Merge pull request #24 from TankerHQ/max/drop-upgrade-user-token

Drop upgrade user token (+another test)

Author: maximerety

Changelog.rst

@@ -1,3 +1,8 @@
+1.3.2
+===
+
+* Drop upgrade_user_token
+
 1.3.1
 ===
 

README.rst

@@ -63,20 +63,6 @@ Return the public identity from an identity. This public identity can be used by
 **identity**
    A secret identity.
 
-.. code-block:: python
-
-    tankersdk_identity.upgrade_user_token(app_id, user_id, user_token)
-
-Return a Tanker identity from Tanker v1 user Token. Tanker v1 used a user token, when migrating to Tanker v2 you should use this function to migrate you used tokens to identities. This identity is secret and must only be given to a user who has been authenticated by your application. This identity is used by the Tanker client SDK to open a Tanker session
-
-**app_id**
-   The app ID. You can access it from the `Tanker dashboard <https://dashboard.tanker.io>`_.
-
-**user_id**
-   The ID of a user in your application.
-
-**user_token**
-   The Tanker v1 user token.
 
 Going further
 -------------

tankersdk_identity/__init__.py

@@ -43,30 +43,6 @@ def _deserialize_identity(identity):
     return json.loads(identity_json)
 
 
-def generate_user_token(app_id, app_secret, user_id):
-    app_id_buf = base64.b64decode(app_id)
-    secret_buf = base64.b64decode(app_secret)
-    hashed_user_id = _hash_user_id(app_id_buf, user_id)
-
-    e_public_key, e_secret_key = tankersdk_identity.crypto.sign_keypair()
-    to_sign = e_public_key + hashed_user_id
-    delegation_signature = tankersdk_identity.crypto.sign_detached(to_sign, secret_buf)
-    random_buf = os.urandom(USER_SECRET_SIZE - 1)
-    hashed = tankersdk_identity.crypto.generichash(random_buf + hashed_user_id, size=CHECK_HASH_BLOCK_SIZE)
-    user_secret = random_buf + bytearray([hashed[0]])
-
-    user_token = {
-        "ephemeral_private_signature_key": base64.b64encode(e_secret_key).decode(),
-        "ephemeral_public_signature_key": base64.b64encode(e_public_key).decode(),
-        "user_id": base64.b64encode(hashed_user_id).decode(),
-        "delegation_signature": base64.b64encode(delegation_signature).decode(),
-        "user_secret": base64.b64encode(user_secret).decode(),
-    }
-
-    as_json = json.dumps(user_token)
-    return base64.b64encode(as_json.encode()).decode()
-
-
 def create_identity(app_id, app_secret, user_id):
     app_id_buf = base64.b64decode(app_id)
     secret_buf = base64.b64decode(app_secret)
@@ -138,25 +114,3 @@ def get_public_identity(identity):
     as_json = json.dumps(public_identity)
     return base64.b64encode(as_json.encode()).decode()
 
-
-def upgrade_user_token(app_id, user_id, user_token):
-    app_id_buf = base64.b64decode(app_id)
-    hashed_user_id = _hash_user_id(app_id_buf, user_id)
-    token_json = base64.b64decode(user_token).decode()
-    token_obj = json.loads(token_json)
-
-    if base64.b64encode(hashed_user_id).decode() != token_obj['user_id']:
-        raise ValueError("Invalid user ID provided")
-
-    identity = {
-        "trustchain_id": app_id,
-        "target": "user",
-        "value": token_obj["user_id"],
-        "user_secret": token_obj["user_secret"],
-        "ephemeral_public_signature_key": token_obj["ephemeral_public_signature_key"],
-        "ephemeral_private_signature_key": token_obj["ephemeral_private_signature_key"],
-        "delegation_signature": token_obj["delegation_signature"],
-    }
-
-    as_json = json.dumps(identity)
-    return base64.b64encode(as_json.encode()).decode()

tankersdk_identity/test/test_identity.py

@@ -81,41 +81,6 @@ def test_public_identity_matches_full_identity(test_app):
     assert public_identity["value"] == identity["value"]
 
 
-def test_upgrade_token_ok(test_app):
-    user_id = "up@gra.de"
-    token = tankersdk_identity.generate_user_token(
-        test_app["id"],
-        test_app["secret"],
-        user_id,
-    )
-    b64_identity = tankersdk_identity.upgrade_user_token(
-        test_app["id"],
-        user_id,
-        token,
-    )
-    identity = _deserialize_identity(b64_identity)
-    delegation_signature = base64.b64decode(identity["delegation_signature"])
-
-    assert identity["trustchain_id"] == test_app["id"]
-    check_user_secret(identity, "value")
-    check_signature(test_app["public_key"], identity, delegation_signature, "value")
-
-
-def test_upgarde_bad_user_id(test_app):
-    user_id = "up@gra.de"
-    token = tankersdk_identity.generate_user_token(
-        test_app["id"],
-        test_app["secret"],
-        user_id,
-    )
-    with pytest.raises(ValueError):
-        tankersdk_identity.upgrade_user_token(
-            test_app["id"],
-            "ot@her.id",
-            token,
-        )
-
-
 def test_get_public_from_bad_identity():
     fake_id = base64.b64encode(json.dumps({"target": "stuffs"}).encode()).decode()
     with pytest.raises(ValueError):

tankersdk_identity/test/test_user_token.py

@@ -1,7 +1,7 @@
 import base64
 import json
 
-from tankersdk_identity import _hash_user_id, upgrade_user_token, _deserialize_identity
+from tankersdk_identity import _hash_user_id, _deserialize_identity
 
 TRUSTCHAIN = {
     "id": "tpoxyNzh0hU9G2i9agMvHyyd+pO6zGCjO9BfhrCLjd4=",
@@ -14,7 +14,7 @@
 PERMANENT_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJ1c2VyIiwidmFsdWUiOiJSRGEwZXE0WE51ajV0VjdoZGFwak94aG1oZVRoNFFCRE5weTRTdnk5WG9rPSIsImRlbGVnYXRpb25fc2lnbmF0dXJlIjoiVTlXUW9sQ3ZSeWpUOG9SMlBRbWQxV1hOQ2kwcW1MMTJoTnJ0R2FiWVJFV2lyeTUya1d4MUFnWXprTHhINmdwbzNNaUE5cisremhubW9ZZEVKMCtKQ3c9PSIsImVwaGVtZXJhbF9wdWJsaWNfc2lnbmF0dXJlX2tleSI6IlhoM2kweERUcHIzSFh0QjJRNTE3UUt2M2F6TnpYTExYTWRKRFRTSDRiZDQ9IiwiZXBoZW1lcmFsX3ByaXZhdGVfc2lnbmF0dXJlX2tleSI6ImpFRFQ0d1FDYzFERndvZFhOUEhGQ2xuZFRQbkZ1Rm1YaEJ0K2lzS1U0WnBlSGVMVEVOT212Y2RlMEhaRG5YdEFxL2RyTTNOY3N0Y3gwa05OSWZodDNnPT0iLCJ1c2VyX3NlY3JldCI6IjdGU2YvbjBlNzZRVDNzMERrdmV0UlZWSmhYWkdFak94ajVFV0FGZXh2akk9In0="
 PROVISIONAL_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJlbWFpbCIsInZhbHVlIjoiYnJlbmRhbi5laWNoQHRhbmtlci5pbyIsInB1YmxpY19lbmNyeXB0aW9uX2tleSI6Ii8yajRkSTNyOFBsdkNOM3VXNEhoQTV3QnRNS09jQUNkMzhLNk4wcSttRlU9IiwicHJpdmF0ZV9lbmNyeXB0aW9uX2tleSI6IjRRQjVUV212Y0JyZ2V5RERMaFVMSU5VNnRicUFPRVE4djlwakRrUGN5YkE9IiwicHVibGljX3NpZ25hdHVyZV9rZXkiOiJXN1FFUUJ1OUZYY1hJcE9ncTYydFB3Qml5RkFicFQxckFydUQwaC9OclRBPSIsInByaXZhdGVfc2lnbmF0dXJlX2tleSI6IlVtbll1dmRUYUxZRzBhK0phRHBZNm9qdzQvMkxsOHpzbXJhbVZDNGZ1cVJidEFSQUc3MFZkeGNpazZDcnJhMC9BR0xJVUJ1bFBXc0N1NFBTSDgydE1BPT0ifQ=="
 PUBLIC_IDENTITY = "eyJ0YXJnZXQiOiJ1c2VyIiwidHJ1c3RjaGFpbl9pZCI6InRwb3h5TnpoMGhVOUcyaTlhZ012SHl5ZCtwTzZ6R0NqTzlCZmhyQ0xqZDQ9IiwidmFsdWUiOiJSRGEwZXE0WE51ajV0VjdoZGFwak94aG1oZVRoNFFCRE5weTRTdnk5WG9rPSJ9"
-USER_TOKEN = "eyJkZWxlZ2F0aW9uX3NpZ25hdHVyZSI6IlU5V1FvbEN2UnlqVDhvUjJQUW1kMVdYTkNpMHFtTDEyaE5ydEdhYllSRVdpcnk1MmtXeDFBZ1l6a0x4SDZncG8zTWlBOXIrK3pobm1vWWRFSjArSkN3PT0iLCJlcGhlbWVyYWxfcHJpdmF0ZV9zaWduYXR1cmVfa2V5IjoiakVEVDR3UUNjMURGd29kWE5QSEZDbG5kVFBuRnVGbVhoQnQraXNLVTRacGVIZUxURU5PbXZjZGUwSFpEblh0QXEvZHJNM05jc3RjeDBrTk5JZmh0M2c9PSIsImVwaGVtZXJhbF9wdWJsaWNfc2lnbmF0dXJlX2tleSI6IlhoM2kweERUcHIzSFh0QjJRNTE3UUt2M2F6TnpYTExYTWRKRFRTSDRiZDQ9IiwidXNlcl9pZCI6IlJEYTBlcTRYTnVqNXRWN2hkYXBqT3hobWhlVGg0UUJETnB5NFN2eTlYb2s9IiwidXNlcl9zZWNyZXQiOiI3RlNmL24wZTc2UVQzczBEa3ZldFJWVkpoWFpHRWpPeGo1RVdBRmV4dmpJPSJ9"
+PUBLIC_PROVISIONAL_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJlbWFpbCIsInZhbHVlIjoiYnJlbmRhbi5laWNoQHRhbmtlci5pbyIsInB1YmxpY19lbmNyeXB0aW9uX2tleSI6Ii8yajRkSTNyOFBsdkNOM3VXNEhoQTV3QnRNS09jQUNkMzhLNk4wcSttRlU9IiwicHVibGljX3NpZ25hdHVyZV9rZXkiOiJXN1FFUUJ1OUZYY1hJcE9ncTYydFB3Qml5RkFicFQxckFydUQwaC9OclRBPSJ9"
 
 
 def test_parse_valid_permanent_identity():
@@ -49,8 +49,12 @@ def test_parse_valid_public_identity():
     assert identity["value"] == HASHED_USER_ID
 
 
-def test_upgrade_user_token():
-    upgraded_identity = _deserialize_identity(upgrade_user_token(
-        TRUSTCHAIN["id"], USER_ID, USER_TOKEN))
-    permanent_identity = _deserialize_identity(PERMANENT_IDENTITY)
-    assert upgraded_identity == permanent_identity
+def test_parse_valid_public_provisional_identity():
+    identity = _deserialize_identity(PUBLIC_PROVISIONAL_IDENTITY)
+
+    assert identity["trustchain_id"] == TRUSTCHAIN["id"]
+    assert identity["target"] == "email"
+    assert identity["value"] == USER_EMAIL
+    assert identity["public_signature_key"] == 'W7QEQBu9FXcXIpOgq62tPwBiyFAbpT1rAruD0h/NrTA='
+    assert identity["public_encryption_key"] == '/2j4dI3r8PlvCN3uW4HhA5wBtMKOcACd38K6N0q+mFU='
+