def test_only_signed_when_approved_and_enabled(self, mocked_autograph): sign_data_mock = mocked_autograph.return_value.sign_data # This uses the signer, so do it first action = ActionFactory() sign_data_mock.reset_mock() sign_data_mock.side_effect = Exception("Can't sign yet") recipe = RecipeFactory(name="unchanged", action=action) assert not recipe.enabled assert not recipe.is_approved assert recipe.signature is None # Updating does not generate a signature recipe.revise(name="changed") assert recipe.signature is None # Approving does not sign the recipe rev = recipe.latest_revision approval_request = rev.request_approval(UserFactory()) approval_request.approve(UserFactory(), "r+") recipe.refresh_from_db() assert recipe.signature is None mocked_autograph.return_value.sign_data.assert_not_called() # Enabling signs the recipe mocked_autograph.return_value.sign_data.side_effect = fake_sign rev.enable(UserFactory()) recipe.refresh_from_db() expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"] assert recipe.signature.signature == expected_sig assert mocked_autograph.return_value.sign_data.called_once()
def test_signatures_update_correctly_on_enable(self, mocked_autograph): recipe = RecipeFactory(signed=False, approver=UserFactory()) recipe.approved_revision.enable(user=UserFactory()) recipe.refresh_from_db() assert recipe.signature is not None assert recipe.signature.signature == fake_sign([recipe.canonical_json()])[0]["signature"]
def test_signature_is_updated_if_autograph_available(self, mocked_autograph): recipe = RecipeFactory(name="unchanged", approver=UserFactory(), enabler=UserFactory()) original_signature = recipe.signature assert original_signature is not None recipe.revise(name="changed") assert recipe.latest_revision.name == "changed" assert recipe.signature is not original_signature expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"] assert recipe.signature.signature == expected_sig
def test_enabled_updates_signatures(self, mocked_autograph): recipe = RecipeFactory(name="first") ar = recipe.latest_revision.request_approval(UserFactory()) ar.approve(approver=UserFactory(), comment="r+") recipe = Recipe.objects.get() recipe.approved_revision.enable(UserFactory()) recipe.refresh_from_db() data_to_sign = recipe.canonical_json() signature_of_data = fake_sign([data_to_sign])[0]["signature"] signature_in_db = recipe.signature.signature assert signature_of_data == signature_in_db
def verify_signatures(self, api_client, expected_count=None): res = api_client.get('/api/v1/recipe/signed/') assert res.status_code == 200 signed_data = res.json() if expected_count is not None: assert len(signed_data) == expected_count for recipe_and_signature in signed_data: recipe = recipe_and_signature['recipe'] expected_signature = recipe_and_signature['signature']['signature'] data = canonical_json_dumps(recipe).encode() actual_signature = fake_sign([data])[0]['signature'] assert actual_signature == expected_signature
def test_signature_is_correct_on_creation_if_autograph_available( self, mocked_autograph): recipe = RecipeFactory(approver=UserFactory(), enabler=UserFactory()) expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"] assert recipe.signature.signature == expected_sig
def test_signature_is_correct_on_creation_if_autograph_available(self, mocked_autograph): recipe = RecipeFactory(approver=UserFactory(), enabler=UserFactory()) expected_sig = fake_sign([recipe.canonical_json()])[0]["signature"] assert recipe.signature.signature == expected_sig