def testPutWithExistingOwnerModified(self): self.fvv.put() fvv = models.FileVaultVolume(**self.fvv_data) fvv.owner = 'new_owner1' fvv.put() fvv = models.FileVaultVolume(**self.fvv_data) fvv.owner = 'new_owner2' fvv.put()
def setUp(self): super(FileVaultChangeOwnerAccessHandlerTest, self).setUp() settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF test_util.SetUpTestbedTestCase(self) self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0' self.user = models.User( key_name='*****@*****.**', user=users.User('*****@*****.**')) self.user.filevault_perms = [permissions.CHANGE_OWNER] self.user.put() fvv = models.FileVaultVolume( hdd_serial='XX123456', platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', serial='XX123456', passphrase='SECRET', volume_uuid=self.volume_uuid, created_by=users.User('*****@*****.**')) volume_id = fvv.put() self.change_owner_url = '/api/internal/change-owner/filevault/%s/' % ( volume_id)
def testCheckAuthzCreatorOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) models.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_CREATED_BY], ).put() models.FileVaultVolume( owner='stub3', created_by=users.User('*****@*****.**'), volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def PutNewPassphrase(self, volume_uuid, passphrase, metadata): """Puts a new FileVaultVolume entity to Datastore. Args: volume_uuid: str, Volume UUID associated to the passphrase to put. passphrase: str, FileVault2 passphrase / recovery token. metadata: dict, dict of str metadata with keys matching models.FileVaultVolume property names. """ # TODO(user): Enforce presence of XSRF token here. # Without this, XSRF requests can create bogus extra records. if not volume_uuid: raise models.FileVaultAccessError('volume_uuid is required', self.request) entity = models.FileVaultVolume(key_name=volume_uuid, volume_uuid=volume_uuid, passphrase=str(passphrase)) for prop_name in entity.properties(): value = metadata.get(prop_name) if value: setattr(entity, prop_name, self.SanitizeString(value)) entity.put() models.FileVaultAccessLog.Log(entity=entity, message='PUT', request=self.request) self.response.out.write('Passphrase successfully escrowed!')
def testPutWithEmptyRequiredProperty(self): self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name') key_name = u'foo' fvv = models.FileVaultVolume(key_name=key_name) models.FileVaultVolume.get_by_key_name(key_name).AndReturn(None) self.mox.ReplayAll() self.assertRaises(models.FileVaultAccessError, fvv.put) self.mox.VerifyAll()
def testPutWithExistingKeyName(self): self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name') key_name = u'foo' fvv = models.FileVaultVolume(key_name=key_name) models.FileVaultVolume.get_by_key_name(key_name).AndReturn('yes!') self.mox.ReplayAll() self.assertRaises(models.FileVaultAccessError, fvv.put) self.mox.VerifyAll()
def setUp(self): super(FileVaultVolumeTest, self).setUp() self.fvv = models.FileVaultVolume( key_name=u'foo', hdd_serial='XX123456', platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', serial='XX123456', passphrase='SECRET', volume_uuid='4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0', created_by=users.User('*****@*****.**'))
def setUp(self): super(FileVaultVolumeTest, self).setUp() self.fvv_data = { 'hdd_serial': 'XX123456', 'platform_uuid': 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', 'serial': 'XX123456', 'passphrase': 'SECRET', 'volume_uuid': '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0', 'created_by': users.User('*****@*****.**'), } self.fvv = models.FileVaultVolume(**self.fvv_data)
def testPutSuccess(self): self.mox.StubOutWithMock(models.db.Model, 'put') self.mox.StubOutWithMock(models.FileVaultVolume, 'get_by_key_name') key_name = u'foo' fvv = models.FileVaultVolume(key_name=key_name) models.FileVaultVolume.get_by_key_name(key_name).AndReturn(None) for p in models.FileVaultVolume.REQUIRED_PROPERTIES: setattr(fvv, p, 'something') models.db.Model.put().AndReturn(None) self.mox.ReplayAll() fvv.put() self.mox.VerifyAll()
def testVolumeUuidValid(self): vol_uuid = str(uuid.uuid4()).upper() models.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( key_name=vol_uuid, owner='stub', volume_uuid=vol_uuid, passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False resp = gae_main.app.get_response('/filevault/' + vol_uuid) self.assertEqual(200, resp.status_int) self.assertIn('{"passphrase": "stub_pass1"}', resp.body)
def testCheckAuthzOwnerFail(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) models.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( key_name=vol_uuid, owner='stub2', volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/' + vol_uuid) self.assertEqual(400, resp.status_int) self.assertIn('Not authorized', resp.body)
def testPutWithExistingDataModified(self): self.fvv.put() num_of_modifications = 1 for name, prop in self.fvv.properties().iteritems(): old_value = getattr(self.fvv, name) if name == 'active': continue if isinstance(prop, db.DateTimeProperty): continue elif isinstance(prop, db.BooleanProperty): new_value = not bool(old_value) elif isinstance(prop, db.UserProperty): new_value = users.User('*****@*****.**') else: new_value = 'JUNK' fvv = models.FileVaultVolume(**self.fvv_data) setattr(fvv, name, new_value) fvv.put() num_of_modifications += 1 volumes = models.FileVaultVolume.all().fetch(999) self.assertEqual(num_of_modifications, len(volumes))
def testPutWithoutKeyName(self): fvv = models.FileVaultVolume() self.assertRaises(models.FileVaultAccessError, fvv.put)
def _CreateNewSecretEntity(self, owner, volume_uuid, secret): return models.FileVaultVolume(key_name=volume_uuid, owner=owner, volume_uuid=volume_uuid, passphrase=str(secret))
def testPutSuccess(self): fvv = models.FileVaultVolume() for p in models.FileVaultVolume.REQUIRED_PROPERTIES: setattr(fvv, p, 'something') fvv.put()
def testPutWithEmptyRequiredProperty(self): key_name = u'foo' fvv = models.FileVaultVolume(key_name=key_name) self.assertRaises(models.FileVaultAccessError, fvv.put)