Extracted admin endpoints from chain_vault.py (2,178 lines) into
wallet_admin.py (768 lines). chain_vault.py is now 1,469 lines.
What moved to wallet_admin.py (29 routes):
- API keys: /api-keys, /api-keys/revoke
- Alerts: /alerts, /alerts/delete
- Webhooks: /webhooks, /webhooks/{id}, /webhooks/{id}/test,
/webhooks/{id}/retry, /webhooks/deliveries
- Audit trail: /audit-trail
- Bulk ops: /bulk/filter, /bulk/delete, /bulk/export, /export
- 2FA: /admin/2fa/{setup,verify-setup,disable,status}
- Config: /config
- Proof of Generation: /proof/{commit,provenance,verify,roots,stats}
What stayed in chain_vault.py (32 routes):
- Chain metadata: /chains, /stats, /healthz, /health-score
- RPC config: /rpc-chains
- Wallet gen: /generate, /generate/batch, /generate/all,
/import, /from-mnemonic, /derive-address, /hd-wallet
- Vault CRUD: /vault, /vault/{id}, /vault/{id}/full, DELETE
- Wallet ops: /tree, /cluster, /rotate, /rotate-sweep, /rotations,
/distribute, /sweep, /escrow, /escrow/release, /paper-wallet, /tx
- Validation: /validate/{chain}/{address}, /validate/all
- Balances: /balances, /balances/snapshot
- PDF: /paper-wallet/{id}/pdf, /wallet/{id}/birth-certificate
Helpers extracted to _persistent_store.py:
- _PersistentStore class (webhooks/alerts/payments SQLite store)
P3-7 fix: removed dead _webhooks global references in test/retry
endpoints — now uses _PersistentStore.all('webhooks')
Added to wallet_admin.py:
- _require_totp() helper (also kept in chain_vault.py for the
/vault/{id}/full endpoint that needs it)
- WebhookCreateRequest, BulkFilterRequest, BulkDeleteRequest models
(these were inlined in original chain_vault.py body — now in
the request schemas section)
P3-10 — WP plugin supported_chains() rewritten
Plugin used to advertise chains the backend doesn't support
('bitcoin' vs backend 'btc', 'ethereum' vs 'eth', etc.). Rewrote
to use correct backend keys + added a 'backend' field for clarity.
Now matches ADDRESS_GENERATION.md truth table.
main.py: updated import + include_router for wallet_admin.router.
Test results: 80 passed, 5 skipped (no regressions).
Refs: AUDIT.md P2-16, P3-7, P3-10, P3-17
127 lines
4.1 KiB
Python
127 lines
4.1 KiB
Python
"""Tests: vault storage, encryption, and schema migration."""
|
|
import os
|
|
import tempfile
|
|
from pathlib import Path
|
|
|
|
os.environ["WP_VAULT_PASSWORD"] = "test-vault-password"
|
|
os.environ["WP_DATA_DIR"] = tempfile.mkdtemp(prefix="wp_test_vault_")
|
|
|
|
from core.config import cfg
|
|
cfg._vault_password = os.environ["WP_VAULT_PASSWORD"]
|
|
|
|
from core.vault import Vault, WalletEntry
|
|
|
|
|
|
def _vault() -> Vault:
|
|
tmp = Path(tempfile.mkstemp(suffix=".db")[1])
|
|
v = Vault(tmp)
|
|
return v
|
|
|
|
|
|
def test_put_and_get():
|
|
v = _vault()
|
|
e = WalletEntry(id="test1", chain="eth", address="0xabc", label="test", tags=[], group="", created_at=100.0)
|
|
assert v.put(e)
|
|
got = v.get("test1")
|
|
assert got is not None
|
|
assert got.id == "test1"
|
|
assert got.chain == "eth"
|
|
assert got.address == "0xabc"
|
|
|
|
|
|
def test_get_missing():
|
|
v = _vault()
|
|
assert v.get("nonexistent") is None
|
|
|
|
|
|
def test_delete():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="del1", chain="sol", address="abc", label="", tags=[], group="", created_at=1.0))
|
|
assert v.delete("del1")
|
|
assert v.get("del1") is None
|
|
|
|
|
|
def test_count():
|
|
v = _vault()
|
|
assert v.count() == 0
|
|
v.put(WalletEntry(id="c1", chain="eth", address="0x1", label="", tags=[], group="", created_at=1.0))
|
|
v.put(WalletEntry(id="c2", chain="sol", address="abc", label="", tags=[], group="", created_at=2.0))
|
|
assert v.count() == 2
|
|
assert v.count(chain="eth") == 1
|
|
|
|
|
|
def test_list():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="l1", chain="btc", address="1abc", label="", tags=[], group="", created_at=3.0))
|
|
v.put(WalletEntry(id="l2", chain="btc", address="1def", label="", tags=[], group="", created_at=1.0))
|
|
wallets = v.list(chain="btc")
|
|
assert len(wallets) == 2
|
|
|
|
|
|
def test_rotation():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="r1", chain="eth", address="0xold", label="", tags=[], group="", created_at=1.0))
|
|
v.record_rotation("r1", "0xnew", reason="test")
|
|
rots = v.get_rotations("r1")
|
|
assert len(rots) == 1
|
|
assert rots[0]["new_address"] == "0xnew"
|
|
|
|
|
|
def test_search_by_address():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="s1", chain="eth", address="0xdeadbeef", label="vip", tags=[], group="", created_at=1.0))
|
|
v.put(WalletEntry(id="s2", chain="sol", address="0xdeadbeef", label="vip2", tags=[], group="", created_at=1.0))
|
|
results = v.search("eth")
|
|
assert len(results) >= 1, f"Expected at least 1 result, got {len(results)}"
|
|
|
|
|
|
def test_search_by_label():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="s2", chain="sol", address="abc123", label="my-trading-wallet", tags=[], group="", created_at=1.0))
|
|
results = v.search("trading")
|
|
assert len(results) >= 1, f"Expected at least 1 result, got {len(results)}"
|
|
|
|
|
|
def test_schema_version():
|
|
v = _vault()
|
|
conn = v._new_conn()
|
|
row = conn.execute("SELECT MAX(version) FROM _schema_version").fetchone()
|
|
conn.close()
|
|
assert row and row[0] == Vault.SCHEMA_VERSION
|
|
|
|
|
|
def test_encrypt_decrypt():
|
|
v = _vault()
|
|
encrypted = v.encrypt_key("my-secret-key")
|
|
assert encrypted != "my-secret-key"
|
|
decrypted = v.decrypt_key(encrypted)
|
|
assert decrypted == "my-secret-key"
|
|
|
|
|
|
def test_vault_requires_password():
|
|
passwd = os.environ.pop("WP_VAULT_PASSWORD", None)
|
|
tmp = Path(tempfile.mkstemp(suffix=".db")[1])
|
|
try:
|
|
cfg.clear_vault_password()
|
|
raised = False
|
|
try:
|
|
Vault(tmp)
|
|
except RuntimeError:
|
|
raised = True
|
|
assert raised, "Vault should raise RuntimeError without password"
|
|
finally:
|
|
if passwd:
|
|
os.environ["WP_VAULT_PASSWORD"] = passwd
|
|
cfg._vault_password = passwd
|
|
|
|
|
|
def test_stats():
|
|
v = _vault()
|
|
v.put(WalletEntry(id="st1", chain="eth", address="0x1", label="", tags=[], group="", created_at=1.0))
|
|
v.put(WalletEntry(id="st2", chain="sol", address="abc", label="", tags=[], group="", created_at=2.0))
|
|
v.put(WalletEntry(id="st3", chain="eth", address="0x2", label="", tags=[], group="", created_at=3.0))
|
|
stats = v.stats()
|
|
assert stats["total_wallets"] == 3
|
|
assert stats["chains_used"] == 2
|
|
assert stats["by_chain"]["eth"] == 2
|
|
assert stats["by_chain"]["sol"] == 1
|