mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-03-10 05:12:52 -04:00
9a83ba7475
This changeset pulls in all of the notification_utils code directly into the admin and removes it as an external dependency. We are doing this to cut down on operational maintenance of the project and will begin removing parts of it no longer needed for the admin. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
89 lines
2.7 KiB
Python
89 lines
2.7 KiB
Python
import pytest
|
|
|
|
from notifications_utils.clients.encryption.encryption_client import (
|
|
Encryption,
|
|
EncryptionError,
|
|
)
|
|
|
|
|
|
@pytest.fixture()
|
|
def encryption_client(app):
|
|
client = Encryption()
|
|
|
|
app.config["SECRET_KEY"] = "test-notify-secret-key"
|
|
app.config["DANGEROUS_SALT"] = "test-notify-salt"
|
|
|
|
client.init_app(app)
|
|
|
|
return client
|
|
|
|
|
|
def test_should_ensure_shared_salt_security(app):
|
|
client = Encryption()
|
|
app.config["SECRET_KEY"] = "test-notify-secret-key"
|
|
app.config["DANGEROUS_SALT"] = "too-short"
|
|
with pytest.raises(EncryptionError):
|
|
client.init_app(app)
|
|
|
|
|
|
def test_should_ensure_custom_salt_security(encryption_client):
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.encrypt("this", salt="too-short")
|
|
|
|
|
|
def test_should_encrypt_strings(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
assert encrypted != "this"
|
|
assert isinstance(encrypted, str)
|
|
|
|
|
|
def test_should_encrypt_dicts(encryption_client):
|
|
to_encrypt = {"hello": "world"}
|
|
encrypted = encryption_client.encrypt(to_encrypt)
|
|
assert encrypted != to_encrypt
|
|
assert encryption_client.decrypt(encrypted) == to_encrypt
|
|
|
|
|
|
def test_encryption_is_nondeterministic(encryption_client):
|
|
first_run = encryption_client.encrypt("this")
|
|
second_run = encryption_client.encrypt("this")
|
|
assert first_run != second_run
|
|
|
|
|
|
def test_should_decrypt_content(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
assert encryption_client.decrypt(encrypted) == "this"
|
|
|
|
|
|
def test_should_decrypt_content_with_custom_salt(encryption_client):
|
|
salt = "different-salt-value"
|
|
encrypted = encryption_client.encrypt("this", salt=salt)
|
|
assert encryption_client.decrypt(encrypted, salt=salt) == "this"
|
|
|
|
|
|
def test_should_verify_decryption(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.decrypt(encrypted, salt="different-salt-value")
|
|
|
|
|
|
def test_should_sign_and_serialize_string(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
assert signed != "this"
|
|
|
|
|
|
def test_should_verify_signature_and_deserialize_string(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
assert encryption_client.verify_signature(signed) == "this"
|
|
|
|
|
|
def test_should_raise_encryption_error_on_bad_salt(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.verify_signature(signed, salt="different-salt-value")
|
|
|
|
|
|
def test_should_sign_and_serialize_json(encryption_client):
|
|
signed = encryption_client.sign({"this": "that"})
|
|
assert encryption_client.verify_signature(signed) == {"this": "that"}
|