def test_status_view_get_fake_invalid_format(self):
"""
Requests the view with a forged valid HMAC but invalid data, and
asserts the view returns a context without secret
"""
# Requests view
invalid_data = b'\x00'
encryptor = AESEncryptor(settings.AES_KEY)
encrypted_data = encryptor.encrypt(invalid_data)
encrypted_data = encryptor.append_hmac(encrypted_data)
base64_id = base64.urlsafe_b64encode(encrypted_data)
url_segment = unpad_base64_string(base64_id)
response = response = self.client.get(
reverse('shatterynote:status', args=(url_segment, )))
# Asserts conditions
self.assertEqual(response.status_code, 200)
try:
secret = response.context['secret']
secret_url = response.context['secret_url']
except KeyError as ke:
self.fail("context does not contain key {0}".format(str(ke)))
self.assertIsNone(secret)
self.assertIsNone(secret_url)
def create_secret(self, passphrase, message):
# Initializes data
self.secret = Secret.objects.create_secret(passphrase, message)
self.secret.save()
self.secret_id = Secret.objects.encrypt_id(self.secret.id)
url_segment = self.secret.get_url_segment()
url_segment = unpad_base64_string(url_segment)
if url_segment:
self.secret_url = reverse('shatterynote:secret',
args=(url_segment, ))
else:
self.secret_url = None
def test_status_view_get_fake_id(self):
"""
Requests the view with a forged valid HMAC but invalid data, and
asserts the view returns a context without secret
"""
# Requests view
fake_id = self.secret.pk + 1
encrypted_data = Secret.objects.encrypt_id(fake_id)
url_segment = unpad_base64_string(encrypted_data)
response = response = self.client.get(
reverse('shatterynote:status', args=(url_segment, )))
# Asserts conditions
self.assertEqual(response.status_code, 200)
try:
secret = response.context['secret']
secret_url = response.context['secret_url']
except KeyError as ke:
self.fail("context does not contain key {0}".format(str(ke)))
self.assertIsNone(secret)
self.assertIsNone(secret_url)
def test_secret_view_get_fake_aes_key(self):
"""
Requests the view with a forged valid HMAC but invalid AES key, and
asserts the view returns a context without message or wrong message
"""
# Initializes data
secret = Secret.objects.create_secret('', 'message')
secret.save()
fake_aes_key = flip_bits(secret.aes_key)
encrypted_data = Secret.objects.pack_infos(secret.pk, fake_aes_key)
url_segment = unpad_base64_string(encrypted_data)
fake_url = reverse('shatterynote:secret', args=(url_segment, ))
# Requests
response = self.client.get(fake_url)
self.assertEqual(response.status_code, 200)
message, form, found = self.get_context_params(response.context)
# Assertions
self.assertTrue(found)
self.assertNotEqual(message, 'message')
self.assertIsNone(form)
def test_secret_view_get_fake_invalid_format(self):
"""
Requests the view with a forged valid HMAC but invalid data format, and
asserts the view returns a context with found=False
"""
# Initializes data
invalid_data = b'\x00'
encryptor = AESEncryptor(settings.AES_KEY)
encrypted_data = encryptor.encrypt(invalid_data)
encrypted_data = encryptor.append_hmac(encrypted_data)
base64_id = base64.urlsafe_b64encode(encrypted_data)
url_segment = unpad_base64_string(base64_id)
fake_url = reverse('shatterynote:secret', args=(url_segment, ))
# Requests
response = self.client.get(fake_url)
self.assertEqual(response.status_code, 200)
message, form, found = self.get_context_params(response.context)
# Assertions
self.assertFalse(found)
self.assertIsNone(message)
self.assertIsNone(form)
def setUp(self):
self.secret = Secret.objects.create_secret('passphrase', 'message')
self.secret.save()
self.secret_id = Secret.objects.encrypt_id(self.secret.id)
self.secret_id = unpad_base64_string(self.secret_id)