def setUp(self): box = PrivateKey.generate() private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder) public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder) private_key_hex = encrypt_with_db_secret(private_key_hex.decode()) public_key_hex = encrypt_with_db_secret(public_key_hex.decode()) self.cluster = models.Fileserver_Cluster.objects.create( title='Some Title', auth_public_key=public_key_hex, auth_private_key=private_key_hex, file_size_limit=0, ) self.shard = models.Fileserver_Shard.objects.create( title='Some Title', description='Some description', ) self.link = models.Fileserver_Cluster_Shard_Link.objects.create( cluster=self.cluster, shard=self.shard, read=True, write=True, )
def setUp(self): box = PrivateKey.generate() private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder) public_key_hex = box.public_key.encode( encoder=nacl.encoding.HexEncoder) private_key_hex = encrypt_with_db_secret(private_key_hex.decode()) public_key_hex = encrypt_with_db_secret(public_key_hex.decode()) self.cluster = models.Fileserver_Cluster.objects.create( title='Some Title', auth_public_key=public_key_hex, auth_private_key=private_key_hex, file_size_limit=0, )
def setUp(self): self.test_email = encrypt_with_db_secret(''.join(random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**') self.test_email2 = encrypt_with_db_secret(''.join(random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**') self.test_email_bcrypt = 'a' self.test_email_bcrypt2 = 'b' self.test_username = ''.join(random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_username2 = ''.join(random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_authkey = binascii.hexlify(os.urandom(settings.AUTH_KEY_LENGTH_BYTES)).decode() self.test_public_key = binascii.hexlify(os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() self.test_private_key = binascii.hexlify(os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() self.test_private_key_nonce = binascii.hexlify(os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_private_key_nonce2 = binascii.hexlify(os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key = binascii.hexlify(os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() self.test_secret_key_nonce = binascii.hexlify(os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key_nonce2 = binascii.hexlify(os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_user_sauce = '6df1f310730e5464ce23e05fa4eca0de3fe30805fc8cc1d6b37389262e4bd9c3' self.test_user_obj = models.User.objects.create( email=self.test_email, email_bcrypt=self.test_email_bcrypt, username=self.test_username, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce, user_sauce=self.test_user_sauce, is_email_active=True ) self.admin = models.User.objects.create( email=self.test_email2, email_bcrypt=self.test_email_bcrypt2, username=self.test_username2, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce2, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce2, user_sauce=self.test_user_sauce, is_email_active=True, is_superuser=True )
def setUp(self): self.test_email = "*****@*****.**" self.test_email_bcrypt = "a" self.test_username = "******" self.test_password = "******" self.test_authkey = "c55066421a559f76d8ed5227622e9f95a0c67df15220e40d7bc98a8a598124fa15373ac553ef3ee27c7" \ "123d6be058e6d43cc71c1b666bdecaf33b734c8583a93" self.test_public_key = "5706a5648debec63e86714c8c489f08aee39477487d1b3f39b0bbb05dbd2c649" self.test_secret_key = "a7d028388e9d80f2679c236ebb2d0fedc5b7b0a28b393f6a20cc8f6be636aa71" self.test_secret_key_enc = "77cde8ff6a5bbead93588fdcd0d6346bb57224b55a49c0f8a22a807bf6414e4d82ff60711422" \ "996e4a26de599982d531eef3098c9a531a05f75878ac0739571d6a242e6bf68c2c28eadf1011" \ "571a48eb" self.test_secret_key_nonce = "f580cc9900ce7ae8b6f7d2bab4627e9e689dca0f13a53e3c" self.test_private_key = "d636f7cc20384475bdc30c3ede98f719ee09d1fd4709276103772dd9479f353c" self.test_private_key_enc = "abddebec9d20cecf7d1cab95ad6c6394db3826856bf21c2c6af9954e9816c2239f5df697e52" \ "d60785eb1136803407b69729c38bb50eefdd2d24f2fa0f104990eee001866ba83704cf4f576" \ "a74b9b2452" self.test_private_key_nonce = "4298a9ab3d9d5d8643dfd4445adc30301b565ab650497fb9" self.test_user_obj = models.User.objects.create( email=self.test_email, email_bcrypt=self.test_email_bcrypt, username=self.test_username, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key_enc, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key_enc, secret_key_nonce=self.test_secret_key_nonce, user_sauce= '082202ea53a9f64459b8217ebbdea19f6cb385d8d529327053f54a9b9861dcf1', is_email_active=True, duo_enabled=True, google_authenticator_enabled=True, yubikey_otp_enabled=True, ) models.Google_Authenticator.objects.create(user=self.test_user_obj, title='My TItle', secret='1234') models.Duo.objects.create( user=self.test_user_obj, title='My Sweet Title', duo_integration_key='duo_integration_key', duo_secret_key=encrypt_with_db_secret('duo_secret_key'), duo_host='duo_secret_key', enrollment_user_id='enrollment_user_id', enrollment_activation_code='enrollment_activation_code', enrollment_expiration_date=timezone.now(), ) models.Yubikey_OTP.objects.create(user=self.test_user_obj, title='My TItle', yubikey_id='1234')
def setUp(self): box = PrivateKey.generate() self.cluster_private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder).decode() self.cluster_public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder).decode() private_key = encrypt_with_db_secret(self.cluster_private_key_hex) public_key = encrypt_with_db_secret(self.cluster_public_key_hex) self.cluster1 = Fileserver_Cluster.objects.create( title='Some Fileserver Cluster Title', auth_public_key=public_key, auth_private_key=private_key, file_size_limit=0, ) self.shard1 = Fileserver_Shard.objects.create( title='Some Shard Title', description='Some Shard Description', ) self.link1 = Fileserver_Cluster_Shard_Link.objects.create( cluster=self.cluster1, shard=self.shard1, read=True, write=True, ) token_hash = TokenAuthentication.user_token_to_token_hash('abc') self.fileserver1 = Fileserver_Cluster_Members.objects.create( create_ip='127.0.0.1', fileserver_cluster=self.cluster1, key=token_hash, public_key=binascii.hexlify(os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(), secret_key=binascii.hexlify(os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(), url='https://fs01.example.com/fileserver', read=True, write=True, delete_capability=True, valid_till=timezone.now() + datetime.timedelta(seconds=30), )
def create_cluster(title: str, file_size_limit=None, fix_cluster_id=None) -> dict: box = PrivateKey.generate() private_key_hex = box.encode(encoder=nacl.encoding.HexEncoder) public_key_hex = box.public_key.encode(encoder=nacl.encoding.HexEncoder) private_key_hex = encrypt_with_db_secret(private_key_hex.decode()) public_key_hex = encrypt_with_db_secret(public_key_hex.decode()) try: cluster = Fileserver_Cluster.objects.get(pk=fix_cluster_id) except Fileserver_Cluster.DoesNotExist: cluster = Fileserver_Cluster.objects.create( pk=fix_cluster_id, title=title, auth_public_key=public_key_hex, auth_private_key=private_key_hex, file_size_limit=file_size_limit, ) return {'cluster': cluster}
def validate(self, attrs: dict) -> dict: user_id = attrs.get('user_id') is_active = attrs.get('is_active', None) is_email_active = attrs.get('is_email_active', None) is_superuser = attrs.get('is_superuser', None) email = attrs.get('email') try: user = User.objects.get(pk=user_id) except User.DoesNotExist: msg = "NO_PERMISSION_OR_NOT_EXIST" raise exceptions.ValidationError(msg) if email is not None: email = email.lower().strip() if len(settings.REGISTRATION_EMAIL_FILTER) > 0: email_prefix, domain = email.split("@") if domain not in settings.REGISTRATION_EMAIL_FILTER: msg = _('E-Mail not allowed to register.') raise exceptions.ValidationError(msg) # generate bcrypt with static salt. # I know its bad to use static salts, but its the best solution I could come up with, # if you want to store emails encrypted while not having to decrypt all emails for duplicate email hunt # Im aware that this allows attackers with this fix salt to "mass" attack all emails. # if you have a better solution, please let me know. email_bcrypt_full = bcrypt.hashpw(email.encode(), settings.EMAIL_SECRET_SALT.encode()) email_bcrypt = email_bcrypt_full.decode().replace(settings.EMAIL_SECRET_SALT, '', 1) if User.objects.filter(email_bcrypt=email_bcrypt).exclude(pk=user_id).exists(): msg = _('E-Mail already exists.') raise exceptions.ValidationError(msg) attrs['email_bcrypt'] = email_bcrypt # normally encrypt emails, so they are not stored in plaintext with a random nonce email = encrypt_with_db_secret(email) attrs['user'] = user attrs['email'] = email attrs['is_active'] = is_active attrs['is_email_active'] = is_email_active attrs['is_superuser'] = is_superuser return attrs
def setUp(self): self.test_email = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_email_bcrypt = bcrypt.hashpw( self.test_email.encode(), settings.EMAIL_SECRET_SALT.encode()).decode().replace( settings.EMAIL_SECRET_SALT, '', 1) self.test_username = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_authkey = binascii.hexlify( os.urandom(settings.AUTH_KEY_LENGTH_BYTES)).decode() self.test_public_key = binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() self.test_private_key = binascii.hexlify( os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() self.test_private_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key = binascii.hexlify( os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() self.test_secret_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_user_sauce = '0ee09a1a2c32b240d4ac9642b218adf01c88948aa2a90f1466a8217623fc1b7e' self.test_user_obj = models.User.objects.create( username=self.test_username, email=encrypt_with_db_secret(self.test_email), email_bcrypt=self.test_email_bcrypt, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce, user_sauce=self.test_user_sauce, is_email_active=False)
def setUp(self): self.test_email = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_email2 = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_email_bcrypt = 'a' self.test_email_bcrypt2 = 'b' self.test_username = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_username2 = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_authkey = binascii.hexlify( os.urandom(settings.AUTH_KEY_LENGTH_BYTES)).decode() self.test_public_key = binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() self.test_private_key = binascii.hexlify( os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() self.test_private_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_private_key_nonce2 = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key = binascii.hexlify( os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() self.test_secret_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key_nonce2 = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_user_sauce = '6df1f310730e5464ce23e05fa4eca0de3fe30805fc8cc1d6b37389262e4bd9c3' self.test_user_obj = models.User.objects.create( email=self.test_email, email_bcrypt=self.test_email_bcrypt, username=self.test_username, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce, user_sauce=self.test_user_sauce, is_email_active=True) self.admin = models.User.objects.create( email=self.test_email2, email_bcrypt=self.test_email_bcrypt2, username=self.test_username2, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce2, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce2, user_sauce=self.test_user_sauce, is_email_active=True, is_superuser=True) self.duo = models.Duo.objects.create( user=self.test_user_obj, title='My Sweet Title', duo_integration_key='duo_integration_key', duo_secret_key=encrypt_with_db_secret('duo_secret_key'), duo_host='duo_secret_key', enrollment_user_id='enrollment_user_id', enrollment_activation_code='enrollment_activation_code', enrollment_expiration_date=timezone.now() + timedelta(seconds=600), )
def setUp(self): self.test_email = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_email_bcrypt = 'a' self.test_username = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_authkey = binascii.hexlify( os.urandom(settings.AUTH_KEY_LENGTH_BYTES)).decode() self.test_public_key = binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() self.test_private_key = binascii.hexlify( os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() self.test_private_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key = binascii.hexlify( os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() self.test_secret_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_user_sauce = 'd22f5797cfd438f212bb0830da488f0555487697ad4041bbcbf5b08bc297e117' self.test_user_obj = models.User.objects.create( email=self.test_email, email_bcrypt=self.test_email_bcrypt, username=self.test_username, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key, secret_key_nonce=self.test_secret_key_nonce, user_sauce=self.test_user_sauce, is_email_active=True) self.test_email2 = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_email_bcrypt2 = "b" self.test_username2 = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '*****@*****.**' self.test_authkey2 = binascii.hexlify( os.urandom(settings.AUTH_KEY_LENGTH_BYTES)).decode() self.test_public_key2 = binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() self.test_private_key2 = binascii.hexlify( os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() self.test_private_key_nonce2 = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_secret_key2 = binascii.hexlify( os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() self.test_secret_key_nonce2 = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() self.test_user_sauce2 = 'a67fef1ff29eb8f866feaccad336fc6311fa4c71bc183b14c8fceff7416add99' self.test_user_obj2 = models.User.objects.create( username=self.test_username2, email=encrypt_with_db_secret(self.test_email2), email_bcrypt=self.test_email_bcrypt2, authkey=make_password(self.test_authkey2), public_key=self.test_public_key2, private_key=self.test_private_key2, private_key_nonce=self.test_private_key_nonce2, secret_key=self.test_secret_key2, secret_key_nonce=self.test_secret_key_nonce2, user_sauce=self.test_user_sauce2, is_email_active=True) self.user_token = ''.join( random.choice(string.ascii_lowercase) for _ in range(64)) self.user_db_token = models.Token.objects.create( key=TokenAuthentication.user_token_to_token_hash(self.user_token), user=self.test_user_obj, secret_key=binascii.hexlify(os.urandom(32)).decode(), valid_till=timezone.now() + timedelta(seconds=10), active=True, ) # Create Fileserver box = PrivateKey.generate() self.cluster_private_key_hex = box.encode( encoder=nacl.encoding.HexEncoder).decode() self.cluster_public_key_hex = box.public_key.encode( encoder=nacl.encoding.HexEncoder).decode() private_key = encrypt_with_db_secret(self.cluster_private_key_hex) public_key = encrypt_with_db_secret(self.cluster_public_key_hex) self.cluster1 = models.Fileserver_Cluster.objects.create( title='Some Fileserver Cluster Title', auth_public_key=public_key, auth_private_key=private_key, file_size_limit=0, ) self.shard1 = models.Fileserver_Shard.objects.create( title='Some Shard Title', description='Some Shard Description', ) self.link1 = models.Fileserver_Cluster_Shard_Link.objects.create( cluster=self.cluster1, shard=self.shard1, read=True, write=True, ) token_hash = TokenAuthentication.user_token_to_token_hash('abc') self.fileserver1 = models.Fileserver_Cluster_Members.objects.create( create_ip='127.0.0.1', fileserver_cluster=self.cluster1, key=token_hash, public_key=binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(), secret_key=binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode(), url='https://fs01.example.com/fileserver', read=True, write=True, delete_capability=True, valid_till=timezone.now() + datetime.timedelta(seconds=30), ) models.Fileserver_Cluster_Member_Shard_Link.objects.create( shard=self.shard1, member=self.fileserver1, read=True, write=True, delete_capability=True, ip_read_whitelist=json.dumps([]), ip_read_blacklist=json.dumps([]), ip_write_whitelist=json.dumps([]), ip_write_blacklist=json.dumps([]), ) self.file_size = 140 self.file = models.File.objects.create( shard=self.shard1, file_repository_id=None, chunk_count=1, size=self.file_size, user=self.test_user_obj, ) self.file_transfer = models.File_Transfer.objects.create( user=self.test_user_obj, shard=self.shard1, file_repository_id=self.file.file_repository_id, file=self.file, size=self.file_size, size_transferred=0, chunk_count=1, chunk_count_transferred=0, credit=0, type='upload', )
def setUp(self): self.test_email = "*****@*****.**" self.test_email_bcrypt = "a" self.test_email2 = "*****@*****.**" self.test_email_bcrypt2 = "b" self.test_username = "******" self.test_username2 = "*****@*****.**" self.test_password = "******" self.test_authkey = "c55066421a559f76d8ed5227622e9f95a0c67df15220e40d7bc98a8a598124fa15373ac553ef3ee27c7" \ "123d6be058e6d43cc71c1b666bdecaf33b734c8583a93" self.test_public_key = "5706a5648debec63e86714c8c489f08aee39477487d1b3f39b0bbb05dbd2c649" self.test_secret_key = "a7d028388e9d80f2679c236ebb2d0fedc5b7b0a28b393f6a20cc8f6be636aa71" self.test_secret_key_enc = "77cde8ff6a5bbead93588fdcd0d6346bb57224b55a49c0f8a22a807bf6414e4d82ff60711422" \ "996e4a26de599982d531eef3098c9a531a05f75878ac0739571d6a242e6bf68c2c28eadf1011" \ "571a48eb" self.test_secret_key_nonce = "f580cc9900ce7ae8b6f7d2bab4627e9e689dca0f13a53e3c" self.test_secret_key_nonce2 = "f580cc9900ce7ae8b6f7d2bab4627e9e689dca0f13a53e3d" self.test_private_key = "d636f7cc20384475bdc30c3ede98f719ee09d1fd4709276103772dd9479f353c" self.test_private_key_enc = "abddebec9d20cecf7d1cab95ad6c6394db3826856bf21c2c6af9954e9816c2239f5df697e52" \ "d60785eb1136803407b69729c38bb50eefdd2d24f2fa0f104990eee001866ba83704cf4f576" \ "a74b9b2452" self.test_private_key_nonce = "4298a9ab3d9d5d8643dfd4445adc30301b565ab650497fb9" self.test_private_key_nonce2 = "4298a9ab3d9d5d8643dfd4445adc30301b565ab650497fb8" self.test_user_obj = models.User.objects.create( email=self.test_email, email_bcrypt=self.test_email_bcrypt, username=self.test_username, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key_enc, private_key_nonce=self.test_private_key_nonce, secret_key=self.test_secret_key_enc, secret_key_nonce=self.test_secret_key_nonce, user_sauce= 'af8d7c6e835a4e378655e8e11fa0b09afc2f08acf0be1d71d9fa048a2b09d2eb', is_email_active=True) self.test_user2_obj = models.User.objects.create( email=self.test_email2, email_bcrypt=self.test_email_bcrypt2, username=self.test_username2, authkey=make_password(self.test_authkey), public_key=self.test_public_key, private_key=self.test_private_key_enc, private_key_nonce=self.test_private_key_nonce2, secret_key=self.test_secret_key_enc, secret_key_nonce=self.test_secret_key_nonce2, user_sauce= 'f2b5314ccdd726c3f4deabf5efccb0de5183796a9ecc691565aff2edf8c60249', is_email_active=True) self.file_repository = models.File_Repository.objects.create( title='Some Title', type='gcp_cloud_storage', data=encrypt_with_db_secret(json.dumps({})), active=True, ) self.file_repository_right = models.File_Repository_Right.objects.create( user=self.test_user_obj, file_repository=self.file_repository, read=True, write=True, grant=True, accepted=True, )