mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-21 07:51:13 -05:00
89 lines
2.7 KiB
Python
89 lines
2.7 KiB
Python
import pytest
|
|
|
|
from notifications_utils.clients.encryption.encryption_client import (
|
|
Encryption,
|
|
EncryptionError,
|
|
)
|
|
|
|
|
|
@pytest.fixture()
|
|
def encryption_client(app):
|
|
client = Encryption()
|
|
|
|
app.config["SECRET_KEY"] = "test-notify-secret-key"
|
|
app.config["DANGEROUS_SALT"] = "test-notify-salt"
|
|
|
|
client.init_app(app)
|
|
|
|
return client
|
|
|
|
|
|
def test_should_ensure_shared_salt_security(app):
|
|
client = Encryption()
|
|
app.config["SECRET_KEY"] = "test-notify-secret-key"
|
|
app.config["DANGEROUS_SALT"] = "too-short"
|
|
with pytest.raises(EncryptionError):
|
|
client.init_app(app)
|
|
|
|
|
|
def test_should_ensure_custom_salt_security(encryption_client):
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.encrypt("this", salt="too-short")
|
|
|
|
|
|
def test_should_encrypt_strings(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
assert encrypted != "this"
|
|
assert isinstance(encrypted, str)
|
|
|
|
|
|
def test_should_encrypt_dicts(encryption_client):
|
|
to_encrypt = {"hello": "world"}
|
|
encrypted = encryption_client.encrypt(to_encrypt)
|
|
assert encrypted != to_encrypt
|
|
assert encryption_client.decrypt(encrypted) == to_encrypt
|
|
|
|
|
|
def test_encryption_is_nondeterministic(encryption_client):
|
|
first_run = encryption_client.encrypt("this")
|
|
second_run = encryption_client.encrypt("this")
|
|
assert first_run != second_run
|
|
|
|
|
|
def test_should_decrypt_content(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
assert encryption_client.decrypt(encrypted) == "this"
|
|
|
|
|
|
def test_should_decrypt_content_with_custom_salt(encryption_client):
|
|
salt = "different-salt-value"
|
|
encrypted = encryption_client.encrypt("this", salt=salt)
|
|
assert encryption_client.decrypt(encrypted, salt=salt) == "this"
|
|
|
|
|
|
def test_should_verify_decryption(encryption_client):
|
|
encrypted = encryption_client.encrypt("this")
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.decrypt(encrypted, salt="different-salt-value")
|
|
|
|
|
|
def test_should_sign_and_serialize_string(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
assert signed != "this"
|
|
|
|
|
|
def test_should_verify_signature_and_deserialize_string(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
assert encryption_client.verify_signature(signed) == "this"
|
|
|
|
|
|
def test_should_raise_encryption_error_on_bad_salt(encryption_client):
|
|
signed = encryption_client.sign("this")
|
|
with pytest.raises(EncryptionError):
|
|
encryption_client.verify_signature(signed, salt="different-salt-value")
|
|
|
|
|
|
def test_should_sign_and_serialize_json(encryption_client):
|
|
signed = encryption_client.sign({"this": "that"})
|
|
assert encryption_client.verify_signature(signed) == {"this": "that"}
|