Beispiel #1
0
    def test_jwt_authenticate(self):
        with app.test_request_context():
            user = UserFactory()
            db.session.add(user)
            db.session.commit()

            # Valid Authentication
            authenticated_user = jwt_authenticate(user.email, 'password')
            self.assertEqual(authenticated_user.email, user.email)

            # Invalid Authentication
            wrong_credential_user = jwt_authenticate(user.email, 'wrong_password')
            self.assertIsNone(wrong_credential_user)
Beispiel #2
0
    def test_jwt_authenticate(self):
        """Check JWTHelper: authenticate"""
        with app.test_request_context():
            mixer.init_app(app)
            user = mixer.blend(User)

            # Valid Authentication
            authenticated_user = jwt_authenticate(user.name, user.password)
            self.assertEqual(authenticated_user.name, user.name)

            # Invalid Authentication
            wrong_credential_user = jwt_authenticate(user.name, 'wrong_password')
            self.assertIsNone(wrong_credential_user)
Beispiel #3
0
    def test_jwt_authenticate(self):
        """Method to test jwt authentication"""

        with self.app.test_request_context():
            user = UserFactory()
            save_to_db(user)

            # Valid Authentication
            authenticated_user = jwt_authenticate(user.email, 'password')
            self.assertEqual(authenticated_user.email, user.email)

            # Invalid Authentication
            wrong_credential_user = jwt_authenticate(user.email, 'wrong_password')
            self.assertIsNone(wrong_credential_user)
Beispiel #4
0
def authenticate(allow_refresh_token=False, existing_identity=None):
    data = request.get_json()
    username = data.get('email', data.get('username'))
    password = data.get('password')
    criterion = [username, password]

    if not all(criterion):
        return jsonify(error='username or password missing'), 400

    identity = jwt_authenticate(username, password)
    if not identity or (existing_identity and identity != existing_identity):
        # For fresh login, credentials should match existing user
        return jsonify(error='Invalid Credentials'), 401

    remember_me = data.get('remember-me')
    include_in_response = data.get('include-in-response')
    add_refresh_token = allow_refresh_token and remember_me

    expiry_time = timedelta(minutes=90) if add_refresh_token else None
    access_token = create_access_token(identity.id,
                                       fresh=True,
                                       expires_delta=expiry_time)
    response_data = {'access_token': access_token}

    if add_refresh_token:
        refresh_token = create_refresh_token(identity.id)
        if include_in_response:
            response_data['refresh_token'] = refresh_token

    response = jsonify(response_data)

    if add_refresh_token and not include_in_response:
        set_refresh_cookies(response, refresh_token)

    return response
Beispiel #5
0
def login():
    data = request.get_json()
    username = data.get('email', data.get('username'))
    password = data.get('password')
    criterion = [username, password]

    if not all(criterion):
        return jsonify(error='username or password missing'), 400

    identity = jwt_authenticate(username, password)

    if identity:
        access_token = create_access_token(identity.id, fresh=True)
        return jsonify(access_token=access_token)
    else:
        return jsonify(error='Invalid Credentials'), 401