s = get_authenticated_session(require_account=True)
backup_key_share = {
'share': b64encode(os.urandom(16)).decode(),
'other_share_hash': urlsafe_b64encode(os.urandom(16)).decode().rstrip('='),
'account_id': s.account_id,
'salt_base64': b64encode(os.urandom(16)).decode(),
}
r = s.post(
'https://api.misakey.com.local/backup-key-shares',
json=backup_key_share,
)
check_response(
r,
[
lambda r: assert_fn(r.json() == backup_key_share)
]
)
r = s.get(
f'https://api.misakey.com.local/backup-key-shares/{backup_key_share["other_share_hash"]}'
)
check_response(
r,
[
lambda r: assert_fn(r.json() == backup_key_share)
]
)
with testContext('Non-existing share'):
assert len(current_invitation_links) == 1
assert current_invitation_links[0]['content'] == new_invitation_link_event[
'content']
# previous other share doesn't exist anymore
s1.get(
f'{URL_PREFIX}/box-key-shares/' +
previous_invitation_link_event['content']['value'],
expected_status_code=http.STATUS_NOT_FOUND,
)
# new one does exist
s1.get(
f'{URL_PREFIX}/box-key-shares/' +
new_invitation_link_event['content']['value'],
expected_status_code=http.STATUS_OK,
)
# s2 must not have been kicked out
s2.get(
f'{URL_PREFIX}/boxes/{box_id}',
expected_status_code=http.STATUS_OK,
)
# crypto actions must have been created for other members
r = s2.get(f'{URL_PREFIX}/accounts/{s2.account_id}/crypto/actions')
check_response(r, [
lambda r: assert_fn(len(r.json()) == 1),
lambda resp: assert_fn(resp.json()[0]['box_id'] == box_id),
lambda resp: assert_fn(resp.json()[0]['type'] == 'set_box_key_share')
])
def test_basics(s1, s2):
box1_id, box1_share_hash = create_box_and_post_some_events_to_it(
session=s1, close=False)
print("- box key share retrieval")
r = get_key_share(s1, box1_share_hash)
check_response(
r,
[lambda r: assert_fn(r.json()["other_share_hash"] == box1_share_hash)])
print('- file upload')
r = s1.post(
f'{URL_PREFIX}/boxes/{box1_id}/encrypted-files',
files={
'encrypted_file': os.urandom(64),
'msg_encrypted_content':
(None, b64encode(os.urandom(32)).decode()),
'msg_public_key': (None, b64encode(os.urandom(32)).decode()),
},
expected_status_code=201,
)
print(f'- box closing')
r = s1.post(
f'{URL_PREFIX}/boxes/{box1_id}/events',
json={
'type': 'state.lifecycle',
'content': {
'state': 'closed'
}
},
expected_status_code=201,
)
print('- forbidden is returned while posting event on unexisting box id')
r = s1.post(
f'{URL_PREFIX}/boxes/457d5c70-03c2-4179-92a5-f945e666b922/events',
json={
'type': 'msg.text',
'content': {
'encrypted': b64encode(os.urandom(32)).decode(),
'public_key': b64encode(os.urandom(32)).decode()
}
},
expected_status_code=403)
print('- forbidden is returned while getting a box with a non-existing id')
r = s1.get(
f'{URL_PREFIX}/boxes/457d5c70-03c2-4179-92a5-f945e666b922/events',
expected_status_code=403,
)
print('- non-uuid box in path')
r = s1.post(f'{URL_PREFIX}/boxes/YOU_KNOW_IM_BAD/events',
json={
'type': 'msg.text',
'content': {
'encrypted': b64encode(os.urandom(32)).decode(),
'public_key': b64encode(os.urandom(32)).decode()
}
},
expected_status_code=400)
print('- incorrect event content format')
r = s1.post(f'{URL_PREFIX}/boxes/{box1_id}/events',
json={
'type': 'msg.text',
},
expected_status_code=400)
print('- to create event on closed box is impossible')
r = s1.post(f'{URL_PREFIX}/boxes/{box1_id}/events',
json={
'type': 'msg.text',
'content': {
'encrypted': b64encode(os.urandom(32)).decode(),
'public_key': b64encode(os.urandom(32)).decode()
}
},
expected_status_code=409)
print('- non-creator cannot list events on a closed box')
r = s2.get(
f'{URL_PREFIX}/boxes/{box1_id}/events',
expected_status_code=403,
)
# Another identity creates other boxes
box2_id, _ = create_box_and_post_some_events_to_it(session=s2, close=False)
create_box_and_post_some_events_to_it(session=s2)
create_box_and_post_some_events_to_it(session=s2)
print("- identity 1 becomes member of box 2")
join_box(s1, box2_id)
print('- identity 1 (creator) can list all events on open box 2')
r = s1.get(f'{URL_PREFIX}/boxes/{box2_id}/events')
assert len(r.json()) == 3
print('- identity 1 (non-creator) posts to box 2 a legit event')
r = s1.post(f'{URL_PREFIX}/boxes/{box2_id}/events',
json={
'type': 'msg.text',
'content': {
'encrypted': b64encode(os.urandom(32)).decode(),
'public_key': b64encode(os.urandom(32)).decode()
}
})
print(
'- identity 1 (non-creator) posts to box 2 a creator restricted event')
r = s1.post(f'{URL_PREFIX}/boxes/{box2_id}/events',
json={
'type': 'state.lifecycle',
'content': {
'state': 'closed'
}
},
expected_status_code=403)
print(f'- boxes listing should return {box2_id} and {box1_id}')
r = s1.get(f'{URL_PREFIX}/boxes/joined', expected_status_code=200)
boxes = r.json()
assert len(boxes) == 2
# identity one did not take part into box 3 so it should not be returned
assert set(map(lambda box: box['id'], boxes)) == {box1_id, box2_id}
print('- pagination')
r = s2.get(f'{URL_PREFIX}/boxes/joined',
params={
'offset': 1,
'limit': 2,
})
boxes = r.json()
assert len(boxes) == 2
r = s2.get(f'{URL_PREFIX}/boxes/joined',
params={
'offset': 1,
'limit': 10,
})
boxes = r.json()
# Identity 2 has 3 boxes in total
assert len(boxes) == 2
r = s2.get(f'{URL_PREFIX}/boxes/joined',
params={
'offset': 20,
'limit': 2,
})
boxes = r.json()
assert boxes == []
with testContext('Listing one\'s actions'):
s1 = get_authenticated_session(require_account=True)
s2 = get_authenticated_session(require_account=True)
r = s2.post(f'{URL_PREFIX}/boxes',
json={
'public_key': 'ShouldBeUnpaddedUrlSafeBase64',
'title': 'Test Box',
})
box_id = r.json()['id']
for i in range(5):
create_crypto_action(s1, s2, box_id, f'Fake Data Action {i}')
r = s1.get(f'{URL_PREFIX}/accounts/{s1.account_id}/crypto/actions')
check_response(r, [lambda r: assert_fn(len(r.json()) == 5)])
actions = r.json()
with testContext('No actions'):
r = s2.get(f'{URL_PREFIX}/accounts/{s2.account_id}/crypto/actions')
check_response(r, [lambda r: assert_fn(r.json() == [])])
with testContext('Deleting actions'):
s1.delete(
f'{URL_PREFIX}/accounts/{s1.account_id}/crypto/actions',
json={
'until_action_id': actions[3]['id'],
},
expected_status_code=204,
)