SN-612 Adding unit and integration tests

Author: matang28

securenative/__init__.py

@@ -0,0 +1,39 @@
+from securenative.event_options import Event
+from securenative.sdk_options import SecureNativeOptions
+from securenative.securenative import SecureNative
+import securenative.event_types
+
+_sn_sdk: SecureNative = None
+
+
+def init(api_key, options=SecureNativeOptions()):
+    global _sn_sdk
+    if _sn_sdk is None:
+        _sn_sdk = SecureNative(api_key, options)
+
+
+def track(event: Event):
+    sdk = _get_or_throw()
+    sdk.track(event)
+
+
+def verify(event: Event):
+    sdk = _get_or_throw()
+    return sdk.verify(event)
+
+
+def verify_webhook(hmac_header: str, body: str):
+    sdk = _get_or_throw()
+    sdk.verify_webhook(hmac_header=hmac_header, body=body)
+
+
+def flush():
+    sdk = _get_or_throw()
+    sdk.flush()
+
+
+def _get_or_throw():
+    if _sn_sdk is None:
+        raise ValueError(
+            u'You should call securenative.init(api_key, options) before making any other sdk function call.')
+    return _sn_sdk

securenative/event_manager.py

@@ -30,7 +30,7 @@ def __init__(self, api_key, options=SecureNativeOptions(), http_client=HttpClien
     def send_async(self, event, resource_path):
         item = QueueItem(
             self._build_url(resource_path),
-            json.dumps(event)
+            json.dumps(event.as_dict())
         )
 
         self.queue.insert(0, item)
@@ -48,7 +48,7 @@ def send_sync(self, event, resources_path):
         return self.http_client.post(
             self._build_url(resources_path),
             self.api_key,
-            json.dumps(event)
+            json.dumps(event.as_dict())
         )
 
     def _build_url(self, resource_path):

securenative/event_options.py

@@ -20,16 +20,44 @@ def __init__(self, event_type, user=User(), ip=u'127.0.0.1', remote_ip=u'127.0.0
         self.ip = ip
         self.user_agent = user_agent
         self.params = params
-        if params is None:
-            params = list()
-        if isinstance(params, list):
-            raise ValueError('custom params should be a list of CustomParams, i.e: [CustomParams(key, value), ...])')
+        self.cid = ''
+        self.fp = ''
+        self.params = list()
+
+        if params is not None:
+            if not isinstance(params, list):
+                raise ValueError(
+                    'custom params should be a list of CustomParams, i.e: [CustomParams(key, value), ...])')
+            if len(params) > 0 and not isinstance(params[0], CustomParam):
+                raise ValueError(
+                    'custom params should be a list of CustomParams, i.e: [CustomParams(key, value), ...])')
+
+        self.params = params
 
         if sn_cookie_value is not None:
             self.cid, self.fp = _parse_cookie(sn_cookie_value)
 
-        self.vid = uuid.uuid1()
-        self.ts = time.time() * 1000
+        self.vid = str(uuid.uuid4())
+        self.ts = int(time.time())*1000
+
+    def as_dict(self):
+        return {
+            "eventType": self.event_type,
+            "user": {
+                "id": self.user.user_id,
+                "email": self.user.user_email,
+                "name": self.user.user_name
+            },
+            "remoteIP": self.remote_ip,
+            "ip": self.ip,
+            "cid": self.cid,
+            "fp": self.fp,
+            "ts": self.ts,
+            "vid": self.vid,
+            "userAgent": self.user_agent,
+            "device": {},
+            "params": [{p.key: p.value} for p in self.params]
+        }
 
 
 class CustomParam:

securenative/http_client.py

@@ -8,9 +8,9 @@ def _headers(self, api_key):
         return {
             'Content-Type': 'application/json',
             'User-Agent': 'SecureNative-python',
-            'SN-Version': sdk_version,
+            'Sn-Version': sdk_version,
             'Authorization': api_key
         }
 
     def post(self, url, api_key, body):
-        return requests.post(url=url, body=body, headers=self._headers(api_key))
+        return requests.post(url=url, data=body, headers=self._headers(api_key))

securenative/securenative.py

@@ -12,28 +12,28 @@ def __init__(self, api_key, options=SecureNativeOptions()):
         if api_key is None:
             raise MissingApiKeyError()
 
-        self.api_key = api_key
-        self.options = options
-        self.event_manager = EventManager(self.api_key, self.options)
+        self._api_key = api_key
+        self._options = options
+        self._event_manager = EventManager(self._api_key, self._options)
 
     def track(self, event):
         _validate_event(event)
-        self.event_manager.send_async(event, 'collector/api/v1/track')
+        self._event_manager.send_async(event, 'collector/api/v1/track')
 
     def verify(self, event):
         _validate_event(event)
-        response = self.event_manager.send_sync(event, 'collector/api/v1/verify')
+        response = self._event_manager.send_sync(event, 'collector/api/v1/verify')
         if response.status_code == 200:
             json_result = json.loads(response.text)
             return json_result
         else:
             return None
 
     def verify_webhook(self, hmac_header, body):
-        return verify_signature(self.api_key, body, hmac_header)
+        return verify_signature(self._api_key, body, hmac_header)
 
     def flush(self):
-        self.event_manager.flush()
+        self._event_manager.flush()
 
 
 def _validate_event(event):

securenative/utils.py

@@ -11,21 +11,29 @@ def _parse_cookie(cookie_value=None):
     if cookie_value is None:
         return cid, fp
 
-    base64_decoded = base64.b64decode(cookie_value)
-    if base64_decoded is None:
-        base64_decoded = u'{}'
+    try:
+        base64_decoded = base64.b64decode(cookie_value)
+        if base64_decoded is None:
+            base64_decoded = u'{}'
 
-    json_obj = json.loads(base64_decoded)
+        json_obj = json.loads(base64_decoded)
 
-    if hasattr(json_obj, 'fp'):
-        fp = json_obj['fp']
+        if u'fp' in json_obj:
+            fp = json_obj['fp']
 
-    if hasattr(json_obj, 'cid'):
-        cid = json_obj['cid']
+        if u'cid' in json_obj:
+            cid = json_obj['cid']
+    except Exception as ex:
+        pass
 
     return cid, fp
 
 
 def verify_signature(secret, text_body, header_signature):
-    comparison_signature = hmac.new(secret, text_body, hashlib.sha3_512).hexdigest()
-    return comparison_signature == header_signature
+    try:
+        key = secret.encode('utf-8')
+        body = text_body.encode('utf-8')
+        comparison_signature = hmac.new(key, body, hashlib.sha512).hexdigest()
+        return hmac.compare_digest(comparison_signature, header_signature)
+    except Exception as ex:
+        return False

setup.py

@@ -0,0 +1,29 @@
+from distutils.core import setup
+
+from securenative.config import sdk_version
+
+setup(
+    name='securenative-sdk',
+    packages=['securenative-sdk'],
+    version=sdk_version,
+    license='MIT',
+    description='Secure Native SDK for python',
+    author='Secure Native',
+    author_email='[email protected]',
+    url='http://www.securenative.com',
+    download_url='https://github.com/user/reponame/archive/v_01.tar.gz',  # I explain this later on
+    keywords=["securenative", 'cyber-security'],
+    install_requires=[
+        "requests",
+    ],
+    classifiers=[
+        'Development Status :: 5 - Production/Stable',
+        'Intended Audience :: Developers',
+        'Topic :: Software Development :: Build Tools',
+        'License :: OSI Approved :: MIT License',
+        'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3.4',
+        'Programming Language :: Python :: 3.5',
+        'Programming Language :: Python :: 3.6',
+    ],
+)

tests/__init__.py

@@ -0,0 +1,54 @@
+import functools
+import json
+import threading
+import unittest
+
+from securenative import Event, event_types
+from securenative.event_manager import EventManager
+from securenative.event_options import User, CustomParam
+
+
+class EventManagerTests(unittest.TestCase):
+
+    def build_event(self):
+        return Event(event_type=event_types.login, user=User(user_id='1', user_email='[email protected]', user_name='1 2'),
+                     params=[CustomParam('key', 'val')])
+
+    def test_send_sync(self):
+        api_key = 'key'
+        resource = 'my/custom/resource'
+        client = HttpClientMock(None)
+        event = self.build_event()
+        manager = EventManager(api_key=api_key, http_client=client)
+        url, key, body = manager.send_sync(event, resource)
+
+        self.assertEqual(url, 'https://api.securenative.com/' + resource)
+        self.assertEqual(key, api_key)
+        self.assertEqual(body, json.dumps(event.as_dict()))
+
+    def test_send_async(self):
+        wg = threading.Event()
+        api_key = 'key'
+        resource = 'my/custom/resource'
+        event = self.build_event()
+        client = HttpClientMock(functools.partial(self.assert_cb, wg, event))
+
+        manager = EventManager(api_key=api_key, http_client=client)
+        manager.send_async(event, resource)
+        self.assertTrue(wg.wait(manager.options.interval//1000 * 2))
+
+    def assert_cb(self, wg, event, url, key, body):
+        self.assertEqual(url, 'https://api.securenative.com/my/custom/resource')
+        self.assertEqual(key, 'key')
+        self.assertEqual(body, json.dumps(event.as_dict()))
+        wg.set()
+
+
+class HttpClientMock(object):
+    def __init__(self, cb):
+        self.cb = cb
+
+    def post(self, url, api_key, body):
+        if self.cb is not None:
+            self.cb(url, api_key, body)
+        return url, api_key, body

tests/event_manager.py

@@ -0,0 +1,21 @@
+import json
+import unittest
+
+from securenative.config import sdk_version
+from securenative.http_client import HttpClient
+
+
+class HttpClientTests(unittest.TestCase):
+    def test_post(self):
+        client = HttpClient()
+        api_key = u'ABC'
+        request_body = {"key": "test1", "value": "test2"}
+        response = client.post(url=u'https://httpbin.org/post', api_key=api_key, body=json.dumps(request_body))
+
+        self.assertEqual(response.status_code, 200)
+        json_body = json.loads(response.text)
+        self.assertEqual(json_body['headers']['Content-Type'], 'application/json')
+        self.assertEqual(json_body['headers']['User-Agent'], 'SecureNative-python')
+        self.assertEqual(json_body['headers']['Sn-Version'], sdk_version)
+        self.assertEqual(json_body['headers']['Authorization'], api_key)
+        self.assertEqual(json_body['json'], request_body)