def test_generate_cek_different_user_iks(self): cek1 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek2 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek3 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_2", "pepper")._cek self.assertEqual(cek1, cek2) self.assertNotEqual(cek1, cek3) self.assertNotEqual(cek2, cek3)
def test_store_and_get(self): user_id = '1' user_ik = '2' encrypted = EncryptedQuestionnaireStorage(user_id, user_ik) data = "test" encrypted.add_or_update(data) # check we can decrypt the data self.assertEqual("test", encrypted.get_user_data())
def test_store_and_get(self): user_id = '1' user_ik = '2' encrypted = EncryptedQuestionnaireStorage(user_id, user_ik, 'pepper') data = 'test' encrypted.add_or_update(data, QuestionnaireStore.LATEST_VERSION) # check we can decrypt the data self.assertEqual(('test', QuestionnaireStore.LATEST_VERSION), encrypted.get_user_data())
def test_store_and_get(self): user_id = "1" user_ik = "2" encrypted = EncryptedQuestionnaireStorage(user_id, user_ik, "pepper") data = "test" encrypted.save(data) # check we can decrypt the data self.assertEqual(("test", QuestionnaireStore.LATEST_VERSION), encrypted.get_user_data())
def test_store_and_get_without_submitted_at(self): encrypted = EncryptedQuestionnaireStorage(user_id="1", user_ik="2", pepper="pepper") encrypted.save(data="test", collection_exercise_sid="ce_sid", expires_at=RESPONSE_EXPIRY) # check we can decrypt the data self.assertEqual( ("test", "ce_sid", QuestionnaireStore.LATEST_VERSION, None), encrypted.get_user_data(), )
def test_store_and_get_with_submitted_at(self): now = datetime.now(timezone.utc).replace(microsecond=0) encrypted = EncryptedQuestionnaireStorage(user_id="1", user_ik="2", pepper="pepper") encrypted.save( data="test", collection_exercise_sid="ce_sid", submitted_at=now, expires_at=RESPONSE_EXPIRY, ) self.assertEqual( ("test", "ce_sid", QuestionnaireStore.LATEST_VERSION, now), encrypted.get_user_data(), )
def get_questionnaire_store(user_id: str, user_ik: str) -> QuestionnaireStore: # Sets up a single QuestionnaireStore instance per request. store = g.get("_questionnaire_store") if store is None: pepper = current_app.eq["secret_store"].get_secret_by_name( "EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER") storage = EncryptedQuestionnaireStorage(user_id, user_ik, pepper) store = g._questionnaire_store = QuestionnaireStore(storage) return store
def get_questionnaire_store(user_id, user_ik): # Sets up a single QuestionnaireStore instance throughout app. store = g.get('_questionnaire_store') if store is None: pepper = current_app.config[ 'EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER'] storage = EncryptedQuestionnaireStorage(current_app.eq['database'], user_id, user_ik, pepper) store = g._questionnaire_store = QuestionnaireStore(storage) return store
def get_questionnaire_store(user_id, user_ik): from app.storage.encrypted_questionnaire_storage import EncryptedQuestionnaireStorage # Sets up a single QuestionnaireStore instance per request. store = g.get('_questionnaire_store') if store is None: pepper = current_app.eq['secret_store'].get_secret_by_name('EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER') storage = EncryptedQuestionnaireStorage(user_id, user_ik, pepper, stateless_updates_enabled=EQ_STATELESS_QUESTIONNAIRE_STORE_WRITES) store = g._questionnaire_store = QuestionnaireStore(storage) return store
def get_questionnaire_store(user_id: str, user_ik: str) -> QuestionnaireStore: # Sets up a single QuestionnaireStore instance per request. store = g.get("_questionnaire_store") if store is None: secret_store = current_app.eq["secret_store"] # type: ignore pepper = secret_store.get_secret_by_name( "EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER") storage = EncryptedQuestionnaireStorage(user_id, user_ik, pepper) # pylint: disable=assigning-non-slot store = g._questionnaire_store = QuestionnaireStore(storage) return store
def get_questionnaire_store(user_id, user_ik): from app.storage.encrypted_questionnaire_storage import EncryptedQuestionnaireStorage from app.utilities.schema import load_schema_from_metadata # Sets up a single QuestionnaireStore instance per request. store = g.get('_questionnaire_store') if store is None: pepper = current_app.eq['secret_store'].get_secret_by_name( 'EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER') storage = EncryptedQuestionnaireStorage(user_id, user_ik, pepper) store = g._questionnaire_store = QuestionnaireStore(storage) if store.metadata: # When creating the questionnaire storage, there is no metadata for upgrading schema = load_schema_from_metadata(store.metadata) store.ensure_latest_version(schema) return store
class TestLegacyEncryptedQuestionnaireStorage(AppContextTestCase): """Compression didn't used to be applied to the questionnaire store data. It also used to be base64-encoded. For performance reasons the base64 encoding was removed and compression applied using the snappy lib """ def setUp(self): super().setUp() user_id = 'user_id' self.storage = EncryptedQuestionnaireStorage(user_id, 'user_ik', 'pepper') self._save_legacy_state_data(user_id, 'test') def test_get(self): """Tests that the legacy data is correctly decrypted """ data = 'test' self.assertEqual((data, QuestionnaireStore.LATEST_VERSION), self.storage.get_user_data()) def _save_legacy_state_data(self, user_id, data): protected_header = { 'alg': 'dir', 'enc': 'A256GCM', 'kid': '1,1', } jwe_token = jwe.JWE( plaintext=base64url_encode(data), protected=protected_header, recipient=self.storage.encrypter.key ) legacy_state_data = json.dumps({'data': jwe_token.serialize(compact=True)}) questionnaire_state = QuestionnaireState( user_id, legacy_state_data, QuestionnaireStore.LATEST_VERSION ) data_access.put(questionnaire_state)
def setUp(self): super().setUp() self.storage = EncryptedQuestionnaireStorage('user_id', 'user_ik', 'pepper')
class TestEncryptedQuestionnaireStorage(AppContextTestCase): def setUp(self): super().setUp() self.storage = EncryptedQuestionnaireStorage('user_id', 'user_ik', 'pepper') def test_encrypted_storage_requires_user_id(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(None, 'key', 'pepper') def test_encrypted_storage_requires_user_ik(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage('1', None, 'pepper') def test_store_and_get(self): user_id = '1' user_ik = '2' encrypted = EncryptedQuestionnaireStorage(user_id, user_ik, 'pepper') data = 'test' encrypted.add_or_update(data, QuestionnaireStore.LATEST_VERSION) # check we can decrypt the data self.assertEqual(('test', QuestionnaireStore.LATEST_VERSION), encrypted.get_user_data()) def test_store(self): data = 'test' self.assertIsNone( self.storage.add_or_update(data, QuestionnaireStore.LATEST_VERSION)) self.assertIsNotNone(self.storage.get_user_data()) # pylint: disable=protected-access def test_get(self): data = 'test' self.storage.add_or_update(data, QuestionnaireStore.LATEST_VERSION) self.assertEqual((data, QuestionnaireStore.LATEST_VERSION), self.storage.get_user_data()) def test_delete(self): data = 'test' self.storage.add_or_update(data, QuestionnaireStore.LATEST_VERSION) self.assertEqual((data, QuestionnaireStore.LATEST_VERSION), self.storage.get_user_data()) self.storage.delete() self.assertEqual((None, None), self.storage.get_user_data()) # pylint: disable=protected-access
def test_encrypted_storage_requires_user_ik(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage('1', None, 'pepper')
def test_encrypted_storage_requires_user_id(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(None, "key")
class TestEncryptedQuestionnaireStorage(AppContextTestCase): def setUp(self): super().setUp() self.storage = EncryptedQuestionnaireStorage("user_id", "user_ik", "pepper") def test_encrypted_storage_requires_user_id(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(None, "key", "pepper") def test_encrypted_storage_requires_user_ik(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage("1", None, "pepper") def test_store_and_get_without_submitted_at(self): encrypted = EncryptedQuestionnaireStorage(user_id="1", user_ik="2", pepper="pepper") encrypted.save(data="test", collection_exercise_sid="ce_sid", expires_at=RESPONSE_EXPIRY) # check we can decrypt the data self.assertEqual( ("test", "ce_sid", QuestionnaireStore.LATEST_VERSION, None), encrypted.get_user_data(), ) def test_store_and_get_with_submitted_at(self): now = datetime.now(timezone.utc).replace(microsecond=0) encrypted = EncryptedQuestionnaireStorage(user_id="1", user_ik="2", pepper="pepper") encrypted.save( data="test", collection_exercise_sid="ce_sid", submitted_at=now, expires_at=RESPONSE_EXPIRY, ) self.assertEqual( ("test", "ce_sid", QuestionnaireStore.LATEST_VERSION, now), encrypted.get_user_data(), ) def test_store(self): data = "test" self.assertIsNone(self.storage.save(data, "ce_sid")) self.assertIsNotNone(self.storage.get_user_data()) # pylint: disable=protected-access def test_get(self): data = "test" self.storage.save(data, "ce_sid", expires_at=RESPONSE_EXPIRY) self.assertEqual( (data, "ce_sid", QuestionnaireStore.LATEST_VERSION, None), self.storage.get_user_data(), ) def test_delete(self): data = "test" self.storage.save(data, "ce_sid", expires_at=RESPONSE_EXPIRY) self.assertEqual( (data, "ce_sid", QuestionnaireStore.LATEST_VERSION, None), self.storage.get_user_data(), ) self.storage.delete() self.assertEqual((None, None, None, None), self.storage.get_user_data()) # pylint: disable=protected-access
def setUp(self): self.database = Database("sqlite://", 1, 0) self.storage = EncryptedQuestionnaireStorage(self.database, "user_id", "user_ik", "pepper")
class TestEncryptedQuestionnaireStorage(unittest.TestCase): def setUp(self): self.database = Database("sqlite://", 1, 0) self.storage = EncryptedQuestionnaireStorage(self.database, "user_id", "user_ik", "pepper") def test_encrypted_storage_requires_user_id(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(self.database, None, "key", "pepper") def test_encrypted_storage_requires_user_ik(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(self.database, "1", None, "pepper") def test_encrypted_storage_requires_pepper(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(self.database, "1", "key", None) def test_generate_cek(self): cek1 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek2 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek3 = EncryptedQuestionnaireStorage(self.database, "user2", "user_ik_2", "pepper")._cek self.assertEqual(cek1, cek2) self.assertNotEqual(cek1, cek3) self.assertNotEqual(cek2, cek3) def test_generate_cek_different_user_ids(self): cek1 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek2 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek3 = EncryptedQuestionnaireStorage(self.database, "user2", "user_ik_1", "pepper")._cek self.assertEqual(cek1, cek2) self.assertNotEqual(cek1, cek3) self.assertNotEqual(cek2, cek3) def test_generate_cek_different_user_iks(self): cek1 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek2 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek3 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_2", "pepper")._cek self.assertEqual(cek1, cek2) self.assertNotEqual(cek1, cek3) self.assertNotEqual(cek2, cek3) def test_generate_cek_different_pepper(self): cek1 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "pepper")._cek cek2 = EncryptedQuestionnaireStorage(self.database, "user1", "user_ik_1", "test")._cek self.assertNotEqual(cek1, cek2) def test_store_and_get(self): user_id = '1' user_ik = '2' encrypted = EncryptedQuestionnaireStorage(self.database, user_id, user_ik, "pepper") data = "test" encrypted.add_or_update(data) # check we can decrypt the data self.assertEqual("test", encrypted.get_user_data()) def test_store(self): data = 'test' self.assertIsNone(self.storage.add_or_update(data)) self.assertIsNotNone(self.storage.get_user_data()) # pylint: disable=protected-access def test_get(self): data = 'test' self.storage.add_or_update(data) self.assertEqual(data, self.storage.get_user_data()) def test_delete(self): data = 'test' self.storage.add_or_update(data) self.assertEqual(data, self.storage.get_user_data()) self.storage.delete() self.assertIsNone(self.storage.get_user_data()) # pylint: disable=protected-access
class TestEncryptedQuestionnaireStorage(AppContextTestCase): def setUp(self): super().setUp() self.storage = EncryptedQuestionnaireStorage("user_id", "user_ik", "pepper") def test_encrypted_storage_requires_user_id(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(None, "key", "pepper") def test_encrypted_storage_requires_user_ik(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage("1", None, "pepper") def test_store_and_get(self): user_id = "1" user_ik = "2" encrypted = EncryptedQuestionnaireStorage(user_id, user_ik, "pepper") data = "test" encrypted.save(data) # check we can decrypt the data self.assertEqual(("test", QuestionnaireStore.LATEST_VERSION), encrypted.get_user_data()) def test_store(self): data = "test" self.assertIsNone(self.storage.save(data)) self.assertIsNotNone(self.storage.get_user_data()) # pylint: disable=protected-access def test_get(self): data = "test" self.storage.save(data) self.assertEqual((data, QuestionnaireStore.LATEST_VERSION), self.storage.get_user_data()) def test_delete(self): data = "test" self.storage.save(data) self.assertEqual((data, QuestionnaireStore.LATEST_VERSION), self.storage.get_user_data()) self.storage.delete() self.assertEqual((None, None), self.storage.get_user_data()) # pylint: disable=protected-access
def test_encrypted_storage_requires_pepper(self): with self.assertRaises(ValueError): EncryptedQuestionnaireStorage(self.database, "1", "key", None)
def setUp(self): super().setUp() self.storage = EncryptedQuestionnaireStorage("user_id", "user_ik", "pepper")
def get_storage(user_id, user_ik): if settings.EQ_SERVER_SIDE_STORAGE_ENCRYPTION: return EncryptedQuestionnaireStorage(user_id, user_ik) else: return QuestionnaireStorage(user_id)
def setUp(self): super().setUp() user_id = 'user_id' self.storage = EncryptedQuestionnaireStorage(user_id, 'user_ik', 'pepper') self._save_legacy_state_data(user_id, 'test')