def validate_credentials():
try:
auth_header = request.headers.get("Authorization")
if not auth_header or "Bearer" not in auth_header:
return "Bad authorization header", 403
auth_header_data = auth_header.split(" ")
if not len(auth_header_data) == 2:
return "Bad authorization header", 401
query = Query('authentication')
_, token = auth_header_data
decoded_data = jwt.decode(token, JWT_SECRET_KEY)
username = decoded_data.get('username')
password = decoded_data.get('password')
user = query.select().where(username=username, password=password).get()
if len(user) == 0:
return "User was not found", 404
except Exception:
return "Token is invalid", 403
def test_selecting_with_conditions_returns_nothing_because_of_incorrect_value(self):
query = Query("authentication")
records = query.select().where(username="******", password="******").get()
self.assertIsInstance(records, list)
self.assertListEqual(records, [])
def get(self, employee_id=None):
if employee_id is None:
query = Query("employees")
employees = query.select().get()
return json.dumps(employees)
payment = Payment()
payments = payment.get_employee_reports(employee_id)
return json.dumps(payments)
def get_employee_reports(self, employee_id):
query = Query("pays")
payment_records = query.select().where(employee_id=employee_id).get()
financial_year_payments = self.separate_payments_by_financial_year(
payment_records)
return [
self.compress_financial_year_records(year)
for year in financial_year_payments
]
def test_selecting_with_multiple_conditions(self):
query = Query("authentication")
records = query.select().where(username="******", password="******", is_locked="Y").get()
self.assertIsInstance(records, list)
self.assertDictEqual(records[0], {
"username": "******",
"password": "******",
"is_locked": "Y",
"failed_attempts": "0"
})
def test_selecting_with_conditions_username_only(self):
query = Query("authentication")
records = query.select().where(username="******").get()
self.assertIsInstance(records, list)
self.assertIsInstance(records[0], dict)
self.assertDictEqual(records[0], {
"username": "******",
"password": "******",
"is_locked": "N",
"failed_attempts": "0"
})
def test_select_method(self):
query = Query("authentication")
records = query.select()
self.assertIsInstance(records, Query)
records = records.results
self.assertIsInstance(records, list)
self.assertIsInstance(records[0], dict)
self.assertDictEqual(records[0], {
"username": "******",
"password": "******",
"is_locked": "N",
"failed_attempts": "0"
})
def post(self):
try:
login_payload = parser.parse_args()
username = login_payload.get('username', None)
password = login_payload.get('password', None)
if username is None:
return "No username was provided", 401
query = Query("authentication")
user = query.select().where(username=username)
user_data = user.get()[0]
if user_data['is_locked'] == "Y":
return "Account is locked", 403
if user_data['password'] != password:
attempts = int(user_data['failed_attempts']) + 1
if attempts == 3:
user.update(is_locked="Y", failed_attempts=str(attempts))
else:
user.update(failed_attempts=str(attempts))
return "Incorrect username/password combination", 401
return json.dumps({
"token":
get_jwt_token({
'username': username,
'password': password
}),
"username":
username
}), 200
except Exception as error:
return error, 500
def get_employee_payments(self, employee_id):
query = Query("pays")
payment_records = query.select().where(employee_id=employee_id).get()
return payment_records
def test_get_method(self, query_mock):
query = Query("authentication")
query_mock.return_value = []
self.assertListEqual(query.select().get(), [])