From 0800279325f984eda149a38afbb0991a8ce704c7 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 17 Jun 2020 15:37:28 -0400 Subject: [PATCH] Standardize SecretTest --- netbox/secrets/tests/test_api.py | 230 ++++++------------------------- 1 file changed, 43 insertions(+), 187 deletions(-) diff --git a/netbox/secrets/tests/test_api.py b/netbox/secrets/tests/test_api.py index e3078c81f..136912773 100644 --- a/netbox/secrets/tests/test_api.py +++ b/netbox/secrets/tests/test_api.py @@ -49,212 +49,68 @@ class SecretRoleTest(APIViewTestCases.APIViewTestCase): SecretRole.objects.bulk_create(secret_roles) -# TODO: Standardize SecretTest -class SecretTest(APITestCase): +class SecretTest(APIViewTestCases.APIViewTestCase): + model = Secret + brief_fields = ['id', 'name', 'url'] def setUp(self): + super().setUp() - # Create a non-superuser test user - self.user = create_test_user('testuser', permissions=( - 'secrets.add_secret', - 'secrets.change_secret', - 'secrets.delete_secret', - 'secrets.view_secret', - )) - self.token = Token.objects.create(user=self.user) - self.header = {'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key)} - + # Create a UserKey for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() + + # Create a SessionKey for the user self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) - self.header = { - 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), - 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), - } + # Append the session key to the test client's request header + self.header['HTTP_X_SESSION_KEY'] = base64.b64encode(session_key.key) - self.plaintexts = ( - 'Secret #1 Plaintext', - 'Secret #2 Plaintext', - 'Secret #3 Plaintext', + site = Site.objects.create(name='Site 1', slug='site-1') + manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1') + devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1') + devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1') + device = Device.objects.create(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) + + secret_roles = ( + SecretRole(name='Secret Role 1', slug='secret-role-1'), + SecretRole(name='Secret Role 2', slug='secret-role-2'), ) + SecretRole.objects.bulk_create(secret_roles) - site = Site.objects.create(name='Test Site 1', slug='test-site-1') - manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') - devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') - devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') - self.device = Device.objects.create( - name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole + secrets = ( + Secret(device=device, role=secret_roles[0], name='Secret 1', plaintext='ABC'), + Secret(device=device, role=secret_roles[0], name='Secret 2', plaintext='DEF'), + Secret(device=device, role=secret_roles[0], name='Secret 3', plaintext='GHI'), ) - self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') - self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') - self.secret1 = Secret( - device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintexts[0] - ) - self.secret1.encrypt(self.master_key) - self.secret1.save() - self.secret2 = Secret( - device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintexts[1] - ) - self.secret2.encrypt(self.master_key) - self.secret2.save() - self.secret3 = Secret( - device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintexts[2] - ) - self.secret3.encrypt(self.master_key) - self.secret3.save() + for secret in secrets: + secret.encrypt(self.master_key) + secret.save() - def test_get_secret(self): - - url = reverse('secrets-api:secret-detail', kwargs={'pk': self.secret1.pk}) - - # Secret plaintext not be decrypted as the user has not been assigned to the role - response = self.client.get(url, **self.header) - self.assertIsNone(response.data['plaintext']) - - # The plaintext should be present once the user has been assigned to the role - self.secretrole1.users.add(self.user) - response = self.client.get(url, **self.header) - self.assertEqual(response.data['plaintext'], self.plaintexts[0]) - - def test_list_secrets(self): - - url = reverse('secrets-api:secret-list') - - # Secret plaintext not be decrypted as the user has not been assigned to the role - response = self.client.get(url, **self.header) - self.assertEqual(response.data['count'], 3) - for secret in response.data['results']: - self.assertIsNone(secret['plaintext']) - - # The plaintext should be present once the user has been assigned to the role - self.secretrole1.users.add(self.user) - response = self.client.get(url, **self.header) - self.assertEqual(response.data['count'], 3) - for i, secret in enumerate(response.data['results']): - self.assertEqual(secret['plaintext'], self.plaintexts[i]) - - def test_create_secret(self): - - data = { - 'device': self.device.pk, - 'role': self.secretrole1.pk, - 'name': 'Test Secret 4', - 'plaintext': 'Secret #4 Plaintext', - } - - url = reverse('secrets-api:secret-list') - response = self.client.post(url, data, format='json', **self.header) - - self.assertHttpStatus(response, status.HTTP_201_CREATED) - self.assertEqual(response.data['plaintext'], data['plaintext']) - self.assertEqual(Secret.objects.count(), 4) - secret4 = Secret.objects.get(pk=response.data['id']) - secret4.decrypt(self.master_key) - self.assertEqual(secret4.role_id, data['role']) - self.assertEqual(secret4.plaintext, data['plaintext']) - - def test_create_secret_bulk(self): - - data = [ + self.create_data = [ { - 'device': self.device.pk, - 'role': self.secretrole1.pk, - 'name': 'Test Secret 4', - 'plaintext': 'Secret #4 Plaintext', + 'device': device.pk, + 'role': secret_roles[1].pk, + 'name': 'Secret 4', + 'plaintext': 'JKL', }, { - 'device': self.device.pk, - 'role': self.secretrole1.pk, - 'name': 'Test Secret 5', - 'plaintext': 'Secret #5 Plaintext', + 'device': device.pk, + 'role': secret_roles[1].pk, + 'name': 'Secret 5', + 'plaintext': 'MNO', }, { - 'device': self.device.pk, - 'role': self.secretrole1.pk, - 'name': 'Test Secret 6', - 'plaintext': 'Secret #6 Plaintext', + 'device': device.pk, + 'role': secret_roles[1].pk, + 'name': 'Secret 6', + 'plaintext': 'PQR', }, ] - url = reverse('secrets-api:secret-list') - response = self.client.post(url, data, format='json', **self.header) - - self.assertHttpStatus(response, status.HTTP_201_CREATED) - self.assertEqual(Secret.objects.count(), 6) - self.assertEqual(response.data[0]['plaintext'], data[0]['plaintext']) - self.assertEqual(response.data[1]['plaintext'], data[1]['plaintext']) - self.assertEqual(response.data[2]['plaintext'], data[2]['plaintext']) - - def test_update_secret(self): - - data = { - 'device': self.device.pk, - 'role': self.secretrole2.pk, - 'plaintext': 'NewPlaintext', - } - - url = reverse('secrets-api:secret-detail', kwargs={'pk': self.secret1.pk}) - response = self.client.put(url, data, format='json', **self.header) - - self.assertHttpStatus(response, status.HTTP_200_OK) - self.assertEqual(response.data['plaintext'], data['plaintext']) - self.assertEqual(Secret.objects.count(), 3) - secret1 = Secret.objects.get(pk=response.data['id']) - secret1.decrypt(self.master_key) - self.assertEqual(secret1.role_id, data['role']) - self.assertEqual(secret1.plaintext, data['plaintext']) - - def test_delete_secret(self): - - url = reverse('secrets-api:secret-detail', kwargs={'pk': self.secret1.pk}) - response = self.client.delete(url, **self.header) - - self.assertHttpStatus(response, status.HTTP_204_NO_CONTENT) - self.assertEqual(Secret.objects.count(), 2) - - -class GetSessionKeyTest(APITestCase): - - def setUp(self): - - super().setUp() - - userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) - userkey.save() - master_key = userkey.get_master_key(PRIVATE_KEY) - self.session_key = SessionKey(userkey=userkey) - self.session_key.save(master_key) - - self.header = { - 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), - } - - def test_get_session_key(self): - - encoded_session_key = base64.b64encode(self.session_key.key).decode() - - url = reverse('secrets-api:get-session-key-list') - data = { - 'private_key': PRIVATE_KEY, - } - response = self.client.post(url, data, **self.header) - - self.assertHttpStatus(response, status.HTTP_200_OK) - self.assertIsNotNone(response.data.get('session_key')) - self.assertNotEqual(response.data.get('session_key'), encoded_session_key) - - def test_get_session_key_preserved(self): - - encoded_session_key = base64.b64encode(self.session_key.key).decode() - - url = reverse('secrets-api:get-session-key-list') + '?preserve_key=True' - data = { - 'private_key': PRIVATE_KEY, - } - response = self.client.post(url, data, **self.header) - - self.assertHttpStatus(response, status.HTTP_200_OK) - self.assertEqual(response.data.get('session_key'), encoded_session_key) + def prepare_instance(self, instance): + # Unlock the plaintext prior to evaluation of the instance + instance.decrypt(self.master_key) + return instance