def test_reset_password(key_values_service, user_claim, client, app, users, mocker):
with app.app_context():
user = users[1]
token_response = _create_token(client, user.email_address)
assert token_response.status_code == 200
claim = _get_token(user.email_address)
old_password = user.password
new_password = '******'
assert old_password != new_password
key_values_service.get_by_key.return_value = {'data': {'age': 3600}}
response = client.post(
'/2/reset-password/{}?e={}'.format(claim.token, user.email_address),
data=json.dumps({
'email_address': user.email_address,
'user_id': user.id,
'password': '******',
'confirmPassword': '******'
}),
content_type='application/json')
assert response.status_code == 200
data = json.loads(response.data)
assert data['message'] == 'User with email {}, successfully updated their password'.format(user.email_address)
user = User.query.filter(
User.email_address == user.email_address).first()
assert encryption.authenticate_user(new_password, user)
assert not encryption.authenticate_user(old_password, user)
def test_reset_password(client, users):
user = users[1]
token_response = _create_token(client, user.email_address, 'orams')
assert token_response.status_code == 200
token = json.loads(token_response.data)['token']
old_password = user.password
new_password = '******'
assert old_password != new_password
response = client.post('/2/reset-password/{}'.format(token),
data=json.dumps({
'email_address': user.email_address,
'user_id': user.id,
'password': '******',
'confirmPassword': '******'
}),
content_type='application/json')
assert response.status_code == 200
data = json.loads(response.data)
assert data[
'message'] == 'User with email {}, successfully updated their password'.format(
user.email_address)
user = User.query.filter(User.email_address == user.email_address).first()
assert encryption.authenticate_user(new_password, user)
assert not encryption.authenticate_user(old_password, user)
def login():
"""Login user
---
tags:
- auth
security:
- basicAuth: []
consumes:
- application/json
parameters:
- name: body
in: body
required: true
schema:
id: LoginUser
required:
- emailAddress
- password
properties:
emailAddress:
type: string
password:
type: string
responses:
200:
description: User
schema:
$ref: '#/definitions/UserInfo'
"""
json_payload = request.get_json()
email_address = json_payload.get('emailAddress', None)
user = User.get_by_email_address(email_address.lower())
if user is None or (user.supplier and user.supplier.status == 'deleted'):
return jsonify(message='User does not exist'), 403
elif encryption.authenticate_user(json_payload.get('password', None),
user) and user.active:
user.logged_in_at = datetime.utcnow()
user.failed_login_count = 0
db.session.add(user)
db.session.commit()
if '_csrf_token' in session:
session.pop('_csrf_token')
if 'csrf' in session:
session.pop('csrf')
if current_app.config['REDIS_SESSIONS']:
session.regenerate()
login_user(user)
loaded_user = load_user(user.id)
return jsonify(user_info(loaded_user))
else:
user.failed_login_count += 1
db.session.add(user)
db.session.commit()
return jsonify(message="Could not authorize user"), 403
def load_user_from_request(request):
if not current_app.config.get('BASIC_AUTH'):
return None
payload = get_token_from_headers(request.headers)
if payload is None:
return None
email_address, password = b64decode(payload).split(':', 1)
user = User.get_by_email_address(email_address.lower())
if user is not None:
if encryption.authenticate_user(password, user):
user = LoginUser(user.id, user.email_address, user.supplier_code,
None, user.locked, user.active, user.name,
user.role, user.terms_accepted_at,
user.application_id, user.frameworks)
return user
def auth_user():
json_payload = get_json_from_request()
json_has_required_keys(json_payload, ["authUsers"])
json_payload = json_payload["authUsers"]
validate_user_auth_json_or_400(json_payload)
email_address = json_payload.get('email_address', None)
if email_address is None:
# will remove camel case email address with future api
email_address = json_payload.get('emailAddress', None)
user = User.query.options(
joinedload('supplier'),
noload('supplier.*'),
joinedload('application'),
noload('application.*'),
noload('*')
).filter(
User.email_address == email_address.lower()
).first()
if user is None or (user.supplier and user.supplier.status == 'deleted'):
return jsonify(authorization=False), 404
elif encryption.authenticate_user(json_payload['password'], user) and user.active:
user.logged_in_at = datetime.utcnow()
user.failed_login_count = 0
db.session.add(user)
db.session.commit()
validation_result = None
if user.role == 'supplier':
messages = supplier_business.get_supplier_messages(user.supplier_code, False)
validation_result = (
messages._asdict() if messages else None
)
return jsonify(users=user.serialize(), validation_result=validation_result), 200
else:
user.failed_login_count += 1
db.session.add(user)
db.session.commit()
return jsonify(authorization=False), 403
def auth_user():
json_payload = get_json_from_request()
json_has_required_keys(json_payload, ["authUsers"])
json_payload = json_payload["authUsers"]
validate_user_auth_json_or_400(json_payload)
email_address = json_payload.get('email_address', None)
if email_address is None:
# will remove camel case email address with future api
email_address = json_payload.get('emailAddress', None)
user = User.query.options(
joinedload('supplier'),
noload('supplier.*'),
joinedload('application'),
noload('application.*'),
noload('*')
).filter(
User.email_address == email_address.lower()
).first()
if user is None or (user.supplier and user.supplier.status == 'deleted'):
return jsonify(authorization=False), 404
elif encryption.authenticate_user(json_payload['password'], user) and user.active:
user.logged_in_at = datetime.utcnow()
user.failed_login_count = 0
db.session.add(user)
db.session.commit()
validation_result = None
if user.role == 'supplier':
messages = supplier_business.get_supplier_messages(user.supplier_code, False)
validation_result = (
messages._asdict() if messages else None
)
return jsonify(users=user.serialize(), validation_result=validation_result), 200
else:
user.failed_login_count += 1
db.session.add(user)
db.session.commit()
return jsonify(authorization=False), 403
def test_authenticate_user(user_is_locked, expected_auth_result):
password = "******"
password_hash = hashpw(password)
mock_user = mock.Mock(password=password_hash, locked=user_is_locked)
assert authenticate_user(password, mock_user) == expected_auth_result
