summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorDuda Dornelles <ddornell@thoughtworks.com>2015-02-13 11:56:58 -0200
committerDuda Dornelles <ddornell@thoughtworks.com>2015-02-13 12:47:12 -0200
commit9af1553353e8fb837e5c4323531dda8e69dc8915 (patch)
tree6e096392337506f47c84e92e20ee80a2606c38e8 /service
parentc52ce25ac49cdfdc1791bcb65c5262aec63dadbd (diff)
Making sure that no private key can be retrieved by the KeysResource
Diffstat (limited to 'service')
-rw-r--r--service/pixelated/resources/keys_resource.py7
-rw-r--r--service/test/support/integration/app_test_client.py4
-rw-r--r--service/test/unit/resources/__init__.py23
-rw-r--r--service/test/unit/resources/test_keys_resources.py59
4 files changed, 91 insertions, 2 deletions
diff --git a/service/pixelated/resources/keys_resource.py b/service/pixelated/resources/keys_resource.py
index f8affb73..8afb2bf6 100644
--- a/service/pixelated/resources/keys_resource.py
+++ b/service/pixelated/resources/keys_resource.py
@@ -8,13 +8,18 @@ from twisted.web.resource import Resource
class KeysResource(Resource):
+ isLeaf = True
+
def __init__(self, keymanager):
Resource.__init__(self)
self._keymanager = keymanager
def render_GET(self, request):
def finish_request(key):
- respond_json_deferred(key.get_json(), request)
+ if key.private:
+ respond_json_deferred(None, request, status_code=401)
+ else:
+ respond_json_deferred(key.get_json(), request)
def key_not_found(_):
respond_json_deferred(None, request, status_code=404)
diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py
index 62c3bd65..474e5fd3 100644
--- a/service/test/support/integration/app_test_client.py
+++ b/service/test/support/integration/app_test_client.py
@@ -15,6 +15,7 @@
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
import json
import multiprocessing
+from mockito import mock
import os
import shutil
import time
@@ -57,6 +58,7 @@ class AppTestClient:
self.soledad = initialize_soledad(tempdir=soledad_test_folder)
self.soledad_querier = self._create_soledad_querier(self.soledad, self.INDEX_KEY)
+ self.keymanager = mock()
self.search_engine = SearchEngine(self.soledad_querier, agent_home=soledad_test_folder)
self.mail_sender = self._create_mail_sender()
@@ -70,7 +72,7 @@ class AppTestClient:
self.app = App()
self.app.resource = RootResource()
- self.app.resource.initialize(self.soledad_querier, self.search_engine, self.mail_service, self.draft_service)
+ self.app.resource.initialize(self.soledad_querier, self.keymanager, self.search_engine, self.mail_service, self.draft_service)
def _render(self, request, as_json=True):
def get_str(_str):
diff --git a/service/test/unit/resources/__init__.py b/service/test/unit/resources/__init__.py
index e69de29b..b8214a8c 100644
--- a/service/test/unit/resources/__init__.py
+++ b/service/test/unit/resources/__init__.py
@@ -0,0 +1,23 @@
+from twisted.internet.defer import succeed
+from twisted.web import server
+from twisted.web.server import Site
+
+
+def resolve_result(request, result):
+ if isinstance(result, str):
+ request.write(result)
+ request.finish()
+ return succeed(request)
+ elif result is server.NOT_DONE_YET:
+ if request.finished:
+ return succeed(request)
+ else:
+ return request.notifyFinish().addCallback(lambda _: request)
+ else:
+ raise ValueError("Unexpected return value: %r" % (result,))
+
+
+class DummySite(Site):
+ def get(self, request):
+ return resolve_result(request, self.getResourceFor(request).render(request))
+
diff --git a/service/test/unit/resources/test_keys_resources.py b/service/test/unit/resources/test_keys_resources.py
new file mode 100644
index 00000000..7113889e
--- /dev/null
+++ b/service/test/unit/resources/test_keys_resources.py
@@ -0,0 +1,59 @@
+import json
+from mockito import mock, when
+from leap.keymanager import OpenPGPKey, KeyNotFound
+from pixelated.resources.keys_resource import KeysResource
+import twisted.trial.unittest as unittest
+from twisted.web.test.requesthelper import DummyRequest
+from test.unit.resources import DummySite
+
+
+class TestKeysResource(unittest.TestCase):
+
+ def setUp(self):
+ self.keymanager = mock()
+ self.web = DummySite(KeysResource(self.keymanager))
+
+ def test_returns_404_if_key_not_found(self):
+ request = DummyRequest(['/keys'])
+ request.addArg('search', 'some@inexistent.key')
+ when(self.keymanager).get_key_from_cache('some@inexistent.key', OpenPGPKey).thenRaise(KeyNotFound())
+
+ d = self.web.get(request)
+
+ def assert_404(_):
+ self.assertEquals(404, request.code)
+
+ d.addCallback(assert_404)
+ return d
+
+ def test_returns_the_key_as_json_if_found(self):
+ request = DummyRequest(['/keys'])
+ request.addArg('search', 'some@key')
+ when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key'))
+
+ d = self.web.get(request)
+
+ def assert_response(_):
+ self.assertEquals('"{\\"tags\\": [\\"keymanager-key\\"], \\"fingerprint\\": null, '
+ '\\"private\\": null, \\"expiry_date\\": null, \\"address\\": '
+ '\\"some@key\\", \\"last_audited_at\\": null, \\"key_data\\": null, '
+ '\\"length\\": null, \\"key_id\\": null, \\"validation\\": null, '
+ '\\"type\\": \\"<class \'leap.keymanager.openpgp.OpenPGPKey\'>\\", '
+ '\\"first_seen_at\\": null}"', request.written[0])
+
+ d.addCallback(assert_response)
+ return d
+
+ def test_returns_unauthorized_if_key_is_private(self):
+ request = DummyRequest(['/keys'])
+ request.addArg('search', 'some@key')
+ when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key', private=True))
+
+ d = self.web.get(request)
+
+ def assert_response(_):
+ self.assertEquals(401, request.code)
+
+ d.addCallback(assert_response)
+ return d
+