def test_star_wars_kitchen_sink(self): self.start_questionnaire_and_navigate_routing() # Form submission with no errors self.post(STAR_WARS_TRIVIA_PART_1_DEFAULT_ANSWERS) self.assertInPage( "On <span class='date'>2 June 1983</span> how many were employed?") self.assertInPage( "Why doesn't Chewbacca receive a medal at the end of A New Hope?") self.assertInPage('chewbacca-medal-answer') self.post({ 'chewbacca-medal-answer': 'Wookiees don’t place value in material rewards and refused the medal initially', 'confirm-chewbacca-age-answer': 'Yes', }) self.assertInPage('Finally, which is your favourite film?') self.post({ 'jar-jar-binks-planet-answer': 'Naboo', 'favourite-film-answer': '5', }) self.assertRegexUrl(star_wars_test_urls.STAR_WARS_SUMMARY_REGEX) self.post(action=None) # Get the message that would be sent downstream # pylint: disable=no-member message = decrypt(self.instance.send_message.call_args[0][0], self._key_store, KEY_PURPOSE_SUBMISSION) self.assertIn('data', message.keys()) data = message['data'] expected = { '20': 'Light Side', '23': 'Yes', '22': 'Millennium Falcon', '1': '234', '2': '40', '3': '1370', '4': 'Elephant', '5': 'Luke, I am your father', '6': ['Luke Skywalker', 'Yoda', 'Qui-Gon Jinn'], '81': '28/05/1983', '82': '29/05/1983', '10': 'Wookiees don’t place value in material rewards and refused the medal initially', '43': 'Yes' } for key, value in expected.items(): self.assertIn(key, data.keys()) self.assertEqual(expected[key], value) if isinstance(expected[key], list): for item in expected[key]: self.assertIn(item, value)
def flush_data(): if session: session.clear() encrypted_token = request.args.get("token") if not encrypted_token or encrypted_token is None: return Response(status=403) decrypted_token = decrypt( token=encrypted_token, key_store=current_app.eq["key_store"], key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"], ) roles = decrypted_token.get("roles") if roles and "flusher" in roles: user = _get_user(decrypted_token["response_id"]) metadata = get_metadata(user) if "tx_id" in metadata: logger.bind(tx_id=metadata["tx_id"]) if _submit_data(user): return Response(status=200) return Response(status=404) return Response(status=403)
def test_decrypt(self): json = decrypt(VALID_JWE, self.key_store, KEY_PURPOSE_AUTHENTICATION) assert json == { 'user': '******', 'iat': 1498137519.135479, 'exp': 1.0000000000014982e+21 }
def test_encrypt_transfer_decrypt(self): files = [ f for f in listdir(TEST_FILES_PATH) if isfile(join(TEST_FILES_PATH, f)) ] for file in files: with open(TEST_FILES_PATH + file, "rb") as fb: contents = fb.read() encoded_contents = base64.b64encode(contents) payload = '{"file":"' + encoded_contents.decode() + '"}' payload_as_json = json.loads(payload) jwt = encrypt(payload_as_json, self.ras_key_store, KEY_PURPOSE_CONSUMER) decrypted_payload = decrypt(jwt, self.sdx_key_store, KEY_PURPOSE_CONSUMER) file_contents = decrypted_payload.get("file") decoded_contents = base64.b64decode(file_contents) self.assertEqual(contents, decoded_contents) with open(TEST_FILES_RECOVERED_PATH + file, "wb") as fb: fb.write(decoded_contents) self.assertTrue( filecmp.cmp(TEST_FILES_PATH + file, TEST_FILES_RECOVERED_PATH + file))
def decrypt_and_write(): with open(settings.SDX_SEFT_CONSUMER_KEYS_FILE) as file: keys = yaml.safe_load(file) key_store = KeyStore(keys) connection = BlockingConnection(URLParameters(settings.RABBIT_URL)) channel = connection.channel() method, properties, body = channel.basic_get( settings.RABBIT_QUARANTINE_QUEUE) if method: logger.info("Recovered quarantine message", body=body, headers=properties.headers) try: decrypted_message = decrypt(body.decode("utf-8"), key_store, KEY_PURPOSE_CONSUMER) payload = SeftConsumer.extract_file(decrypted_message, properties.headers['tx_id']) with open('/tmp/{}'.format(payload.file_name), 'wb') as recovered_file: recovered_file.write(payload.decoded_contents) channel.basic_ack(method.delivery_tag) logger.info("Message ACK") except (InvalidTokenException, ValueError): logger.exception("Bad decrypt") channel.basic_nack(method.delivery_tag) logger.info("Nacking message") except Exception: logger.exception("Failed to process") channel.basic_nack(method.delivery_tag) logger.info("Nacking message") else: logger.info('No message found on quarantine queue')
def post_then_intercept_and_decrypt_message(self, post_data, **kwargs): self.post(url=FEEDBACK_FORM_URL, post_data=post_data, action='send_feedback', **kwargs) # pylint: disable=no-member return decrypt(self.instance.send_message.call_args[0][0], self._key_store, KEY_PURPOSE_SUBMISSION)
def decrypt_token(encrypted_token): if not encrypted_token: raise NoTokenException('Please provide a token') logger.debug('decrypting token') decrypted_token = decrypt(token=encrypted_token, key_store=current_app.eq['key_store'], key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS']) logger.debug('token decrypted') return decrypted_token
def decrypt_token(encrypted_token: str) -> dict[str, Union[str, list, int]]: if not encrypted_token: raise NoTokenException("Please provide a token") logger.debug("decrypting token") decrypted_token: dict[str, Union[str, list, int]] = decrypt( token=encrypted_token, key_store=current_app.eq["key_store"], # type: ignore key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config["EQ_JWT_LEEWAY_IN_SECONDS"], ) logger.debug("token decrypted") return decrypted_token
def _decrypt(self, encrypted_jwt, tx_id): try: return decrypt(encrypted_jwt, self.key_store, KEY_PURPOSE_CONSUMER) except (InvalidTokenException, ValueError) as e: logger.error("Bad decrypt", action="quarantining", exception=str(e), tx_id=tx_id) raise QuarantinableError() except Exception as e: logger.error("Failed to process", action="retry", exception=str(e), tx_id=tx_id) raise QuarantinableError()
def flush_data(): if session: session.clear() encrypted_token = request.args.get('token') if not encrypted_token or encrypted_token is None: return Response(status=403) decrypted_token = decrypt( token=encrypted_token, key_store=current_app.eq['key_store'], key_purpose=KEY_PURPOSE_AUTHENTICATION, leeway=current_app.config['EQ_JWT_LEEWAY_IN_SECONDS']) roles = decrypted_token.get('roles') if roles and 'flusher' in roles: user = _get_user(decrypted_token) if _submit_data(user): return Response(status=200) return Response(status=404) return Response(status=403)
def test_decrypt_too_few_tokens_in_jwe(self): """Tests an InvalidTokenException when the token isn't comprised of 5 parts, seperated by several '.' characters""" with pytest.raises(InvalidTokenException): decrypt(TOO_FEW_TOKENS_JWE, self.key_store, KEY_PURPOSE_AUTHENTICATION)