diff options
| author | Duda Dornelles <ddornell@thoughtworks.com> | 2015-02-13 11:56:58 -0200 |
|---|---|---|
| committer | Duda Dornelles <ddornell@thoughtworks.com> | 2015-02-13 12:47:12 -0200 |
| commit | 9af1553353e8fb837e5c4323531dda8e69dc8915 (patch) | |
| tree | 6e096392337506f47c84e92e20ee80a2606c38e8 /service | |
| parent | c52ce25ac49cdfdc1791bcb65c5262aec63dadbd (diff) | |
Making sure that no private key can be retrieved by the KeysResource
Diffstat (limited to 'service')
| -rw-r--r-- | service/pixelated/resources/keys_resource.py | 7 | ||||
| -rw-r--r-- | service/test/support/integration/app_test_client.py | 4 | ||||
| -rw-r--r-- | service/test/unit/resources/__init__.py | 23 | ||||
| -rw-r--r-- | service/test/unit/resources/test_keys_resources.py | 59 |
4 files changed, 91 insertions, 2 deletions
diff --git a/service/pixelated/resources/keys_resource.py b/service/pixelated/resources/keys_resource.py index f8affb73..8afb2bf6 100644 --- a/service/pixelated/resources/keys_resource.py +++ b/service/pixelated/resources/keys_resource.py @@ -8,13 +8,18 @@ from twisted.web.resource import Resource class KeysResource(Resource): + isLeaf = True + def __init__(self, keymanager): Resource.__init__(self) self._keymanager = keymanager def render_GET(self, request): def finish_request(key): - respond_json_deferred(key.get_json(), request) + if key.private: + respond_json_deferred(None, request, status_code=401) + else: + respond_json_deferred(key.get_json(), request) def key_not_found(_): respond_json_deferred(None, request, status_code=404) diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index 62c3bd65..474e5fd3 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -15,6 +15,7 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import json import multiprocessing +from mockito import mock import os import shutil import time @@ -57,6 +58,7 @@ class AppTestClient: self.soledad = initialize_soledad(tempdir=soledad_test_folder) self.soledad_querier = self._create_soledad_querier(self.soledad, self.INDEX_KEY) + self.keymanager = mock() self.search_engine = SearchEngine(self.soledad_querier, agent_home=soledad_test_folder) self.mail_sender = self._create_mail_sender() @@ -70,7 +72,7 @@ class AppTestClient: self.app = App() self.app.resource = RootResource() - self.app.resource.initialize(self.soledad_querier, self.search_engine, self.mail_service, self.draft_service) + self.app.resource.initialize(self.soledad_querier, self.keymanager, self.search_engine, self.mail_service, self.draft_service) def _render(self, request, as_json=True): def get_str(_str): diff --git a/service/test/unit/resources/__init__.py b/service/test/unit/resources/__init__.py index e69de29b..b8214a8c 100644 --- a/service/test/unit/resources/__init__.py +++ b/service/test/unit/resources/__init__.py @@ -0,0 +1,23 @@ +from twisted.internet.defer import succeed +from twisted.web import server +from twisted.web.server import Site + + +def resolve_result(request, result): + if isinstance(result, str): + request.write(result) + request.finish() + return succeed(request) + elif result is server.NOT_DONE_YET: + if request.finished: + return succeed(request) + else: + return request.notifyFinish().addCallback(lambda _: request) + else: + raise ValueError("Unexpected return value: %r" % (result,)) + + +class DummySite(Site): + def get(self, request): + return resolve_result(request, self.getResourceFor(request).render(request)) + diff --git a/service/test/unit/resources/test_keys_resources.py b/service/test/unit/resources/test_keys_resources.py new file mode 100644 index 00000000..7113889e --- /dev/null +++ b/service/test/unit/resources/test_keys_resources.py @@ -0,0 +1,59 @@ +import json +from mockito import mock, when +from leap.keymanager import OpenPGPKey, KeyNotFound +from pixelated.resources.keys_resource import KeysResource +import twisted.trial.unittest as unittest +from twisted.web.test.requesthelper import DummyRequest +from test.unit.resources import DummySite + + +class TestKeysResource(unittest.TestCase): + + def setUp(self): + self.keymanager = mock() + self.web = DummySite(KeysResource(self.keymanager)) + + def test_returns_404_if_key_not_found(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@inexistent.key') + when(self.keymanager).get_key_from_cache('some@inexistent.key', OpenPGPKey).thenRaise(KeyNotFound()) + + d = self.web.get(request) + + def assert_404(_): + self.assertEquals(404, request.code) + + d.addCallback(assert_404) + return d + + def test_returns_the_key_as_json_if_found(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@key') + when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key')) + + d = self.web.get(request) + + def assert_response(_): + self.assertEquals('"{\\"tags\\": [\\"keymanager-key\\"], \\"fingerprint\\": null, ' + '\\"private\\": null, \\"expiry_date\\": null, \\"address\\": ' + '\\"some@key\\", \\"last_audited_at\\": null, \\"key_data\\": null, ' + '\\"length\\": null, \\"key_id\\": null, \\"validation\\": null, ' + '\\"type\\": \\"<class \'leap.keymanager.openpgp.OpenPGPKey\'>\\", ' + '\\"first_seen_at\\": null}"', request.written[0]) + + d.addCallback(assert_response) + return d + + def test_returns_unauthorized_if_key_is_private(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@key') + when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key', private=True)) + + d = self.web.get(request) + + def assert_response(_): + self.assertEquals(401, request.code) + + d.addCallback(assert_response) + return d + |