Mercurial > libervia-backend

view libervia/backend/test/test_memory_crypto.py @ 4212:5f2d496c633f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: get rid of `pickle`: Use of `pickle` to serialise data was a technical legacy that was causing trouble to store in database, to update (if a class was serialised, a change could break update), and to security (pickle can lead to code execution). This patch remove all use of Pickle in favour in JSON, notably: - for caching data, a Pydantic model is now used instead - for SQLAlchemy model, the LegacyPickle is replaced by JSON serialisation - in XEP-0373 a class `PublicKeyMetadata` was serialised. New method `from_dict` and `to_dict` method have been implemented to do serialisation. - new methods to (de)serialise data can now be specified with Identity data types. It is notably used to (de)serialise `path` of avatars. A migration script has been created to convert data (for upgrade or downgrade), with special care for XEP-0373 case. Depending of size of database, this migration script can be long to run. rel 443
author Goffi <goffi@goffi.org>
date Fri, 23 Feb 2024 13:31:04 +0100
parents 4b842c1fb686
children
line wrap: on
line source

#!/usr/bin/env python3


# SAT: a jabber client
# Copyright (C) 2009-2016  Jérôme Poisson (goffi@goffi.org)
# Copyright (C) 2013-2016  Adrien Cossa (souliane@mailoo.org)

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


""" Tests for the plugin radiocol """

from libervia.backend.test import helpers
from libervia.backend.memory.crypto import BlockCipher, PasswordHasher
import random
import string
from twisted.internet import defer


def get_random_unicode(len):
    """Return a random unicode string"""
    return "".join(random.choice(string.letters + "éáúóâêûôßüöä") for i in range(len))


class CryptoTest(helpers.SatTestCase):
    def setUp(self):
        self.host = helpers.FakeSAT()

    def test_encrypt_decrypt(self):
        d_list = []

        def test(key, message):
            d = BlockCipher.encrypt(key, message)
            d.addCallback(lambda ciphertext: BlockCipher.decrypt(key, ciphertext))
            d.addCallback(lambda decrypted: self.assertEqual(message, decrypted))
            d_list.append(d)

        for key_len in (0, 2, 8, 10, 16, 24, 30, 32, 40):
            key = get_random_unicode(key_len)
            for message_len in (0, 2, 16, 24, 32, 100):
                message = get_random_unicode(message_len)
                test(key, message)
        return defer.DeferredList(d_list)

    def test_hash_verify(self):
        d_list = []
        for password in (0, 2, 8, 10, 16, 24, 30, 32, 40):
            d = PasswordHasher.hash(password)

            def cb(hashed):
                d1 = PasswordHasher.verify(password, hashed)
                d1.addCallback(lambda result: self.assertTrue(result))
                d_list.append(d1)
                attempt = get_random_unicode(10)
                d2 = PasswordHasher.verify(attempt, hashed)
                d2.addCallback(lambda result: self.assertFalse(result))
                d_list.append(d2)

            d.addCallback(cb)
        return defer.DeferredList(d_list)