def test_get_user_by_case_insensitive_nickname(self):
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('tobias'))
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('tobiaS'))
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('TobiaS'))
self.assertIsNone(
lib.get_user_by_case_insensitive_nickname('puh_der_bär'))
def test_get_user_by_private_or_public_nickname(self):
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('tobias'))
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('Antonia'))
self.assertIsNotNone(
lib.get_user_by_case_insensitive_nickname('Jutta'))
self.assertIsNone(
lib.get_user_by_case_insensitive_nickname('puh_der_bär'))
def login_local_user(nickname: str,
password: str,
mailer: Mailer,
lang='en') -> dict:
"""
Try to login the user whereby she is maybe a HHU-LDAP user or known locally
:param nickname: User.nickname
:param password: String
:param mailer: request.mailer
:param lang: current language
:return: dict() or HTTPFound if the user is logged in and it is not the api
"""
LOG.debug("Trying to login user: %s", nickname)
_tn = Translator(lang)
# now we have several options:
# 1. the user is unknown in our DB, maybe has HHU-LDAP account
# 2. oauth nickname
# 3. the user is known, but
# a) keep local
# b) keep in ldap
db_user = get_user_by_case_insensitive_nickname(nickname)
if not db_user: # this is 1.
return __register_user_with_ldap_data(mailer, nickname, password, _tn)
# this is 2.
if len(str(db_user.oauth_provider)) > 4 and len(
str(db_user.oauth_provider_id)) > 4: # >4 because len('None') is 4
return {'info': _tn.get(_.userIsOAuth)}
# this is 3.
return __check_in_local_known_user(db_user, password, _tn)
def __check_login_params(nickname, email, password,
passwordconfirm) -> Keywords:
db_nick1 = get_user_by_case_insensitive_nickname(nickname)
db_nick2 = get_user_by_case_insensitive_public_nickname(nickname)
db_mail = DBDiscussionSession.query(User).filter(
func.lower(User.email) == func.lower(email)).first()
is_mail_valid = validate_email(email, check_mx=True)
# are the password equal?
if not password == passwordconfirm:
LOG.debug("Passwords are not equal")
return _.pwdNotEqual
# empty password?
if len(password) <= 5:
LOG.debug("Password too short")
return _.pwdShort
# is the nick already taken?
if db_nick1 or db_nick2:
LOG.debug("Nickname '%s' is taken", nickname)
return _.nickIsTaken
# is the email already taken?
if db_mail:
LOG.debug("E-Mail '%s' is taken", email)
return _.mailIsTaken
if len(email) < 2 or not is_mail_valid:
LOG.debug("E-Mail '%s' is too short or not valid otherwise", email)
return _.mailNotValid
return None
def __check_login_params(nickname, email, password,
passwordconfirm) -> Keywords:
db_nick1 = get_user_by_case_insensitive_nickname(nickname)
db_nick2 = get_user_by_case_insensitive_public_nickname(nickname)
db_mail = DBDiscussionSession.query(User).filter(
func.lower(User.email) == func.lower(email)).first()
is_mail_valid = validate_email(email, check_mx=True)
# are the password equal?
if not password == passwordconfirm:
logger('Auth.Login', 'Passwords are not equal')
return _.pwdNotEqual
# empty password?
if len(password) <= 5:
logger('Auth.Login', 'Password too short')
return _.pwdShort
# is the nick already taken?
if db_nick1 or db_nick2:
logger('Auth.Login', 'Nickname \'' + nickname + '\' is taken')
return _.nickIsTaken
# is the email already taken?
if db_mail:
logger('Auth.Login', 'E-Mail \'' + email + '\' is taken')
return _.mailIsTaken
if len(email) < 2 or not is_mail_valid:
logger('Auth.Login',
'E-Mail \'' + email + '\' is too short or not valid')
return _.mailNotValid
return None
def __process_user_token(request, nickname, token):
log.info("[API] Login Attempt from user {}".format(nickname))
db_user = get_user_by_case_insensitive_nickname(nickname)
if not db_user.token or not db_user.token == token and not check_token(token):
add_error(request, "Invalid token", status_code=401, location="header")
return
request.validated['user'] = db_user
def check_auth_token(request, nickname: str, token: str) -> bool:
log.info("[API] Login attempt from user {}".format(nickname))
if is_api_token(token):
if check_api_token(token):
request.validated['user'] = get_user_by_case_insensitive_nickname(nickname)
request.validated['auth-by-api-token'] = True
return True
else:
add_error(request, "Invalid token", status_code=401, location="header")
return False
return check_jwt(request, token) and check_not_temporary_token(request)
def create_request_with_token_header(json_body=None,
match_dict=None,
nickname='Walter',
token='mytoken'):
token_to_database(get_user_by_case_insensitive_nickname(nickname), token)
request = construct_dummy_request(json_body=json_body,
match_dict=match_dict)
request.headers['X-Authentication'] = json.dumps({
'nickname': nickname,
'token': token
})
return request
def test_valid_token(self):
nickname = 'Walter'
token = 'mytoken'
token_to_database(get_user_by_case_insensitive_nickname(nickname),
token)
request = construct_dummy_request()
request.headers[self.header] = json.dumps({
'nickname': nickname,
'token': token
})
valid_token(request)
self.assertEqual(len(request.errors), 0)
self.assertIn('user', request.validated)
