From 9af1553353e8fb837e5c4323531dda8e69dc8915 Mon Sep 17 00:00:00 2001 From: Duda Dornelles Date: Fri, 13 Feb 2015 11:56:58 -0200 Subject: Making sure that no private key can be retrieved by the KeysResource --- service/pixelated/resources/keys_resource.py | 7 ++- .../test/support/integration/app_test_client.py | 4 +- service/test/unit/resources/__init__.py | 23 +++++++++ service/test/unit/resources/test_keys_resources.py | 59 ++++++++++++++++++++++ 4 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 service/test/unit/resources/test_keys_resources.py diff --git a/service/pixelated/resources/keys_resource.py b/service/pixelated/resources/keys_resource.py index f8affb73..8afb2bf6 100644 --- a/service/pixelated/resources/keys_resource.py +++ b/service/pixelated/resources/keys_resource.py @@ -8,13 +8,18 @@ from twisted.web.resource import Resource class KeysResource(Resource): + isLeaf = True + def __init__(self, keymanager): Resource.__init__(self) self._keymanager = keymanager def render_GET(self, request): def finish_request(key): - respond_json_deferred(key.get_json(), request) + if key.private: + respond_json_deferred(None, request, status_code=401) + else: + respond_json_deferred(key.get_json(), request) def key_not_found(_): respond_json_deferred(None, request, status_code=404) diff --git a/service/test/support/integration/app_test_client.py b/service/test/support/integration/app_test_client.py index 62c3bd65..474e5fd3 100644 --- a/service/test/support/integration/app_test_client.py +++ b/service/test/support/integration/app_test_client.py @@ -15,6 +15,7 @@ # along with Pixelated. If not, see . import json import multiprocessing +from mockito import mock import os import shutil import time @@ -57,6 +58,7 @@ class AppTestClient: self.soledad = initialize_soledad(tempdir=soledad_test_folder) self.soledad_querier = self._create_soledad_querier(self.soledad, self.INDEX_KEY) + self.keymanager = mock() self.search_engine = SearchEngine(self.soledad_querier, agent_home=soledad_test_folder) self.mail_sender = self._create_mail_sender() @@ -70,7 +72,7 @@ class AppTestClient: self.app = App() self.app.resource = RootResource() - self.app.resource.initialize(self.soledad_querier, self.search_engine, self.mail_service, self.draft_service) + self.app.resource.initialize(self.soledad_querier, self.keymanager, self.search_engine, self.mail_service, self.draft_service) def _render(self, request, as_json=True): def get_str(_str): diff --git a/service/test/unit/resources/__init__.py b/service/test/unit/resources/__init__.py index e69de29b..b8214a8c 100644 --- a/service/test/unit/resources/__init__.py +++ b/service/test/unit/resources/__init__.py @@ -0,0 +1,23 @@ +from twisted.internet.defer import succeed +from twisted.web import server +from twisted.web.server import Site + + +def resolve_result(request, result): + if isinstance(result, str): + request.write(result) + request.finish() + return succeed(request) + elif result is server.NOT_DONE_YET: + if request.finished: + return succeed(request) + else: + return request.notifyFinish().addCallback(lambda _: request) + else: + raise ValueError("Unexpected return value: %r" % (result,)) + + +class DummySite(Site): + def get(self, request): + return resolve_result(request, self.getResourceFor(request).render(request)) + diff --git a/service/test/unit/resources/test_keys_resources.py b/service/test/unit/resources/test_keys_resources.py new file mode 100644 index 00000000..7113889e --- /dev/null +++ b/service/test/unit/resources/test_keys_resources.py @@ -0,0 +1,59 @@ +import json +from mockito import mock, when +from leap.keymanager import OpenPGPKey, KeyNotFound +from pixelated.resources.keys_resource import KeysResource +import twisted.trial.unittest as unittest +from twisted.web.test.requesthelper import DummyRequest +from test.unit.resources import DummySite + + +class TestKeysResource(unittest.TestCase): + + def setUp(self): + self.keymanager = mock() + self.web = DummySite(KeysResource(self.keymanager)) + + def test_returns_404_if_key_not_found(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@inexistent.key') + when(self.keymanager).get_key_from_cache('some@inexistent.key', OpenPGPKey).thenRaise(KeyNotFound()) + + d = self.web.get(request) + + def assert_404(_): + self.assertEquals(404, request.code) + + d.addCallback(assert_404) + return d + + def test_returns_the_key_as_json_if_found(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@key') + when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key')) + + d = self.web.get(request) + + def assert_response(_): + self.assertEquals('"{\\"tags\\": [\\"keymanager-key\\"], \\"fingerprint\\": null, ' + '\\"private\\": null, \\"expiry_date\\": null, \\"address\\": ' + '\\"some@key\\", \\"last_audited_at\\": null, \\"key_data\\": null, ' + '\\"length\\": null, \\"key_id\\": null, \\"validation\\": null, ' + '\\"type\\": \\"\\", ' + '\\"first_seen_at\\": null}"', request.written[0]) + + d.addCallback(assert_response) + return d + + def test_returns_unauthorized_if_key_is_private(self): + request = DummyRequest(['/keys']) + request.addArg('search', 'some@key') + when(self.keymanager).get_key_from_cache('some@key', OpenPGPKey).thenReturn(OpenPGPKey('some@key', private=True)) + + d = self.web.get(request) + + def assert_response(_): + self.assertEquals(401, request.code) + + d.addCallback(assert_response) + return d + -- cgit v1.2.3