51c9b0a99a
Critical fixes:
- Fix admin_delete_user missing current_user_id argument (TypeError on every delete)
- Fix self-signed cert OOM: bytes(2130706433) → IPv4Address("127.0.0.1")
- Add @login_required to attestation routes (attest, log); verify stays public
- Add auth guards to fieldkit (@admin_required on killswitch) and keys blueprints
- Fix cleanup_temp_files NameError in generate() route
Security hardening:
- Unify temp storage to ~/.soosef/temp/ so killswitch purge covers web uploads
- Replace Path.unlink() with secure deletion (shred fallback) in temp_storage
- Add structured audit log (audit.jsonl) for admin, key, and killswitch actions
New features:
- Dead man's switch background enforcement thread in serve + check-deadman CLI
- Key rotation: soosef keys rotate-identity/rotate-channel with archiving
- Batch attestation: soosef attest batch <dir> with progress and error handling
- Geofence CLI: set/check/clear commands with config persistence
- USB CLI: snapshot/check commands against device whitelist
- Verification receipt download (/verify/receipt JSON endpoint + UI button)
- IdentityInfo.created_at populated from sidecar meta.json (mtime fallback)
Data layer:
- ChainStore.get() now O(1) via byte-offset index built during state rebuild
- Add federation module (chain, models, serialization, entropy)
Includes 45+ new tests across chain, deadman, key rotation, killswitch, and
serialization modules.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
38 lines
1016 B
Python
38 lines
1016 B
Python
"""Shared test fixtures for SooSeF tests."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
|
|
|
|
|
|
@pytest.fixture()
|
|
def tmp_soosef_dir(tmp_path: Path, monkeypatch: pytest.MonkeyPatch) -> Path:
|
|
"""Set SOOSEF_DATA_DIR to a temporary directory.
|
|
|
|
This must be used before importing any module that reads soosef.paths
|
|
at import time. For modules that read paths lazily (most of them),
|
|
monkeypatching the paths module directly is more reliable.
|
|
"""
|
|
data_dir = tmp_path / ".soosef"
|
|
data_dir.mkdir()
|
|
monkeypatch.setenv("SOOSEF_DATA_DIR", str(data_dir))
|
|
return data_dir
|
|
|
|
|
|
@pytest.fixture()
|
|
def chain_dir(tmp_path: Path) -> Path:
|
|
"""A temporary chain directory."""
|
|
d = tmp_path / "chain"
|
|
d.mkdir()
|
|
return d
|
|
|
|
|
|
@pytest.fixture()
|
|
def private_key() -> Ed25519PrivateKey:
|
|
"""A fresh Ed25519 private key for testing."""
|
|
return Ed25519PrivateKey.generate()
|