def test_items_delete_by_id(self):
# Insert several items
with self.s.begin():
items = [
models.Item(blob="blob3", user=self.u),
models.Item(blob="blob4", user=self.u),
models.Item(blob="blob5", user=self.u)
]
api.item_create(self.s, items)
# Delete first and last items only
with self.s.begin():
ids = [1, 3]
api.item_delete_by_id(self.s, self.u, filter_ids=ids)
# Check that only the second added item remains
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "blob4")
# Clean up
with self.s.begin():
items = api.item_getall(self.s, self.u)
api.item_delete(self.s, items)
# Verify clean up successful
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def test_items_get_filter(self):
# Insert several items
with self.s.begin():
items = [
models.Item(blob="blob0", user=self.u),
models.Item(blob="blob1", user=self.u),
models.Item(blob="blob2", user=self.u)
]
api.item_create(self.s, items)
# Retrieve first and last items only
with self.s.begin():
ids = [1, 3]
items = api.item_getall(self.s, self.u, filter_ids=ids)
self.assertEqual(len(items), 2)
self.assertEqual(items[0].blob, "blob0")
self.assertEqual(items[1].blob, "blob2")
# Clean up
with self.s.begin():
items = api.item_getall(self.s, self.u)
api.item_delete(self.s, items)
# Verify clean up successful
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def make_item(self, row, cipher, password, item_id=None):
"""
Extract various item data from the request and encrypt it
:param row: item object parsed from JSON request
:param cipher: encryption cipher
:param password: if specified, ignore the `password` field in
in the item object and instead use this auto-generated password.
:param item_id: should be specified for item update operations,
None otherwise.
:returns Item ORM model for insertion into the database
"""
# Extract various item data into a list
name = self._parse_or_set_empty(row, 'name')
url = self._parse_or_set_empty(row, 'url')
account = self._parse_or_set_empty(row, 'account')
username = self._parse_or_set_empty(row, 'username')
password = password or self._parse_or_set_empty(row, 'password')
blob = self._parse_or_set_empty(row, 'blob')
category_id = self._parse_or_set_empty(row, 'category_id', True)
try:
return models.Item(id=item_id,
name=cipher.encrypt(name),
url=cipher.encrypt(url),
account=cipher.encrypt(account),
username=cipher.encrypt(username),
password=cipher.encrypt(password),
blob=cipher.encrypt(blob),
category_id=category_id,
user=self.user)
except (AttributeError, TypeError):
raise bh.OppError("Invalid item data in list!")
def test_items_get_filter(self):
# Insert several items
items = [
models.Item(blob="blob0"),
models.Item(blob="blob1"),
models.Item(blob="blob2")
]
api.item_create(items, session=self.session)
# Retrieve first and last items only
ids = [1, 3]
items = api.item_getall(filter_ids=ids, session=self.session)
self.assertEqual(len(items), 2)
self.assertEqual(items[0].blob, "blob0")
self.assertEqual(items[1].blob, "blob2")
# Clean up and verify
items = api.item_getall(session=self.session)
api.item_delete(items, session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 0)
def test_items_basic(self):
# Verify item list empty initially and insert an item
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(items, [])
item = models.Item(blob="blob", category_id=None, user=self.u)
api.item_create(self.s, [item])
# Retrieve and verify inserted item
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "blob")
# Update the item
with self.s.begin():
item.blob = "new blob"
api.item_update(self.s, [item])
# Check the updated item
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "new blob")
self.assertEqual(items[0].category_id, None)
# Update item with valid category
with self.s.begin():
category = models.Category(name="blah", user=self.u)
api.category_create(self.s, [category])
item.category_id = 1
api.item_update(self.s, [item])
# Check the updated item
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "new blob")
self.assertEqual(items[0].category_id, 1)
self.assertIsNotNone(items[0].category)
# Clean up
with self.s.begin():
categories = api.category_getall(self.s, self.u)
api.category_delete(self.s, categories, True)
# Verify clean up successful
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 0)
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def test_categories_access_by_user(self):
# Verify category list empty initially, add a category and some items
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(categories, [])
category = models.Category(name="name", user=self.u)
api.category_create(self.s, [category])
items = [
models.Item(blob="item1", category_id=1, user=self.u),
models.Item(blob="item2", category_id=1, user=self.u)
]
api.item_create(self.s, items)
# Retrieve and verify inserted category
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 1)
self.assertEqual(categories[0].name, "name")
self.assertEqual(len(categories[0].items), 2)
# Add another user and retrieve it
utils.execute("opp-db --config_file %s add-user -uu2 -pp "
"--phrase=123456" % self.conf_filepath)
new_u = api.user_get_by_username(self.s, "u2")
self.assertEqual(new_u.username, "u2")
# Attempt to retrieve categories with new user
with self.s.begin():
new_categories = api.category_getall(self.s, new_u)
self.assertEqual(len(new_categories), 0)
# Clean up
with self.s.begin():
api.category_delete(self.s, categories, True)
# Verify clean up successful
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 0)
def test_items_delete_by_id(self):
# Insert several items
items = [
models.Item(blob="blob3"),
models.Item(blob="blob4"),
models.Item(blob="blob5")
]
api.item_create(items, session=self.session)
# Delete first and last items only
ids = [1, 3]
api.item_delete_by_id(filter_ids=ids, session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "blob4")
# Clean up and verify
items = api.item_getall(session=self.session)
api.item_delete(items, session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 0)
def _do_post(self, phrase):
item_list, error = self._check_payload(expect_list=True)
if error:
return error
cipher = aescipher.AESCipher(phrase)
items = []
for row in item_list:
# Make sure item id is parsed from request
try:
item_id = row['id']
except KeyError:
return self.error("Missing item id in list!")
if not item_id:
return self.error("Empty item id in list!")
# Extract various item data into a list
name = self._parse_or_set_empty(row, 'name')
url = self._parse_or_set_empty(row, 'url')
account = self._parse_or_set_empty(row, 'account')
username = self._parse_or_set_empty(row, 'username')
password = self._parse_or_set_empty(row, 'password')
blob = self._parse_or_set_empty(row, 'blob')
category_id = self._parse_or_set_empty(row, 'category_id')
full_row = [name, url, account, username, password, blob]
try:
# TODO: (alex) deteremine if ok to insert completely empty item
encoded_row = [
base64.b64encode(x.encode()).decode() for x in full_row
]
encrypted_blob = cipher.encrypt("~".join(encoded_row))
[name, url, account, username, password,
blob] = self._chunk6(encrypted_blob.decode())
items.append(
models.Item(id=item_id,
name=name,
url=url,
account=account,
username=username,
password=password,
blob=blob,
category_id=category_id))
except (AttributeError, TypeError):
return self.error("Invalid item data in list!")
try:
api.item_update(items, session=self.session)
return {'result': "success"}
except Exception:
return self.error("Unable to update items in the database!")
def test_items_access_by_user(self):
# Verify item list empty initially and add some items
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(items, [])
items = [
models.Item(blob="item1", user=self.u),
models.Item(blob="item2", user=self.u)
]
api.item_create(self.s, items)
# Retrieve and verify inserted items
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 2)
self.assertEqual(items[0].blob, "item1")
self.assertEqual(items[1].blob, "item2")
# Add another user and retrieve it
utils.execute("opp-db --config_file %s add-user -uu2 -pp "
"--phrase=123456" % self.conf_filepath)
new_u = api.user_get_by_username(self.s, "u2")
self.assertEqual(new_u.username, "u2")
# Attempt to retrieve items with new user
with self.s.begin():
new_items = api.item_getall(self.s, new_u)
self.assertEqual(len(new_items), 0)
# Clean up
with self.s.begin():
items = api.item_getall(self.s, self.u)
api.item_delete(self.s, items)
# Verify clean up successful
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def test_update_phrase(self):
config = opp_config.OppConfig(self.conf_filepath)
# Add user
utils.execute("opp-db --config_file %s add-user -uu -pp "
"--phrase=123456" % self.conf_filepath)
old = aescipher.AESCipher("123456")
new = aescipher.AESCipher("654321")
# Add category and item using old passphrase
session = api.get_scoped_session(config)
category = models.Category(name=old.encrypt("cat1"))
item = models.Item(name=old.encrypt("item1"),
url=old.encrypt("url1"),
account=old.encrypt("account1"),
username=old.encrypt("username1"),
password=old.encrypt("password1"),
blob=old.encrypt("blob1"))
with session.begin():
user = api.user_get_by_username(session, 'u')
category.user = user
item.user = user
api.category_create(session, [category])
api.item_create(session, [item])
# Update passphrase
utils.execute("opp-db --config_file %s update-phrase -uu -pp "
"--old_phrase=123456 --new_phrase=654321" %
self.conf_filepath)
# Check data using new passphrase
session = api.get_scoped_session(config)
with session.begin():
user = api.user_get_by_username(session, 'u')
category = api.category_getall(session, user)[0]
self.assertEqual(new.decrypt(category.name), "cat1")
item = api.item_getall(session, user)[0]
self.assertEqual(new.decrypt(item.name), "item1")
self.assertEqual(new.decrypt(item.url), "url1")
self.assertEqual(new.decrypt(item.account), "account1")
self.assertEqual(new.decrypt(item.username), "username1")
self.assertEqual(new.decrypt(item.password), "password1")
self.assertEqual(new.decrypt(item.blob), "blob1")
# Cleanup
utils.execute("opp-db --config_file %s del-user -uu -pp"
" --remove_data" % self.conf_filepath)
self._assert_user_does_not_exist('u')
def test_items_basic(self):
# Expect empty item list initially
items = api.item_getall(session=self.session)
self.assertEqual(items, [])
# Insert and retrieve an item
item = models.Item(blob="blob", category_id=None)
api.item_create([item], session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 1)
# Update and check the item
item.blob = "new blob"
item.category_id = 999
api.item_update([item], session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "new blob")
self.assertEqual(items[0].category_id, 999)
# Update item with valid category
category = models.Category(name="blah")
api.category_create([category], session=self.session)
item.category_id = 1
api.item_update([item], session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 1)
self.assertEqual(items[0].blob, "new blob")
self.assertEqual(items[0].category_id, 1)
self.assertIsNotNone(items[0].category)
# Clean up and verify
categories = api.category_getall(session=self.session)
api.category_delete(categories, True, session=self.session)
categories = api.category_getall(session=self.session)
self.assertEqual(len(categories), 0)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 0)
def test_categories_delete_cascade(self):
# Create two categories
with self.s.begin():
categories = [
models.Category(name="cat1", user=self.u),
models.Category(name="cat2", user=self.u)
]
api.category_create(self.s, categories)
# Verify created categories
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 2)
self.assertEqual(categories[0].name, "cat1")
self.assertEqual(categories[1].name, "cat2")
# Create 4 items
with self.s.begin():
items = [
models.Item(blob="item1", category_id=1, user=self.u),
models.Item(blob="item2", category_id=1, user=self.u),
models.Item(blob="item3", category_id=2, user=self.u),
models.Item(blob="item4", category_id=2, user=self.u)
]
api.item_create(self.s, items)
# Verify created items
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 4)
i1, i2, i3, i4 = items
self.assertEqual(i1.blob, "item1")
self.assertEqual(i1.category_id, 1)
self.assertIsNotNone(i1.category)
self.assertEqual(i1.category.id, 1)
self.assertEqual(i2.blob, "item2")
self.assertEqual(i2.category_id, 1)
self.assertIsNotNone(i2.category)
self.assertEqual(i1.category.id, 1)
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, 2)
self.assertIsNotNone(i3.category)
self.assertEqual(i3.category.id, 2)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, 2)
self.assertIsNotNone(i4.category)
self.assertEqual(i4.category.id, 2)
# Delete category 1 with cascade
with self.s.begin():
categories = api.category_getall(self.s, self.u)
api.category_delete(self.s, categories[:1], cascade=True)
# Verify only 1 category remains
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 1)
self.assertEqual(categories[0].name, "cat2")
# Verify items 1 & 2 were deleted through cascade action
# and that items 3 & 4 remain unchanged
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 2)
i3, i4 = items
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, 2)
self.assertIsNotNone(i3.category)
self.assertEqual(i3.category.id, 2)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, 2)
self.assertIsNotNone(i4.category)
self.assertEqual(i4.category.id, 2)
# Delete category 2 without cascade
with self.s.begin():
api.category_delete(self.s, categories, cascade=False)
# Verify categories list is now empty
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 0)
# Verify that items 3 & 4 have no category association
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 2)
i3, i4 = items
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, None)
self.assertIsNone(i3.category)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, None)
self.assertIsNone(i4.category)
# Remove remaining category
with self.s.begin():
categories = api.category_getall(self.s, self.u)
api.category_delete(self.s, categories, True)
# Verify categories list is now empty
with self.s.begin():
categories = api.category_getall(self.s, self.u)
self.assertEqual(len(categories), 0)
# Make sure items were NOT deleted despite cascade=True
# because they have no category association
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 2)
i3, i4 = items
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, None)
self.assertIsNone(i3.category)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, None)
self.assertIsNone(i4.category)
# Clean up remaining items
with self.s.begin():
api.item_delete(self.s, items)
# Verify clean up successful
with self.s.begin():
items = api.item_getall(self.s, self.u)
self.assertEqual(len(items), 0)
def test_categories_delete_cascade(self):
# Insert categories
categories = [
models.Category(name="cat1"),
models.Category(name="cat2")
]
api.category_create(categories, session=self.session)
# Verify categories
categories = api.category_getall(session=self.session)
self.assertEqual(len(categories), 2)
self.assertEqual(categories[0].name, "cat1")
self.assertEqual(categories[1].name, "cat2")
# Insert items
items = [
models.Item(blob="item1", category_id=1),
models.Item(blob="item2", category_id=1),
models.Item(blob="item3", category_id=2),
models.Item(blob="item4", category_id=2)
]
api.item_create(items, session=self.session)
# Verify items
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 4)
i1, i2, i3, i4 = items
self.assertEqual(i1.blob, "item1")
self.assertEqual(i1.category_id, 1)
self.assertIsNotNone(i1.category)
self.assertEqual(i1.category.id, 1)
self.assertEqual(i2.blob, "item2")
self.assertEqual(i2.category_id, 1)
self.assertIsNotNone(i2.category)
self.assertEqual(i1.category.id, 1)
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, 2)
self.assertIsNotNone(i3.category)
self.assertEqual(i3.category.id, 2)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, 2)
self.assertIsNotNone(i4.category)
self.assertEqual(i4.category.id, 2)
# Delete category 1 with cascade
api.category_delete(categories[:1], cascade=True, session=self.session)
# Verify only 1 category remains
categories = api.category_getall(session=self.session)
self.assertEqual(len(categories), 1)
self.assertEqual(categories[0].name, "cat2")
# Verify items 1 & 2 were deleted through cascade action
# and that items 3 & 4 remain unchanged
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 2)
i3, i4 = items
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, 2)
self.assertIsNotNone(i3.category)
self.assertEqual(i3.category.id, 2)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, 2)
self.assertIsNotNone(i4.category)
self.assertEqual(i4.category.id, 2)
# Delete category 2 without cascade
api.category_delete(categories, cascade=False, session=self.session)
# Verify categories list is now empty
categories = api.category_getall(session=self.session)
self.assertEqual(len(categories), 0)
# Verify that items 3 & 4 have no category association
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 2)
i3, i4 = items
self.assertEqual(i3.blob, "item3")
self.assertEqual(i3.category_id, None)
self.assertIsNone(i3.category)
self.assertEqual(i4.blob, "item4")
self.assertEqual(i4.category_id, None)
self.assertIsNone(i4.category)
# Clean up and verify
categories = api.category_getall(session=self.session)
api.category_delete(categories, True, session=self.session)
categories = api.category_getall(session=self.session)
self.assertEqual(len(categories), 0)
items = api.item_getall(session=self.session)
api.item_delete(items, session=self.session)
items = api.item_getall(session=self.session)
self.assertEqual(len(items), 0)
