-
Notifications
You must be signed in to change notification settings - Fork 427
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use key derivation to provide secret keys
Rather than asking people deploying h to provide new secret keys for every distinct use of a secret in the application, use an HMAC-based key derivation to generate these keys. This simplifies deployment, and provides stronger guarantees of security in the face of lazy configurations (such as setting all secrets the same). Capability URLs generated previously by the `h.notification` package will continue to work as of this change due to a fallback option when deserializing tokens. However, it is important to note that setting up such a fallback for the session secrets is infeasible, and so all current sessions will be invalidated by the deployment of this change. Lastly, this change ensures that in the event of a misconfiguration where a secret key is not provided, the application will issue a warning and generate a transient key (from the OS PRNG).
- Loading branch information
1 parent
3aee2cc
commit d523856
Showing
10 changed files
with
130 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,49 @@ | ||
# -*- coding: utf-8 -*- | ||
from mock import call, patch | ||
from mock import patch | ||
|
||
from h import app, config | ||
|
||
|
||
@patch('h.config.settings_from_environment') | ||
@patch('h.app.create_app') | ||
def test_global_config_precence(create_app, settings_from_environment): | ||
base_config = { | ||
def test_global_settings_precedence(create_app, settings_from_environment): | ||
base_settings = { | ||
'foo': 'bar', | ||
} | ||
env_config = { | ||
env_settings = { | ||
'foo': 'override', | ||
'booz': 'baz', | ||
} | ||
global_config = { | ||
'booz': 'override', | ||
} | ||
expected_config = { | ||
'foo': 'override', | ||
global_settings = { | ||
'booz': 'override', | ||
} | ||
|
||
settings_from_environment.return_value = env_config | ||
app.main(global_config, **base_config) | ||
settings_from_environment.return_value = env_settings | ||
app.main(global_settings, **base_settings) | ||
assert config.settings_from_environment.call_count == 1 | ||
assert app.create_app.mock_calls == [call(expected_config)] | ||
|
||
args, kwargs = app.create_app.call_args | ||
result = args[0] | ||
assert result['foo'] == 'override' | ||
assert result['booz'] == 'override' | ||
|
||
|
||
def test_missing_secrets_generates_secret_key(): | ||
result = app.missing_secrets({}) | ||
|
||
assert 'secret_key' in result | ||
assert 'redis.sessions.secret' in result | ||
|
||
|
||
def test_missing_secrets_doesnt_override_secret_key(): | ||
result = app.missing_secrets({'secret_key': 'foo'}) | ||
|
||
assert 'secret_key' not in result | ||
assert 'redis.sessions.secret' in result | ||
|
||
|
||
def test_missing_secrets_doesnt_override_redis_sesssions_secret(): | ||
result = app.missing_secrets({'redis.sessions.secret': 'foo'}) | ||
|
||
assert 'secret_key' in result | ||
assert 'redis.sessions.secret' not in result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters