def testPutWithExistingOwnerModified(self): self.fvv.put() fvv = models.FileVaultVolume(**self.fvv_data) fvv.owner = 'new_owner1' fvv.put() fvv = models.FileVaultVolume(**self.fvv_data) fvv.owner = 'new_owner2' fvv.put()
def testPutWithExistingDataModified(self): self.fvv.put() num_of_modifications = 1 for name, prop in self.fvv.properties().iteritems(): old_value = getattr(self.fvv, name) if name == 'active': continue if isinstance(prop, db.DateTimeProperty): continue elif isinstance(prop, db.BooleanProperty): new_value = not bool(old_value) elif isinstance(prop, db.UserProperty): new_value = users.User('*****@*****.**') elif isinstance(prop, db.StringListProperty): # owners does not have setter yet. continue else: new_value = 'JUNK' fvv = models.FileVaultVolume(**self.fvv_data) setattr(fvv, name, new_value) fvv.put() num_of_modifications += 1 volumes = models.FileVaultVolume.all().fetch(999) self.assertEqual(num_of_modifications, len(volumes))
def setUp(self): super(FileVaultChangeOwnerAccessHandlerTest, self).setUp() settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF test_util.SetUpTestbedTestCase(self) self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0' self.user = base.User(key_name='*****@*****.**', user=users.User('*****@*****.**')) self.user.filevault_perms = [permissions.CHANGE_OWNER] self.user.put() fvv = models.FileVaultVolume( hdd_serial='XX123456', platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', serial='XX123456', passphrase='SECRET', volume_uuid=self.volume_uuid, created_by=users.User('*****@*****.**')) volume_id = fvv.put() self.change_owner_url = '/api/internal/change-owner/filevault/%s/' % ( volume_id)
def _EscrowPassphrase(self, passphrase): fvv = models.FileVaultVolume( hdd_serial='XX123456', platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', serial='XX123456', passphrase=passphrase, volume_uuid=self.volume_uuid, created_by=users.User('*****@*****.**')) return fvv.put()
def MakeFileVaultVolume(save=True, **kwargs): """Create and return a FileVaultVolume.""" defaults = { 'hdd_serial': 'blah', 'passphrase': '123456789', 'volume_uuid': str(uuid.uuid4()).upper(), 'owner': 'someone', 'serial': 'foo', 'platform_uuid': 'bar', } defaults.update(kwargs) volume = volumes.FileVaultVolume(**defaults) if save: volume.put() return volume
def testCheckAuthzOwnerOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub7', volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testVolumeUuidValid(self): vol_uuid = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub', volume_uuid=vol_uuid, serial='stub', passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "stub_pass1"', resp.body)
def testVolumeUuidValid(self): vol_uuid = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub7', volume_uuid=vol_uuid, serial='stub', passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub', ).put() resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "stub_pass1"', resp.body) volumes = models.FileVaultVolume.all().fetch(None) self.assertEqual(1, len(volumes)) self.assertTrue(volumes[0].force_rekeying)
def testCheckAuthzOwnerFail(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub2', volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.FORBIDDEN, resp.status_int) self.assertIn('Access denied.', resp.body)
def setUp(self): super(FileVaultVolumeTest, self).setUp() self.fvv_data = { 'hdd_serial': 'XX123456', 'platform_uuid': 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', 'serial': 'XX123456', 'passphrase': 'SECRET', 'volume_uuid': '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0', 'created_by': users.User('*****@*****.**'), } self.fvv = models.FileVaultVolume(**self.fvv_data) # Ensure we use KEY_TYPE_DATASTORE_FILEVAULT and KEY_TYPE_DATASTORE_XSRF for # tests. self.key_type_default_filevault_save = settings.KEY_TYPE_DEFAULT_FILEVAULT self.key_type_default_xsrf_save = settings.KEY_TYPE_DEFAULT_XSRF settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF
def testCheckAuthzOwnerFail(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owners=['stub2'], volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = self.testapp.get('/filevault/%s?json=1' % vol_uuid, status=httplib.FORBIDDEN) self.assertIn('Access denied.', resp.body)
def testCheckAuthzGlobalOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE], ).put() volume_id = models.FileVaultVolume( owners=['stub2'], volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = self.testapp.get('/filevault/%s?json=1&id=%s' % (vol_uuid, volume_id), status=httplib.OK) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testPutWithoutKeyName(self): fvv = models.FileVaultVolume() self.assertRaises(models.FileVaultAccessError, fvv.put)
def testPutSuccess(self): fvv = models.FileVaultVolume() for p in models.FileVaultVolume.REQUIRED_PROPERTIES: setattr(fvv, p, 'something') fvv.put()
def testPutWithEmptyRequiredProperty(self): key_name = u'foo' fvv = models.FileVaultVolume(key_name=key_name) self.assertRaises(models.FileVaultAccessError, fvv.put)
def _CreateNewSecretEntity(self, owner, volume_uuid, secret): return models.FileVaultVolume( owner=owner, volume_uuid=volume_uuid, passphrase=str(secret))