def test_open_existing(self): db = SQLCipherDatabase(self.db_path, PASSWORD) self.addCleanup(db.close) doc = db.create_doc_from_json(tests.simple_doc) # Even though create=True, we shouldn't wipe the db db2 = u1db_open(self.db_path, password=PASSWORD, create=True) self.addCleanup(db2.close) doc2 = db2.get_doc(doc.doc_id) self.assertEqual(doc, doc2)
def test_try_to_open_encrypted_db_with_sqlite_backend(self): """ SQLite backend should not succeed to open SQLCipher databases. """ db = SQLCipherDatabase(self.DB_FILE, PASSWORD) doc = db.create_doc_from_json(tests.simple_doc) db.close() try: # trying to open an encrypted database with the regular u1db # backend should raise a DatabaseError exception. SQLitePartialExpandDatabase(self.DB_FILE, document_factory=SoledadDocument) raise DatabaseIsNotEncrypted() except dbapi2.DatabaseError: # at this point we know that the regular U1DB sqlcipher backend # did not succeed on opening the database, so it was indeed # encrypted. db = SQLCipherDatabase(self.DB_FILE, PASSWORD) doc = db.get_doc(doc.doc_id) self.assertEqual(tests.simple_doc, doc.get_json(), 'decrypted content mismatch')
class TestSoledadDbSync(TestWithScenarios, SoledadWithCouchServerMixin, tests.TestCaseWithServer): """Test db.sync remote sync shortcut""" scenarios = [ ('py-token-http', { 'create_db_and_target': make_local_db_and_token_soledad_target, 'make_app_with_state': make_token_soledad_app, 'make_database_for_test': make_sqlcipher_database_for_test, 'token': True }), ] oauth = False token = False def setUp(self): """ Need to explicitely invoke inicialization on all bases. """ SoledadWithCouchServerMixin.setUp(self) self.server = self.server_thread = None self.startTwistedServer() self.syncer = None # config info self.db1_file = os.path.join(self.tempdir, "db1.u1db") os.unlink(self.db1_file) self.db_pass = DBPASS self.email = ADDRESS # get a random prefix for each test, so we do not mess with # concurrency during initialization and shutting down of # each local db. self.rand_prefix = ''.join( map(lambda x: random.choice(string.ascii_letters), range(6))) # open test dbs: db1 will be the local sqlcipher db (which # instantiates a syncdb). We use the self._soledad instance that was # already created on some setUp method. import binascii tohex = binascii.b2a_hex key = tohex(self._soledad.secrets.local_key) dbpath = self._soledad._local_db_path self.opts = SQLCipherOptions(dbpath, key, is_raw_key=True, create=False) self.db1 = SQLCipherDatabase(self.opts) self.db2 = self.request_state._create_database(replica_uid='test') def tearDown(self): """ Need to explicitely invoke destruction on all bases. """ dbsyncer = getattr(self, 'dbsyncer', None) if dbsyncer: dbsyncer.close() self.db1.close() self.db2.close() self._soledad.close() # XXX should not access "private" attrs shutil.rmtree(os.path.dirname(self._soledad._local_db_path)) SoledadWithCouchServerMixin.tearDown(self) def do_sync(self, target_name): """ Perform sync using SoledadSynchronizer, SoledadSyncTarget and Token auth. """ if self.token: creds = { 'token': { 'uuid': 'user-uuid', 'token': 'auth-token', } } target_url = self.getURL(self.db2._dbname) # get a u1db syncer crypto = self._soledad._crypto replica_uid = self.db1._replica_uid dbsyncer = SQLCipherU1DBSync(self.opts, crypto, replica_uid, None) self.dbsyncer = dbsyncer return dbsyncer.sync(target_url, creds=creds) else: return self._do_sync(self, target_name) def _do_sync(self, target_name): if self.oauth: path = '~/' + target_name extra = dict( creds={ 'oauth': { 'consumer_key': tests.consumer1.key, 'consumer_secret': tests.consumer1.secret, 'token_key': tests.token1.key, 'token_secret': tests.token1.secret, } }) else: path = target_name extra = {} target_url = self.getURL(path) return self.db.sync(target_url, **extra) def wait_for_sync(self): """ Wait for sync to finish. """ wait = 0 syncer = self.syncer if syncer is not None: while syncer.syncing: time.sleep(WAIT_STEP) wait += WAIT_STEP if wait >= MAX_WAIT: raise SyncTimeoutError def test_db_sync(self): """ Test sync. Adapted to check for encrypted content. """ doc1 = self.db1.create_doc_from_json(tests.simple_doc) doc2 = self.db2.create_doc_from_json(tests.nested_doc) d = self.do_sync('test') def _assert_successful_sync(results): import time # need to give time to the encryption to proceed # TODO should implement a defer list to subscribe to the # all-decrypted event time.sleep(2) local_gen_before_sync = results self.wait_for_sync() gen, _, changes = self.db1.whats_changed(local_gen_before_sync) self.assertEqual(1, len(changes)) self.assertEqual(doc2.doc_id, changes[0][0]) self.assertEqual(1, gen - local_gen_before_sync) self.assertGetEncryptedDoc(self.db2, doc1.doc_id, doc1.rev, tests.simple_doc, False) self.assertGetEncryptedDoc(self.db1, doc2.doc_id, doc2.rev, tests.nested_doc, False) d.addCallback(_assert_successful_sync) return d
class TestSoledadDbSync( TestWithScenarios, SoledadWithCouchServerMixin, tests.TestCaseWithServer): """Test db.sync remote sync shortcut""" scenarios = [ ('py-token-http', { 'create_db_and_target': make_local_db_and_token_soledad_target, 'make_app_with_state': make_token_soledad_app, 'make_database_for_test': make_sqlcipher_database_for_test, 'token': True }), ] oauth = False token = False def setUp(self): """ Need to explicitely invoke inicialization on all bases. """ SoledadWithCouchServerMixin.setUp(self) self.server = self.server_thread = None self.startTwistedServer() self.syncer = None # config info self.db1_file = os.path.join(self.tempdir, "db1.u1db") os.unlink(self.db1_file) self.db_pass = DBPASS self.email = ADDRESS # get a random prefix for each test, so we do not mess with # concurrency during initialization and shutting down of # each local db. self.rand_prefix = ''.join( map(lambda x: random.choice(string.ascii_letters), range(6))) # open test dbs: db1 will be the local sqlcipher db (which # instantiates a syncdb). We use the self._soledad instance that was # already created on some setUp method. import binascii tohex = binascii.b2a_hex key = tohex(self._soledad.secrets.get_local_storage_key()) sync_db_key = tohex(self._soledad.secrets.get_sync_db_key()) dbpath = self._soledad._local_db_path self.opts = SQLCipherOptions( dbpath, key, is_raw_key=True, create=False, defer_encryption=True, sync_db_key=sync_db_key) self.db1 = SQLCipherDatabase(self.opts) self.db2 = self.request_state._create_database(replica_uid='test') def tearDown(self): """ Need to explicitely invoke destruction on all bases. """ dbsyncer = getattr(self, 'dbsyncer', None) if dbsyncer: dbsyncer.close() self.db1.close() self.db2.close() self._soledad.close() # XXX should not access "private" attrs shutil.rmtree(os.path.dirname(self._soledad._local_db_path)) SoledadWithCouchServerMixin.tearDown(self) def do_sync(self, target_name): """ Perform sync using SoledadSynchronizer, SoledadSyncTarget and Token auth. """ if self.token: creds = {'token': { 'uuid': 'user-uuid', 'token': 'auth-token', }} target_url = self.getURL(self.db2._dbname) # get a u1db syncer crypto = self._soledad._crypto replica_uid = self.db1._replica_uid dbsyncer = SQLCipherU1DBSync( self.opts, crypto, replica_uid, None, defer_encryption=True) self.dbsyncer = dbsyncer return dbsyncer.sync(target_url, creds=creds, defer_decryption=DEFER_DECRYPTION) else: return self._do_sync(self, target_name) def _do_sync(self, target_name): if self.oauth: path = '~/' + target_name extra = dict(creds={'oauth': { 'consumer_key': tests.consumer1.key, 'consumer_secret': tests.consumer1.secret, 'token_key': tests.token1.key, 'token_secret': tests.token1.secret, }}) else: path = target_name extra = {} target_url = self.getURL(path) return self.db.sync(target_url, **extra) def wait_for_sync(self): """ Wait for sync to finish. """ wait = 0 syncer = self.syncer if syncer is not None: while syncer.syncing: time.sleep(WAIT_STEP) wait += WAIT_STEP if wait >= MAX_WAIT: raise SyncTimeoutError def test_db_sync(self): """ Test sync. Adapted to check for encrypted content. """ doc1 = self.db1.create_doc_from_json(tests.simple_doc) doc2 = self.db2.create_doc_from_json(tests.nested_doc) d = self.do_sync('test') def _assert_successful_sync(results): import time # need to give time to the encryption to proceed # TODO should implement a defer list to subscribe to the # all-decrypted event time.sleep(2) local_gen_before_sync = results self.wait_for_sync() gen, _, changes = self.db1.whats_changed(local_gen_before_sync) self.assertEqual(1, len(changes)) self.assertEqual(doc2.doc_id, changes[0][0]) self.assertEqual(1, gen - local_gen_before_sync) self.assertGetEncryptedDoc( self.db2, doc1.doc_id, doc1.rev, tests.simple_doc, False) self.assertGetEncryptedDoc( self.db1, doc2.doc_id, doc2.rev, tests.nested_doc, False) d.addCallback(_assert_successful_sync) return d
class TestSQLCipherPartialExpandDatabase( test_sqlite_backend.TestSQLitePartialExpandDatabase): # The following tests had to be cloned from u1db because they all # instantiate the backend directly, so we need to change that in order to # our backend be instantiated in place. def setUp(self): test_sqlite_backend.TestSQLitePartialExpandDatabase.setUp(self) self.db = SQLCipherDatabase(':memory:', PASSWORD) self.db._set_replica_uid('test') def test_default_replica_uid(self): self.db = SQLCipherDatabase(':memory:', PASSWORD) self.assertIsNot(None, self.db._replica_uid) self.assertEqual(32, len(self.db._replica_uid)) int(self.db._replica_uid, 16) def test__parse_index(self): self.db = SQLCipherDatabase(':memory:', PASSWORD) g = self.db._parse_index_definition('fieldname') self.assertIsInstance(g, query_parser.ExtractField) self.assertEqual(['fieldname'], g.field) def test__update_indexes(self): self.db = SQLCipherDatabase(':memory:', PASSWORD) g = self.db._parse_index_definition('fieldname') c = self.db._get_sqlite_handle().cursor() self.db._update_indexes('doc-id', {'fieldname': 'val'}, [('fieldname', g)], c) c.execute('SELECT doc_id, field_name, value FROM document_fields') self.assertEqual([('doc-id', 'fieldname', 'val')], c.fetchall()) def test__set_replica_uid(self): # Start from scratch, so that replica_uid isn't set. self.db = SQLCipherDatabase(':memory:', PASSWORD) self.assertIsNot(None, self.db._real_replica_uid) self.assertIsNot(None, self.db._replica_uid) self.db._set_replica_uid('foo') c = self.db._get_sqlite_handle().cursor() c.execute("SELECT value FROM u1db_config WHERE name='replica_uid'") self.assertEqual(('foo',), c.fetchone()) self.assertEqual('foo', self.db._real_replica_uid) self.assertEqual('foo', self.db._replica_uid) self.db._close_sqlite_handle() self.assertEqual('foo', self.db._replica_uid) def test__open_database(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/test.sqlite' SQLCipherDatabase(path, PASSWORD) db2 = SQLCipherDatabase._open_database(path, PASSWORD) self.assertIsInstance(db2, SQLCipherDatabase) def test__open_database_with_factory(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/test.sqlite' SQLCipherDatabase(path, PASSWORD) db2 = SQLCipherDatabase._open_database( path, PASSWORD, document_factory=TestAlternativeDocument) doc = db2.create_doc({}) self.assertTrue(isinstance(doc, SoledadDocument)) def test__open_database_non_existent(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/non-existent.sqlite' self.assertRaises(errors.DatabaseDoesNotExist, SQLCipherDatabase._open_database, path, PASSWORD) def test__open_database_during_init(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/initialised.db' db = SQLCipherDatabase.__new__( SQLCipherDatabase) db._db_handle = dbapi2.connect(path) # db is there but not yet init-ed db._syncers = {} c = db._db_handle.cursor() c.execute('PRAGMA key="%s"' % PASSWORD) self.addCleanup(db.close) observed = [] class SQLiteDatabaseTesting(SQLCipherDatabase): WAIT_FOR_PARALLEL_INIT_HALF_INTERVAL = 0.1 @classmethod def _which_index_storage(cls, c): res = SQLCipherDatabase._which_index_storage(c) db._ensure_schema() # init db observed.append(res[0]) return res db2 = SQLiteDatabaseTesting._open_database(path, PASSWORD) self.addCleanup(db2.close) self.assertIsInstance(db2, SQLCipherDatabase) self.assertEqual( [None, SQLCipherDatabase._index_storage_value], observed) def test__open_database_invalid(self): class SQLiteDatabaseTesting(SQLCipherDatabase): WAIT_FOR_PARALLEL_INIT_HALF_INTERVAL = 0.1 temp_dir = self.createTempDir(prefix='u1db-test-') path1 = temp_dir + '/invalid1.db' with open(path1, 'wb') as f: f.write("") self.assertRaises(dbapi2.OperationalError, SQLiteDatabaseTesting._open_database, path1, PASSWORD) with open(path1, 'wb') as f: f.write("invalid") self.assertRaises(dbapi2.DatabaseError, SQLiteDatabaseTesting._open_database, path1, PASSWORD) def test_open_database_existing(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/existing.sqlite' SQLCipherDatabase(path, PASSWORD) db2 = SQLCipherDatabase.open_database(path, PASSWORD, create=False) self.assertIsInstance(db2, SQLCipherDatabase) def test_open_database_with_factory(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/existing.sqlite' SQLCipherDatabase(path, PASSWORD) db2 = SQLCipherDatabase.open_database( path, PASSWORD, create=False, document_factory=TestAlternativeDocument) doc = db2.create_doc({}) self.assertTrue(isinstance(doc, SoledadDocument)) def test_open_database_create(self): temp_dir = self.createTempDir(prefix='u1db-test-') path = temp_dir + '/new.sqlite' SQLCipherDatabase.open_database(path, PASSWORD, create=True) db2 = SQLCipherDatabase.open_database(path, PASSWORD, create=False) self.assertIsInstance(db2, SQLCipherDatabase) def test_create_database_initializes_schema(self): # This test had to be cloned because our implementation of SQLCipher # backend is referenced with an index_storage_value that includes the # word "encrypted". See u1db's sqlite_backend and our # sqlcipher_backend for reference. raw_db = self.db._get_sqlite_handle() c = raw_db.cursor() c.execute("SELECT * FROM u1db_config") config = dict([(r[0], r[1]) for r in c.fetchall()]) self.assertEqual({'sql_schema': '0', 'replica_uid': 'test', 'index_storage': 'expand referenced encrypted'}, config) def test_store_syncable(self): doc = self.db.create_doc_from_json(tests.simple_doc) # assert that docs are syncable by default self.assertEqual(True, doc.syncable) # assert that we can store syncable = False doc.syncable = False self.db.put_doc(doc) self.assertEqual(False, self.db.get_doc(doc.doc_id).syncable) # assert that we can store syncable = True doc.syncable = True self.db.put_doc(doc) self.assertEqual(True, self.db.get_doc(doc.doc_id).syncable)