diff --git a/Pipfile b/Pipfile index fe61303a..d3e81050 100644 --- a/Pipfile +++ b/Pipfile @@ -40,6 +40,7 @@ pytest-cov = "*" selenium = "*" honcho = "*" blinker = "*" +pytest-mock = "*" [requires] python_version = "3.6.6" diff --git a/Pipfile.lock b/Pipfile.lock index b69b40cf..cd2fa084 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "03d5c2a739febe9a3c10d599ad5825ef603130098ecd73ce9833310d1eaed253" + "sha256": "975303153664e6936b5118686cb7056e8135e7c8184b7c0c029fa120c9e0b67e" }, "pipfile-spec": 6, "requires": { @@ -95,10 +95,10 @@ }, "croniter": { "hashes": [ - "sha256:5389776e54a5e285d0c8e7b9a7e139a4d590f96f32958b0822d6d1b2faa12c0d", - "sha256:fbd72189a0ff38c27e953d15175c5fedafb953479559240a1afcf8e8e7523757" + "sha256:79a5eeaa10a7d5fb9bdae54211b8c1d306e0ed481fa970934bf3197940650d6f", + "sha256:c31adf6a9b0b1981d362538bfa57769acaade1d62f80c264f402ce1f8d1210b4" ], - "version": "==0.3.27" + "version": "==0.3.28" }, "cryptography": { "hashes": [ @@ -210,9 +210,9 @@ }, "mako": { "hashes": [ - "sha256:4e02fde57bd4abb5ec400181e4c314f56ac3e49ba4fb8b0d50bba18cb27d25ae" + "sha256:04092940c0df49b01f43daea4f5adcecd0e50ef6a4b222be5ac003d5d84b2843" ], - "version": "==1.0.7" + "version": "==1.0.8" }, "markupsafe": { "hashes": [ @@ -334,11 +334,11 @@ }, "redis": { "hashes": [ - "sha256:724932360d48e5407e8f82e405ab3650a36ed02c7e460d1e6fddf0f038422b54", - "sha256:9b19425a38fd074eb5795ff2b0d9a55b46a44f91f5347995f27e3ad257a7d775" + "sha256:6946b5dca72e86103edc8033019cc3814c031232d339d5f4533b02ea85685175", + "sha256:8ca418d2ddca1b1a850afa1680a7d2fd1f3322739271de4b704e0d4668449273" ], "index": "pypi", - "version": "==3.2.0" + "version": "==3.2.1" }, "requests": { "hashes": [ @@ -418,10 +418,10 @@ }, "werkzeug": { "hashes": [ - "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c", - "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b" + "sha256:590abe38f8be026d78457fe3b5200895b3543e58ac3fc1dd792c6333ea11af64", + "sha256:ee11b0f0640c56fb491b43b38356c4b588b3202b415a1e03eacf1c5561c961cf" ], - "version": "==0.14.1" + "version": "==0.15.0" }, "wtforms": { "hashes": [ @@ -492,11 +492,11 @@ }, "black": { "hashes": [ - "sha256:817243426042db1d36617910df579a54f1afd659adb96fc5032fcf4b36209739", - "sha256:e030a9a28f542debc08acceb273f228ac422798e5215ba2a791a6ddeaaca22a5" + "sha256:09a9dcb7c46ed496a9850b76e4e825d6049ecd38b611f1224857a79bd985a8cf", + "sha256:68950ffd4d9169716bcb8719a56c07a2f4485354fec061cdd5910aa07369731c" ], "index": "pypi", - "version": "==18.9b0" + "version": "==19.3b0" }, "blinker": { "hashes": [ @@ -555,10 +555,10 @@ }, "decorator": { "hashes": [ - "sha256:33cd704aea07b4c28b3eb2c97d288a06918275dac0ecebdaf1bc8a48d98adb9e", - "sha256:cabb249f4710888a2fc0e13e9a16c343d932033718ff62e1e9bc93a9d3a9122b" + "sha256:86156361c50488b84a3f148056ea716ca587df2f0de1d34750d35c21312725de", + "sha256:f069f3a01830ca754ba5258fde2278454a0b5b79e0d7f5c13b3b97e57d4acff6" ], - "version": "==4.3.2" + "version": "==4.4.0" }, "docopt": { "hashes": [ @@ -576,10 +576,10 @@ }, "faker": { "hashes": [ - "sha256:16342dca4d92bfc83bab6a7daf6650e0ab087605a66bc38f17523fdb01757910", - "sha256:d871ea315b2dcba9138b8344f2c131a76ac62d6227ca39f69b0c889fec97376c" + "sha256:00b7011757c4907546f17d0e47df098b542ea2b04c966ee0e80a493aae2c13c8", + "sha256:745ac8b9c9526e338696e07b7f2e206e5e317e5744e22fdd7c2894bf19af41f1" ], - "version": "==1.0.2" + "version": "==1.0.4" }, "flask": { "hashes": [ @@ -613,10 +613,10 @@ }, "ipdb": { "hashes": [ - "sha256:7081c65ed7bfe7737f83fa4213ca8afd9617b42ff6b3f1daf9a3419839a2a00a" + "sha256:dce2112557edfe759742ca2d0fee35c59c97b0cc7a05398b791079d78f1519ce" ], "index": "pypi", - "version": "==0.11" + "version": "==0.12" }, "ipython": { "hashes": [ @@ -852,6 +852,14 @@ "index": "pypi", "version": "==0.14.0" }, + "pytest-mock": { + "hashes": [ + "sha256:4d0d06d173eecf172703219a71dbd4ade0e13904e6bbce1ce660e2e0dc78b5c4", + "sha256:bfdf02789e3d197bd682a758cae0a4a18706566395fbe2803badcd1335e0173e" + ], + "index": "pypi", + "version": "==1.10.1" + }, "pytest-watch": { "hashes": [ "sha256:06136f03d5b361718b8d0d234042f7b2f203910d8568f63df2f866b547b3d4b9" @@ -868,19 +876,19 @@ }, "pyyaml": { "hashes": [ - "sha256:544a0050e76e9b60751c58617fa28c253ad5d23af2e5f0b1c250390bf90bb0df", - "sha256:594bf80477a58b6fd53e8b3f24ccf965c25eeeb6e05e4b1fb18c82c2d2090603", - "sha256:75e20ca689d0a2bf0c84f0e2028cc68ebef34b213fa66d73c410c53f870c49f4", - "sha256:994da68a1dc1050f290f8017f044172360b608c0f2562b47645ecc69d7a61c0a", - "sha256:ad902e00088c50bdced94a57b819c24fdadaeaed5494df7a9a67d63774f210fd", - "sha256:b11aff75875ffc73541c4e4b1ac2f5e21717c1fc4396238943b9a44d962e74e1", - "sha256:bc733b5a9047c3e4848c0e80eeacfa6a799139242606410260c5450d665ea58c", - "sha256:d960c68931b96bb215f385baa8ef867b8ebac66af60fa06cc1008f963848c7ad", - "sha256:dd461c04e6a91e4eef7d5b75c1fc1c7013d3f8d354033b16526baadddd524079", - "sha256:e4d6b5d6218a06f3141189d75c93876dd525a6d15f1b00ef4f274726c93719f1", - "sha256:f3c386fa12415bde8a0162745c4badf98fe171c6dfd67e54831f05ec88feeebb" + "sha256:1adecc22f88d38052fb787d959f003811ca858b799590a5eaa70e63dca50308c", + "sha256:436bc774ecf7c103814098159fbb84c2715d25980175292c648f2da143909f95", + "sha256:460a5a4248763f6f37ea225d19d5c205677d8d525f6a83357ca622ed541830c2", + "sha256:5a22a9c84653debfbf198d02fe592c176ea548cccce47553f35f466e15cf2fd4", + "sha256:7a5d3f26b89d688db27822343dfa25c599627bc92093e788956372285c6298ad", + "sha256:9372b04a02080752d9e6f990179a4ab840227c6e2ce15b95e1278456664cf2ba", + "sha256:a5dcbebee834eaddf3fa7366316b880ff4062e4bcc9787b78c7fbb4a26ff2dd1", + "sha256:aee5bab92a176e7cd034e57f46e9df9a9862a71f8f37cad167c6fc74c65f5b4e", + "sha256:c51f642898c0bacd335fc119da60baae0824f2cde95b0330b56c0553439f0673", + "sha256:c68ea4d3ba1705da1e0d85da6684ac657912679a649e8868bd850d2c299cce13", + "sha256:e23d0cc5299223dcc37885dae624f382297717e459ea24053709675a976a3e19" ], - "version": "==5.1b5" + "version": "==5.1" }, "selenium": { "hashes": [ @@ -979,10 +987,10 @@ }, "werkzeug": { "hashes": [ - "sha256:c3fd7a7d41976d9f44db327260e263132466836cef6f91512889ed60ad26557c", - "sha256:d5da73735293558eb1651ee2fddc4d0dedcfa06538b8813a2e20011583c9e49b" + "sha256:590abe38f8be026d78457fe3b5200895b3543e58ac3fc1dd792c6333ea11af64", + "sha256:ee11b0f0640c56fb491b43b38356c4b588b3202b415a1e03eacf1c5561c961cf" ], - "version": "==0.14.1" + "version": "==0.15.0" }, "wrapt": { "hashes": [ diff --git a/atst/domain/auth.py b/atst/domain/auth.py index c4be2eea..8be8429f 100644 --- a/atst/domain/auth.py +++ b/atst/domain/auth.py @@ -52,7 +52,7 @@ def get_current_user(): def logout(): if session.get("user_id"): # pragma: no branch - del (session["user_id"]) + del session["user_id"] def _unprotected_route(request): diff --git a/tests/utils/test_pdf_verification.py b/tests/utils/test_pdf_verification.py index a42a4ffd..10e5731d 100644 --- a/tests/utils/test_pdf_verification.py +++ b/tests/utils/test_pdf_verification.py @@ -1,4 +1,6 @@ import pytest + +import cryptography from atst.domain.authnid.crl import CRLCache, CRLRevocationException from atst.utils.pdf_verification import pdf_signature_validations @@ -90,6 +92,35 @@ def test_signed_pdf_thats_been_modified(crl_check): } +def test_signed_pdf_that_has_invalid_signature(mocker): + def mock_crl_check(_): + return True + + mocker.patch.object( + cryptography.hazmat.backends.openssl.rsa._RSAPublicKey, "verify", Exception() + ) + + valid_signed_pdf = open("tests/fixtures/signed-pdf-not-dod.pdf", "rb").read() + result = pdf_signature_validations(pdf=valid_signed_pdf, crl_check=mock_crl_check) + + assert result == { + "result": False, + "signature_count": 1, + "signatures": [ + { + "cert_common_name": "John B Harris", + "hashed_binary_data": "3f0047e6cb5b9bb089254b20d174445c3ba4f513", + "hashing_algorithm": "sha1", + "is_valid": False, + "is_valid_cert": True, + "is_valid_hash": True, + "is_valid_signature": False, + "signers_serial": 514, + } + ], + } + + @pytest.mark.skip(reason="Need fixture file") def test_signed_pdf_dod_revoked(crl_check): signed_pdf_dod_revoked = open(