def testPutWithExistingOwnerModified(self):
self.fvv.put()
fvv = models.FileVaultVolume(**self.fvv_data)
fvv.owner = 'new_owner1'
fvv.put()
fvv = models.FileVaultVolume(**self.fvv_data)
fvv.owner = 'new_owner2'
fvv.put()
def testPutWithExistingDataModified(self):
self.fvv.put()
num_of_modifications = 1
for name, prop in self.fvv.properties().iteritems():
old_value = getattr(self.fvv, name)
if name == 'active':
continue
if isinstance(prop, db.DateTimeProperty):
continue
elif isinstance(prop, db.BooleanProperty):
new_value = not bool(old_value)
elif isinstance(prop, db.UserProperty):
new_value = users.User('*****@*****.**')
elif isinstance(prop, db.StringListProperty):
# owners does not have setter yet.
continue
else:
new_value = 'JUNK'
fvv = models.FileVaultVolume(**self.fvv_data)
setattr(fvv, name, new_value)
fvv.put()
num_of_modifications += 1
volumes = models.FileVaultVolume.all().fetch(999)
self.assertEqual(num_of_modifications, len(volumes))
def setUp(self):
super(FileVaultChangeOwnerAccessHandlerTest, self).setUp()
settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT
settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF
test_util.SetUpTestbedTestCase(self)
self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0'
self.user = base.User(key_name='*****@*****.**',
user=users.User('*****@*****.**'))
self.user.filevault_perms = [permissions.CHANGE_OWNER]
self.user.put()
fvv = models.FileVaultVolume(
hdd_serial='XX123456',
platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
serial='XX123456',
passphrase='SECRET',
volume_uuid=self.volume_uuid,
created_by=users.User('*****@*****.**'))
volume_id = fvv.put()
self.change_owner_url = '/api/internal/change-owner/filevault/%s/' % (
volume_id)
def _EscrowPassphrase(self, passphrase):
fvv = models.FileVaultVolume(
hdd_serial='XX123456',
platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
serial='XX123456',
passphrase=passphrase,
volume_uuid=self.volume_uuid,
created_by=users.User('*****@*****.**'))
return fvv.put()
def MakeFileVaultVolume(save=True, **kwargs):
"""Create and return a FileVaultVolume."""
defaults = {
'hdd_serial': 'blah',
'passphrase': '123456789',
'volume_uuid': str(uuid.uuid4()).upper(),
'owner': 'someone',
'serial': 'foo',
'platform_uuid': 'bar',
}
defaults.update(kwargs)
volume = volumes.FileVaultVolume(**defaults)
if save:
volume.put()
return volume
def testCheckAuthzOwnerOk(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
base.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
owner='stub7', volume_uuid=vol_uuid, passphrase=secret,
hdd_serial='stub', platform_uuid='stub', serial='stub',
).put()
with mock.patch.object(util, 'SendEmail') as _:
resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid)
self.assertEqual(httplib.OK, resp.status_int)
self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testVolumeUuidValid(self):
vol_uuid = str(uuid.uuid4()).upper()
base.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
owner='stub', volume_uuid=vol_uuid, serial='stub',
passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub',
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid)
self.assertEqual(httplib.OK, resp.status_int)
self.assertIn('"passphrase": "stub_pass1"', resp.body)
def testVolumeUuidValid(self):
vol_uuid = str(uuid.uuid4()).upper()
base.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
owner='stub7', volume_uuid=vol_uuid, serial='stub',
passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub',
).put()
resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid)
self.assertEqual(httplib.OK, resp.status_int)
self.assertIn('"passphrase": "stub_pass1"', resp.body)
volumes = models.FileVaultVolume.all().fetch(None)
self.assertEqual(1, len(volumes))
self.assertTrue(volumes[0].force_rekeying)
def testCheckAuthzOwnerFail(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
base.User(
key_name='*****@*****.**', user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
owner='stub2', volume_uuid=vol_uuid, passphrase=secret,
hdd_serial='stub', platform_uuid='stub', serial='stub',
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
with mock.patch.object(util, 'SendEmail') as _:
resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid)
self.assertEqual(httplib.FORBIDDEN, resp.status_int)
self.assertIn('Access denied.', resp.body)
def setUp(self):
super(FileVaultVolumeTest, self).setUp()
self.fvv_data = {
'hdd_serial': 'XX123456',
'platform_uuid': 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0',
'serial': 'XX123456',
'passphrase': 'SECRET',
'volume_uuid': '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0',
'created_by': users.User('*****@*****.**'),
}
self.fvv = models.FileVaultVolume(**self.fvv_data)
# Ensure we use KEY_TYPE_DATASTORE_FILEVAULT and KEY_TYPE_DATASTORE_XSRF for
# tests.
self.key_type_default_filevault_save = settings.KEY_TYPE_DEFAULT_FILEVAULT
self.key_type_default_xsrf_save = settings.KEY_TYPE_DEFAULT_XSRF
settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT
settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF
def testCheckAuthzOwnerFail(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
base.User(
key_name='*****@*****.**',
user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE_OWN],
).put()
models.FileVaultVolume(
owners=['stub2'],
volume_uuid=vol_uuid,
passphrase=secret,
hdd_serial='stub',
platform_uuid='stub',
serial='stub',
).put()
with mock.patch.object(util, 'SendEmail') as _:
resp = self.testapp.get('/filevault/%s?json=1' % vol_uuid,
status=httplib.FORBIDDEN)
self.assertIn('Access denied.', resp.body)
def testCheckAuthzGlobalOk(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
base.User(
key_name='*****@*****.**',
user=users.get_current_user(),
filevault_perms=[permissions.RETRIEVE],
).put()
volume_id = models.FileVaultVolume(
owners=['stub2'],
volume_uuid=vol_uuid,
passphrase=secret,
hdd_serial='stub',
platform_uuid='stub',
serial='stub',
).put()
with mock.patch.object(util, 'SendEmail') as _:
resp = self.testapp.get('/filevault/%s?json=1&id=%s' %
(vol_uuid, volume_id),
status=httplib.OK)
self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testPutWithoutKeyName(self):
fvv = models.FileVaultVolume()
self.assertRaises(models.FileVaultAccessError, fvv.put)
def testPutSuccess(self):
fvv = models.FileVaultVolume()
for p in models.FileVaultVolume.REQUIRED_PROPERTIES:
setattr(fvv, p, 'something')
fvv.put()
def testPutWithEmptyRequiredProperty(self):
key_name = u'foo'
fvv = models.FileVaultVolume(key_name=key_name)
self.assertRaises(models.FileVaultAccessError, fvv.put)
def _CreateNewSecretEntity(self, owner, volume_uuid, secret):
return models.FileVaultVolume(
owner=owner,
volume_uuid=volume_uuid,
passphrase=str(secret))
