def testVolumesForQueryOwner(self):
# Searching by owner with domain (e.g., example.com) in query should
# return the volume if the owner in datastore doesn't have domain. I.e.,
# searching for "*****@*****.**" should still find volumes with
# owner="lololol".
models.BitLockerVolume(
owner='lololol',
created_by=search.users.User('*****@*****.**'),
dn='CN;',
recovery_key=str(uuid.uuid4()),
parent_guid=str(uuid.uuid4()).upper(),
hostname=models.BitLockerVolume.NormalizeHostname('lololol'),
volume_uuid=str(uuid.uuid4()).upper()).put()
volumes = search.VolumesForQuery('owner:[email protected]',
'bitlocker')
self.assertEqual(1, len(volumes))
self.assertEqual(models.BitLockerVolume.NormalizeHostname('lololol'),
volumes[0].hostname)
# Searching by owner without domain (e.g., example.com) in query should
# still return the volume if the owner in datastore does have domain. I.e.,
# searching for "stub1337" should still find volumes with
# owner="*****@*****.**".
models.BitLockerVolume(
owner='*****@*****.**',
created_by=search.users.User('*****@*****.**'),
dn='CN;',
recovery_key=str(uuid.uuid4()),
parent_guid=str(uuid.uuid4()).upper(),
hostname=models.BitLockerVolume.NormalizeHostname('stub1337'),
volume_uuid=str(uuid.uuid4()).upper()).put()
volumes = search.VolumesForQuery('owner:stub1337', 'bitlocker')
self.assertEqual(1, len(volumes))
self.assertEqual(models.BitLockerVolume.NormalizeHostname('stub1337'),
volumes[0].hostname)
def testByPermSilentRetrieveUser(self):
mock_user = self.mox.CreateMockAnything(models.User)
mock_user.user = self.mox.CreateMockAnything(users.User)
mock_user.user.email = lambda: '*****@*****.**'
mock_entity = models.BitLockerVolume()
self.mox.StubOutWithMock(self.c, 'RenderTemplate')
data = self._GetDataDict(mock_entity, mock_user)
self.c.RenderTemplate('retrieval_email.txt', data,
response_out=False).AndReturn('body')
self.mox.StubOutWithMock(util, 'SendEmail')
self.mox.StubOutWithMock(settings, 'RETRIEVE_AUDIT_ADDRESSES')
settings.RETRIEVE_AUDIT_ADDRESSES = ['*****@*****.**']
self.mox.StubOutWithMock(self.c, 'VerifyPermissions')
self.c.VerifyPermissions(permissions.SILENT_RETRIEVE, user=mock_user)
util.SendEmail([mock_user.user.email()] +
settings.SILENT_AUDIT_ADDRESSES,
settings.BITLOCKER_RETRIEVAL_EMAIL_SUBJECT, 'body')
self.mox.ReplayAll()
self.c.SendRetrievalEmail(mock_entity, mock_user)
self.mox.VerifyAll()
def setUp(self):
super(SearchModuleTest, self).setUp()
test_util.SetUpTestbedTestCase(self)
models.BitLockerVolume(
owner='stub',
dn='CN;',
created_by=search.users.User('*****@*****.**'),
recovery_key=str(uuid.uuid4()),
parent_guid=str(uuid.uuid4()).upper(),
hostname=models.BitLockerVolume.NormalizeHostname('workstation'),
volume_uuid=str(uuid.uuid4()).upper()).put()
models.BitLockerVolume(
owner='stub7',
created_by=search.users.User('*****@*****.**'),
dn='CN;',
recovery_key=str(uuid.uuid4()),
parent_guid=str(uuid.uuid4()).upper(),
hostname=models.BitLockerVolume.NormalizeHostname('foohost'),
volume_uuid=str(uuid.uuid4()).upper()).put()
def testSucceed(self):
vol_uuid = str(uuid.uuid4()).upper()
secret = str(uuid.uuid4())
models.User(
key_name='*****@*****.**', user=users.get_current_user(),
email='*****@*****.**',
provisioning_perms=[permissions.RETRIEVE],
).put()
models.BitLockerVolume(
key_name=vol_uuid, owner='stub',
dn='stub', hostname='stub', parent_guid='stub', recovery_key=secret,
).put()
with mock.patch.object(handlers, 'settings') as mock_settings:
mock_settings.XSRF_PROTECTION_ENABLED = False
resp = gae_main.app.get_response(
'/bitlocker/%s?only_verify_escrow=1' % vol_uuid)
self.assertEqual(200, resp.status_int)
self.assertIn('Escrow verified', resp.body)
def MakeBitLockerVolume(save=True, **kwargs):
"""Put default BitlockerVolume to datastore."""
volume_uuid = str(uuid.uuid4()).upper()
hostname = models.BitLockerVolume.NormalizeHostname(
volume_uuid + '.example.com')
defaults = {
'hostname': hostname,
'cn': 'what',
'dn': 'why',
'parent_guid': '1337',
'recovery_key': '123456789',
'volume_uuid': volume_uuid,
'tag': 'default',
}
defaults.update(kwargs)
volume = models.BitLockerVolume(**defaults)
if save:
volume.put()
return volume
def _CreateNewSecretEntity(self, unused_owner, volume_uuid, secret):
return models.BitLockerVolume(
volume_uuid=volume_uuid,
recovery_key=str(secret))
