def testOwnerInMetadata(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.ESCROW], ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False qs = { 'hdd_serial': 'stub', 'owner': 'stub9', 'platform_uuid': 'stub', 'serial': 'stub', 'json': 1, } resp = gae_main.app.get_response( '/filevault/%s?%s' % (vol_uuid, urllib.urlencode(qs)), {'REQUEST_METHOD': 'PUT'}, POST=secret) self.assertIn('successfully escrowed', resp.body) entity = models.FileVaultVolume.all().filter('owner =', 'stub9').get() self.assertIsNotNone(entity)
def testByPermSilentWithAudit(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), email='*****@*****.**', provisioning_perms=[ permissions.RETRIEVE, permissions.SILENT_RETRIEVE_WITH_AUDIT_EMAIL, ], ).put() models.ProvisioningVolume( owners=['stub6'], hdd_serial='stub', passphrase=secret, platform_uuid='stub', serial='stub', volume_uuid=vol_uuid, ).put() with mock.patch.object(util, 'SendEmail') as mock_send_email: self.testapp.get('/provisioning/%s?json=1' % vol_uuid) self.assertEqual(1, mock_send_email.call_count) recipients, _, _ = mock_send_email.call_args[0] self.assertEqual(['*****@*****.**', '*****@*****.**'], recipients)
def testOwnerNotInMetadata(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.ESCROW], ).put() qs = { 'hdd_serial': '3uDR0LYQmN', 'platform_uuid': 'stub', 'serial': 'stub', 'json': 1, } resp = gae_main.app.get_response('/filevault/%s?%s' % (vol_uuid, urllib.urlencode(qs)), {'REQUEST_METHOD': 'PUT'}, POST=secret) self.assertIn('successfully escrowed', resp.body) entity = models.FileVaultVolume.all().filter('hdd_serial =', '3uDR0LYQmN').get() self.assertIsNotNone(entity)
def testByPermRead(self, owner, expected_email): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), email='*****@*****.**', provisioning_perms=[permissions.RETRIEVE], ).put() models.ProvisioningVolume( owners=[owner], hdd_serial='stub', passphrase=secret, platform_uuid='stub', serial='stub', volume_uuid=vol_uuid, ).put() with mock.patch.object(util, 'SendEmail') as mock_send_email: self.testapp.get('/provisioning/%s?json=1' % vol_uuid) self.assertEqual(1, mock_send_email.call_count) recipients, _, _ = mock_send_email.call_args[0] self.assertItemsEqual( ['*****@*****.**', expected_email, '*****@*****.**'], recipients)
def testOwnerInMetadata(self, *_): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.ESCROW], ).put() qs = { 'hdd_serial': 'stub', 'owner': 'stub9', 'platform_uuid': 'stub', 'serial': 'stub', 'json': 1, } resp = self.testapp.put('/filevault/%s?%s' % (vol_uuid, urllib.urlencode(qs)), params=secret) self.assertIn('successfully escrowed', resp.body) entity = models.FileVaultVolume.all().filter( 'owners =', '*****@*****.**').get() self.assertIsNotNone(entity)
def setUp(self): super(FileVaultChangeOwnerAccessHandlerTest, self).setUp() settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF test_util.SetUpTestbedTestCase(self) self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0' self.user = base.User(key_name='*****@*****.**', user=users.User('*****@*****.**')) self.user.filevault_perms = [permissions.CHANGE_OWNER] self.user.put() fvv = models.FileVaultVolume( hdd_serial='XX123456', platform_uuid='A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0', serial='XX123456', passphrase='SECRET', volume_uuid=self.volume_uuid, created_by=users.User('*****@*****.**')) volume_id = fvv.put() self.change_owner_url = '/api/internal/change-owner/filevault/%s/' % ( volume_id)
def testAccessDenied(self): base.User( key_name='*****@*****.**', user=users.get_current_user(), provisioning_perms=[], ).put() resp = gae_main.app.get_response( '/created?json=1', {'REQUEST_METHOD': 'GET'}) self.assertEqual(httplib.FORBIDDEN, resp.status_int)
def testFilterResult(self): base.User( key_name='*****@*****.**', user=users.get_current_user(), bitlocker_perms=[permissions.RETRIEVE_OWN], ).put() resp = util.FromSafeJson(self.testapp.get( '/search?search_type=bitlocker&field1=owner&value1=stub&json=1').body) self.assertTrue(resp['results_access_warning']) self.assertEqual(0, len(resp['passphrases']))
def setUp(self): super(FileVaultChangeOwnerAccessHandlerTest, self).setUp() settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF self.volume_uuid = '4E6A59FF-3D85-4B1C-A5D5-70F8B8A9B4A0' self.user = base.User(key_name='*****@*****.**', user=users.User('*****@*****.**')) self.user.filevault_perms = [permissions.CHANGE_OWNER] self.user.put() self.volume_id = self._EscrowPassphrase('SECRET')
def _MakeUserEntity(self, email, user_perms): """Returns a base.User entity. Args: email: str, email address of the user. user_perms: dict, dict of permission types with lists of db.User permissions. i.e. {'filevault_perms': [RETRIEVE, ESCROW]} Returns: base.User entity. """ u = base.User(key_name=email, user=users.User(email=email)) for permission_type in permissions.TYPES: u.SetPerms(user_perms.get(permission_type, []), permission_type) return u
def setUp(self): super(LinuxFirmwarePasswordChangeOwnerTest, self).setUp() settings.KEY_TYPE_DEFAULT_FILEVAULT = settings.KEY_TYPE_DATASTORE_FILEVAULT settings.KEY_TYPE_DEFAULT_XSRF = settings.KEY_TYPE_DATASTORE_XSRF self.user = base.User(key_name='*****@*****.**', user=users.User('*****@*****.**')) self.user.linux_firmware_perms = [permissions.CHANGE_OWNER] self.user.put() self.manufacturer = 'SampleManufacturer Inc.' self.serial = 'XX123456' self.machine_uuid = 'A4E75A65-FC39-441C-BEF5-49D9A3DC6BE0' self.volume_id = self._EscrowPassphrase('SECRET')
def testSilentRetrieve(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.SILENT_RETRIEVE, permissions.RETRIEVE], ).put() models.LuksVolume( owner='stub', hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid ).put() with mock.patch.object(util, 'SendEmail') as mock_send_email: resp = gae_main.app.get_response('/luks/%s?json=1' % vol_uuid) mock_send_email.assert_not_called() self.assertEqual(httplib.OK, resp.status_int)
def testCheckAuthzOwnerFail(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub2', volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.FORBIDDEN, resp.status_int) self.assertIn('Access denied.', resp.body)
def testLuksAsOwner(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.RETRIEVE_OWN], ).put() models.LuksVolume( owner='stub7', hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid ).put() with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/luks/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testBarcode(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.RETRIEVE_OWN], ).put() models.LuksVolume( owner='stub7', hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid ).put() with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/luks/%s?json=1' % vol_uuid) o = util.FromSafeJson(resp.body) self.assertTrue(o['qr_img_url'])
def testOk(self): base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.SEARCH], luks_perms=[permissions.SEARCH], ).put() resp = gae_main.app.get_response('/api/internal/volume_types', {'REQUEST_METHOD': 'GET'}) self.assertEqual(httplib.OK, resp.status_int) data = util.FromSafeJson(resp.body) volume_fields = {x: y for x, y in data.items() if 'fields' in y} self.assertEqual(2, len(volume_fields))
def testVolumeUuidValid(self): vol_uuid = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub', volume_uuid=vol_uuid, serial='stub', passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "stub_pass1"', resp.body)
def testCheckAuthzGlobalOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE], ).put() volume_id = models.FileVaultVolume( owner='stub2', volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response( '/filevault/%s?json=1&id=%s' % (vol_uuid, volume_id)) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testLuksAsNonOwner(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.RETRIEVE_OWN], ).put() models.LuksVolume( owner='stub5', hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/luks/%s?json=1' % vol_uuid) self.assertEqual(httplib.FORBIDDEN, resp.status_int) self.assertIn('Access denied.', resp.body)
def testVolumeUuidValid(self): vol_uuid = str(uuid.uuid4()).upper() base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_OWN], ).put() models.FileVaultVolume( owner='stub7', volume_uuid=vol_uuid, serial='stub', passphrase='stub_pass1', hdd_serial='stub', platform_uuid='stub', ).put() resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "stub_pass1"', resp.body) volumes = models.FileVaultVolume.all().fetch(None) self.assertEqual(1, len(volumes)) self.assertTrue(volumes[0].force_rekeying)
def testWalkthrough(self): models.ProvisioningVolume.created.auto_now = False vol_uuid1 = str(uuid.uuid4()).upper() secret1 = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), provisioning_perms=[], ).put() models.ProvisioningVolume( owner='stub', created_by=users.get_current_user(), hdd_serial='stub', passphrase=secret1, created=datetime.datetime.now(), platform_uuid='stub', serial='stub', volume_uuid=vol_uuid1, ).put() old = datetime.datetime.now() - datetime.timedelta(days=365) models.ProvisioningVolume(owner='stub1', created_by=users.get_current_user(), hdd_serial='stub', passphrase=secret1, created=old, platform_uuid='stub', serial='stub', volume_uuid=str(uuid.uuid4()).upper()).put() resp = gae_main.app.get_response('/created?json=1', {'REQUEST_METHOD': 'GET'}) self.assertEqual(httplib.OK, resp.status_int) data = util.FromSafeJson(resp.body) self.assertEqual(1, len(data)) self.assertEqual(secret1, data[0]['passphrase']) models.ProvisioningVolume.created.auto_now = True
def testLuksAsNonOwner(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.RETRIEVE_OWN], ).put() models.LuksVolume(owners=['stub5'], hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid).put() with mock.patch.object(util, 'SendEmail') as _: resp = self.testapp.get('/luks/%s?json=1' % vol_uuid, status=httplib.FORBIDDEN) self.assertIn('Access denied.', resp.body)
def testBarcodeTooLong(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) * 10 base.User( key_name='*****@*****.**', user=users.get_current_user(), luks_perms=[permissions.RETRIEVE_OWN], ).put() models.LuksVolume( owner='stub', hdd_serial='stub', hostname='stub', passphrase=secret, platform_uuid='stub', volume_uuid=vol_uuid ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/luks/%s?json=1' % vol_uuid) o = util.FromSafeJson(resp.body) self.assertFalse(o['qr_img_url'])
def testCheckAuthzCreatorOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_CREATED_BY], ).put() models.FileVaultVolume( owner='stub3', created_by=users.User('*****@*****.**'), volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response('/filevault/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testProvisioningAsOwner(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), provisioning_perms=[permissions.RETRIEVE_OWN], ).put() models.ProvisioningVolume( owner='stub', hdd_serial='stub', passphrase=secret, platform_uuid='stub', serial='stub', volume_uuid=vol_uuid, ).put() with mock.patch.object(handlers, 'settings') as mock_settings: mock_settings.XSRF_PROTECTION_ENABLED = False with mock.patch.object(util, 'SendEmail') as _: resp = gae_main.app.get_response( '/provisioning/%s?json=1' % vol_uuid) self.assertEqual(httplib.OK, resp.status_int) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testProvisioningAsOwner(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), provisioning_perms=[permissions.RETRIEVE_OWN], ).put() models.ProvisioningVolume( owners=['stub7'], hdd_serial='stub', passphrase=secret, platform_uuid='stub', serial='stub', volume_uuid=vol_uuid, ).put() with mock.patch.object(util, 'SendEmail') as _: resp = self.testapp.get('/provisioning/%s?json=1' % vol_uuid, status=httplib.OK) self.assertIn('"passphrase": "%s"' % secret, resp.body)
def testCheckAuthzCreatorOk(self): vol_uuid = str(uuid.uuid4()).upper() secret = str(uuid.uuid4()) base.User( key_name='*****@*****.**', user=users.get_current_user(), filevault_perms=[permissions.RETRIEVE_CREATED_BY], ).put() models.FileVaultVolume( owners=['stub3'], created_by=users.User('*****@*****.**'), volume_uuid=vol_uuid, passphrase=secret, hdd_serial='stub', platform_uuid='stub', serial='stub', ).put() with mock.patch.object(util, 'SendEmail') as _: resp = self.testapp.get('/filevault/%s?json=1' % vol_uuid, status=httplib.OK) self.assertIn('"passphrase": "%s"' % secret, resp.body)