async def me(credentials: HTTPAuthorizationCredentials = Security(
HTTPBearer())):
"""
Presents info encoded in the JWT token. The token itself
is verified by the JWTBearer class through dependency
injection. Execution of this route's functions means
the token has already been validated.
"""
decoded_token = decode_token(credentials.credentials)
exp = datetime.utcfromtimestamp(
decoded_token.get("exp")).strftime('%Y-%m-%dT%H:%M:%SZ')
return f"""
def validate_token(header):
"""
validates that the token exists and isn't expired
:param header:
:return:
"""
# split where there is a space in the String - returns a list,( index 0 is Bearer),only return index 1 the token
query = db.session.execute(
"SELECT ut.* FROM user_tokens ut WHERE ut.token = :token ORDER BY ut.date_created DESC LIMIT 1",
{'token': header.split(' ')[1]})
token_dict = query.fetchone() #fetching one token
#if there is no token, abort
if token_dict is None:
abort(401, 'Token Not Exist')
#else set token dict
else:
token_dict = dict(token_dict)
#if the token expiration date is less than today's date, it has expired, abort
if token_dict['expires'] < datetime.date.today():
raise Exception('Expired token')
decoded = auth.decode_token(header)
return decoded # user dict
def test_decode_token_invalid_input_4(mocked_fetch_public_key_2,
mocked_get_audiences):
"""Test the invalid input handling during token decoding."""
with pytest.raises(Exception):
assert decode_token("Bearer ") is None
def test_decode_token_invalid_input_1(mocked_fetch_public_key_1,
mocked_get_audiences):
"""Test the invalid input handling during token decoding."""
assert decode_token(None) == {}
def test_decode_token_invalid_input_6(mocked_fetch_public_key_3,
mocked_get_audiences):
"""Test the handling wrong JWT tokens."""
payload = {'some': 'payload', 'aud': 'foo:bar'}
token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256').decode("utf-8")
assert decode_token(token) is not None
def test_decode_token_invalid_input_5(mocked_fetch_public_key_2,
mocked_get_audiences):
"""Test the handling wrong JWT tokens."""
with pytest.raises(Exception):
assert decode_token("Bearer something") is None
def check_user_exists(token):
"""Checks if the user exists using their back-end token"""
return any(list(map(lambda back_end: \
auth.decode_token(back_end["jwt_token"])["token"] == token, data["back-end"])))
def get_user_id(token):
"""Obtain the u_id with the given token"""
user_id = [back_end["u_id"] for back_end in data["back-end"] \
if auth.decode_token(back_end["jwt_token"])["token"] == token][0]
return user_id
def test_decode_token_invalid_input_1(_mocked_fetch_public_key,
_mocked_get_audiences):
"""Test the invalid input handling during token decoding."""
with pytest.raises(Exception):
assert decode_token(None) == {}
