From 61b9a00cea8e96cdda7e644703d3ab5adab8757f Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Mon, 4 Mar 2024 13:15:02 +0400
Subject: [PATCH 1/5] ci: run pytest and coverage as part of nix flake check in
 VM

---
 .drone.yml | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index fff99ae..19a6610 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -5,13 +5,7 @@ name: default
 steps:
 - name: Run Tests and Generate Coverage Report
   commands:
-  - kill $(ps aux | grep 'redis-server 127.0.0.1:6389' | awk '{print $2}') || true
-  - redis-server --bind 127.0.0.1 --port 6389 >/dev/null &
-  # We do not care about persistance on CI
-  - sleep 10
-  - redis-cli -h 127.0.0.1 -p 6389 config set stop-writes-on-bgsave-error no
-  - coverage run -m pytest -q
-  - coverage xml
+  - nix flake check -L
   - sonar-scanner -Dsonar.projectKey=SelfPrivacy-REST-API -Dsonar.sources=. -Dsonar.host.url=http://analyzer.lan:9000 -Dsonar.login="$SONARQUBE_TOKEN"
   environment:
     SONARQUBE_TOKEN:

From 2d5ac51c06e4df8c2df8ea0e06bc18ff998d7bb0 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Fri, 8 Mar 2024 15:40:02 +0300
Subject: [PATCH 2/5] fix: future mock are now more in the future

---
 tests/common.py                                 | 16 ++++++++--------
 tests/test_graphql/test_api_recovery.py         | 12 ++++++------
 tests/test_repository/test_tokens_repository.py |  2 +-
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/tests/common.py b/tests/common.py
index ae3f0d0..09a9cd5 100644
--- a/tests/common.py
+++ b/tests/common.py
@@ -7,16 +7,16 @@ RECOVERY_KEY_VALIDATION_DATETIME = "selfprivacy_api.models.tokens.time.datetime"
 DEVICE_KEY_VALIDATION_DATETIME = RECOVERY_KEY_VALIDATION_DATETIME
 
 
-def ten_minutes_into_future_naive():
-    return datetime.now() + timedelta(minutes=10)
+def ten_hours_into_future_naive():
+    return datetime.now() + timedelta(hours=10)
 
 
-def ten_minutes_into_future_naive_utc():
-    return datetime.utcnow() + timedelta(minutes=10)
+def ten_hours_into_future_naive_utc():
+    return datetime.utcnow() + timedelta(hours=10)
 
 
-def ten_minutes_into_future():
-    return datetime.now(timezone.utc) + timedelta(minutes=10)
+def ten_hours_into_future():
+    return datetime.now(timezone.utc) + timedelta(hours=10)
 
 
 def ten_minutes_into_past_naive():
@@ -34,11 +34,11 @@ def ten_minutes_into_past():
 class NearFuture(datetime):
     @classmethod
     def now(cls, tz=None):
-        return datetime.now(tz) + timedelta(minutes=13)
+        return datetime.now(tz) + timedelta(hours=13)
 
     @classmethod
     def utcnow(cls):
-        return datetime.utcnow() + timedelta(minutes=13)
+        return datetime.utcnow() + timedelta(hours=13)
 
 
 def read_json(file_path):
diff --git a/tests/test_graphql/test_api_recovery.py b/tests/test_graphql/test_api_recovery.py
index ea44640..02bb630 100644
--- a/tests/test_graphql/test_api_recovery.py
+++ b/tests/test_graphql/test_api_recovery.py
@@ -14,9 +14,9 @@ from tests.common import (
 )
 
 # Graphql API's output should be timezone-naive
-from tests.common import ten_minutes_into_future_naive_utc as ten_minutes_into_future
-from tests.common import ten_minutes_into_future as ten_minutes_into_future_tz
-from tests.common import ten_minutes_into_past_naive_utc as ten_minutes_into_past
+from tests.common import ten_hours_into_future_naive_utc as ten_hours_into_future
+from tests.common import ten_hours_into_future as ten_hours_into_future_tz
+from tests.common import ten_minutes_into_past_naive_utc as ten_hours_into_past
 
 from tests.test_graphql.common import (
     assert_empty,
@@ -168,7 +168,7 @@ def test_graphql_generate_recovery_key(client, authorized_client):
 
 
 @pytest.mark.parametrize(
-    "expiration_date", [ten_minutes_into_future(), ten_minutes_into_future_tz()]
+    "expiration_date", [ten_hours_into_future(), ten_hours_into_future_tz()]
 )
 def test_graphql_generate_recovery_key_with_expiration_date(
     client, authorized_client, expiration_date: datetime
@@ -193,7 +193,7 @@ def test_graphql_generate_recovery_key_with_expiration_date(
 
 
 def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mocker):
-    expiration_date = ten_minutes_into_future()
+    expiration_date = ten_hours_into_future()
     key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)
 
     # Timewarp to after it expires
@@ -219,7 +219,7 @@ def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mo
 
 
 def test_graphql_generate_recovery_key_with_expiration_in_the_past(authorized_client):
-    expiration_date = ten_minutes_into_past()
+    expiration_date = ten_hours_into_past()
     response = request_make_new_recovery_key(
         authorized_client, expires_at=expiration_date
     )
diff --git a/tests/test_repository/test_tokens_repository.py b/tests/test_repository/test_tokens_repository.py
index 0ffc76b..999a813 100644
--- a/tests/test_repository/test_tokens_repository.py
+++ b/tests/test_repository/test_tokens_repository.py
@@ -24,7 +24,7 @@ from selfprivacy_api.repositories.tokens.abstract_tokens_repository import (
     AbstractTokensRepository,
 )
 
-from tests.common import ten_minutes_into_past, ten_minutes_into_future
+from tests.common import ten_minutes_into_past, ten_hours_into_future
 
 
 ORIGINAL_DEVICE_NAMES = [

From bda21b750720e7b0584208a076c29bc98add9a4a Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Fri, 8 Mar 2024 16:07:45 +0300
Subject: [PATCH 3/5] fix: Mark md5 as not used for security

---
 selfprivacy_api/repositories/tokens/redis_tokens_repository.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selfprivacy_api/repositories/tokens/redis_tokens_repository.py b/selfprivacy_api/repositories/tokens/redis_tokens_repository.py
index 834794c..35ff1da 100644
--- a/selfprivacy_api/repositories/tokens/redis_tokens_repository.py
+++ b/selfprivacy_api/repositories/tokens/redis_tokens_repository.py
@@ -30,7 +30,7 @@ class RedisTokensRepository(AbstractTokensRepository):
 
     @staticmethod
     def token_key_for_device(device_name: str):
-        md5_hash = md5()
+        md5_hash = md5(usedforsecurity=False)
         md5_hash.update(bytes(device_name, "utf-8"))
         digest = md5_hash.hexdigest()
         return TOKENS_PREFIX + digest

From 53ec774c90b6e908f44395df597f5300b52d1304 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Fri, 15 Mar 2024 15:58:42 +0400
Subject: [PATCH 4/5] flake: VM test: remove Redis service port number setting

---
 flake.nix | 1 -
 1 file changed, 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index eeb9f46..fee8e79 100644
--- a/flake.nix
+++ b/flake.nix
@@ -135,7 +135,6 @@
               services.redis.servers.sp-api = {
                 enable = true;
                 save = [ ];
-                port = 6379; # FIXME
                 settings.notify-keyspace-events = "KEA";
               };
               environment.systemPackages = with pkgs; [

From 5e29816c84b86b8ea9dd925f367789802a730055 Mon Sep 17 00:00:00 2001
From: Alexander Tomokhov <alexoundos@selfprivacy.org>
Date: Sat, 16 Mar 2024 00:18:01 +0400
Subject: [PATCH 5/5] ci: delete USE_REDIS_PORT environment variable

---
 .drone.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 19a6610..2be4c77 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -10,7 +10,6 @@ steps:
   environment:
     SONARQUBE_TOKEN:
       from_secret: SONARQUBE_TOKEN
-    USE_REDIS_PORT: 6389
 
 
 - name: Run Bandit Checks