def test_star_wars_kitchen_sink(self):
self.start_questionnaire_and_navigate_routing()
# Form submission with no errors
self.post(STAR_WARS_TRIVIA_PART_1_DEFAULT_ANSWERS)
self.assertInPage(
"On <span class='date'>2 June 1983</span> how many were employed?")
self.assertInPage(
"Why doesn't Chewbacca receive a medal at the end of A New Hope?")
self.assertInPage('chewbacca-medal-answer')
self.post({
'chewbacca-medal-answer':
'Wookiees don’t place value in material rewards and refused the medal initially',
'confirm-chewbacca-age-answer': 'Yes',
})
self.assertInPage('Finally, which is your favourite film?')
self.post({
'jar-jar-binks-planet-answer': 'Naboo',
'favourite-film-answer': '5',
})
self.assertRegexUrl(star_wars_test_urls.STAR_WARS_SUMMARY_REGEX)
self.post(action=None)
# Get the message that would be sent downstream
# pylint: disable=no-member
message = decrypt(self.instance.send_message.call_args[0][0],
self._key_store, KEY_PURPOSE_SUBMISSION)
self.assertIn('data', message.keys())
data = message['data']
expected = {
'20': 'Light Side',
'23': 'Yes',
'22': 'Millennium Falcon',
'1': '234',
'2': '40',
'3': '1370',
'4': 'Elephant',
'5': 'Luke, I am your father',
'6': ['Luke Skywalker', 'Yoda', 'Qui-Gon Jinn'],
'81': '28/05/1983',
'82': '29/05/1983',
'10':
'Wookiees don’t place value in material rewards and refused the medal initially',
'43': 'Yes'
}
for key, value in expected.items():
self.assertIn(key, data.keys())
self.assertEqual(expected[key], value)
if isinstance(expected[key], list):
for item in expected[key]:
self.assertIn(item, value)
def flush_data():
if session:
session.clear()
encrypted_token = request.args.get("token")
if not encrypted_token or encrypted_token is None:
return Response(status=403)
decrypted_token = decrypt(
token=encrypted_token,
key_store=current_app.eq["key_store"],
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"],
)
roles = decrypted_token.get("roles")
if roles and "flusher" in roles:
user = _get_user(decrypted_token["response_id"])
metadata = get_metadata(user)
if "tx_id" in metadata:
logger.bind(tx_id=metadata["tx_id"])
if _submit_data(user):
return Response(status=200)
return Response(status=404)
return Response(status=403)
def test_decrypt(self):
json = decrypt(VALID_JWE, self.key_store, KEY_PURPOSE_AUTHENTICATION)
assert json == {
'user': '******',
'iat': 1498137519.135479,
'exp': 1.0000000000014982e+21
}
def test_encrypt_transfer_decrypt(self):
files = [
f for f in listdir(TEST_FILES_PATH)
if isfile(join(TEST_FILES_PATH, f))
]
for file in files:
with open(TEST_FILES_PATH + file, "rb") as fb:
contents = fb.read()
encoded_contents = base64.b64encode(contents)
payload = '{"file":"' + encoded_contents.decode() + '"}'
payload_as_json = json.loads(payload)
jwt = encrypt(payload_as_json, self.ras_key_store,
KEY_PURPOSE_CONSUMER)
decrypted_payload = decrypt(jwt, self.sdx_key_store,
KEY_PURPOSE_CONSUMER)
file_contents = decrypted_payload.get("file")
decoded_contents = base64.b64decode(file_contents)
self.assertEqual(contents, decoded_contents)
with open(TEST_FILES_RECOVERED_PATH + file, "wb") as fb:
fb.write(decoded_contents)
self.assertTrue(
filecmp.cmp(TEST_FILES_PATH + file,
TEST_FILES_RECOVERED_PATH + file))
def decrypt_and_write():
with open(settings.SDX_SEFT_CONSUMER_KEYS_FILE) as file:
keys = yaml.safe_load(file)
key_store = KeyStore(keys)
connection = BlockingConnection(URLParameters(settings.RABBIT_URL))
channel = connection.channel()
method, properties, body = channel.basic_get(
settings.RABBIT_QUARANTINE_QUEUE)
if method:
logger.info("Recovered quarantine message",
body=body,
headers=properties.headers)
try:
decrypted_message = decrypt(body.decode("utf-8"), key_store,
KEY_PURPOSE_CONSUMER)
payload = SeftConsumer.extract_file(decrypted_message,
properties.headers['tx_id'])
with open('/tmp/{}'.format(payload.file_name),
'wb') as recovered_file:
recovered_file.write(payload.decoded_contents)
channel.basic_ack(method.delivery_tag)
logger.info("Message ACK")
except (InvalidTokenException, ValueError):
logger.exception("Bad decrypt")
channel.basic_nack(method.delivery_tag)
logger.info("Nacking message")
except Exception:
logger.exception("Failed to process")
channel.basic_nack(method.delivery_tag)
logger.info("Nacking message")
else:
logger.info('No message found on quarantine queue')
def post_then_intercept_and_decrypt_message(self, post_data, **kwargs):
self.post(url=FEEDBACK_FORM_URL,
post_data=post_data,
action='send_feedback',
**kwargs)
# pylint: disable=no-member
return decrypt(self.instance.send_message.call_args[0][0],
self._key_store, KEY_PURPOSE_SUBMISSION)
def decrypt_token(encrypted_token):
if not encrypted_token:
raise NoTokenException('Please provide a token')
logger.debug('decrypting token')
decrypted_token = decrypt(token=encrypted_token,
key_store=current_app.eq['key_store'],
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS'])
logger.debug('token decrypted')
return decrypted_token
def decrypt_token(encrypted_token: str) -> dict[str, Union[str, list, int]]:
if not encrypted_token:
raise NoTokenException("Please provide a token")
logger.debug("decrypting token")
decrypted_token: dict[str, Union[str, list, int]] = decrypt(
token=encrypted_token,
key_store=current_app.eq["key_store"], # type: ignore
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"],
)
logger.debug("token decrypted")
return decrypted_token
def _decrypt(self, encrypted_jwt, tx_id):
try:
return decrypt(encrypted_jwt, self.key_store, KEY_PURPOSE_CONSUMER)
except (InvalidTokenException, ValueError) as e:
logger.error("Bad decrypt",
action="quarantining",
exception=str(e),
tx_id=tx_id)
raise QuarantinableError()
except Exception as e:
logger.error("Failed to process",
action="retry",
exception=str(e),
tx_id=tx_id)
raise QuarantinableError()
def flush_data():
if session:
session.clear()
encrypted_token = request.args.get('token')
if not encrypted_token or encrypted_token is None:
return Response(status=403)
decrypted_token = decrypt(
token=encrypted_token,
key_store=current_app.eq['key_store'],
key_purpose=KEY_PURPOSE_AUTHENTICATION,
leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS'])
roles = decrypted_token.get('roles')
if roles and 'flusher' in roles:
user = _get_user(decrypted_token)
if _submit_data(user):
return Response(status=200)
return Response(status=404)
return Response(status=403)
def test_decrypt_too_few_tokens_in_jwe(self):
"""Tests an InvalidTokenException when the token isn't comprised of 5 parts, seperated by several '.' characters"""
with pytest.raises(InvalidTokenException):
decrypt(TOO_FEW_TOKENS_JWE, self.key_store,
KEY_PURPOSE_AUTHENTICATION)