def for_user(self, ins, flavour, encode):
encode.return_value = "tmp-to-keep-memoize-happy"
create_receipt(ins.pk, flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt["product"]["type"], flavour)
eq_(receipt["verify"], absolutify(reverse("receipt.verify", args=[ins.addon.app_slug])))
return receipt
def for_user(self, ins, flavour, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(ins.pk, flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt['product']['type'], flavour)
eq_(receipt['verify'],
absolutify(reverse('receipt.verify', args=[ins.addon.guid])))
return receipt
def for_user(self, ins, flavour, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(ins, flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt['typ'], flavour + '-receipt')
eq_(receipt['verify'],
absolutify(reverse('receipt.verify', args=[ins.addon.guid])))
return receipt
def for_user(self, ins, flavour, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(ins.pk, flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt['product']['type'], flavour)
eq_(receipt['verify'],
absolutify(reverse('receipt.verify', args=[self.webapp.app_slug])))
return receipt
def for_user(self, app, user, flavour, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(app, user, 'some-uuid', flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt['typ'], flavour + '-receipt')
eq_(receipt['verify'],
absolutify(reverse('receipt.verify', args=[app.guid])))
return receipt
def for_user(self, ins, flavour, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(ins.pk, flavour=flavour)
receipt = encode.call_args[0][0]
eq_(receipt['product']['type'], flavour)
eq_(receipt['verify'],
absolutify(reverse('receipt.verify', args=[self.webapp.app_slug])))
assert receipt['exp'] > (calendar.timegm(time.gmtime()) +
(60 * 60 * 24) - TEST_LEEWAY)
def test_receipt_data(self, encode):
encode.return_value = "tmp-to-keep-memoize-happy"
ins = self.create_install(self.user, self.webapp)
create_receipt(ins.pk)
receipt = encode.call_args[0][0]
eq_(receipt["product"]["url"], self.webapp.manifest_url[:-1])
eq_(receipt["product"]["storedata"], "id=%s" % int(ins.addon.pk))
assert receipt["exp"] > (calendar.timegm(time.gmtime()) + settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS - TEST_LEEWAY)
eq_(receipt["reissue"], self.webapp.get_purchase_url("reissue"))
def test_receipt_data(self, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(self.app, self.user, 'some-uuid')
receipt = encode.call_args[0][0]
eq_(receipt['product']['url'], self.app.manifest_url[:-1])
eq_(receipt['product']['storedata'], 'id=%s' % int(self.app.pk))
assert receipt['exp'] > (calendar.timegm(time.gmtime()) +
settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS -
TEST_LEEWAY)
eq_(receipt['reissue'], absolutify(reverse('receipt.reissue')))
def test_receipt_data(self, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
create_receipt(self.app, self.user, 'some-uuid')
receipt = encode.call_args[0][0]
eq_(receipt['product']['url'], self.app.manifest_url[:-1])
eq_(receipt['product']['storedata'], 'id=%s' % int(self.app.pk))
assert receipt['exp'] > (calendar.timegm(time.gmtime()) +
settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS -
TEST_LEEWAY)
eq_(receipt['reissue'], absolutify(reverse('receipt.reissue')))
def test_receipt_data(self, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
ins = self.create_install(self.user, self.webapp)
create_receipt(ins.pk)
receipt = encode.call_args[0][0]
eq_(receipt['product']['url'], self.webapp.manifest_url[:-1])
eq_(receipt['product']['storedata'], 'id=%s' % int(ins.addon.pk))
assert receipt['exp'] > (calendar.timegm(time.gmtime()) +
settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS -
TEST_LEEWAY)
eq_(receipt['reissue'], self.webapp.get_purchase_url('reissue'))
def test_receipt_data(self, encode):
encode.return_value = 'tmp-to-keep-memoize-happy'
ins = self.create_install(self.user, self.webapp)
create_receipt(ins.pk)
receipt = encode.call_args[0][0]
eq_(receipt['product']['url'], self.webapp.manifest_url[:-1])
eq_(receipt['product']['storedata'], 'id=%s' % int(ins.addon.pk))
assert receipt['exp'] > (calendar.timegm(time.gmtime()) +
settings.WEBAPPS_RECEIPT_EXPIRY_SECONDS -
TEST_LEEWAY)
eq_(receipt['reissue'], self.webapp.get_purchase_url('reissue'))
def test_crack_receipt(self):
# Check that we can decode our receipt and get a dictionary back.
self.app.update(manifest_url="http://a.com")
purchase = self.make_purchase()
receipt = create_receipt(purchase.webapp, purchase.user, purchase.uuid)
result = verify.decode_receipt(receipt)
eq_(result["typ"], u"purchase-receipt")
def issue(request, addon):
user = request.user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
install, flavour = ((apps.INSTALL_TYPE_REVIEWER, 'reviewer') if review else
(apps.INSTALL_TYPE_DEVELOPER, 'developer'))
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.user,
install_type=install)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
receipt = None
try:
receipt = create_receipt(addon,
user,
get_uuid(addon, user),
flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def test_crack_receipt(self):
# Check that we can decode our receipt and get a dictionary back.
self.addon.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
purchase = self.make_purchase()
receipt = create_receipt(purchase.addon, purchase.user, purchase.uuid)
result = verify.decode_receipt(receipt)
eq_(result['typ'], u'purchase-receipt')
def test_crack_receipt_new_called(self, trunion_verify, settings):
# Check that we can decode our receipt and get a dictionary back.
self.app.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
verify.decode_receipt(
'jwt_public_key~' + create_receipt(
self.app, self.user, str(uuid.uuid4())))
assert trunion_verify.called
def test_crack_receipt_new_called(self, trunion_verify, settings):
# Check that we can decode our receipt and get a dictionary back.
self.app.update(manifest_url='http://a.com')
verify.decode_receipt(
'jwt_public_key~' +
create_receipt(self.app, self.user, str(uuid.uuid4())))
assert trunion_verify.called
def test_crack_receipt(self):
# Check that we can decode our receipt and get a dictionary back.
self.addon.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
purchase = self.make_purchase()
receipt = create_receipt(purchase.addon, purchase.user, purchase.uuid)
result = verify.decode_receipt(receipt)
eq_(result['typ'], u'purchase-receipt')
def _record(request, addon):
logged = request.user.is_authenticated()
premium = addon.is_premium()
# Require login for premium.
if not logged and premium:
return http.HttpResponseRedirect(reverse('users.login'))
ctx = {'addon': addon.pk}
# Don't generate receipts if we're allowing logged-out install.
if logged:
is_dev = request.check_ownership(addon,
require_owner=False,
ignore_disabled=True,
admin=False)
is_reviewer = acl.check_reviewer(request)
if (not addon.is_public() and not (is_reviewer or is_dev)):
raise http.Http404
if (premium and not addon.has_purchased(request.user)
and not is_reviewer and not is_dev):
raise PermissionDenied
# If you are reviewer, you get a user receipt. Use the reviewer tools
# to get a reviewer receipt. App developers still get their special
# receipt.
install = (apps.INSTALL_TYPE_DEVELOPER
if is_dev else apps.INSTALL_TYPE_USER)
# Log the install.
installed, c = Installed.objects.get_or_create(addon=addon,
user=request.user,
install_type=install)
# Get a suitable uuid for this receipt.
uuid = get_uuid(addon, request.user)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt requested')
try:
receipt = create_receipt(addon, request.user, uuid)
except SigningError:
error = _('There was a problem installing the app.')
ctx.update(receipt=receipt, error=error)
else:
if not addon.is_public():
raise http.Http404
amo.log(amo.LOG.INSTALL_ADDON, addon)
record_action(
'install', request, {
'app-domain': addon.domain_from_url(addon.origin, allow_none=True),
'app-id': addon.pk,
'anonymous': request.user.is_anonymous(),
})
return ctx
def test_expired(self):
receipt = create_receipt(self.addon, self.user, 'some-uuid')
self.verify.return_value = {'status': 'expired'}
res = self.client.post(self.url, data=receipt,
content_type='text/plain')
eq_(res.status_code, 200)
data = json.loads(res.content)
ok_(data['receipt'])
eq_(data['status'], 'expired')
def _record(request, addon):
logged = request.user.is_authenticated()
premium = addon.is_premium()
# Require login for premium.
if not logged and premium:
return http.HttpResponseRedirect(reverse('users.login'))
ctx = {'addon': addon.pk}
# Don't generate receipts if we're allowing logged-out install.
if logged:
is_dev = request.check_ownership(addon, require_owner=False,
ignore_disabled=True, admin=False)
is_reviewer = acl.check_reviewer(request)
if (not addon.is_webapp() or not addon.is_public() and
not (is_reviewer or is_dev)):
raise http.Http404
if (premium and
not addon.has_purchased(request.amo_user) and
not is_reviewer and not is_dev):
raise PermissionDenied
# If you are reviewer, you get a user receipt. Use the reviewer tools
# to get a reviewer receipt. App developers still get their special
# receipt.
install_type = (apps.INSTALL_TYPE_DEVELOPER if is_dev
else apps.INSTALL_TYPE_USER)
# Log the install.
installed, c = Installed.objects.get_or_create(addon=addon,
user=request.amo_user, install_type=install_type)
# Get a suitable uuid for this receipt.
uuid = get_uuid(addon, request.amo_user)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt requested')
try:
receipt = create_receipt(addon, request.amo_user, uuid)
except SigningError:
error = _('There was a problem installing the app.')
ctx.update(receipt=receipt, error=error)
else:
if not addon.is_public() or not addon.is_webapp():
raise http.Http404
amo.log(amo.LOG.INSTALL_ADDON, addon)
record_action('install', request, {
'app-domain': addon.domain_from_url(addon.origin, allow_none=True),
'app-id': addon.pk,
'anonymous': request.user.is_anonymous(),
})
return ctx
def install_record(obj, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.get_or_create(addon=obj, user=request.user, install_type=install_type)
log.info("Installed record %s: %s" % ("created" if created else "re-used", obj.pk))
log.info("Creating receipt: %s" % obj.pk)
receipt_cef.log(request._request, obj, "sign", "Receipt signing")
uuid = get_uuid(installed.addon, installed.user)
return create_receipt(installed.addon, installed.user, uuid)
def test_expired(self):
receipt = create_receipt(self.addon, self.user, 'some-uuid')
self.verify.return_value = {'status': 'expired'}
res = self.client.post(self.url,
data=receipt,
content_type='text/plain')
eq_(res.status_code, 200)
data = json.loads(res.content)
ok_(data['receipt'])
eq_(data['status'], 'expired')
def install_record(obj, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.get_or_create(
addon=obj, user=request.user.get_profile(), install_type=install_type)
log.info('Installed record %s: %s' %
('created' if created else 're-used', obj.pk))
log.info('Creating receipt: %s' % obj.pk)
receipt_cef.log(request._request, obj, 'sign', 'Receipt signing')
return create_receipt(installed)
def record(self, bundle, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.get_or_create(
addon=bundle.obj, user=request.user.get_profile(), install_type=install_type
)
log.info("Installed record %s: %s" % ("created" if created else "re-used", bundle.obj.pk))
log.info("Creating receipt: %s" % bundle.obj.pk)
receipt_cef.log(request, bundle.obj, "sign", "Receipt signing")
return create_receipt(installed)
def record(self, bundle, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.get_or_create(
addon=bundle.obj, user=request.user.get_profile(),
install_type=install_type)
log.info('Installed record %s: %s' % (
'created' if created else 're-used',
bundle.obj.pk))
log.info('Creating receipt: %s' % bundle.obj.pk)
receipt_cef.log(request, bundle.obj, 'sign', 'Receipt signing')
return create_receipt(installed)
def record(self, bundle, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.safer_get_or_create(
addon=bundle.obj, user=request.user.get_profile(),
install_type=install_type)
# Generate or re-use a recent receipt.
receipt_cef.log(request, bundle.obj, 'request', 'Receipt requested')
receipt = memoize_get('create-receipt', installed.pk)
if receipt:
return receipt
receipt_cef.log(request, bundle.obj, 'sign', 'Receipt signing')
return create_receipt(installed.pk)
def install_record(obj, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.get_or_create(
addon=obj, user=request.user,
install_type=install_type)
log.info('Installed record %s: %s' % (
'created' if created else 're-used',
obj.pk))
log.info('Creating receipt: %s' % obj.pk)
receipt_cef.log(request._request, obj, 'sign', 'Receipt signing')
uuid = get_uuid(installed.addon, installed.user)
return create_receipt(installed.addon, installed.user, uuid)
def record(self, bundle, request, install_type):
# Generate or re-use an existing install record.
installed, created = Installed.objects.safer_get_or_create(
addon=bundle.obj,
user=request.user.get_profile(),
install_type=install_type)
# Generate or re-use a recent receipt.
receipt_cef.log(request, bundle.obj, 'request', 'Receipt requested')
receipt = memoize_get('create-receipt', installed.pk)
if receipt:
return receipt
receipt_cef.log(request, bundle.obj, 'sign', 'Receipt signing')
return create_receipt(installed.pk)
def issue(request, addon):
user = request.user
review = acl.action_allowed_user(user, "Apps", "Review") if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
install, flavour = (
(apps.INSTALL_TYPE_REVIEWER, "reviewer") if review else (apps.INSTALL_TYPE_DEVELOPER, "developer")
)
installed, c = Installed.objects.safer_get_or_create(addon=addon, user=request.user, install_type=install)
error = ""
receipt_cef.log(request, addon, "sign", "Receipt signing for %s" % flavour)
receipt = None
try:
receipt = create_receipt(addon, user, get_uuid(addon, user), flavour=flavour)
except SigningError:
error = _("There was a problem installing the app.")
return {"addon": addon.pk, "receipt": receipt, "error": error}
def issue(request, addon):
user = request.amo_user
review = acl.action_allowed_user(user, 'Apps', 'Review') if user else None
developer = addon.has_author(user)
if not (review or developer):
raise PermissionDenied
install, flavour = ((apps.INSTALL_TYPE_REVIEWER, 'reviewer') if review
else (apps.INSTALL_TYPE_DEVELOPER, 'developer'))
installed, c = Installed.objects.safer_get_or_create(addon=addon,
user=request.amo_user, install_type=install)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt signing for %s' % flavour)
receipt = None
try:
receipt = create_receipt(addon, user, get_uuid(addon, user),
flavour=flavour)
except SigningError:
error = _('There was a problem installing the app.')
return {'addon': addon.pk, 'receipt': receipt, 'error': error}
def test_receipt(self):
assert (create_receipt(
self.app, self.user,
'some-uuid').startswith('eyJhbGciOiAiUlM1MTIiLCA'))
def test_addon_premium(self):
for type_ in amo.ADDON_PREMIUMS:
self.app.update(premium_type=type_)
assert create_receipt(self.app, self.user, 'some-uuid')
def test_receipt_different(self):
assert (create_receipt(self.app, self.user, 'some-uuid')
!= create_receipt(self.app, self.other_user, 'other-uuid'))
def _record(request, addon):
logged = request.user.is_authenticated()
premium = addon.is_premium()
# Require login for premium.
if not logged and premium:
return http.HttpResponseRedirect(reverse('users.login'))
ctx = {'addon': addon.pk}
# Don't generate receipts if we're allowing logged-out install.
if logged:
is_dev = request.check_ownership(addon,
require_owner=False,
ignore_disabled=True,
admin=False)
is_reviewer = acl.check_reviewer(request)
if (not addon.is_webapp()
or not addon.is_public() and not (is_reviewer or is_dev)):
raise http.Http404
if (premium and not addon.has_purchased(request.amo_user)
and not is_reviewer and not is_dev):
raise PermissionDenied
# If you are reviewer, you get a user receipt. Use the reviewer tools
# to get a reviewer receipt. App developers still get their special
# receipt.
install_type = (apps.INSTALL_TYPE_DEVELOPER
if is_dev else apps.INSTALL_TYPE_USER)
# Log the install.
installed, c = Installed.objects.get_or_create(
addon=addon, user=request.amo_user, install_type=install_type)
# Get download source from GET if it exists, if so get the download
# source object if it exists. Then grab a client data object to hook up
# with the Installed object.
download_source = DownloadSource.objects.filter(
name=request.REQUEST.get('src', None))
download_source = download_source[0] if download_source else None
try:
region = request.REGION.id
except AttributeError:
region = mkt.regions.RESTOFWORLD.id
client_data, c = ClientData.objects.get_or_create(
download_source=download_source,
device_type=request.POST.get('device_type', ''),
user_agent=request.META.get('HTTP_USER_AGENT', ''),
is_chromeless=request.POST.get('chromeless', False),
language=request.LANG,
region=region)
installed.update(client_data=client_data)
# Get a suitable uuid for this receipt.
uuid = get_uuid(addon, request.amo_user)
error = ''
receipt_cef.log(request, addon, 'sign', 'Receipt requested')
try:
receipt = create_receipt(addon, request.amo_user, uuid)
except SigningError:
error = _('There was a problem installing the app.')
ctx.update(receipt=receipt, error=error)
else:
if not addon.is_public() or not addon.is_webapp():
raise http.Http404
amo.log(amo.LOG.INSTALL_ADDON, addon)
record_action(
'install', request, {
'app-domain': addon.domain_from_url(addon.origin, allow_none=True),
'app-id': addon.pk,
'anonymous': request.user.is_anonymous(),
})
return ctx
def test_expired_cert(self, mthd):
mthd.side_effect = ExpiredSignatureError
assert 'typ' in verify.decode_receipt(
'jwt_public_key~' +
create_receipt(self.app, self.user, str(uuid.uuid4())))
def test_receipt_not_reviewer(self):
with self.assertRaises(ValueError):
create_receipt(self.app,
self.user,
'some-uuid',
flavour='reviewer')
def test_crack_borked_receipt(self):
self.addon.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
purchase = self.make_purchase()
receipt = create_receipt(purchase.addon, purchase.user, purchase.uuid)
self.assertRaises(M2Crypto.RSA.RSAError, verify.decode_receipt,
receipt + 'x')
def test_receipt(self):
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins.pk).startswith('eyJhbGciOiAiUlM1MTIiLCA')
def test_addon_free(self):
for type_ in amo.ADDON_FREES:
self.webapp.update(premium_type=amo.ADDON_FREE)
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins)
def test_addon_premium(self):
for type_ in amo.ADDON_PREMIUMS:
self.webapp.update(premium_type=type_)
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins)
def test_receipt_not_reviewer(self):
with self.assertRaises(ValueError):
create_receipt(self.app, self.user, 'some-uuid',
flavour='reviewer')
def test_receipt_other(self):
with self.assertRaises(AssertionError):
create_receipt(self.app, self.user, 'some-uuid', flavour='wat')
def test_addon_premium(self):
for type_ in mkt.ADDON_PREMIUMS:
self.app.update(premium_type=type_)
assert create_receipt(self.app, self.user, 'some-uuid')
def test_receipt_different(self):
assert (create_receipt(self.app, self.user, 'some-uuid') !=
create_receipt(self.app, self.other_user, 'other-uuid'))
def test_receipt(self):
receipt = create_receipt(self.app, self.user, 'some-uuid')
header = json.loads(jwt.base64url_decode(receipt.split('.')[0]))
eq_(header['alg'], 'RS512')
def test_crack_borked_receipt(self):
self.addon.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
receipt = create_receipt(self.make_install().pk)
self.assertRaises(M2Crypto.RSA.RSAError, verify.decode_receipt,
receipt + 'x')
def test_receipt_other(self):
with self.assertRaises(AssertionError):
create_receipt(self.app, self.user, 'some-uuid', flavour='wat')
def test_crack_borked_receipt(self):
self.addon.update(type=amo.ADDON_WEBAPP, manifest_url='http://a.com')
purchase = self.make_purchase()
receipt = create_receipt(purchase.addon, purchase.user, purchase.uuid)
self.assertRaises(M2Crypto.RSA.RSAError, verify.decode_receipt,
receipt + 'x')
def test_addon_premium(self):
for type_ in amo.ADDON_PREMIUMS:
self.webapp.update(premium_type=type_)
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins.pk)
def test_receipt_signer(self, sign):
sign.return_value = 'something-cunning'
ins = self.create_install(self.user, self.webapp)
eq_(create_receipt(ins.pk), 'something-cunning')
def test_receipt_signer(self, sign):
sign.return_value = 'something-cunning'
ins = self.create_install(self.user, self.webapp)
eq_(create_receipt(ins), 'something-cunning')
def test_receipt_different(self):
ins = self.create_install(self.user, self.webapp)
ins_other = self.create_install(self.other_user, self.webapp)
assert create_receipt(ins.pk) != create_receipt(ins_other.pk)
def test_receipt(self):
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins).startswith('eyJhbGciOiAiUlM1MTIiLCA')
def test_addon_free(self):
for type_ in amo.ADDON_FREES:
self.webapp.update(premium_type=amo.ADDON_FREE)
ins = self.create_install(self.user, self.webapp)
assert create_receipt(ins.pk)
def test_receipt_different(self):
ins = self.create_install(self.user, self.webapp)
ins_other = self.create_install(self.other_user, self.webapp)
assert create_receipt(ins) != create_receipt(ins_other)
