diff --git a/Pipfile b/Pipfile index dc8437e5f..f1120001a 100644 --- a/Pipfile +++ b/Pipfile @@ -58,7 +58,7 @@ werkzeug = "~=2.1.1" # gds metrics packages prometheus-client = "==0.14.1" gds-metrics = {version = "==0.2.4", ref = "6f1840a57b6fb1ee40b7e84f2f18ec229de8aa72", git = "https://github.com/alphagov/gds_metrics_python.git"} -notifications-utils = {editable = true, ref = "37ae9753c050851453d072994fb03b1415601716", git = "https://github.com/GSA/notifications-utils"} +notifications-utils = {editable = true, ref = "723cd96915310f12bf5c02df3fed44e7794dccfd", git = "https://github.com/GSA/notifications-utils"} [dev-packages] flake8 = "==4.0.1" diff --git a/Pipfile.lock b/Pipfile.lock index 9a64eced5..e3481cbc4 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "d652255c8ca6f6cb96778b0159228628816a114f867510bd4ce13a9e9692b101" + "sha256": "4e91ab05773366a04e60924ffca46e9157515716e6a98c4cc43097097713e651" }, "pipfile-spec": 6, "requires": { @@ -275,6 +275,38 @@ "index": "pypi", "version": "==0.4.4" }, + "cryptography": { + "hashes": [ + "sha256:0e70da4bdff7601b0ef48e6348339e490ebfb0cbe638e083c9c41fb49f00c8bd", + "sha256:10652dd7282de17990b88679cb82f832752c4e8237f0c714be518044269415db", + "sha256:175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290", + "sha256:1d7e632804a248103b60b16fb145e8df0bc60eed790ece0d12efe8cd3f3e7744", + "sha256:1f13ddda26a04c06eb57119caf27a524ccae20533729f4b1e4a69b54e07035eb", + "sha256:2ec2a8714dd005949d4019195d72abed84198d877112abb5a27740e217e0ea8d", + "sha256:2fa36a7b2cc0998a3a4d5af26ccb6273f3df133d61da2ba13b3286261e7efb70", + "sha256:2fb481682873035600b5502f0015b664abc26466153fab5c6bc92c1ea69d478b", + "sha256:3178d46f363d4549b9a76264f41c6948752183b3f587666aff0555ac50fd7876", + "sha256:4367da5705922cf7070462e964f66e4ac24162e22ab0a2e9d31f1b270dd78083", + "sha256:4eb85075437f0b1fd8cd66c688469a0c4119e0ba855e3fef86691971b887caf6", + "sha256:50a1494ed0c3f5b4d07650a68cd6ca62efe8b596ce743a5c94403e6f11bf06c1", + "sha256:53049f3379ef05182864d13bb9686657659407148f901f3f1eee57a733fb4b00", + "sha256:6391e59ebe7c62d9902c24a4d8bcbc79a68e7c4ab65863536127c8a9cd94043b", + "sha256:67461b5ebca2e4c2ab991733f8ab637a7265bb582f07c7c88914b5afb88cb95b", + "sha256:78e47e28ddc4ace41dd38c42e6feecfdadf9c3be2af389abbfeef1ff06822285", + "sha256:80ca53981ceeb3241998443c4964a387771588c4e4a5d92735a493af868294f9", + "sha256:8a4b2bdb68a447fadebfd7d24855758fe2d6fecc7fed0b78d190b1af39a8e3b0", + "sha256:8e45653fb97eb2f20b8c96f9cd2b3a0654d742b47d638cf2897afbd97f80fa6d", + "sha256:998cd19189d8a747b226d24c0207fdaa1e6658a1d3f2494541cb9dfbf7dcb6d2", + "sha256:a10498349d4c8eab7357a8f9aa3463791292845b79597ad1b98a543686fb1ec8", + "sha256:b4cad0cea995af760f82820ab4ca54e5471fc782f70a007f31531957f43e9dee", + "sha256:bfe6472507986613dc6cc00b3d492b2f7564b02b3b3682d25ca7f40fa3fd321b", + "sha256:c9e0d79ee4c56d841bd4ac6e7697c8ff3c8d6da67379057f29e66acffcd1e9a7", + "sha256:ca57eb3ddaccd1112c18fc80abe41db443cc2e9dcb1917078e02dfa010a4f353", + "sha256:ce127dd0a6a0811c251a6cddd014d292728484e530d80e872ad9806cfb1c5b3c" + ], + "markers": "python_version >= '3.6'", + "version": "==38.0.4" + }, "defusedxml": { "hashes": [ "sha256:1bb3032db185915b62d7c6209c5a8792be6a32ab2fedacc84e01b52c51aa3e69", @@ -710,7 +742,7 @@ "notifications-utils": { "editable": true, "git": "https://github.com/GSA/notifications-utils", - "ref": "37ae9753c050851453d072994fb03b1415601716" + "ref": "723cd96915310f12bf5c02df3fed44e7794dccfd" }, "orderedset": { "hashes": [ @@ -751,11 +783,11 @@ }, "prompt-toolkit": { "hashes": [ - "sha256:535c29c31216c77302877d5120aef6c94ff573748a5b5ca5b1b1f76f5e700c73", - "sha256:ced598b222f6f4029c0800cefaa6a17373fb580cd093223003475ce32805c35b" + "sha256:3e163f254bef5a03b146397d7c1963bd3e2812f0964bb9a24e6ec761fd28db63", + "sha256:aa64ad242a462c5ff0363a7b9cfe696c20d55d9fc60c11fd8e632d064804d305" ], "markers": "python_full_version >= '3.6.2'", - "version": "==3.0.33" + "version": "==3.0.36" }, "psycopg2-binary": { "hashes": [ @@ -1003,10 +1035,10 @@ }, "redis": { "hashes": [ - "sha256:30c07511627a4c5c4d970e060000772f323174f75e745a26938319817ead7a12", - "sha256:46652271dc7525cd5a9667e5b0ca983c848c75b2b8f7425403395bb8379dcf25" + "sha256:7b8c87d19c45d3f1271b124858d2a5c13160c4e74d4835e28273400fa34d5228", + "sha256:cae3ee5d1f57d8caf534cd8764edf3163c77e073bdd74b6f54a87ffafdc5e7d9" ], - "version": "==4.3.5" + "version": "==4.4.0" }, "requests": { "hashes": [ diff --git a/app/celery/letters_pdf_tasks.py b/app/celery/letters_pdf_tasks.py index cd7a18021..754501567 100644 --- a/app/celery/letters_pdf_tasks.py +++ b/app/celery/letters_pdf_tasks.py @@ -79,7 +79,7 @@ def get_pdf_for_templated_letter(self, notification_id): 'key_type': notification.key_type } - encrypted_data = encryption.encrypt(letter_data) + encrypted_data = encryption.sign(letter_data) notify_celery.send_task( name=TaskNames.CREATE_PDF_FOR_TEMPLATED_LETTER, @@ -328,7 +328,7 @@ def sanitise_letter(self, filename): @notify_celery.task(bind=True, name='process-sanitised-letter', max_retries=15, default_retry_delay=300) def process_sanitised_letter(self, sanitise_data): - letter_details = encryption.decrypt(sanitise_data) + letter_details = encryption.verify_signature(sanitise_data) filename = letter_details['filename'] notification_id = letter_details['notification_id'] diff --git a/app/celery/service_callback_tasks.py b/app/celery/service_callback_tasks.py index 0e81d38d0..d06f1a173 100644 --- a/app/celery/service_callback_tasks.py +++ b/app/celery/service_callback_tasks.py @@ -12,7 +12,7 @@ from app.utils import DATETIME_FORMAT def send_delivery_status_to_service( self, notification_id, encrypted_status_update ): - status_update = encryption.decrypt(encrypted_status_update) + status_update = encryption.verify_signature(encrypted_status_update) data = { "id": str(notification_id), @@ -38,7 +38,7 @@ def send_delivery_status_to_service( @notify_celery.task(bind=True, name="send-complaint", max_retries=5, default_retry_delay=300) def send_complaint_to_service(self, complaint_data): - complaint = encryption.decrypt(complaint_data) + complaint = encryption.verify_signature(complaint_data) data = { "notification_id": complaint['notification_id'], @@ -125,7 +125,7 @@ def create_delivery_status_callback_data(notification, service_callback_api): "template_id": str(notification.template_id), "template_version": notification.template_version, } - return encryption.encrypt(data) + return encryption.sign(data) def create_complaint_callback_data(complaint, notification, service_callback_api, recipient): @@ -138,4 +138,4 @@ def create_complaint_callback_data(complaint, notification, service_callback_api "service_callback_api_url": service_callback_api.url, "service_callback_api_bearer_token": service_callback_api.bearer_token, } - return encryption.encrypt(data) + return encryption.sign(data) diff --git a/app/celery/tasks.py b/app/celery/tasks.py index dd37229f1..ca8ad8957 100644 --- a/app/celery/tasks.py +++ b/app/celery/tasks.py @@ -125,7 +125,7 @@ def get_recipient_csv_and_template_and_sender_id(job): def process_row(row, template, job, service, sender_id=None): template_type = template.template_type - encrypted = encryption.encrypt({ + encrypted = encryption.sign({ 'template': str(template.id), 'template_version': job.template_version, 'job': str(job.id), @@ -183,7 +183,7 @@ def save_sms(self, notification_id, encrypted_notification, sender_id=None): - notification = encryption.decrypt(encrypted_notification) + notification = encryption.verify_signature(encrypted_notification) service = SerialisedService.from_id(service_id) template = SerialisedTemplate.from_id_and_service_id( notification['template'], @@ -241,7 +241,7 @@ def save_email(self, notification_id, encrypted_notification, sender_id=None): - notification = encryption.decrypt(encrypted_notification) + notification = encryption.verify_signature(encrypted_notification) service = SerialisedService.from_id(service_id) template = SerialisedTemplate.from_id_and_service_id( @@ -298,7 +298,7 @@ def save_api_sms(self, encrypted_notification): def save_api_email_or_sms(self, encrypted_notification): - notification = encryption.decrypt(encrypted_notification) + notification = encryption.verify_signature(encrypted_notification) service = SerialisedService.from_id(notification['service_id']) q = QueueNames.SEND_EMAIL if notification['notification_type'] == EMAIL_TYPE else QueueNames.SEND_SMS provider_task = provider_tasks.deliver_email if notification['notification_type'] == EMAIL_TYPE \ @@ -348,7 +348,7 @@ def save_letter( notification_id, encrypted_notification, ): - notification = encryption.decrypt(encrypted_notification) + notification = encryption.verify_signature(encrypted_notification) postal_address = PostalAddress.from_personalisation( InsensitiveDict(notification['personalisation']) diff --git a/app/models.py b/app/models.py index e2c5c5bed..bb91bcc79 100644 --- a/app/models.py +++ b/app/models.py @@ -738,13 +738,13 @@ class ServiceInboundApi(db.Model, Versioned): @property def bearer_token(self): if self._bearer_token: - return encryption.decrypt(self._bearer_token) + return encryption.verify_signature(self._bearer_token) return None @bearer_token.setter def bearer_token(self, bearer_token): if bearer_token: - self._bearer_token = encryption.encrypt(str(bearer_token)) + self._bearer_token = encryption.sign(str(bearer_token)) def serialize(self): return { @@ -777,13 +777,13 @@ class ServiceCallbackApi(db.Model, Versioned): @property def bearer_token(self): if self._bearer_token: - return encryption.decrypt(self._bearer_token) + return encryption.verify_signature(self._bearer_token) return None @bearer_token.setter def bearer_token(self, bearer_token): if bearer_token: - self._bearer_token = encryption.encrypt(str(bearer_token)) + self._bearer_token = encryption.sign(str(bearer_token)) def serialize(self): return { @@ -834,13 +834,13 @@ class ApiKey(db.Model, Versioned): @property def secret(self): if self._secret: - return encryption.decrypt(self._secret) + return encryption.verify_signature(self._secret) return None @secret.setter def secret(self, secret): if secret: - self._secret = encryption.encrypt(str(secret)) + self._secret = encryption.sign(str(secret)) KEY_TYPE_NORMAL = 'normal' @@ -1512,12 +1512,12 @@ class Notification(db.Model): @property def personalisation(self): if self._personalisation: - return encryption.decrypt(self._personalisation) + return encryption.verify_signature(self._personalisation) return {} @personalisation.setter def personalisation(self, personalisation): - self._personalisation = encryption.encrypt(personalisation or {}) + self._personalisation = encryption.sign(personalisation or {}) def completed_at(self): if self.status in NOTIFICATION_STATUS_TYPES_COMPLETED: @@ -1960,11 +1960,11 @@ class InboundSms(db.Model): @property def content(self): - return encryption.decrypt(self._content) + return encryption.verify_signature(self._content) @content.setter def content(self, content): - self._content = encryption.encrypt(content) + self._content = encryption.sign(content) def serialize(self): return { diff --git a/app/v2/notifications/post_notifications.py b/app/v2/notifications/post_notifications.py index 756c4d846..c6402e735 100644 --- a/app/v2/notifications/post_notifications.py +++ b/app/v2/notifications/post_notifications.py @@ -300,7 +300,7 @@ def save_email_or_sms_to_queue( "status": NOTIFICATION_CREATED, "created_at": datetime.utcnow().strftime(DATETIME_FORMAT), } - encrypted = encryption.encrypt( + encrypted = encryption.sign( data ) diff --git a/tests/app/celery/test_process_ses_receipts_tasks.py b/tests/app/celery/test_process_ses_receipts_tasks.py index a90f9f6f8..7311f4171 100644 --- a/tests/app/celery/test_process_ses_receipts_tasks.py +++ b/tests/app/celery/test_process_ses_receipts_tasks.py @@ -331,7 +331,7 @@ def test_ses_callback_should_send_on_complaint_to_user_callback_api(sample_email response = ses_complaint_callback() assert process_ses_results(response) assert send_mock.call_count == 1 - assert encryption.decrypt(send_mock.call_args[0][0][0]) == { + assert encryption.verify_signature(send_mock.call_args[0][0][0]) == { 'complaint_date': '2018-06-05T13:59:58.000000Z', 'complaint_id': str(Complaint.query.one().id), 'notification_id': str(notification.id), diff --git a/tests/app/celery/test_scheduled_tasks.py b/tests/app/celery/test_scheduled_tasks.py index 55298af2c..36aa7e2db 100644 --- a/tests/app/celery/test_scheduled_tasks.py +++ b/tests/app/celery/test_scheduled_tasks.py @@ -465,7 +465,7 @@ def test_check_for_missing_rows_in_completed_jobs_ignores_old_and_new_jobs( ): mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('multiple_email'), {"sender_id": None})) - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") process_row = mocker.patch('app.celery.scheduled_tasks.process_row') job = create_job( @@ -485,7 +485,7 @@ def test_check_for_missing_rows_in_completed_jobs_ignores_old_and_new_jobs( def test_check_for_missing_rows_in_completed_jobs(mocker, sample_email_template): mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('multiple_email'), {"sender_id": None})) - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") process_row = mocker.patch('app.celery.scheduled_tasks.process_row') job = create_job(template=sample_email_template, @@ -506,7 +506,7 @@ def test_check_for_missing_rows_in_completed_jobs_calls_save_email(mocker, sampl mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('multiple_email'), {'sender_id': None})) save_email_task = mocker.patch('app.celery.tasks.save_email.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value='uuid') job = create_job(template=sample_email_template, diff --git a/tests/app/celery/test_service_callback_tasks.py b/tests/app/celery/test_service_callback_tasks.py index d5249c678..1996d2239 100644 --- a/tests/app/celery/test_service_callback_tasks.py +++ b/tests/app/celery/test_service_callback_tasks.py @@ -191,7 +191,7 @@ def _set_up_data_for_status_update(callback_api, notification): "template_id": str(notification.template_id), "template_version": notification.template_version, } - encrypted_status_update = encryption.encrypt(data) + encrypted_status_update = encryption.sign(data) return encrypted_status_update @@ -205,5 +205,5 @@ def _set_up_data_for_complaint(callback_api, complaint, notification): "service_callback_api_url": callback_api.url, "service_callback_api_bearer_token": callback_api.bearer_token, } - obscured_status_update = encryption.encrypt(data) + obscured_status_update = encryption.sign(data) return obscured_status_update diff --git a/tests/app/celery/test_tasks.py b/tests/app/celery/test_tasks.py index 4b3fe9bdb..9556ac0ea 100644 --- a/tests/app/celery/test_tasks.py +++ b/tests/app/celery/test_tasks.py @@ -109,7 +109,7 @@ def test_should_process_sms_job(sample_job, mocker): mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('sms'), {'sender_id': None})) mocker.patch('app.celery.tasks.save_sms.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") process_job(sample_job.id) @@ -117,11 +117,11 @@ def test_should_process_sms_job(sample_job, mocker): service_id=str(sample_job.service.id), job_id=str(sample_job.id) ) - assert encryption.encrypt.call_args[0][0]['to'] == '+441234123123' - assert encryption.encrypt.call_args[0][0]['template'] == str(sample_job.template.id) - assert encryption.encrypt.call_args[0][0]['template_version'] == sample_job.template.version - assert encryption.encrypt.call_args[0][0]['personalisation'] == {'phonenumber': '+441234123123'} - assert encryption.encrypt.call_args[0][0]['row_number'] == 0 + assert encryption.sign.call_args[0][0]['to'] == '+441234123123' + assert encryption.sign.call_args[0][0]['template'] == str(sample_job.template.id) + assert encryption.sign.call_args[0][0]['template_version'] == sample_job.template.version + assert encryption.sign.call_args[0][0]['personalisation'] == {'phonenumber': '+441234123123'} + assert encryption.sign.call_args[0][0]['row_number'] == 0 tasks.save_sms.apply_async.assert_called_once_with( (str(sample_job.service_id), "uuid", @@ -137,7 +137,7 @@ def test_should_process_sms_job_with_sender_id(sample_job, mocker, fake_uuid): mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('sms'), {'sender_id': fake_uuid})) mocker.patch('app.celery.tasks.save_sms.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") process_job(sample_job.id, sender_id=fake_uuid) @@ -211,7 +211,7 @@ def test_should_process_job_if_send_limits_are_not_exceeded( mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('multiple_email'), {"sender_id": None})) mocker.patch('app.celery.tasks.save_email.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") mocker.patch('app.celery.tasks.check_service_over_daily_message_limit', return_value=0) process_job(job.id) @@ -255,7 +255,7 @@ def test_should_process_email_job(email_job_with_placeholders, mocker): """ mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(email_csv, {"sender_id": None})) mocker.patch('app.celery.tasks.save_email.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") process_job(email_job_with_placeholders.id) @@ -264,10 +264,10 @@ def test_should_process_email_job(email_job_with_placeholders, mocker): service_id=str(email_job_with_placeholders.service.id), job_id=str(email_job_with_placeholders.id) ) - assert encryption.encrypt.call_args[0][0]['to'] == 'test@test.com' - assert encryption.encrypt.call_args[0][0]['template'] == str(email_job_with_placeholders.template.id) - assert encryption.encrypt.call_args[0][0]['template_version'] == email_job_with_placeholders.template.version - assert encryption.encrypt.call_args[0][0]['personalisation'] == {'emailaddress': 'test@test.com', 'name': 'foo'} + assert encryption.sign.call_args[0][0]['to'] == 'test@test.com' + assert encryption.sign.call_args[0][0]['template'] == str(email_job_with_placeholders.template.id) + assert encryption.sign.call_args[0][0]['template_version'] == email_job_with_placeholders.template.version + assert encryption.sign.call_args[0][0]['personalisation'] == {'emailaddress': 'test@test.com', 'name': 'foo'} tasks.save_email.apply_async.assert_called_once_with( ( str(email_job_with_placeholders.service_id), @@ -287,7 +287,7 @@ def test_should_process_email_job_with_sender_id(email_job_with_placeholders, mo """ mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(email_csv, {"sender_id": fake_uuid})) mocker.patch('app.celery.tasks.save_email.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") process_job(email_job_with_placeholders.id, sender_id=fake_uuid) @@ -341,7 +341,7 @@ def test_should_process_all_sms_job(sample_job_with_placeholdered_template, mocker.patch('app.celery.tasks.s3.get_job_and_metadata_from_s3', return_value=(load_example_csv('multiple_sms'), {"sender_id": None})) mocker.patch('app.celery.tasks.save_sms.apply_async') - mocker.patch('app.encryption.encrypt', return_value="something_encrypted") + mocker.patch('app.encryption.sign', return_value="something_encrypted") mocker.patch('app.celery.tasks.create_uuid', return_value="uuid") process_job(sample_job_with_placeholdered_template.id) @@ -350,11 +350,11 @@ def test_should_process_all_sms_job(sample_job_with_placeholdered_template, service_id=str(sample_job_with_placeholdered_template.service.id), job_id=str(sample_job_with_placeholdered_template.id) ) - assert encryption.encrypt.call_args[0][0]['to'] == '+441234123120' - assert encryption.encrypt.call_args[0][0]['template'] == str(sample_job_with_placeholdered_template.template.id) - assert encryption.encrypt.call_args[0][0][ + assert encryption.sign.call_args[0][0]['to'] == '+441234123120' + assert encryption.sign.call_args[0][0]['template'] == str(sample_job_with_placeholdered_template.template.id) + assert encryption.sign.call_args[0][0][ 'template_version'] == sample_job_with_placeholdered_template.template.version # noqa - assert encryption.encrypt.call_args[0][0]['personalisation'] == {'phonenumber': '+441234123120', 'name': 'chris'} + assert encryption.sign.call_args[0][0]['personalisation'] == {'phonenumber': '+441234123120', 'name': 'chris'} assert tasks.save_sms.apply_async.call_count == 10 job = jobs_dao.dao_get_job_by_id(sample_job_with_placeholdered_template.id) assert job.job_status == 'finished' @@ -374,7 +374,7 @@ def test_should_process_all_sms_job(sample_job_with_placeholdered_template, def test_process_row_sends_letter_task(template_type, research_mode, expected_function, expected_queue, mocker): mocker.patch('app.celery.tasks.create_uuid', return_value='noti_uuid') task_mock = mocker.patch('app.celery.tasks.{}.apply_async'.format(expected_function)) - encrypt_mock = mocker.patch('app.celery.tasks.encryption.encrypt') + encrypt_mock = mocker.patch('app.celery.tasks.encryption.sign') template = Mock(id='template_id', template_type=template_type) job = Mock(id='job_id', template_version='temp_vers') service = Mock(id='service_id', research_mode=research_mode) @@ -417,7 +417,7 @@ def test_process_row_sends_letter_task(template_type, research_mode, expected_fu def test_process_row_when_sender_id_is_provided(mocker, fake_uuid): mocker.patch('app.celery.tasks.create_uuid', return_value='noti_uuid') task_mock = mocker.patch('app.celery.tasks.save_sms.apply_async') - encrypt_mock = mocker.patch('app.celery.tasks.encryption.encrypt') + encrypt_mock = mocker.patch('app.celery.tasks.encryption.sign') template = Mock(id='template_id', template_type=SMS_TYPE) job = Mock(id='job_id', template_version='temp_vers') service = Mock(id='service_id', research_mode=False) @@ -460,7 +460,7 @@ def test_should_send_template_to_correct_sms_task_and_persist(sample_template_wi save_sms( sample_template_with_placeholders.service_id, uuid.uuid4(), - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -473,7 +473,7 @@ def test_should_send_template_to_correct_sms_task_and_persist(sample_template_wi assert not persisted_notification.sent_by assert not persisted_notification.job_id assert persisted_notification.personalisation == {'name': 'Jo'} - assert persisted_notification._personalisation == encryption.encrypt({"name": "Jo"}) + assert persisted_notification._personalisation == encryption.sign({"name": "Jo"}) assert persisted_notification.notification_type == 'sms' mocked_deliver_sms.assert_called_once_with( [str(persisted_notification.id)], @@ -495,7 +495,7 @@ def test_should_put_save_sms_task_in_research_mode_queue_if_research_mode_servic save_sms( template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() provider_tasks.deliver_sms.apply_async.assert_called_once_with( @@ -514,7 +514,7 @@ def test_should_save_sms_if_restricted_service_and_valid_number(notify_db_sessio mocker.patch('app.celery.provider_tasks.deliver_sms.apply_async') notification_id = uuid.uuid4() - encrypt_notification = encryption.encrypt(notification) + encrypt_notification = encryption.sign(notification) save_sms( service.id, notification_id, @@ -550,7 +550,7 @@ def test_save_email_should_save_default_email_reply_to_text_on_notification(noti save_email( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -568,7 +568,7 @@ def test_save_sms_should_save_default_smm_sender_notification_reply_to_text_on(n save_sms( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -587,7 +587,7 @@ def test_should_not_save_sms_if_restricted_service_and_invalid_number(notify_db_ save_sms( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) assert provider_tasks.deliver_sms.apply_async.called is False assert Notification.query.count() == 0 @@ -603,7 +603,7 @@ def test_should_not_save_email_if_restricted_service_and_invalid_email_address(n save_email( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) assert Notification.query.count() == 0 @@ -625,7 +625,7 @@ def test_should_put_save_email_task_in_research_mode_queue_if_research_mode_serv save_email( template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -648,7 +648,7 @@ def test_should_save_sms_template_to_and_persist_with_job_id(sample_job, mocker) save_sms( sample_job.service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() assert persisted_notification.to == '+447234123123' @@ -685,7 +685,7 @@ def test_should_not_save_sms_if_team_key_and_recipient_not_in_team(notify_db_ses save_sms( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) assert provider_tasks.deliver_sms.apply_async.called is False assert Notification.query.count() == 0 @@ -708,7 +708,7 @@ def test_should_use_email_template_and_persist(sample_email_template_with_placeh save_email( sample_email_template_with_placeholders.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -721,7 +721,7 @@ def test_should_use_email_template_and_persist(sample_email_template_with_placeh assert not persisted_notification.sent_by assert persisted_notification.job_row_number == 1 assert persisted_notification.personalisation == {'name': 'Jo'} - assert persisted_notification._personalisation == encryption.encrypt({"name": "Jo"}) + assert persisted_notification._personalisation == encryption.sign({"name": "Jo"}) assert persisted_notification.api_key_id is None assert persisted_notification.key_type == KEY_TYPE_NORMAL assert persisted_notification.notification_type == 'email' @@ -747,7 +747,7 @@ def test_save_email_should_use_template_version_from_job_not_latest(sample_email save_email( sample_email_template.service_id, uuid.uuid4(), - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -773,7 +773,7 @@ def test_should_use_email_template_subject_placeholders(sample_email_template_wi save_email( sample_email_template_with_placeholders.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() assert persisted_notification.to == 'my_email@my_email.com' @@ -802,7 +802,7 @@ def test_save_email_uses_the_reply_to_text_when_provided(sample_email_template, save_email( sample_email_template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), sender_id=other_email_reply_to.id, ) persisted_notification = Notification.query.one() @@ -821,7 +821,7 @@ def test_save_email_uses_the_default_reply_to_text_if_sender_id_is_none(sample_e save_email( sample_email_template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), sender_id=None, ) persisted_notification = Notification.query.one() @@ -839,7 +839,7 @@ def test_should_use_email_template_and_persist_without_personalisation(sample_em save_email( sample_email_template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() assert persisted_notification.to == 'my_email@my_email.com' @@ -870,7 +870,7 @@ def test_save_sms_should_go_to_retry_queue_if_database_errors(sample_template, m save_sms( sample_template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) assert provider_tasks.deliver_sms.apply_async.called is False tasks.save_sms.retry.assert_called_with(exc=expected_exception, queue="retry-tasks") @@ -893,7 +893,7 @@ def test_save_email_should_go_to_retry_queue_if_database_errors(sample_email_tem save_email( sample_email_template.service_id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) assert not provider_tasks.deliver_email.apply_async.called tasks.save_email.retry.assert_called_with(exc=expected_exception, queue="retry-tasks") @@ -911,7 +911,7 @@ def test_save_email_does_not_send_duplicate_and_does_not_put_in_retry_queue(samp save_email( sample_notification.service_id, notification_id, - encryption.encrypt(json), + encryption.sign(json), ) assert Notification.query.count() == 1 assert not deliver_email.called @@ -928,7 +928,7 @@ def test_save_sms_does_not_send_duplicate_and_does_not_put_in_retry_queue(sample save_sms( sample_notification.service_id, notification_id, - encryption.encrypt(json), + encryption.sign(json), ) assert Notification.query.count() == 1 assert not deliver_sms.called @@ -998,7 +998,7 @@ def test_save_letter_saves_letter_to_database( save_letter( job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1042,7 +1042,7 @@ def test_save_letter_saves_letter_to_database_with_correct_postage( save_letter( letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1075,7 +1075,7 @@ def test_save_letter_saves_letter_to_database_with_correct_client_reference( save_letter( letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1100,7 +1100,7 @@ def test_save_letter_saves_letter_to_database_with_formatted_postcode(mocker, no save_letter( letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1139,7 +1139,7 @@ def test_save_letter_saves_letter_to_database_right_reply_to(mocker, notify_db_s save_letter( job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1201,7 +1201,7 @@ def test_save_letter_uses_template_reply_to_text(mocker, notify_db_session): save_letter( job.service_id, uuid.uuid4(), - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification_db = Notification.query.one() @@ -1219,7 +1219,7 @@ def test_save_sms_uses_sms_sender_reply_to_text(mocker, notify_db_session): save_sms( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), ) persisted_notification = Notification.query.one() @@ -1238,7 +1238,7 @@ def test_save_sms_uses_non_default_sms_sender_reply_to_text_if_provided(mocker, save_sms( service.id, notification_id, - encryption.encrypt(notification), + encryption.sign(notification), sender_id=new_sender.id, ) @@ -1276,7 +1276,7 @@ def test_save_letter_sets_delivered_letters_as_pdf_permission_in_research_mode_i save_letter( sample_letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) notification = Notification.query.filter(Notification.id == notification_id).one() @@ -1314,7 +1314,7 @@ def test_save_letter_calls_create_fake_response_for_letters_in_research_mode_on_ save_letter( sample_letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) mock_create_fake_letter_response_file.assert_called_once_with( @@ -1345,7 +1345,7 @@ def test_save_letter_calls_get_pdf_for_templated_letter_task_not_in_research( save_letter( sample_letter_job.service_id, notification_id, - encryption.encrypt(notification_json), + encryption.sign(notification_json), ) assert mock_create_letters_pdf.called @@ -1843,7 +1843,7 @@ def test_save_api_email_or_sms(mocker, sample_service, notification_type): data.update({"to": "+447700900855"}) expected_queue = QueueNames.SEND_SMS - encrypted = encryption.encrypt( + encrypted = encryption.sign( data ) @@ -1890,7 +1890,7 @@ def test_save_api_email_dont_retry_if_notification_already_exists(sample_service data.update({"to": "+447700900855"}) expected_queue = QueueNames.SEND_SMS - encrypted = encryption.encrypt( + encrypted = encryption.sign( data ) assert len(Notification.query.all()) == 0 @@ -1953,7 +1953,7 @@ def test_save_tasks_use_cached_service_and_template( task_function( service.id, uuid.uuid4(), - encryption.encrypt(notification), + encryption.sign(notification), ) # We talk to the database once for the service and once for the @@ -1995,7 +1995,7 @@ def test_save_api_tasks_use_cache( api_key = create_api_key(service=template.service) def create_encrypted_notification(): - return encryption.encrypt({ + return encryption.sign({ "to": recipient, "id": str(uuid.uuid4()), "template_id": str(template.id), diff --git a/tests/app/dao/test_service_callback_api_dao.py b/tests/app/dao/test_service_callback_api_dao.py index 504e470d8..573cf5b72 100644 --- a/tests/app/dao/test_service_callback_api_dao.py +++ b/tests/app/dao/test_service_callback_api_dao.py @@ -40,7 +40,7 @@ def test_save_service_callback_api(sample_service): assert versioned.service_id == sample_service.id assert versioned.updated_by_id == sample_service.users[0].id assert versioned.url == "https://some_service/callback_endpoint" - assert encryption.decrypt(versioned._bearer_token) == "some_unique_string" + assert encryption.verify_signature(versioned._bearer_token) == "some_unique_string" assert versioned.updated_at is None assert versioned.version == 1 @@ -140,7 +140,7 @@ def test_update_service_callback_api(sample_service): assert x.id is not None assert x.service_id == sample_service.id assert x.updated_by_id == sample_service.users[0].id - assert encryption.decrypt(x._bearer_token) == "some_unique_string" + assert encryption.verify_signature(x._bearer_token) == "some_unique_string" def test_get_service_callback_api(sample_service): diff --git a/tests/app/dao/test_service_inbound_api_dao.py b/tests/app/dao/test_service_inbound_api_dao.py index 26a750533..6f7f57af5 100644 --- a/tests/app/dao/test_service_inbound_api_dao.py +++ b/tests/app/dao/test_service_inbound_api_dao.py @@ -40,7 +40,7 @@ def test_save_service_inbound_api(sample_service): assert versioned.service_id == sample_service.id assert versioned.updated_by_id == sample_service.users[0].id assert versioned.url == "https://some_service/inbound_messages" - assert encryption.decrypt(versioned._bearer_token) == "some_unique_string" + assert encryption.verify_signature(versioned._bearer_token) == "some_unique_string" assert versioned.updated_at is None assert versioned.version == 1 @@ -97,7 +97,7 @@ def test_update_service_inbound_api(sample_service): assert x.id is not None assert x.service_id == sample_service.id assert x.updated_by_id == sample_service.users[0].id - assert encryption.decrypt(x._bearer_token) == "some_unique_string" + assert encryption.verify_signature(x._bearer_token) == "some_unique_string" def test_get_service_inbound_api(sample_service): diff --git a/tests/app/test_model.py b/tests/app/test_model.py index f8464a16e..57c4b40cd 100644 --- a/tests/app/test_model.py +++ b/tests/app/test_model.py @@ -156,7 +156,7 @@ def test_notification_personalisation_getter_returns_empty_dict_from_None(): def test_notification_personalisation_getter_always_returns_empty_dict(): noti = Notification() - noti._personalisation = encryption.encrypt({}) + noti._personalisation = encryption.sign({}) assert noti.personalisation == {} @@ -168,7 +168,7 @@ def test_notification_personalisation_setter_always_sets_empty_dict(input_value) noti = Notification() noti.personalisation = input_value - assert noti._personalisation == encryption.encrypt({}) + assert noti._personalisation == encryption.sign({}) def test_notification_subject_is_none_for_sms(sample_service):