Codebase list python-faraday / 11faeb4
Refresh patches Sophie Brun 3 years ago
7 changed file(s) with 15 addition(s) and 283 deletion(s). Raw diff Collapse all Expand all
+4
-4
debian/patches/Fix-for-pytest-6.patch less more
99 1 file changed, 1 insertion(+), 1 deletion(-)
1010
1111 diff --git a/tests/test_api_preferences.py b/tests/test_api_preferences.py
12 index 4fb4654..3158911 100644
12 index 5662466..3edcfe3 100644
1313 --- a/tests/test_api_preferences.py
1414 +++ b/tests/test_api_preferences.py
15 @@ -5,7 +5,7 @@ from tests.factories import UserFactory
16 from faraday.server.models import User
17 from faraday.server.api.modules.preferences import PreferencesView
15 @@ -7,7 +7,7 @@ from faraday.server.api.modules.preferences import PreferencesView
16 from tests.utils.url import v2_to_v3
17
1818
1919 -pytest.fixture('logged_user')
2020 +pytest.fixture(params=['logged_user'])
+1
-244
debian/patches/Remove-failing-tests.patch less more
22 Subject: Remove failing tests
33
44 ---
5 tests/test_api_login.py | 235 ----------
65 tests/test_searcher.py | 880 -------------------------------------
76 tests/test_server_utils_filters.py | 249 -----------
8 3 files changed, 1364 deletions(-)
9 delete mode 100644 tests/test_api_login.py
7 2 files changed, 1129 deletions(-)
108 delete mode 100644 tests/test_searcher.py
119 delete mode 100644 tests/test_server_utils_filters.py
1210
13 diff --git a/tests/test_api_login.py b/tests/test_api_login.py
14 deleted file mode 100644
15 index 3e8a519..0000000
16 --- a/tests/test_api_login.py
17 +++ /dev/null
18 @@ -1,235 +0,0 @@
19 -
20 -import pytest
21 -from flask_security.utils import hash_password
22 -from itsdangerous import TimedJSONWebSignatureSerializer
23 -
24 -from faraday.server.models import User
25 -from faraday.server.web import app
26 -from tests import factories
27 -from tests.conftest import logged_user, login_as
28 -
29 -
30 -class TestLogin:
31 - def test_case_bug_with_username(self, test_client, session):
32 - """
33 - When the user case does not match the one in database,
34 - the form is valid but no record was found in the database.
35 - """
36 -
37 - susan = factories.UserFactory.create(
38 - active=True,
39 - username='Susan',
40 - password=hash_password('pepito'),
41 - role='pentester')
42 - session.add(susan)
43 - session.commit()
44 - # we use lower case username, but in db is Capitalized
45 - login_payload = {
46 - 'email': 'susan',
47 - 'password': 'pepito',
48 - }
49 - res = test_client.post('/login', data=login_payload)
50 - assert res.status_code == 200
51 - assert 'authentication_token' in res.json['response']['user']
52 -
53 - def test_case_ws_with_valid_authentication_token(self, test_client, session):
54 - """
55 - Use of a valid auth token
56 - """
57 -
58 - alice = factories.UserFactory.create(
59 - active=True,
60 - username='alice',
61 - password=hash_password('passguord'),
62 - role='pentester')
63 - session.add(alice)
64 - session.commit()
65 -
66 - ws = factories.WorkspaceFactory.create(name='wonderland')
67 - session.add(ws)
68 - session.commit()
69 -
70 - login_payload = {
71 - 'email': 'alice',
72 - 'password': 'passguord',
73 - }
74 - res = test_client.post('/login', data=login_payload)
75 - assert res.status_code == 200
76 - assert 'authentication_token' in res.json['response']['user']
77 -
78 - headers = {'Authentication-Token': res.json['response']['user']['authentication_token']}
79 -
80 - ws = test_client.get('/v2/ws/wonderland/', headers=headers)
81 - assert ws.status_code == 200
82 -
83 - def test_case_ws_with_invalid_authentication_token(self, test_client, session):
84 - """
85 - Use of an invalid auth token
86 - """
87 - # clean cookies make sure test_client has no session
88 - test_client.cookie_jar.clear()
89 - secret_key = app.config['SECRET_KEY']
90 - alice = factories.UserFactory.create(
91 - active=True,
92 - username='alice',
93 - password=hash_password('passguord'),
94 - role='pentester')
95 - session.add(alice)
96 - session.commit()
97 -
98 - ws = factories.WorkspaceFactory.create(name='wonderland')
99 - session.add(ws)
100 - session.commit()
101 -
102 - serializer = TimedJSONWebSignatureSerializer(app.config['SECRET_KEY'], expires_in=500, salt="token")
103 - token = serializer.dumps({ 'user_id': alice.id})
104 -
105 - headers = {'Authorization': b'Token ' + token}
106 -
107 - ws = test_client.get('/v2/ws/wonderland/', headers=headers)
108 - assert ws.status_code == 401
109 -
110 - @pytest.mark.usefixtures('logged_user')
111 - def test_retrieve_token_from_api_and_use_it(self, test_client, session):
112 - res = test_client.get('/v2/token/')
113 - cookies = [cookie.name for cookie in test_client.cookie_jar]
114 - assert "faraday_session_2" in cookies
115 - assert res.status_code == 200
116 -
117 - headers = {'Authorization': 'Token ' + res.json}
118 - ws = factories.WorkspaceFactory.create(name='wonderland')
119 - session.add(ws)
120 - session.commit()
121 - # clean cookies make sure test_client has no session
122 - test_client.cookie_jar.clear()
123 - res = test_client.get('/v2/ws/wonderland/', headers=headers)
124 - assert res.status_code == 200
125 - assert 'Set-Cookie' not in res.headers
126 - cookies = [cookie.name for cookie in test_client.cookie_jar]
127 - assert "faraday_session_2" not in cookies
128 -
129 -
130 - def test_cant_retrieve_token_unauthenticated(self, test_client):
131 - # clean cookies make sure test_client has no session
132 - test_client.cookie_jar.clear()
133 - res = test_client.get('/v2/token/')
134 -
135 - assert res.status_code == 401
136 -
137 - @pytest.mark.usefixtures('logged_user')
138 - def test_token_expires_after_password_change(self, test_client, session):
139 - user = User.query.filter_by(username="test").first()
140 - res = test_client.get('/v2/token/')
141 -
142 - assert res.status_code == 200
143 -
144 - headers = {'Authorization': 'Token ' + res.json}
145 -
146 - if user:
147 - user.password = 'SECRET_VERY_SECRET_PASSWORD_TEST'
148 - session.add(user)
149 - session.commit()
150 -
151 - # clean cookies make sure test_client has no session
152 - test_client.cookie_jar.clear()
153 - res = test_client.get('/v2/ws/', headers=headers)
154 - assert res.status_code == 401
155 -
156 - def test_null_caracters(self, test_client, session):
157 - """
158 - Use of a valid auth token
159 - """
160 -
161 - alice = factories.UserFactory.create(
162 - active=True,
163 - username='asdasd',
164 - password=hash_password('asdasd'),
165 - role='pentester')
166 - session.add(alice)
167 - session.commit()
168 -
169 - ws = factories.WorkspaceFactory.create(name='wonderland')
170 - session.add(ws)
171 - session.commit()
172 -
173 - login_payload = {
174 - 'email': "\x00asd\00asd\0",
175 - 'password': "\x00asd\00asd\0",
176 - }
177 - res = test_client.post('/login', data=login_payload)
178 - # import ipdb; ipdb.set_trace()
179 - assert res.status_code == 200
180 - assert 'authentication_token' in res.json['response']['user']
181 -
182 - headers = {'Authentication-Token': res.json['response']['user']['authentication_token']}
183 -
184 - ws = test_client.get('/v2/ws/wonderland/', headers=headers)
185 - assert ws.status_code == 200
186 -
187 - def test_login_remember_me(self, test_client, session):
188 - """
189 - When the remember me option is true, flask stores a remember_token
190 - """
191 - test_client.cookie_jar.clear()
192 - susan = factories.UserFactory.create(
193 - active=True,
194 - username='susan',
195 - password=hash_password('pepito'),
196 - role='pentester')
197 - session.add(susan)
198 - session.commit()
199 -
200 - login_payload = {
201 - 'email': 'susan',
202 - 'password': 'pepito',
203 - 'remember': True
204 - }
205 - res = test_client.post('/login', data=login_payload)
206 - assert res.status_code == 200
207 - cookies = [cookie.name for cookie in test_client.cookie_jar]
208 - assert "remember_token" in cookies
209 -
210 - def test_login_not_remember_me(self, test_client, session):
211 - """
212 - When the remember me option is false, flask dont stores a remember_token
213 - """
214 -
215 - test_client.cookie_jar.clear()
216 - susan = factories.UserFactory.create(
217 - active=True,
218 - username='susan',
219 - password=hash_password('pepito'),
220 - role='pentester')
221 - session.add(susan)
222 - session.commit()
223 - login_payload = {
224 - 'email': 'susan',
225 - 'password': 'pepito',
226 - 'remember': False
227 - }
228 - res = test_client.post('/login', data=login_payload)
229 - assert res.status_code == 200
230 - cookies = [cookie.name for cookie in test_client.cookie_jar]
231 - assert "remember_token" not in cookies
232 -
233 - def test_login_without_remember_me(self, test_client, session):
234 - """
235 - When the remember me option is missing, flask dont stores a remember_token
236 - """
237 -
238 - test_client.cookie_jar.clear()
239 - susan = factories.UserFactory.create(
240 - active=True,
241 - username='susan',
242 - password=hash_password('pepito'),
243 - role='pentester')
244 - session.add(susan)
245 - session.commit()
246 - login_payload = {
247 - 'email': 'susan',
248 - 'password': 'pepito'
249 - }
250 - res = test_client.post('/login', data=login_payload)
251 - assert res.status_code == 200
252 - cookies = [cookie.name for cookie in test_client.cookie_jar]
253 - assert "remember_token" not in cookies
25411 diff --git a/tests/test_searcher.py b/tests/test_searcher.py
25512 deleted file mode 100644
25613 index 44ef49d..0000000
+7
-6
debian/patches/Use-local-flask-security.patch less more
2525
2626 CONTEXT_SETTINGS = dict(help_option_names=['-h', '--help'])
2727 diff --git a/faraday/server/api/modules/token.py b/faraday/server/api/modules/token.py
28 index fe8e224..4ffd763 100644
28 index ede88ed..30949da 100644
2929 --- a/faraday/server/api/modules/token.py
3030 +++ b/faraday/server/api/modules/token.py
31 @@ -1,6 +1,6 @@
31 @@ -3,7 +3,7 @@ import logging
32
3233 from itsdangerous import TimedJSONWebSignatureSerializer
33 from flask import Blueprint, g
34 from flask import Blueprint, g, request
3435 -from flask_security.utils import hash_data
3536 +from faraday.flask_security.utils import hash_data
3637 from flask import current_app as app
37
38 from marshmallow import Schema
3839
3940 diff --git a/faraday/server/app.py b/faraday/server/app.py
40 index 6ff58f3..697416a 100644
41 index 0c83924..645bc4b 100644
4142 --- a/faraday/server/app.py
4243 +++ b/faraday/server/app.py
4344 @@ -17,12 +17,12 @@ import flask
8990 from colorama import init
9091 from colorama import Fore
9192 diff --git a/faraday/server/models.py b/faraday/server/models.py
92 index 40dbe44..e3ad6ab 100644
93 index 2275a36..b15f8eb 100644
9394 --- a/faraday/server/models.py
9495 +++ b/faraday/server/models.py
9596 @@ -46,7 +46,7 @@ from flask_sqlalchemy import (
+0
-25
debian/patches/fix-flask-security-requirement.patch less more
0 From: Sophie Brun <[email protected]>
1 Date: Wed, 6 Jan 2021 10:00:27 +0100
2 Subject: Fix Flask-Security requirement
3
4 Last-Update: 2021-01-06
5
6 Requirement is Flask-Security but it's not found by pkg_resources. The
7 package is really flask_security.
8 ---
9 requirements.txt | 2 +-
10 1 file changed, 1 insertion(+), 1 deletion(-)
11
12 diff --git a/requirements.txt b/requirements.txt
13 index 467e7cd..3225c97 100644
14 --- a/requirements.txt
15 +++ b/requirements.txt
16 @@ -10,7 +10,7 @@ flask-classful>=0.14
17 email_validator
18 WTForms>=2.1
19 flask-login>=0.5.0
20 -Flask-Security>=3.0.0
21 +flask_security>=3.0.0
22 marshmallow>=3.0.0
23 Pillow>=4.2.1
24 psycopg2
+0
-1
debian/patches/series less more
11 use-pgcli-debian-package.patch
22 use-packaged-filteralchemy.patch
33 Remove-failing-tests.patch
4 fix-flask-security-requirement.patch
54 Use-local-flask-security.patch
65 Fix-for-pytest-6.patch
+1
-1
debian/patches/use-packaged-filteralchemy.patch less more
1414 1 file changed, 1 insertion(+), 1 deletion(-)
1515
1616 diff --git a/requirements.txt b/requirements.txt
17 index 05bc27d..467e7cd 100644
17 index 92e4e4e..4255c78 100644
1818 --- a/requirements.txt
1919 +++ b/requirements.txt
2020 @@ -25,7 +25,7 @@ tqdm>=4.15.0
+2
-2
debian/patches/use-pgcli-debian-package.patch less more
2727 import requests
2828 import alembic.command
2929 diff --git a/requirements.txt b/requirements.txt
30 index 93eeebe..05bc27d 100644
30 index e647509..92e4e4e 100644
3131 --- a/requirements.txt
3232 +++ b/requirements.txt
33 @@ -14,7 +14,7 @@ Flask-Security>=3.0.0
33 @@ -14,7 +14,7 @@ Flask-Security-Too>=3.4.4,<4.0.0
3434 marshmallow>=3.0.0
3535 Pillow>=4.2.1
3636 psycopg2