nucypher/tests/integration/cli/actions/test_auth_actions.py

"""
 This file is part of nucypher.

 nucypher is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 nucypher is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU Affero General Public License for more details.

 You should have received a copy of the GNU Affero General Public License
 along with nucypher.  If not, see <https://www.gnu.org/licenses/>.
"""

import os
import pytest
from constant_sorrow.constants import NO_PASSWORD
from nacl.exceptions import CryptoError

from nucypher.blockchain.eth.decorators import InvalidChecksumAddress
from nucypher.cli.actions.auth import (
    get_client_password,
    get_nucypher_password,
    get_password_from_prompt,
    unlock_nucypher_keyring
)
from nucypher.cli.literature import (
    COLLECT_ETH_PASSWORD,
    COLLECT_NUCYPHER_PASSWORD,
    DECRYPTING_CHARACTER_KEYRING,
    GENERIC_PASSWORD_PROMPT
)
from nucypher.config.keyring import NucypherKeyring
from nucypher.config.node import CharacterConfiguration
from tests.constants import INSECURE_DEVELOPMENT_PASSWORD


@pytest.mark.parametrize('confirm', (True, False))
def test_get_password_from_prompt_cli_action(mocker, mock_stdin, confirm, capsys):

    # Setup
    mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)
    test_envvar = 'NUCYPHER_TEST_ENVVAR'
    another_password = 'th1s-iS-n0t-secur3'

    mocker.patch.dict(os.environ, {test_envvar: another_password})
    result = get_password_from_prompt(confirm=confirm)
    assert result == INSECURE_DEVELOPMENT_PASSWORD
    assert mock_stdin.empty()
    captured = capsys.readouterr()
    assert GENERIC_PASSWORD_PROMPT in captured.out
    if confirm:
        assert "Repeat for confirmation:" in captured.out

    # From env var
    mocker.patch.dict(os.environ, {test_envvar: another_password})
    result = get_password_from_prompt(confirm=confirm, envvar=test_envvar)
    assert result is not NO_PASSWORD
    assert result != INSECURE_DEVELOPMENT_PASSWORD
    assert result == another_password
    assert mock_stdin.empty()
    captured = capsys.readouterr()
    assert not captured.out
    assert not captured.err


def test_get_client_password_with_invalid_address(mock_stdin):
    # `mock_stdin` used to assert the user was not prompted
    bad_address = '0xdeadbeef'
    with pytest.raises(InvalidChecksumAddress):
        get_client_password(checksum_address=bad_address)


@pytest.mark.parametrize('confirm', (True, False))
def test_get_client_password(mock_stdin, mock_account, confirm, capsys):
    mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)
    result = get_client_password(checksum_address=mock_account.address, confirm=confirm)
    assert result == INSECURE_DEVELOPMENT_PASSWORD
    assert mock_stdin.empty()
    message = COLLECT_ETH_PASSWORD.format(checksum_address=mock_account.address)
    captured = capsys.readouterr()
    assert message in captured.out
    if confirm:
        assert "Repeat for confirmation:" in captured.out


@pytest.mark.parametrize('confirm', (True, False))
def test_get_nucypher_password(mock_stdin, mock_account, confirm, capsys):
    mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)
    result = get_nucypher_password(confirm=confirm)
    assert result == INSECURE_DEVELOPMENT_PASSWORD
    assert mock_stdin.empty()
    captured = capsys.readouterr()
    assert COLLECT_NUCYPHER_PASSWORD in captured.out
    if confirm:
        prompt = COLLECT_NUCYPHER_PASSWORD + f" ({NucypherKeyring.MINIMUM_PASSWORD_LENGTH} character minimum)"
        assert prompt in captured.out


def test_unlock_nucypher_keyring_invalid_password(mocker, test_emitter, alice_blockchain_test_config, capsys):

    # Setup
    keyring_attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')
    mocker.patch.object(NucypherKeyring, 'unlock', side_effect=CryptoError)
    mocker.patch.object(CharacterConfiguration,
                        'dev_mode',
                        return_value=False,
                        new_callable=mocker.PropertyMock)

    # Test
    with pytest.raises(NucypherKeyring.AuthenticationFailed):
        unlock_nucypher_keyring(emitter=test_emitter,
                                password=INSECURE_DEVELOPMENT_PASSWORD+'typo',
                                character_configuration=alice_blockchain_test_config)
    keyring_attach_spy.assert_called_once()

    captured = capsys.readouterr()
    assert DECRYPTING_CHARACTER_KEYRING.format(name='alice') in captured.out


def test_unlock_nucypher_keyring_dev_mode(mocker, test_emitter, capsys, alice_blockchain_test_config):

    # Setup
    unlock_spy = mocker.spy(NucypherKeyring, 'unlock')
    attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')
    mocker.patch.object(CharacterConfiguration,
                        'dev_mode',
                        return_value=True,
                        new_callable=mocker.PropertyMock)
    # Test
    result = unlock_nucypher_keyring(emitter=test_emitter,
                                     password=INSECURE_DEVELOPMENT_PASSWORD,
                                     character_configuration=alice_blockchain_test_config)

    assert result
    output = capsys.readouterr().out
    message = DECRYPTING_CHARACTER_KEYRING.format(name=alice_blockchain_test_config.NAME)
    assert message in output

    unlock_spy.assert_not_called()
    attach_spy.assert_not_called()


def test_unlock_nucypher_keyring(mocker,
                                 test_emitter,
                                 capsys,
                                 alice_blockchain_test_config,
                                 patch_keystore,
                                 tmpdir):

    # Setup
    # Do not test "real" unlocking here, just the plumbing
    unlock_spy = mocker.patch.object(NucypherKeyring, 'unlock', return_value=True)
    attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')
    mocker.patch.object(CharacterConfiguration,
                        'dev_mode',
                        return_value=False,
                        new_callable=mocker.PropertyMock)
    # Test
    result = unlock_nucypher_keyring(emitter=test_emitter,
                                     password=INSECURE_DEVELOPMENT_PASSWORD,
                                     character_configuration=alice_blockchain_test_config)

    assert result
    captured = capsys.readouterr()
    message = DECRYPTING_CHARACTER_KEYRING.format(name=alice_blockchain_test_config.NAME)
    assert message in captured.out

    unlock_spy.assert_called_once_with(password=INSECURE_DEVELOPMENT_PASSWORD)
    attach_spy.assert_called_once()
Update latest files after rebase with nucypher license. 2020-05-22 13:07:41 +00:00			`"""`
			`This file is part of nucypher.`

			`nucypher is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU Affero General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`nucypher is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU Affero General Public License for more details.`

			`You should have received a copy of the GNU Affero General Public License`
			`along with nucypher. If not, see <https://www.gnu.org/licenses/>.`
			`"""`

100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`import os`
			`import pytest`
Test coverage for config file selection (stub) 2020-05-15 18:26:24 +00:00			`from constant_sorrow.constants import NO_PASSWORD`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`from nacl.exceptions import CryptoError`

			`from nucypher.blockchain.eth.decorators import InvalidChecksumAddress`
Test coverage for config file selection (stub) 2020-05-15 18:26:24 +00:00			`from nucypher.cli.actions.auth import (`
			`get_client_password,`
			`get_nucypher_password,`
			`get_password_from_prompt,`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`unlock_nucypher_keyring`
Test coverage for config file selection (stub) 2020-05-15 18:26:24 +00:00			`)`
			`from nucypher.cli.literature import (`
			`COLLECT_ETH_PASSWORD,`
			`COLLECT_NUCYPHER_PASSWORD,`
			`DECRYPTING_CHARACTER_KEYRING,`
			`GENERIC_PASSWORD_PROMPT`
			`)`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`from nucypher.config.keyring import NucypherKeyring`
			`from nucypher.config.node import CharacterConfiguration`
			`from tests.constants import INSECURE_DEVELOPMENT_PASSWORD`


			`@pytest.mark.parametrize('confirm', (True, False))`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`def test_get_password_from_prompt_cli_action(mocker, mock_stdin, confirm, capsys):`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
			`# Setup`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)`
			`test_envvar = 'NUCYPHER_TEST_ENVVAR'`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`another_password = 'th1s-iS-n0t-secur3'`

Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`mocker.patch.dict(os.environ, {test_envvar: another_password})`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`result = get_password_from_prompt(confirm=confirm)`
			`assert result == INSECURE_DEVELOPMENT_PASSWORD`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`assert mock_stdin.empty()`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
			`assert GENERIC_PASSWORD_PROMPT in captured.out`
			`if confirm:`
			`assert "Repeat for confirmation:" in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
			`# From env var`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`mocker.patch.dict(os.environ, {test_envvar: another_password})`
			`result = get_password_from_prompt(confirm=confirm, envvar=test_envvar)`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`assert result is not NO_PASSWORD`
			`assert result != INSECURE_DEVELOPMENT_PASSWORD`
			`assert result == another_password`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`assert mock_stdin.empty()`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
			`assert not captured.out`
			`assert not captured.err`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00

Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`def test_get_client_password_with_invalid_address(mock_stdin):`
			# `mock_stdin` used to assert the user was not prompted
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`bad_address = '0xdeadbeef'`
			`with pytest.raises(InvalidChecksumAddress):`
			`get_client_password(checksum_address=bad_address)`


			`@pytest.mark.parametrize('confirm', (True, False))`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`def test_get_client_password(mock_stdin, mock_account, confirm, capsys):`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`result = get_client_password(checksum_address=mock_account.address, confirm=confirm)`
			`assert result == INSECURE_DEVELOPMENT_PASSWORD`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`assert mock_stdin.empty()`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`message = COLLECT_ETH_PASSWORD.format(checksum_address=mock_account.address)`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
			`assert message in captured.out`
			`if confirm:`
			`assert "Repeat for confirmation:" in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00

			`@pytest.mark.parametrize('confirm', (True, False))`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`def test_get_nucypher_password(mock_stdin, mock_account, confirm, capsys):`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`mock_stdin.password(INSECURE_DEVELOPMENT_PASSWORD, confirm=confirm)`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`result = get_nucypher_password(confirm=confirm)`
			`assert result == INSECURE_DEVELOPMENT_PASSWORD`
Replace mocking click.prompt() and click.confirm() with mocking stdin/getpass. 2020-05-24 20:23:49 +00:00			`assert mock_stdin.empty()`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
			`assert COLLECT_NUCYPHER_PASSWORD in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`if confirm:`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`prompt = COLLECT_NUCYPHER_PASSWORD + f" ({NucypherKeyring.MINIMUM_PASSWORD_LENGTH} character minimum)"`
			`assert prompt in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00

Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`def test_unlock_nucypher_keyring_invalid_password(mocker, test_emitter, alice_blockchain_test_config, capsys):`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
			`# Setup`
			`keyring_attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')`
			`mocker.patch.object(NucypherKeyring, 'unlock', side_effect=CryptoError)`
			`mocker.patch.object(CharacterConfiguration,`
			`'dev_mode',`
			`return_value=False,`
			`new_callable=mocker.PropertyMock)`

			`# Test`
			`with pytest.raises(NucypherKeyring.AuthenticationFailed):`
			`unlock_nucypher_keyring(emitter=test_emitter,`
			`password=INSECURE_DEVELOPMENT_PASSWORD+'typo',`
			`character_configuration=alice_blockchain_test_config)`
			`keyring_attach_spy.assert_called_once()`

Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
			`assert DECRYPTING_CHARACTER_KEYRING.format(name='alice') in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00
			`def test_unlock_nucypher_keyring_dev_mode(mocker, test_emitter, capsys, alice_blockchain_test_config):`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
			`# Setup`
			`unlock_spy = mocker.spy(NucypherKeyring, 'unlock')`
			`attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')`
			`mocker.patch.object(CharacterConfiguration,`
			`'dev_mode',`
			`return_value=True,`
			`new_callable=mocker.PropertyMock)`
			`# Test`
			`result = unlock_nucypher_keyring(emitter=test_emitter,`
			`password=INSECURE_DEVELOPMENT_PASSWORD,`
			`character_configuration=alice_blockchain_test_config)`

			`assert result`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`output = capsys.readouterr().out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`message = DECRYPTING_CHARACTER_KEYRING.format(name=alice_blockchain_test_config.NAME)`
			`assert message in output`

			`unlock_spy.assert_not_called()`
			`attach_spy.assert_not_called()`


			`def test_unlock_nucypher_keyring(mocker,`
			`test_emitter,`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`capsys,`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`alice_blockchain_test_config,`
			`patch_keystore,`
			`tmpdir):`

			`# Setup`
			`# Do not test "real" unlocking here, just the plumbing`
Code cleanup. Fix typo in test 2020-06-03 00:57:34 +00:00			`unlock_spy = mocker.patch.object(NucypherKeyring, 'unlock', return_value=True)`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`attach_spy = mocker.spy(CharacterConfiguration, 'attach_keyring')`
			`mocker.patch.object(CharacterConfiguration,`
			`'dev_mode',`
			`return_value=False,`
			`new_callable=mocker.PropertyMock)`
			`# Test`
			`result = unlock_nucypher_keyring(emitter=test_emitter,`
			`password=INSECURE_DEVELOPMENT_PASSWORD,`
			`character_configuration=alice_blockchain_test_config)`

			`assert result`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`captured = capsys.readouterr()`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00			`message = DECRYPTING_CHARACTER_KEYRING.format(name=alice_blockchain_test_config.NAME)`
Use `capsys` instead of `stdout_trap` 2020-05-24 19:35:07 +00:00			`assert message in captured.out`
100% test coverage for CLI auth actions 2020-05-15 05:57:05 +00:00
			`unlock_spy.assert_called_once_with(password=INSECURE_DEVELOPMENT_PASSWORD)`
			`attach_spy.assert_called_once()`