<a href="https://colab.research.google.com/github/Jaciss/jai/blob/main/notebooks/encrypted_config.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Feature
Provides configuration `c:dict` and functions to store, access, and use tokens, email addresses, and other semi-sensitive data that should not be in plain-text via passphrase-encrypted strings.


## Problem:

Notebooks:

- are highly portable and may be run by anyone in a variety of environments, including offline
- may need outside resources, some of which require tokens or passphrases to access
- are often one-off works and should not require more than a couple of lines to establish an environment
- may require different passphrases for various granular-access tokens depending on the user
- are high-risk exposure points for sensitive data as they're commonly shared and stored in repositories
- are often used by people who are not primarily programmers and cannot be expected to understand and trust complex security setups

## Constraints:

The feature shall:

- [x] never store secured data in plain-text
- [x] never display secured data without code modifications
- [x] only require the notebook for configuration creation, modification, and use
- [x] generate a stand-alone Python file less than 14 kB in size ([slightly-better-than-random number](https://www.tunetheweb.com/blog/critical-resources-and-the-first-14kb/))
- [x] only contain data safe for storage on public servers (*see Drawbacks below)
- [x] be uploadable using its own functions
- [x] not require ipython to execute (python file only)
- [x] not require third-party files or systems (python file only)
- [x] be easy to understand; McCabe cyclomatic complexity on functions <= 10 and overall <=5
- [x] have easily replaced auth functions (e.g., get/set passphrase or data)
- [x] make data access via other systems easy if the user has proper credentials
- [x] only require a single line of code to use in notebooks

## Solution:
Use `json.dumps(dictionary)` and the commonly-installed `openssl` AES 256 bit encryption with a passphrase (and salt) to create a commit-safe string containing sensitive configuration data. Notebook generates epc.py to hold the string and necessary functions to create, upload, use, and edit it. Notebook provides a convenience `do_setup()` function that will setup `c`onfig and download specified resources with a single line. See Usage section below.

**Example**

This would ask for a passphrase to decrypt 'jai' and, in this case, download the private repo described in it from GitHub. If 'jai' did not exist the user would be asked if they wanted to create it. If they created a dict with FTP data epc could download from FTP instead of GitHub.
```python
import epc
c = epc.do_setup({'resources':{'jai':{}},'use_google_drive':False})
```
Sensitive data is encrypted or automatically redacted, so printing `c` is safe:
```
{'log_level': 10,
 'timezone': 'America/Anchorage',
 'use_google_drive': False,
 'epc': 'U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==',
 'resources': {'jai': {}},
 'setup_commands': ['git clone --progress https://Jaciss:<REDACTED>@github.com/Jaciss/jai.git'],
 'active_project': 'jai',
 'projects_dir': '/content/',
 'project_path': '/content/jai/',
 'nb_dir': '/content/jai/notebooks/'}
```

## Drawbacks:
- While the solution is portable it is also unique and may require scripting to use the generated strings in other systems. *Mitigation*: decryption only requires commonly-installed `openssl` and `gzip`, the passphrase, and a single line of code. Decrypted strings are common JSON.
- Storing the encrypted strings on public servers is currently safe but AES 256 will, like all encryption methods, presumably be breakable in some distant future. *Mitigation*: practice security hygeine by keeping the two `openssl` lines using modern methods, and/or regularly change passwords and use tokens with expiration dates and/or only store `epc.py` or the encrypted string in a secure location.
- The generated python file edits itself when the configuration is updated but does not keep backups. Data loss is possible. *Mitigation*: make secure backups.
- This was written by someone who is *not* a security expert and intended for easily-managed tokens not truly sensitive data. *Mitigation*: get it approved for your use-case by your security expert.
- With any system like this data must be decrypted to be used and that can happen on third-party servers like Colab: you cannot control what happens on third-party servers.

## Previous Attempts:
I tried keyrings, standard *nix `pass`, GPG/PGP, SSH keys, and considered online auth service options. None of these met all constraints or were found unreliable across systems, being designed for tty or GUI and not Jupyter notebooks.

# Imports

In [None]:
'''basic dict-based config with optional encrypted string for sensitive data'''
import os
import time
import json
import logging
import subprocess
from json.decoder import JSONDecodeError
from getpass import getpass
from google.colab import drive

def get_logger(logger_name:str, logger_level:int=logging.DEBUG):
  '''named loggers for notebooks'''
  glogger = logging.getLogger(logger_name)
  glogger.setLevel(logger_level)
  glogger.propagate = False # no double messages
  if len(glogger.handlers)==0:
    glogger.addHandler(logging.StreamHandler())
    glogger.handlers[0].setFormatter(logging.Formatter(
        '%(asctime)s %(name)s %(levelname)-8s %(message)s',
        '%Y-%m-%d %H:%M:%S'
    ))
  return glogger
logger = get_logger('epc')

# Notebook Defines

The concept is simple but powerful. Encrypt dictionaries containing any number of fields required for a purpose. The dictionary can be decrypted and applied to a template and the resulting string used to generate a command or use a service or function. Additional arguments can be added for specific use of general resources, e.g., a generic FTP server and specific files. Since `gzip` is used on the strings, **multiple dictionaries with the same data don't add much to the string size: focus on usability**.

Lambda is probably overkill. I don't know Python very well yet and it is useful to be able to use functions in the templates.

In [None]:
# simple dict to store config, don't clobber if it exists
if 'c' not in globals(): c = {}

# redact these fields in intentional output
hidden_fields = ['token', 'passwd'] #, 'user']

# services for setup/edit functions to consume
api_fields = {
    'ftp': {'user': None, 'host': None, 'passwd': None, 'protocol': 'ftp', 'port': 21, 'action': '-o'},
    'other': {'token': None},
    'github': {'user': None, 'repo': None, 'token': None, 'filepath': ''},
    'quit': {}
}

# bare-minimum API templates, uses encrypted dictionaries to generate commands
api_templates = {
    'ftp': lambda d: (f"curl --user {d['user']}:{d['passwd']} {d['action']}"
    f"{d['local_path']} {d['protocol']}://{d['host']}:{d['port']}/{d['remote_path']}"),
    'other': lambda d: f"echo {d['token']}", # you probably want get_token()
    'github': lambda d: f"git clone --progress https://{d['user']}:{d['token']}@github.com/{d['user']}/{d['repo']}.git",
    'github_file': lambda d: ['curl', '-O', '-H', 'Authorization: token ' + d['token'], '-H', 'Accept: application/vnd.github.v3.raw', f"https://api.github.com/repos/{d['user']}/{d['repo']}/contents/{d['filepath']}", '--http1.1'],
    'huggingface': lambda d: ['curl', 'https://api-inference.huggingface.co/models/'+d['model'], '-X', 'POST', '-d', '{"inputs": '+d['inputs']+'}', '-H', 'Authorization: Bearer '+d['token']]
}

# default paths for local resources; see Pathfinding section for details
path_templates = {
    'projects_dir': lambda d: f"{d.get('projects_dir','/content/')}",
    'active_project': lambda d: f"{d.get('active_project','app')}",
    'project_path': lambda d: f"{d.get('projects_dir','/content/')}{d.get('active_project','app')}/",
    'nb_dir': lambda d: f"{d.get('projects_dir','/content/')}{d.get('active_project','app')}/notebooks/",
}

# storing the passphrase here is less annoying but less secure
__e = {} 

# Main Functions, Encryption/Decryption

In [None]:
def get_epcw(label=''):
  '''the most basic pass input "system", set get_epcw=your_preference()'''
  if label!='': label=' for '+label
  __e['epw'] = __e['epw'] if 'epw' in __e else getpass('Save passphrase as variable, leave blank to enter each time: ')
  return __e.get('epw') or getpass('Encrypt/decrypt passphrase'+label+': ')

def exclamation(args:list):
  '''takes str or list, approximation of `!command` syntax for .py exports'''
  if isinstance(args,str): args=args.split() # split() string for Popen args
  # print(' '.join(args)) # dev only, shows tokens!
  with subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) as popen:
    for line in popen.stdout:
      print(line.decode(), end='')

def encode(decoded:dict, label:str='')->str:
  '''convert dict to JSON and AES encode with a passphrase'''
  json_string = json.dumps(decoded)
  # logger.debug('encoding: '+json_string) # dev only, shows tokens!
  return os.popen((f"echo '{json_string}' |gzip -c| openssl enc -e -aes-256-cbc -base64 -A "
  f"-pass pass:{get_epcw(label)} -pbkdf2")).read()

def decode(encrypted_string:str, label:str='')->dict:
  '''decodes an AES passphrase-encrypted JSON string into a dict'''
  decoded = os.popen((f'echo "{encrypted_string}" | openssl enc -d -aes-256-cbc -base64 -A '
  f'-pass pass:{get_epcw(label)} -pbkdf2|gunzip -c')).read()
  # logger.debug('\ndecoded into: '+str(decoded)) # dev only, shows tokens!
  try:
    return json.loads(decoded)
  except JSONDecodeError:
    print('Bad passphrase or URI. Try again.')
    if 'epw' not in __e: decode(encrypted_string, label) # no endless loop with bad epw
  return None

def get_token(key_name:str)->str:
  '''primitve token fetch'''
  ret = decode(c['epc'])[key_name]
  # logger.debug('token return: '+str(ret)) # dev only, shows tokens!
  if ret.get('token') is not None: return ret['token']
  return None

def redact_output(text:str,fields:dict)->str:
  '''replace output from hidden_fields list with <REDACTED>'''
  if isinstance(text,list): text = ' '.join(text) # out as str if list needed for cURL
  for field in hidden_fields: # redact hidden fields
    if fields.get(field): text = text.replace(fields[field],'<REDACTED>')
  return text

def cmd_from_template(template:str, conf_args:dict, print_cmd=False, run_cmd=False)->str:
  '''uses `api_templates[template](conf)` to get an executable command
  using stored conf: `conf=decode(c[epc])[key_name]`
  '''
  # if arg missing catch for more helpful error message
  try: 
    cmd = api_templates[template](conf_args) # get cmd from template
    out = redact_output(cmd, conf_args) # redact hidden_fields
    if print_cmd == True: print(out)
    if run_cmd == True: exclamation(cmd) # run it!
    return out
  except KeyError as error:
    logger.error('make_request() missing argument: %s for %s',error,template)
  return False

def make_request(key_name:str, additional_args:dict=None, template:str='')->str:
  '''wrapper around cmd_from_template to catch and add missing data; 
  recovery from missing key_name via `update_epc()`'''
  try: # if key_name doesn't exist catch and ask to create
    args = decode(c['epc'])[key_name] # get decoded dict for key_name
    # default to template with same name as service chosen when created:
    if template=='': template = args['service'] 
    if additional_args != None: args.update(additional_args) # update with addititonal args
    return cmd_from_template(template, args, True, True) # get, print, run
  except KeyError as error:
    yn = input('resource key '+str(error)+' not in encrypted config, create? y/N: ')
    if yn=='y': 
      update_epc(c['epc']) # add it
      return make_request(key_name, additional_args, template)
    return False

def path_free(resource:str, config:dict=None)->bool:
  '''basic isdir/isfile checking, will use global c if config not passed, also 
  useful with `do_setup` if encrypted key_name is a path relative to `projects_dir`'''
  if config == None: config = c # use global
  isdir = os.path.isdir(config['projects_dir']+resource)
  isfile = os.path.isfile(config['projects_dir']+resource)
  if isdir or isfile: 
    logger.warning('Resource exists: '+config['projects_dir']+resource)
    return False
  return True

def do_setup(config:dict)->dict:
  '''convenience method, combines `config_dict(c)` (uses `path_logic(c)`), 
  Google Drive mount (if True), and n `make_request()` from c[resources]; 
  will run os.system(cmd) on any `c[setup_commands]`'''
  config = config_dict(config)
  if not 'setup_commands' in config: config['setup_commands']=[]
  if config['use_google_drive']==True and not os.path.isdir('/content/drive/'):
    drive.mount('/content/drive/')
  for cmd in config['setup_commands']:
    print(cmd)
    os.system(cmd)
  if 'resources' in config:
    config['setup_commands'].extend(
        [make_request(k,d) for k,d in config['resources'].items() if path_free(k,config)]
    )
  return config

# Pathfinding
Unfortunately we need this here since epc downloads resources.

## For Clarification (not required) 


The path conventions I'm using in my notebooks assume these are equal:
- Google Drive: `Projects/x`
- Local: `/home/${USER}/Projects/x`
- GitHub Repo/PyPi/npm/etc: `x`

Where local environment vars are defined in my `~/.bash_rc` like:
```shell
ACTIVE_PROJECT=x; export ACTIVE_PROJECT;
PROJECTS_DIR=/home/${USER}/Projects/; export PROJECTS_DIR;
```
They can be anything or not used at all. The main point is **symlinking the Google Drive folder to `{project_path}/x` so paths are still simple when using Colab or SSHFS**. It also assumes the first resource in `c['resources']` is the name of the active project if `$ACTIVE_PROJECT` isn't set (because non-local will need to pull resources from somewhere). It's just a trick to save time as `active_project` can be set manually, including the default in `path_templates`.

**Gotcha:** if you're in Colab *and* don't have Google Drive mounted (e.g., working from a `git clone`) you need extra logic elsewhere to pull the JSON from the 'live' notebook being edited and write it to the correct `nb_dir` file. Then you can add/commit/push...and skip all the annoying Drive and GitHub dialogues in Colab. The `%notebook` magic is useful here.

## Path Logic  (now less pathological)

In [None]:
def path_logic(xconf:dict)->dict:
  '''sets up paths in config; system environment vars > xconf > defaults
  `active_project` precidence: `xconf` > first `xconf['resources']` > `path_templates`'''
  if 'setup_commands' not in xconf: xconf['setup_commands']=[]
  # attempt to get active_project from resources
  if 'resources' in xconf and not 'active_project' in xconf:
    xconf['active_project'] = next(iter(xconf['resources']))
  # environment vars > `path_templates` defaults
  for env_var,lfunc in path_templates.items():
    xconf[env_var] = lfunc(xconf) # use path_templates
    try:
      val = os.environ[env_var.upper()] # bash exports are UPPERCASE
      xconf[env_var] = val
      xconf['use_google_drive'] = False # don't use drive if system env is set up
    except KeyError: pass
  # if use_google_drive==True setup needs to symlink active_project to /content
  if 'use_google_drive' in xconf and xconf['use_google_drive'] == True:
    xconf['setup_commands'].append((f"ln -s /content/drive/MyDrive/Projects/{xconf['active_project']}/ "
    f"{xconf['project_path'].rstrip('/')}"))
  return xconf

# Config

In [None]:
def config_dict(cxtern:dict)->dict:
  '''local variables via optional Colab form into config'''
  logger.info('epc.config_dict(c): may be overridden by `c[setting_name]`')
  #@title Default Settings { run: "auto", vertical-output: true, form-width: "45%" }
  log_level = logging.DEBUG #@param ["logging.DEBUG", "logging.INFO", "logging.WARN"] {type:"raw"}
  timezone = 'America/Anchorage' #@param ['America/Anchorage','America/Denver'] {allow-input: true}
  use_google_drive = False #@param {type:"boolean"}
  os.environ['TZ'] = timezone
  time.tzset()
  logger.setLevel(log_level)
  cxtern = {**dict(locals()), **c, **cxtern} # cx > global c > defaults here
  cxtern = path_logic(cxtern)
  del cxtern['cxtern']
  # del cx['c']
  for i,k in cxtern.items():
    if i=='log_level': k=logging.getLevelName(k)
    logger.info('%s: %s',i,k)
  return cxtern

## Convenience Functions
These work with the encrypted config dict using `input()` and `getpass()` prompts, they are not strictly neccesary.

In [None]:
def get_letter_options(options:dict)->str:
  '''turns a list, of, options into a [l]ist, [o]f, [o]ptions''' 
  return ', '.join(['['+o[0:1]+']'+o[1:] for o in options])

def get_input_prompt(key_name:str,name:str,field:str,is_masked:bool,default)->str:
  '''text prompt for `input()` based on context'''
  if name=='other': name=key_name # 'other' is not useful, use key_name
  ret = name+' '+field # e.g., github user
  if is_masked is True: 
    ret+= ' (hidden)' # e.g. github token (hidden)
    # if default is not None:
    default = str(len(default))+' chars' # e.g. (hidden) [20 chars]
  # if default is not None: 
  ret+=f' [{default}]' # show default if not hidden
  return ret+': '

def get_user_config_input(name:str, decoded:dict)->dict:
  '''uses global api_fields[name] to loop over fields and get input() for vals'''
  fields = api_fields[name]
  logger.debug(str(fields))
  key_name = input('memorable key_name (e.g., huggingface): ')
  if decoded.get(key_name) is not None: print(key_name,'key exists')
  else: decoded[key_name]=fields
  to_encode = [(getpass(get_input_prompt(key_name,name,f,True,decoded[key_name][f])) or decoded[key_name][f]) if f in hidden_fields else (input(get_input_prompt(key_name,name,f,False,decoded[key_name][f])) or decoded[key_name][f]) for f in fields]
  to_encode = dict(zip(fields,to_encode))
  to_encode['service']=name
  decoded[key_name] = to_encode
  c['epc'] = encode(decoded)
  return decoded

def update_epc(epc=None)->dict:
  '''work with epc; accepts None, dict, or an encrypted string
  :returns decrypted dict'''
  deltxt=''
  if epc is not None:
    if isinstance(epc,dict):
      decoded = epc
    else: 
      decoded = decode(epc)
    logger.info('--> Entering a key_name that exists will edit, selecting an option not listed will exit.')
    print('Existing keys: '+', '.join(decoded.keys()))
    deltxt=', [d]elete'
  else:
    decoded = {}
    print(('\n--> Create a service or simple {key_name:auth_token} entry. '
    'Encrypt/decrypt pass should be unique to this system.'))

  start_service = input(get_letter_options(api_fields)+deltxt+': ')

  if start_service=='o':
    decoded = get_user_config_input('other',decoded)
  elif start_service=='g':
    print('\n--> Leave filepath blank to clone repo.')
    decoded = get_user_config_input('github',decoded)
  elif start_service=='f':
    print('\n--> Protocol: ftp or ftps (ports 21 & 22)')
    decoded = get_user_config_input('ftp',decoded)
  elif start_service=='d':
    delete_key = input('\n--> Enter the key_name you wish to delete: ')
    try:
      del decoded[delete_key]
      encrypted_string = c['epc'] = encode(decoded)
      print('Deleted "',delete_key,'", encrypted_string is now:',encrypted_string)
    except KeyError:
      print('Could not find key',delete_key,'please try again.')
      update_epc(decoded)
  else:
    print('Quit or unknown service, confirm with "n" to exit.')
  
  add_another = input('Add/edit another? y/n: ')
  if add_another == 'y': update_epc(decoded)
  return decoded

## Local Logic

In [None]:
import os.path
import sys
from google.colab import _message

def get_cell_contents_by_id(cell_id:str,source_or_text:str='source'):
  '''get Jupyter cell contents by cell id'''
  notebook_json_string = _message.blocking_request('get_ipynb', request='', timeout_sec=5)['ipynb']
  try:
    for u in notebook_json_string['cells']:
      if u['metadata']['id']==cell_id:
        if source_or_text=='source':
          return ''.join(u['source'])
        return u['outputs'][0]['text'][0].strip() #very simple for this
  except (KeyError, IndexError):
    return None

def get_epc_from_nb(path:str=None)->str:
  '''pull epc encrypted string from notebook cell'''
  # fetch from path instead of running notebook
  if path is not None:
    notebook_json_string = !cat {path}
    nbdata = json.loads(''.join(notebook_json_string))
  else:
    return get_cell_contents_by_id('9wG_NP_If5r9','text')

def epc():
  '''finds c['epc'], sets to an encrypted string if dict

  search order: existing, notebook contents, epc.txt file 
  will use if found, otherwise will query user to set epc up
  use `get_token()` and `update_epc()` to fetch/modify
  '''
  decoded = None
  # if it's already in the notebook use it
  # if we've downloaded it use that (run resets output):
  if os.path.isfile('encrypted_epc.ipynb'):
    encrypted_string = get_epc_from_nb('encrypted_epc.ipynb')
  else:
    encrypted_string = get_epc_from_nb() # get from running notebook
  if encrypted_string is not None and encrypted_string.strip()!='':
    logger.debug('Got encrypted config from notebook: '+encrypted_string)
    c['epc'] = encrypted_string
  else:
    logger.debug('Encrypted string not found in notebook.')
    # if the file exists decrypt it
    if os.path.isfile('epc.txt'):
      epc_txt = !cat 'epc.txt'
      # set it to epc
      c['epc']=str(epc_txt[0])
      logger.debug('epc.txt exists: '+c['epc'])

  # see if it's been set (here or another notebook)
  try:
    logger.debug('epc is set: '+str(c['epc']))
    # if it's not encrypted set decrypted then encrypt it
    if isinstance(c['epc'],dict):
      print('Encrypting epc.')
      decoded = c['epc']
      c['epc'] = encode(c['epc'])
  except (NameError, KeyError):
    # if we're here we need to create a new one
    print('Config not found.')
    decoded = update_epc()

# Usage
For a new config `epc()` and the convenience functions will walk you through creation. After that you can return to modify and create a new `epc.py` file or use `epc.encode()` and `epc.decode()` to do it from anywhere.

In [None]:
c['epc'] = 'U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow=='

## get epc from var, notebook, etc

In [None]:
epc()
# import epc

2023-01-18 17:04:50 epc DEBUG    Encrypted string not found in notebook.
2023-01-18 17:04:50 epc DEBUG    epc is set: U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==


## Setup Config

In [None]:
config_dict(c)

2023-01-18 17:04:50 epc INFO     epc.config_dict(c): may be overridden by `c[setting_name]`
2023-01-18 08:04:50 epc INFO     log_level: DEBUG
2023-01-18 08:04:50 epc INFO     timezone: America/Anchorage
2023-01-18 08:04:50 epc INFO     use_google_drive: False
2023-01-18 08:04:50 epc INFO     epc: U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==
2023-01-18 08:04:50 epc INFO     setu

{'log_level': 10,
 'timezone': 'America/Anchorage',
 'use_google_drive': False,
 'epc': 'U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==',
 'setup_commands': [],
 'projects_dir': '/content/',
 'active_project': 'app',
 'project_path': '/content/app/',
 'nb_dir': '/content/app/notebooks/'}

## create a small helper script
Run this cell and download/upload the `epc.py` file. Example of it uploading itself via FTP is on the last line of the cell. 

This hard-codes the encrypted data to `c['epc']` in the generated file.

In [None]:
write_cells = {
    'imports':'50BVBBzCE0Hw',
    'lists':'318_VIecZoB_',
    'main':'3kK8EuRpmeKf',
    'paths':'bD-YerjX9W9l',
    'config':'iziiGZse_VTl',
    'utils':'ZPLfn3hW8AQ0'
}

pc = "\nc['epc'] = '"+c['epc']+"'" # hard-code our encrypted string
out=''
for k,v in write_cells.items():
  if k!='imports': out+='\n# '+k.upper()
  out+='\n'+get_cell_contents_by_id(v)+'\n' # get notebook cell content by id
with open('epc.py', 'w') as f:
    f.write(out+pc)

I like fitting as much code on screen as possible so my style is not generally acceptable for public consumption. Fix it and run some checks.

In [None]:
# clean up my compressed style
# lots more extensions https://pylint.pycqa.org/en/latest/user_guide/checkers/extensions.html
which_pylint = !which pylint
if len(which_pylint)==0:
  %pip install pylint
  %pip install autopep8
  %pip install yapf

# E121 is indentation of 4 spaces
!autopep8 --in-place --aggressive --aggressive epc.py --indent-size=2 --ignore=E121
!yapf -i epc.py --style='{based_on_style: pep8, indent_width: 2}'
!pylint --good-names=k,v,c,d,i,yn epc.py --indent-string='  '
#--load-plugins=pylint.extensions.confusing_elif,pylint.extensions.for_any_all,pylint.extensions.mccabe 

file_size = os.path.getsize('epc.py')/1024
print('Size of epc.py:',round(file_size,2),'kB')
assert file_size < 15 #1kB padding to mitigate my long testing epc

# # !cat epc.py

************* Module epc
epc.py:391:0: C0301: Line too long (677/100) (line-too-long)
epc.py:283:2: W0641: Possibly unused variable 'use_google_drive' (possibly-unused-variable)

------------------------------------------------------------------
Your code has been rated at 9.90/10 (previous run: 9.90/10, +0.00)

Size of epc.py: 13.8 kB


Cyclomatic complexity isn't the perfect metric but it is the one I find most helpful to keeping my compress-everything and procedural habits from creating incomprehensible code for other people.

In [None]:
which_radon=!which radon
if len(which_radon)==0:
  %pip install radon
!radon cc epc.py -as

epc.py
    [1m[35mF [0m343:0 update_epc - [32mB (9)[0m
    [1m[35mF [0m223:0 do_setup - [32mB (8)[0m
    [1m[35mF [0m246:0 path_logic - [32mB (8)[0m
    [1m[35mF [0m321:0 get_user_config_input - [32mB (6)[0m
    [1m[35mF [0m188:0 make_request - [32mA (5)[0m
    [1m[35mF [0m104:0 get_epcw - [32mA (4)[0m
    [1m[35mF [0m157:0 redact_output - [32mA (4)[0m
    [1m[35mF [0m167:0 cmd_from_template - [32mA (4)[0m
    [1m[35mF [0m210:0 path_free - [32mA (4)[0m
    [1m[35mF [0m113:0 exclamation - [32mA (3)[0m
    [1m[35mF [0m133:0 decode - [32mA (3)[0m
    [1m[35mF [0m275:0 config_dict - [32mA (3)[0m
    [1m[35mF [0m306:0 get_input_prompt - [32mA (3)[0m
    [1m[35mF [0m12:0 get_logger - [32mA (2)[0m
    [1m[35mF [0m148:0 get_token - [32mA (2)[0m
    [1m[35mF [0m301:0 get_letter_options - [32mA (2)[0m
    [1m[35mF [0m124:0 encode - [32mA (1)[0m

17 blocks (classes, functions, methods) analyzed.
Average complexit

## View Existing Keys/Configured API Services

In [None]:
decode(c['epc']).keys()

Save passphrase as variable, leave blank to enter each time: ··········


dict_keys(['jai', 'atomic', 'atomic.db', 'huggingface', 'ftp-m', 'test', 'dropbox_refresh', 'dropbox_app_secret', 'github_user', 'github_email', 'github', 'ngrok'])

In [None]:
api_templates.keys()

dict_keys(['ftp', 'other', 'github', 'github_file', 'huggingface'])

In [None]:
api_fields['ftp']

{'user': None,
 'host': None,
 'passwd': None,
 'protocol': 'ftp',
 'port': 21,
 'action': '-o'}

## update/edit/add config

In [None]:
# update_epc(c['epc'])

## one-liner setup config and download resources

In [None]:
config = do_setup({'log_level':10, 'resources':{'jai':{},'ftp-m':{'local_path':'setuptest','remote_path':'site.webmanifest'}}})
# c={'resources':{'jai':{}},'use_google_drive':False}
# do_setup(c)

2023-01-18 08:05:16 epc INFO     epc.config_dict(c): may be overridden by `c[setting_name]`
2023-01-18 08:05:16 epc INFO     log_level: DEBUG
2023-01-18 08:05:16 epc INFO     timezone: America/Anchorage
2023-01-18 08:05:16 epc INFO     use_google_drive: False
2023-01-18 08:05:16 epc INFO     epc: U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==
2023-01-18 08:05:16 epc INFO     reso

curl --user jaciss:<REDACTED> -osetuptest ftp://maya.software:21/site.webmanifest
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   263  100   263    0     0    441      0 --:--:-- --:--:-- --:--:--   441


## get a simple token

In [None]:
get_token('test')

'token'

## get a file from a private repo
Note: someone with the passphrase or token could still access the entire repo.

In [None]:
fname = 'atomic.db'
os.path.isfile(fname) or make_request(fname,{},'github_file')

True

the above make_request is a fancy version of: 

In [None]:
# decode the config, get config[key_name], pass it through the template
cmd = api_templates['github_file'](decode(c['epc'])['atomic.db'])
# run the command via Python's Popen
exclamation(cmd)

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 4268k  100 4268k    0     0  1541k      0  0:00:02  0:00:02 --:--:-- 1541k


## clone a repo

In [None]:
repo = 'jai'
os.path.isdir(repo) or make_request(repo)

True

## upload a file using ftp
Use `-T` for uploads and default `-o` for downloads.

`curl` can do a lot, try `!curl -V` to get an idea of the options. 

In [None]:
# upload our helper script via FTP
cmd = make_request('ftp-m',{'local_path':'epc.py','remote_path':'epc.txt','action':'-T'})

curl --user jaciss:<REDACTED> -Tepc.py ftp://maya.software:21/epc.txt
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 14129    0     0  100 14129      0  41312 --:--:-- --:--:-- --:--:-- 41192


### forget a parameter name and be reminded

In [None]:
cmd = make_request('ftp-m',{'local_file':'epc.py','remote_file':'epc.txt','action':'-T'})

2023-01-18 08:05:20 epc ERROR    make_request() missing argument: 'local_path' for ftp


## make a Hugging Face request
uses a simple `key_name{token:val}` dict combined with additional arguments and a template

In [None]:
cmd = make_request(key_name='huggingface',template='huggingface',additional_args={'model':'bert-base-uncased','inputs':'"the answer to life the universe and everything is [MASK]"'})

curl https://api-inference.huggingface.co/models/bert-base-uncased -X POST -d {"inputs": "the answer to life the universe and everything is [MASK]"} -H Authorization: Bearer <REDACTED>
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   690  100   620  100    70   3668    414 --:--:-- --:--:-- --:--:--  4107
[{"score":0.8963303565979004,"token":1012,"token_str":".","sequence":"the answer to life the universe and everything is."},{"score":0.07321417331695557,"token":1025,"token_str":";","sequence":"the answer to life the universe and everything is ;"},{"score":0.017070315778255463,"token":1029,"token_str":"?","sequence":"the answer to life the universe and everything is?"},{"score":0.012058394961059093,"token":999,"token_str":"!","sequence":"the answer to life the universe and everything is!"},{"score":0.0007162163965404034,"token":1064,"token_str":"|","sequence":"the answer t

## download a file using ftp

In [None]:
fname = 'ftp_download_test'
make_request('ftp-m',{'local_path':fname,'remote_path':'site.webmanifest'})
!cat {fname}

curl --user jaciss:<REDACTED> -oftp_download_test ftp://maya.software:21/site.webmanifest
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   263  100   263    0     0    749      0 --:--:-- --:--:-- --:--:--   749
{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}

## upload a file using Dropbox
Assumes you have a valid dropbox API setup with an dropbox_app_secret and dropbox_reresh stored in the dict.

Walkthrough of how to get these: https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Issue-in-generating-access-token/m-p/592667

Info on file uploads: https://www.dropbox.com/developers/documentation/http/documentation#files-upload for more details.


In [None]:
app_secret = get_token('dropbox_app_secret')
refresh = get_token('dropbox_refresh')

# this turns app_secret and refresh_token into json response with actual token
json_token = !curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token={refresh} -u '082mobpk9chcskt:{app_secret}'
# print(json_token)
access_token = json.loads(json_token[0])['access_token']

# mode:add or overwrite, double-backslashes needed when using {}
from_path = 'epc.py'
to_path = '/epc.py'
command = 'curl -X POST https://content.dropboxapi.com/2/files/upload --header "Authorization: Bearer '+access_token+'" --header "Dropbox-API-Arg: {\\"autorename\\":false,\\"mode\\":\\"overwrite\\",\\"mute\\":false,\\"path\\":\\"'+to_path+'\\",\\"strict_conflict\\":false}" --header "Content-Type: application/octet-stream" --data-binary @'+from_path
!{command}


{"name": "epc.py", "path_lower": "/epc.py", "path_display": "/epc.py", "id": "id:xMw2KFKFNpQAAAAAAAVZCg", "client_modified": "2023-01-18T17:05:22Z", "server_modified": "2023-01-18T17:05:23Z", "rev": "5f28cd26b6d1c0010a9f5", "size": 14129, "is_downloadable": true, "content_hash": "52b76c8f7d6dbe0efdd550cb6deaa3286681f39c53a80cd2fb5dd154936c4180"}

## manually edit the dict
Make sure you **clear or update the final encrypted output cell** so `epc()` doesn't use old data.

In [None]:
# decoded = decode(c['epc']) # decode the encrypted string
# decoded['new_key']={'token':'newtoken'} # add a new key/token combination
# c['epc']=encode(decoded) # encode it
# decode(c['epc']).keys() # print all keys
# # decode(c['epc']) # will print tokens in plain-text!

It may be less error-prone to use the helpers in `update_epc()` for ad-hoc changes.

In [None]:
# update_epc() # use what is in the notebook or epc.txt file
# update_epc(c['epc']) # use what is in an existing encrypted string

## Find token in JSON of downloaded ipynb file
Instead of active notebook, e.g., if you upload the entire notebook file to an FTP server and fetch with `wget` or similar instead of using `epc.py`.

In [None]:
# get_epc_from_nb('encrypted_epc.ipynb')

# Final encrypted private config
This cell acts as 'storage' for the encrypted string and is used by `epc()` to get/set `c['epc']`. If you use epc.py the encrypted string is hard-coded into the file and it will need to be regenerated and uploaded after modifications.

In [None]:
# del c['epc']
# !rm epc.txt
try:
  print(c['epc'])
except KeyError:
  print()

U2FsdGVkX1/xUi/hYJ+V9stP7WV+Y6fTtkJNZoDL8PX4mSWh/CuEAZUz0VI8r/BvrfQztrCI1rPmduBRSJsTLQeD9AKFNjHMNq15V1ArU7CvCVVXvuKgNsDS0aEN2hJoRMXiy4g7YzIB/b45e3vq8/DV/sFFml1GtWeTtIWLeA1c92UNrF8s3MjpvWhYB+GeD1OSQMcS3aoveW7YD8tSigzRkZQqwmoNrHlNdODtNeLq4idK4VsD9mauLGg/mWKitdfbqUi0yULYpg5pRxPMZaIy4sDFdGYbeaHYBaduf36Wr+ak3x6e7rvT7fF04EST3wv7FM54xAxZiyohgUHIyG+5oYBbvcWsKl74GZpoPYqUffxdnnH8VKURHTE28WaXwdsXwj0edbkX3cNcL/aCOdF9pfCcNPJFbRD0LM7E2sF9xYeqyNMhpnBMKWfXex7rEzj2ZRQbxlRy+f+476Vni/Qf2Ixcc/x5vCvAEJgCueD+loXol4oP3O4eDM6Q1FiPxMDOCYGxJ8TCFVb5795vqsmWsKLfa1pOqnPSJ2Id4ayiryeyxtDShRD8fTq0RplfXU7JMKnrCZJNq4CW+rDSRTOy4cHE0S3zy1EbFtPVP3Y4MCCKaWIHa/LVj9LDZSQvYSZO4xZb3Aw+fuvxqI/4Ow==


In [None]:
len(c['epc'])

664

In [None]:
# for finding cell ids ;)
# notebook_json_string = _message.blocking_request('get_ipynb', request='', timeout_sec=5)['ipynb']
# for u in notebook_json_string['cells']:
#   print(u)

In [None]:
# c['setup_commands']=[]
# tsetup={'use_google_drive':True}
# tsetup={'active_project':'jai','resources':{'sample_data':{'epc_key_name'}},'use_google_drive':True}
# tsetup={'resources':{'jai':{}},'use_google_drive':True}
# do_setup(tsetup)

# do_setup({'setup_commands':['touch iwin']})

# c={}
# config_dict({})
# config_dict({'use_google_drive':True})
# config_dict({'active_project':'jai','resources':{'test':{'epc_key_name'}},'use_google_drive':True})
# config_dict({'resources':{'test':{'epc_key_name'}},'use_google_drive':False})
# %env ACTIVE_PROJECT=tee
# %env PROJECTS_DIR=/home/${USER}/Projects/
# xconf = {'active_project':'jai','resources':{'test':{'epc_key_name'}},'use_google_drive':True}
# xconf = {'resources':{'test':{'epc_key_name'}},'use_google_drive':True}
# path_logic(xconf)

# %env ACTIVE_PROJECT=beach
# %env PROJECTS_DIR=/home/user/Projects/
# del os.environ['ACTIVE_PROJECT']
# del os.environ['PROJECTS_DIR']
# del os.environ['NOTEBOOKS_DIR']
# path_logic({'resources':['jai'], 'use_google_drive':False})
# path_logic({})

# config_dict(c) # for testing, prints output
# config_dict({})
# config_dict({'resources':['jai'],'use_google_drive':True})
# config_dict({'log_level':10,'projects_dir':'/content/'})
# config_dict({'log_level':30,'projects_dir':'/home/user/Projects/'})
# config_dict({'active_project':'win'})
# config_dict({'active_project':'win','projects_dir':'/home/user/Projects/'})
# %env NOTEBOOKS_DIR=/home/user/Notebooks
# del os.environ['NOTEBOOKS_DIR']
# config_dict({'resources':['jai'],'use_google_drive':True,'active_project':'win'})

# BDD Tests
testkey,testtoken,testpass: U2FsdGVkX1+VPA14uYWYT+AhjF7zo8/Cu/rXqyC2rUw9hr65jrCXtCs4cVKhhk5j

In [None]:
# !mkdir -p jai/features
# !mkdir -p jai/features/steps
# if 'error' in decoded:
  #   print('openssl error:',decoded,' try again.')
  #   decode(encrypted_string)

In [None]:
# import os.path
# from google.colab import drive

# c = {'nb_name':'encrypted_epc', 'nb_run_by':nb_name, 'nb_dir':'drive/MyDrive/Colab\ Notebooks/'} # if local set c
# if not os.path.isdir('/content/drive/'): 
#   drive.mount('/content/drive/')
# %run {c['nb_dir']}bootstrap_a_notebook.ipynb
# %run {c['nb_dir']}bdd_testing_a_notebook.ipynb

In [None]:
# print(c.get('nb_name'))
# # %pip install coverage
# # %pip install behave
# # test_notebook(c.get('nb_name'))
# !coverage run --source=jai.nbpy.encryptedprivateconfig.py -m behave

In [None]:
# %%writefile jai/features/{c.get('nb_name')}.feature
# Feature: private passphrase-encrypted config for auth tokens

#   Scenario: no epc.txt file or epc set
#     Given the file "epc.txt" does not exist
#     And configuration key "epc" is not set
#     When we run notebook "encrypted_epc.ipynb"
#     Then we see "Config not found" in the output

# # testkey,testval,testpass: U2FsdGVkX18CQBDLSi6MGuk3EqujTslEYcJEG37zqDiO0QbsSIjPPxB1IDTJUfnx

  Scenario: create config for the first time
    Given the file "epc.txt" does not exist
    And configuration key "epc" is not set
    When we type "o"
    And we type "huggingface"
    And we type "testtoken"
    Then we see "saved" in the output
    And the file "epc.txt" exists

  Scenario: no epc.txt but epc is set to dict
    Given the file "epc.txt" does not exist
    And configuration key "epc" contains "{key:val}"
    When we run notebook "encrypted_epc.ipynb"
    Then we see "epc is set" in the output
    And we see "Encrypting epc" in the output
    And we see "saved" in the output
    And the file "epc.txt" exists
  
  Scenario: no epc.txt and epc is an encrypted JSON string
    Given the file "epc.txt" does not exist
    And configuration key "epc" contains "some encrypted string"
    When we run notebook "encrypted_epc.ipynb"
    Then we see "epc is set" in the output
    And we do not see "Encrypting epc" in the output
    And we see "saved" in the output
    And the file "epc.txt" exists

  Scenario: no epc.txt and epc is invalid
    Given the file "epc.txt" does not exist
    And configuration key "epc" contains "not a dict or encrypted str"
    When we run notebook "encrypted_epc.ipynb"
    And we type "testpassphrase"
    Then we see "Try again" in the output
    And we see "Decryption passphrase" in the output

  Scenario: epc.txt exists and epc is not set
    Given the file "epc.txt" exists
    When we run notebook "encrypted_epc.ipynb"
    Then we see "epc.txt exists" in the output
    And we see "Decryption passphrase" in the output

  Scenario: epc.txt does not exist and epc is an encrypted JSON string
    Given the file "epc.txt" does not exist
    And configuration key "epc" contains "encrypted string with passphrase testpassphrase"
    When we run notebook "encrypted_epc.ipynb"
    And we type "testpassphrase"
    Then we see "Loading resources" in the output


In [None]:
# %%writefile jai/features/steps/{c.get('nb_name')}.py
# @given(u'the file "{filename}" does not exist')
# def step_impl(context, filename):
#     os.system('rm '+filename)
#     assert os.path.isfile(filename) == False

# @given(u'configuration key "{key}" is not set')
# def step_impl(context, key):
#     assert c.get(key,None) is None

# @when(u'we run notebook "encrypted_epc.ipynb"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: When we run notebook "encrypted_epc.ipynb"')


# @then(u'we see "Config not found" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "Config not found" in the output')


# @when(u'we type "o"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: When we type "o"')


# @when(u'we type "huggingface"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: When we type "huggingface"')


# @when(u'we type "testtoken"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: When we type "testtoken"')


# @then(u'we see "saved" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "saved" in the output')


# @then(u'the file "epc.txt" exists')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then the file "epc.txt" exists')


# @given(u'configuration key "epc" contains "{key:val}"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Given configuration key "epc" contains "{key:val}"')


# @then(u'we see "epc is set" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "epc is set" in the output')


# @then(u'we see "Encrypting epc" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "Encrypting epc" in the output')


# @given(u'configuration key "epc" contains "some encrypted string"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Given configuration key "epc" contains "some encrypted string"')


# @then(u'we do not see "Encrypting epc" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we do not see "Encrypting epc" in the output')


# @given(u'configuration key "epc" contains "not a dict or encrypted str"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Given configuration key "epc" contains "not a dict or encrypted str"')


# @when(u'we type "testpassphrase"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: When we type "testpassphrase"')


# @then(u'we see "Try again" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "Try again" in the output')


# @then(u'we see "Decryption passphrase" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "Decryption passphrase" in the output')


# @given(u'the file "epc.txt" exists')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Given the file "epc.txt" exists')


# @then(u'we see "epc.txt exists" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "epc.txt exists" in the output')


# @given(u'configuration key "epc" contains "encrypted string with passphrase testpassphrase"')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Given configuration key "epc" contains "encrypted string with passphrase testpassphrase"')


# @then(u'we see "Loading resources" in the output')
# def step_impl(context):
#     raise NotImplementedError(u'STEP: Then we see "Loading resources" in the output')

In [None]:
# %pip install passlib
# %pip install bcrypt
# from passlib.hash import bcrypt
# from getpass import getpass

# passphrase = getpass()
# hashed_passphrase = bcrypt.hash(passphrase)
# print(hashed_passphrase)
# print(bcrypt.verify(passphrase, hashed_passphrase))
# # True
# print(bcrypt.verify("not-the-passphrase", hashed_passphrase))