def test_get_private_key_based_on_owner_missing():
decryptor = Mock()
decryptor.private_keys = [
PrivateKey(challenger=AttrAuthUser(id=10)),
PrivateKey(challenger=AttrAuthUser(id=34)),
PrivateKey(challenger=AttrAuthUser(id=37))
]
owner = AttrAuthUser(id=235)
with pytest.raises(Exception):
get_private_key_based_on_owner(decryptor, owner)
def test_get_private_key_based_on_owner():
decryptor = Mock()
expected = PrivateKey(challenger=AttrAuthUser(id=10))
decryptor.private_keys = [
PrivateKey(challenger=AttrAuthUser(id=11)), expected,
PrivateKey(challenger=AttrAuthUser(id=25))
]
owner = expected.challenger
key = get_private_key_based_on_owner(decryptor, owner)
assert key == expected
def test_doesnt_have_key_from_owner(app_and_ctx, attr_auth_access_token_two):
app, ctx = app_and_ctx
with app.app_context():
receiver = AttrAuthUser.get_by_id(2)
owner = AttrAuthUser()
assert not already_has_key_from_owner(receiver, owner)
def test_delete_account(client, app_and_ctx):
server_data = {}
aa_data = {}
server_provider_token = "server_token"
aa_provider_token = "aa_token"
device_id = 99999
token_hash = bcrypt.using(rounds=13).hash(server_provider_token)
aa_token_hash = bcrypt.using(rounds=13).hash(aa_provider_token)
user = User(access_token=token_hash,
access_token_update=datetime.now(),
owned_devices=[
Device(id=device_id, name=b"test", correctness_hash="")
])
aa_user = AttrAuthUser(access_token=aa_token_hash,
access_token_update=datetime.now())
db.session.add(aa_user)
db.session.add(user)
db.session.commit()
app, ctx = app_and_ctx
with app.app_context():
server_data["access_token"] = generate_auth_token(
user.id, server_provider_token)
aa_data["access_token"] = generate_auth_token(user.id,
aa_provider_token)
assert db.session.query(User).filter(
User.access_token == token_hash).first() is not None
assert db.session.query(Device).filter(
Device.id == device_id).first() is not None
assert db.session.query(AttrAuthUser).filter(
AttrAuthUser.access_token == aa_token_hash).first() is not None
assert_got_data_from_post(client, '/delete_account', server_data)
assert_got_data_from_post(client, '/attr_auth/delete_account', aa_data)
assert db.session.query(User).filter(
User.access_token == token_hash).first() is None
assert db.session.query(Device).filter(
Device.id == device_id).first() is None
assert db.session.query(AttrAuthUser).filter(
AttrAuthUser.access_token == aa_token_hash).first() is None
def save_user(remote, user_info, token):
user = get_user(remote, user_info)
if user is None:
if remote.name == "github":
user = User(id=user_info["sub"],
name=user_info["preferred_username"],
email=parse_email(
query_github_api(token["access_token"])))
else:
user = AttrAuthUser(id=user_info["sub"],
name=user_info["preferred_username"])
db.session.flush()
user.access_token = bcrypt.using(rounds=13).hash(token["access_token"])
user.access_token_update = datetime.datetime.utcnow()
db.session.add(user)
db.session.commit()
return generate_auth_token(user.id, token["access_token"])
# pickle.dump(users, open("users.p", "wb"))
db.session.add_all(users)
db.session.add_all(device_types)
db.session.add_all(devices)
db.session.commit()
aa_users = []
for i, user in enumerate(users):
access_token = random_string()
token_hash = bcrypt.using(rounds=13).hash(access_token)
# noinspection PyArgumentList
aa_user = AttrAuthUser(name=user.name,
id=user.id,
access_token=token_hash,
access_token_update=random_date(d1, d2),
api_username=user.name)
keypair = MasterKeypair(data_public=keypairs[i][0],
data_master=keypairs[i][1],
attr_auth_user=aa_user)
keys["users"][user.id]["aa_access_token"] = generate_auth_token(
user.id, access_token).decode()
db.session.add(aa_user)
db.session.add(keypair)
db.session.flush()
attr_list = [
f"U-{user.id}", f"U-{user.id}-D-{user.owned_devices[0].id}",