Skip to content

Commit 5739980

Browse files
authored
Merge pull request #24 from TankerHQ/max/drop-upgrade-user-token
Drop upgrade user token (+another test)
2 parents 207e921 + be9358f commit 5739980

6 files changed

Lines changed: 16 additions & 137 deletions

File tree

Changelog.rst

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
1.3.2
2+
===
3+
4+
* Drop upgrade_user_token
5+
16
1.3.1
27
===
38

README.rst

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -63,20 +63,6 @@ Return the public identity from an identity. This public identity can be used by
6363
**identity**
6464
A secret identity.
6565

66-
.. code-block:: python
67-
68-
tankersdk_identity.upgrade_user_token(app_id, user_id, user_token)
69-
70-
Return a Tanker identity from Tanker v1 user Token. Tanker v1 used a user token, when migrating to Tanker v2 you should use this function to migrate you used tokens to identities. This identity is secret and must only be given to a user who has been authenticated by your application. This identity is used by the Tanker client SDK to open a Tanker session
71-
72-
**app_id**
73-
The app ID. You can access it from the `Tanker dashboard <https://dashboard.tanker.io>`_.
74-
75-
**user_id**
76-
The ID of a user in your application.
77-
78-
**user_token**
79-
The Tanker v1 user token.
8066

8167
Going further
8268
-------------

tankersdk_identity/__init__.py

Lines changed: 0 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -43,30 +43,6 @@ def _deserialize_identity(identity):
4343
return json.loads(identity_json)
4444

4545

46-
def generate_user_token(app_id, app_secret, user_id):
47-
app_id_buf = base64.b64decode(app_id)
48-
secret_buf = base64.b64decode(app_secret)
49-
hashed_user_id = _hash_user_id(app_id_buf, user_id)
50-
51-
e_public_key, e_secret_key = tankersdk_identity.crypto.sign_keypair()
52-
to_sign = e_public_key + hashed_user_id
53-
delegation_signature = tankersdk_identity.crypto.sign_detached(to_sign, secret_buf)
54-
random_buf = os.urandom(USER_SECRET_SIZE - 1)
55-
hashed = tankersdk_identity.crypto.generichash(random_buf + hashed_user_id, size=CHECK_HASH_BLOCK_SIZE)
56-
user_secret = random_buf + bytearray([hashed[0]])
57-
58-
user_token = {
59-
"ephemeral_private_signature_key": base64.b64encode(e_secret_key).decode(),
60-
"ephemeral_public_signature_key": base64.b64encode(e_public_key).decode(),
61-
"user_id": base64.b64encode(hashed_user_id).decode(),
62-
"delegation_signature": base64.b64encode(delegation_signature).decode(),
63-
"user_secret": base64.b64encode(user_secret).decode(),
64-
}
65-
66-
as_json = json.dumps(user_token)
67-
return base64.b64encode(as_json.encode()).decode()
68-
69-
7046
def create_identity(app_id, app_secret, user_id):
7147
app_id_buf = base64.b64decode(app_id)
7248
secret_buf = base64.b64decode(app_secret)
@@ -138,25 +114,3 @@ def get_public_identity(identity):
138114
as_json = json.dumps(public_identity)
139115
return base64.b64encode(as_json.encode()).decode()
140116

141-
142-
def upgrade_user_token(app_id, user_id, user_token):
143-
app_id_buf = base64.b64decode(app_id)
144-
hashed_user_id = _hash_user_id(app_id_buf, user_id)
145-
token_json = base64.b64decode(user_token).decode()
146-
token_obj = json.loads(token_json)
147-
148-
if base64.b64encode(hashed_user_id).decode() != token_obj['user_id']:
149-
raise ValueError("Invalid user ID provided")
150-
151-
identity = {
152-
"trustchain_id": app_id,
153-
"target": "user",
154-
"value": token_obj["user_id"],
155-
"user_secret": token_obj["user_secret"],
156-
"ephemeral_public_signature_key": token_obj["ephemeral_public_signature_key"],
157-
"ephemeral_private_signature_key": token_obj["ephemeral_private_signature_key"],
158-
"delegation_signature": token_obj["delegation_signature"],
159-
}
160-
161-
as_json = json.dumps(identity)
162-
return base64.b64encode(as_json.encode()).decode()

tankersdk_identity/test/test_identity.py

Lines changed: 0 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -81,41 +81,6 @@ def test_public_identity_matches_full_identity(test_app):
8181
assert public_identity["value"] == identity["value"]
8282

8383

84-
def test_upgrade_token_ok(test_app):
85-
user_id = "up@gra.de"
86-
token = tankersdk_identity.generate_user_token(
87-
test_app["id"],
88-
test_app["secret"],
89-
user_id,
90-
)
91-
b64_identity = tankersdk_identity.upgrade_user_token(
92-
test_app["id"],
93-
user_id,
94-
token,
95-
)
96-
identity = _deserialize_identity(b64_identity)
97-
delegation_signature = base64.b64decode(identity["delegation_signature"])
98-
99-
assert identity["trustchain_id"] == test_app["id"]
100-
check_user_secret(identity, "value")
101-
check_signature(test_app["public_key"], identity, delegation_signature, "value")
102-
103-
104-
def test_upgarde_bad_user_id(test_app):
105-
user_id = "up@gra.de"
106-
token = tankersdk_identity.generate_user_token(
107-
test_app["id"],
108-
test_app["secret"],
109-
user_id,
110-
)
111-
with pytest.raises(ValueError):
112-
tankersdk_identity.upgrade_user_token(
113-
test_app["id"],
114-
"ot@her.id",
115-
token,
116-
)
117-
118-
11984
def test_get_public_from_bad_identity():
12085
fake_id = base64.b64encode(json.dumps({"target": "stuffs"}).encode()).decode()
12186
with pytest.raises(ValueError):

tankersdk_identity/test/test_user_token.py

Lines changed: 0 additions & 35 deletions
This file was deleted.

tankersdk_identity/test/test_vectors.py

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
import base64
22
import json
33

4-
from tankersdk_identity import _hash_user_id, upgrade_user_token, _deserialize_identity
4+
from tankersdk_identity import _hash_user_id, _deserialize_identity
55

66
TRUSTCHAIN = {
77
"id": "tpoxyNzh0hU9G2i9agMvHyyd+pO6zGCjO9BfhrCLjd4=",
@@ -14,7 +14,7 @@
1414
PERMANENT_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJ1c2VyIiwidmFsdWUiOiJSRGEwZXE0WE51ajV0VjdoZGFwak94aG1oZVRoNFFCRE5weTRTdnk5WG9rPSIsImRlbGVnYXRpb25fc2lnbmF0dXJlIjoiVTlXUW9sQ3ZSeWpUOG9SMlBRbWQxV1hOQ2kwcW1MMTJoTnJ0R2FiWVJFV2lyeTUya1d4MUFnWXprTHhINmdwbzNNaUE5cisremhubW9ZZEVKMCtKQ3c9PSIsImVwaGVtZXJhbF9wdWJsaWNfc2lnbmF0dXJlX2tleSI6IlhoM2kweERUcHIzSFh0QjJRNTE3UUt2M2F6TnpYTExYTWRKRFRTSDRiZDQ9IiwiZXBoZW1lcmFsX3ByaXZhdGVfc2lnbmF0dXJlX2tleSI6ImpFRFQ0d1FDYzFERndvZFhOUEhGQ2xuZFRQbkZ1Rm1YaEJ0K2lzS1U0WnBlSGVMVEVOT212Y2RlMEhaRG5YdEFxL2RyTTNOY3N0Y3gwa05OSWZodDNnPT0iLCJ1c2VyX3NlY3JldCI6IjdGU2YvbjBlNzZRVDNzMERrdmV0UlZWSmhYWkdFak94ajVFV0FGZXh2akk9In0="
1515
PROVISIONAL_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJlbWFpbCIsInZhbHVlIjoiYnJlbmRhbi5laWNoQHRhbmtlci5pbyIsInB1YmxpY19lbmNyeXB0aW9uX2tleSI6Ii8yajRkSTNyOFBsdkNOM3VXNEhoQTV3QnRNS09jQUNkMzhLNk4wcSttRlU9IiwicHJpdmF0ZV9lbmNyeXB0aW9uX2tleSI6IjRRQjVUV212Y0JyZ2V5RERMaFVMSU5VNnRicUFPRVE4djlwakRrUGN5YkE9IiwicHVibGljX3NpZ25hdHVyZV9rZXkiOiJXN1FFUUJ1OUZYY1hJcE9ncTYydFB3Qml5RkFicFQxckFydUQwaC9OclRBPSIsInByaXZhdGVfc2lnbmF0dXJlX2tleSI6IlVtbll1dmRUYUxZRzBhK0phRHBZNm9qdzQvMkxsOHpzbXJhbVZDNGZ1cVJidEFSQUc3MFZkeGNpazZDcnJhMC9BR0xJVUJ1bFBXc0N1NFBTSDgydE1BPT0ifQ=="
1616
PUBLIC_IDENTITY = "eyJ0YXJnZXQiOiJ1c2VyIiwidHJ1c3RjaGFpbl9pZCI6InRwb3h5TnpoMGhVOUcyaTlhZ012SHl5ZCtwTzZ6R0NqTzlCZmhyQ0xqZDQ9IiwidmFsdWUiOiJSRGEwZXE0WE51ajV0VjdoZGFwak94aG1oZVRoNFFCRE5weTRTdnk5WG9rPSJ9"
17-
USER_TOKEN = "eyJkZWxlZ2F0aW9uX3NpZ25hdHVyZSI6IlU5V1FvbEN2UnlqVDhvUjJQUW1kMVdYTkNpMHFtTDEyaE5ydEdhYllSRVdpcnk1MmtXeDFBZ1l6a0x4SDZncG8zTWlBOXIrK3pobm1vWWRFSjArSkN3PT0iLCJlcGhlbWVyYWxfcHJpdmF0ZV9zaWduYXR1cmVfa2V5IjoiakVEVDR3UUNjMURGd29kWE5QSEZDbG5kVFBuRnVGbVhoQnQraXNLVTRacGVIZUxURU5PbXZjZGUwSFpEblh0QXEvZHJNM05jc3RjeDBrTk5JZmh0M2c9PSIsImVwaGVtZXJhbF9wdWJsaWNfc2lnbmF0dXJlX2tleSI6IlhoM2kweERUcHIzSFh0QjJRNTE3UUt2M2F6TnpYTExYTWRKRFRTSDRiZDQ9IiwidXNlcl9pZCI6IlJEYTBlcTRYTnVqNXRWN2hkYXBqT3hobWhlVGg0UUJETnB5NFN2eTlYb2s9IiwidXNlcl9zZWNyZXQiOiI3RlNmL24wZTc2UVQzczBEa3ZldFJWVkpoWFpHRWpPeGo1RVdBRmV4dmpJPSJ9"
17+
PUBLIC_PROVISIONAL_IDENTITY = "eyJ0cnVzdGNoYWluX2lkIjoidHBveHlOemgwaFU5RzJpOWFnTXZIeXlkK3BPNnpHQ2pPOUJmaHJDTGpkND0iLCJ0YXJnZXQiOiJlbWFpbCIsInZhbHVlIjoiYnJlbmRhbi5laWNoQHRhbmtlci5pbyIsInB1YmxpY19lbmNyeXB0aW9uX2tleSI6Ii8yajRkSTNyOFBsdkNOM3VXNEhoQTV3QnRNS09jQUNkMzhLNk4wcSttRlU9IiwicHVibGljX3NpZ25hdHVyZV9rZXkiOiJXN1FFUUJ1OUZYY1hJcE9ncTYydFB3Qml5RkFicFQxckFydUQwaC9OclRBPSJ9"
1818

1919

2020
def test_parse_valid_permanent_identity():
@@ -49,8 +49,12 @@ def test_parse_valid_public_identity():
4949
assert identity["value"] == HASHED_USER_ID
5050

5151

52-
def test_upgrade_user_token():
53-
upgraded_identity = _deserialize_identity(upgrade_user_token(
54-
TRUSTCHAIN["id"], USER_ID, USER_TOKEN))
55-
permanent_identity = _deserialize_identity(PERMANENT_IDENTITY)
56-
assert upgraded_identity == permanent_identity
52+
def test_parse_valid_public_provisional_identity():
53+
identity = _deserialize_identity(PUBLIC_PROVISIONAL_IDENTITY)
54+
55+
assert identity["trustchain_id"] == TRUSTCHAIN["id"]
56+
assert identity["target"] == "email"
57+
assert identity["value"] == USER_EMAIL
58+
assert identity["public_signature_key"] == 'W7QEQBu9FXcXIpOgq62tPwBiyFAbpT1rAruD0h/NrTA='
59+
assert identity["public_encryption_key"] == '/2j4dI3r8PlvCN3uW4HhA5wBtMKOcACd38K6N0q+mFU='
60+

0 commit comments

Comments
 (0)