def test_get_encryption_key__to_short__error(self):
key = 'abc123'
self.root_dir.join('.szczypiorek_encryption_key').write(
base64.b64encode(
json.dumps({
'key': key,
'hash': 'hash',
}).encode('utf8')),
mode='wb')
with pytest.raises(EncryptionKeyTooShortError) as e:
get_encryption_key()
assert e.value.args[0] == normalize("""
So it seems that the key used for encryption hidden in
the '.szczypiorek_encryption_key' file is too short.
Which means that because of some reason you've decided to mess
around with the built-in generator of the secured key.
Try to get access to the not broken version of the
'.szczypiorek_encryption_key' file or if you have access to the not
encrypted version you environment files simply remove the broken
file and run 'decrypt' phase one more time.
""")
def test_load_yaml__is_not_valid(self):
with pytest.raises(BrokenYamlError) as e:
assert load_yaml(n('''
a: {{what}
''')) is True
assert e.value.args[0] == normalize("""
It seems that you're yaml file is broken.
Run in through some online validators to find the reason behind it.
""")
def test_substitute__missing_key__error(self):
with pytest.raises(MissingSubstitutionKeyError) as e:
substitute({
'hi': '{{ a.b }} what',
'c_d_ex': 'sanatorium',
})
assert e.value.args[0] == normalize("""
Your template variable is referring non-existent value under
the 'a.b' key.
""")
def test_decrypt__key_changed__error(self):
self.mocker.patch(
'szczypiorek.crypto.get_encryption_key').return_value = ('secret',
'hash0')
with pytest.raises(DecryptionError) as e:
decrypt(write_encrypted('what is it', 'hash1'))
assert e.value.args[0] == normalize("""
It seems that different key was used for encryption and decryption.
""")
def test_get_encryption_key__file_does_not_exist__error(self):
with pytest.raises(EncryptionKeyFileMissingError) as e:
get_encryption_key()
assert e.value.args[0] == normalize("""
Couldn't find the '.szczypiorek_encryption_key' file. It is required
for the correct functioning of the encryption and decryption
phases.
If you see this message while performing 'decrypt' then
simply request the file from fellow code contributor.
In the 'encrypt' scenario the file is created automatically.
""") # noqa
def test_decrypt__broken_gpg__error(self):
self.mocker.patch(
'szczypiorek.crypto.get_encryption_key').return_value = ('secret',
'hash')
with pytest.raises(DecryptionError) as e:
decrypt(write_encrypted('what is it', 'hash'))
assert e.value.args[0] == normalize("""
Something went wrong while attempting to decrypt. The big chance
is that you've used broken encryption key.
Therefore if you see this message it means that you're trying to
do something bad. Stop doing that.
""")
def test_assert_is_git_ignored__is_not_ignored(self):
bash('git init')
self.root_dir.join('.gitignore').write('')
f = self.root_dir.join('file.txt')
f.write('whatever')
with pytest.raises(FileNotIgnoredError) as e:
assert_is_git_ignored('file.txt')
assert e.value.args[0] == normalize("""
Well it seems that the 'file.txt' is not git ignored. Since it
appears in the context there's a big chance that it contains some
sensitive data.
Please add it to the '.gitignore' and stop tracking it.
""")
def test_get_encryption_key__env_var__not_base64__error(self):
os.environ['SZCZYPIOREK_ENCRYPTION_KEY'] = json.dumps({'key': 'key'})
with pytest.raises(EncryptionKeyBrokenBase64Error) as e:
get_encryption_key()
assert e.value.args[0] == normalize("""
The content of the 'SZCZYPIOREK_ENCRYPTION_KEY' environment variable was automatically
encoded with base64 so that noone tries to mess around with it.
So if you see this message that means that someone tried just that.
Try to get access to the not broken version of the
'SZCZYPIOREK_ENCRYPTION_KEY' environment variable or if you have access to the not
encrypted version you environment files simply remove the broken
file and run 'decrypt' phase one more time.
""") # noqa
def test_get_encryption_key__not_json__error(self):
self.root_dir.join('.szczypiorek_encryption_key').write(
base64.b64encode(b'"key": "whatever"'), mode='wb')
with pytest.raises(EncryptionKeyBrokenJsonError) as e:
get_encryption_key()
assert e.value.args[0] == normalize("""
The content of the '.szczypiorek_encryption_key' file must be a valid
json file encoded with base64. It takes the following shape:
{
"key": <automatically generated secret>,
"hash": <automatically generated secret's hash>,
"created_datetime": <iso datetime of the key creation>
}
""") # noqa
def test_decrypt__wrong_passphrase__error(self):
self.mocker.patch(
'szczypiorek.crypto.get_encryption_key').side_effect = [
('secret.0', 'hash'), ('secret.1', 'hash')
]
encrypted = encrypt('what is it')
with pytest.raises(DecryptionError) as e:
decrypt(encrypted)
assert e.value.args[0] == normalize("""
Something went wrong while attempting to decrypt. The big chance
is that you've used broken encryption key.
Therefore if you see this message it means that you're trying to
do something bad. Stop doing that.
""")
def test_get_encryption_key__file_not_gitignored__error(self):
key = 'd8s9s8c9s8s9ds8d98sd9s89cs8c9s8d'
self.root_dir.join('.szczypiorek_encryption_key').write(
base64.b64encode(
json.dumps({
'key': key,
'hash': 'hash',
}).encode('utf8')),
mode='wb')
self.mocker.patch(
'szczypiorek.crypto.assert_is_git_repository').return_value = True
self.mocker.patch('szczypiorek.crypto.assert_is_git_ignored'
).side_effect = FileNotIgnoredError('not ignored')
with pytest.raises(FileNotIgnoredError) as e:
get_encryption_key()
assert e.value.args[0] == normalize('not ignored')
def test_get_encryption_key__file__not_base64__error(self):
self.root_dir.join('.szczypiorek_encryption_key').write(json.dumps({
'key':
'key'
}).encode('utf8'),
mode='wb')
with pytest.raises(EncryptionKeyBrokenBase64Error) as e:
get_encryption_key()
assert e.value.args[0] == normalize("""
The content of the '.szczypiorek_encryption_key' file was automatically
encoded with base64 so that noone tries to mess around with it.
So if you see this message that means that someone tried just that.
Try to get access to the not broken version of the
'.szczypiorek_encryption_key' file or if you have access to the not
encrypted version you environment files simply remove the broken
file and run 'decrypt' phase one more time.
""") # noqa