def test_change_secret_changes_hmac(self): message = 'Mary had a little lamb. Her doctors were astounded' secret = 'skoodlydoodah' h1 = crypto.hmac_sha_2_256_transform(secret, message) h2 = crypto.hmac_sha_2_256_transform(secret + '.', message) self.assertNotEquals(h1, h2) self.assertNotEquals(h1, message)
def test_consistent(self): message = 'Mary had a little lamb. Her doctors were astounded' secret = 'skoodlydoodah' h1 = crypto.hmac_sha_2_256_transform(secret, message) h2 = crypto.hmac_sha_2_256_transform(secret, message) self.assertEquals(h1, h2) self.assertNotEquals(h1, message) h1 = crypto.hmac_sha_2_256_transform_b64(secret, message) h2 = crypto.hmac_sha_2_256_transform_b64(secret, message) self.assertEquals(h1, h2) self.assertNotEquals(h1, message)
def _postprocess_rows(cls, app_context, source_context, schema, log, page_number, rows): items = super(AnswersDataSource, cls)._postprocess_rows( app_context, source_context, schema, log, page_number, rows) for item in items: item.pop('user_name') item['user_id'] = crypto.hmac_sha_2_256_transform( source_context.pii_secret, item['user_id']) return items
def test_data_extraction(self): # Register a student and save some form values for that student student = self.register() entity = StudentFormEntity.load_or_default(student, 'form-0') entity.value = transforms.dumps({ u'form_data': self.FORM_0_DATA}) entity.put() entity = StudentFormEntity.load_or_default(student, u'form-1') entity.value = transforms.dumps({ u'form_data': self.FORM_1_DATA}) entity.put() entity = StudentFormEntity.load_or_default(student, u'form-2') entity.value = transforms.dumps({ u'form_data': self.FORM_2_DATA}) entity.put() # Log in as admin for the data query actions.logout() actions.login(ADMIN_EMAIL, is_admin=True) xsrf_token = crypto.XsrfTokenManager.create_xsrf_token( data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) pii_secret = crypto.generate_transform_secret_from_xsrf_token( xsrf_token, data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) safe_user_id = crypto.hmac_sha_2_256_transform( pii_secret, student.user_id) response = self.get( 'rest/data/questionnaire_responses/items?' 'data_source_token=%s&page_number=0' % xsrf_token) data = transforms.loads(response.body)['data'] self.assertEqual(3, len(data)) for index in range(3): self.assertIn(safe_user_id, data[index]['user_id']) self.assertEqual('form-%s' % index, data[index]['questionnaire_id']) self.assertEqual(self.FORM_0_DATA, data[0]['form_data']) self.assertEqual(self.FORM_1_DATA, data[1]['form_data']) self.assertEqual(self.FORM_2_DATA_OUT, data[2]['form_data'])
def test_data_extraction(self): # Register a student and save some form values for that student student = self.register() entity = StudentFormEntity.load_or_create(student, 'form-0') entity.value = transforms.dumps({u'form_data': self.FORM_0_DATA}) entity.put() entity = StudentFormEntity.load_or_create(student, u'form-1') entity.value = transforms.dumps({u'form_data': self.FORM_1_DATA}) entity.put() entity = StudentFormEntity.load_or_create(student, u'form-2') entity.value = transforms.dumps({u'form_data': self.FORM_2_DATA}) entity.put() # Log in as admin for the data query actions.logout() actions.login(ADMIN_EMAIL, is_admin=True) xsrf_token = crypto.XsrfTokenManager.create_xsrf_token( data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) pii_secret = crypto.generate_transform_secret_from_xsrf_token( xsrf_token, data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) safe_user_id = crypto.hmac_sha_2_256_transform(pii_secret, student.user_id) response = self.get('rest/data/questionnaire_responses/items?' 'data_source_token=%s&page_number=0' % xsrf_token) data = transforms.loads(response.body)['data'] self.assertEqual(3, len(data)) for index in range(3): self.assertIn(safe_user_id, data[index]['user_id']) self.assertEqual('form-%s' % index, data[index]['questionnaire_id']) self.assertEqual(self.FORM_0_DATA, data[0]['form_data']) self.assertEqual(self.FORM_1_DATA, data[1]['form_data']) self.assertEqual(self.FORM_2_DATA_OUT, data[2]['form_data'])
def test_data_source(self): # Register a student and give some feedback self.register_student() student = models.Student.get_enrolled_student_by_user( self.make_test_user(STUDENT_EMAIL)) response = self.post_data( rating_int=2, additional_comments='Good lesson') self.assertEquals(200, response['status']) self.assertIn('Thank you for your feedback', response['message']) # Log in as admin for the data query actions.logout() actions.login(ADMIN_EMAIL, is_admin=True) xsrf_token = crypto.XsrfTokenManager.create_xsrf_token( data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) pii_secret = crypto.generate_transform_secret_from_xsrf_token( xsrf_token, data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) safe_user_id = crypto.hmac_sha_2_256_transform( pii_secret, student.user_id) response = self.get( 'rest/data/rating_events/items?' 'data_source_token=%s&page_number=0' % xsrf_token) data = transforms.loads(response.body)['data'] self.assertEqual(1, len(data)) record = data[0] self.assertEqual(7, len(record)) self.assertEqual(safe_user_id, record['user_id']) self.assertEqual('2', record['rating']) self.assertEqual('Good lesson', record['additional_comments']) self.assertEqual( '/rating_course/unit?unit=%s&lesson=%s' % ( self.unit.unit_id, self.lesson.lesson_id), record['content_url']) self.assertEqual(str(self.unit.unit_id), record['unit_id']) self.assertEqual(str(self.lesson.lesson_id), record['lesson_id']) self.assertIn('recorded_on', record)
def test_data_source(self): # Register a student and give some feedback user = self.register_student() student = models.Student.get_enrolled_student_by_user(user) response = self.post_data( rating_int=2, additional_comments='Good lesson') self.assertEquals(200, response['status']) self.assertIn('Thank you for your feedback', response['message']) # Log in as admin for the data query actions.logout() actions.login(ADMIN_EMAIL, is_admin=True) xsrf_token = crypto.XsrfTokenManager.create_xsrf_token( data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) pii_secret = crypto.generate_transform_secret_from_xsrf_token( xsrf_token, data_sources_utils.DATA_SOURCE_ACCESS_XSRF_ACTION) safe_user_id = crypto.hmac_sha_2_256_transform( pii_secret, student.user_id) response = self.get( 'rest/data/rating_events/items?' 'data_source_token=%s&page_number=0' % xsrf_token) data = transforms.loads(response.body)['data'] self.assertEqual(1, len(data)) record = data[0] self.assertEqual(7, len(record)) self.assertEqual(safe_user_id, record['user_id']) self.assertEqual('2', record['rating']) self.assertEqual('Good lesson', record['additional_comments']) self.assertEqual( '/rating_course/unit?unit=%s&lesson=%s' % ( self.unit.unit_id, self.lesson.lesson_id), record['content_url']) self.assertEqual(str(self.unit.unit_id), record['unit_id']) self.assertEqual(str(self.lesson.lesson_id), record['lesson_id']) self.assertIn('recorded_on', record)