH_HAWK_ID' in str(exc)
# Leave out HAWK_SECRET_KEY
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = None
with pytest.raises(ImproperlyConfigured) as exc:
Autographer()
assert 'AUTOGRAPH_HAWK_SECRET_KEY' in str(exc)
# Include everything
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
# assert doesn't raise
Autographer()
def update_signatures(self):
"""
Update the signatures on all Recipes in the queryset.
"""
# Convert to a list because order must be preserved
recipes = list(self)
try:
autographer = Autographer()
except ImproperlyConfigured:
for recipe in recipes:
recipe.signature = None
recipe.save()
return
recipe_ids = [r.id for r in recipes]
logger.info(
f'Requesting signatures for recipes with ids [{recipe_ids}] from Autograph',
extra={
'code': INFO_REQUESTING_RECIPE_SIGNATURES,
'recipe_ids': recipe_ids
})
canonical_jsons = [r.canonical_json() for r in recipes]
signatures_data = autographer.sign_data(canonical_jsons)
for recipe, sig_data in zip(recipes, signatures_data):
signature = Signature(**sig_data)
signature.save()
recipe.signature = signature
recipe.save()
def test_it_interacts_with_autograph_correctly(self, settings):
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
autographer = Autographer()
autographer.session = MagicMock()
autographer.session.post.return_value.json.return_value = [
{
'content-signature': (
'x5u="https://example.com/fake_x5u_1";p384ecdsa=fake_signature_1'
),
'x5u': 'https://example.com/fake_x5u_1',
'hash_algorithm': 'sha384',
'ref': 'fake_ref_1',
'signature': 'fake_signature_1',
'public_key': 'fake_pubkey_1',
},
{
'content-signature': (
'x5u="https://example.com/fake_x5u_2";p384ecdsa=fake_signature_2'
),
'x5u': 'https://example.com/fake_x5u_2',
'hash_algorithm': 'sha384',
'ref': 'fake_ref_2',
'signature': 'fake_signature_2',
'public_key': 'fake_pubkey_2',
}
]
url = self.test_settings['URL'] + 'sign/data'
foo_base64 = base64.b64encode(b'foo').decode('utf8')
bar_base64 = base64.b64encode(b'bar').decode('utf8')
# Assert the correct data is returned
assert autographer.sign_data([b'foo', b'bar']) == [
{
'timestamp': Whatever(),
'signature': 'fake_signature_1',
'x5u': 'https://example.com/fake_x5u_1',
'public_key': 'fake_pubkey_1',
},
{
'timestamp': Whatever(),
'signature': 'fake_signature_2',
'x5u': 'https://example.com/fake_x5u_2',
'public_key': 'fake_pubkey_2',
}
]
# Assert the correct request was made
assert autographer.session.post.called_once_with(
[url, [
{'template': 'content-signature', 'input': foo_base64},
{'template': 'content-signature', 'input': bar_base64},
]]
)
def update_signature(self):
autographer = Autographer()
logger.info(
'Requesting signatures for recipes with ids [%s] from Autograph',
self.id,
extra={'recipe_ids': [self.id]})
signature_data = autographer.sign_data([self.canonical_json()])[0]
signature = Signature(**signature_data)
signature.save()
self.signature = signature
def update_signature(self):
autographer = Autographer()
logger.info(
f'Requesting signatures for recipes with ids [{self.id}] from Autograph',
extra={'code': INFO_REQUESTING_RECIPE_SIGNATURES, 'recipe_ids': [self.id]}
)
signature_data = autographer.sign_data([self.canonical_json()])[0]
signature = Signature(**signature_data)
signature.save()
self.signature = signature
def update_signatures(self):
"""
Update the signatures on all Recipes in the queryset.
"""
autographer = Autographer()
# Convert to a list because order must be preserved
recipes = list(self)
recipe_ids = [r.id for r in recipes]
logger.info(
'Requesting signatures for recipes with ids [%s] from Autograph',
(recipe_ids, ),
extra={'recipe_ids': recipe_ids})
canonical_jsons = [r.canonical_json() for r in recipes]
signatures_data = autographer.sign_data(canonical_jsons)
for recipe, sig_data in zip(recipes, signatures_data):
signature = Signature(**sig_data)
signature.save()
recipe.signature = signature
recipe.save()
def test_it_interacts_with_autograph_correctly(self, settings,
mock_logger):
settings.AUTOGRAPH_URL = 'https://autograph.example.com'
settings.AUTOGRAPH_HAWK_ID = 'hawk id'
settings.AUTOGRAPH_HAWK_SECRET_KEY = 'hawk secret key'
autographer = Autographer()
autographer.session = MagicMock()
autographer.session.post.return_value.json.return_value = [{
'content-signature':
('x5u="https://example.com/fake_x5u_1";p384ecdsa=fake_signature_1'
),
'x5u':
'https://example.com/fake_x5u_1',
'hash_algorithm':
'sha384',
'ref':
'fake_ref_1',
'signature':
'fake_signature_1',
'public_key':
'fake_pubkey_1',
}, {
'content-signature':
('x5u="https://example.com/fake_x5u_2";p384ecdsa=fake_signature_2'
),
'x5u':
'https://example.com/fake_x5u_2',
'hash_algorithm':
'sha384',
'ref':
'fake_ref_2',
'signature':
'fake_signature_2',
'public_key':
'fake_pubkey_2',
}]
url = self.test_settings['URL'] + 'sign/data'
foo_base64 = base64.b64encode(b'foo').decode('utf8')
bar_base64 = base64.b64encode(b'bar').decode('utf8')
# Assert the correct data is returned
assert autographer.sign_data([b'foo', b'bar']) == [{
'timestamp':
Whatever(),
'signature':
'fake_signature_1',
'x5u':
'https://example.com/fake_x5u_1',
'public_key':
'fake_pubkey_1',
}, {
'timestamp':
Whatever(),
'signature':
'fake_signature_2',
'x5u':
'https://example.com/fake_x5u_2',
'public_key':
'fake_pubkey_2',
}]
# Assert that logging happened
mock_logger.info.assert_called_with(
Whatever.contains('2'), extra={'code': INFO_RECEIVED_SIGNATURES})
# Assert the correct request was made
assert autographer.session.post.called_once_with([
url,
[
{
'template': 'content-signature',
'input': foo_base64
},
{
'template': 'content-signature',
'input': bar_base64
},
]
])
