def test_get_user_by_case_insensitive_nickname(self): self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('tobias')) self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('tobiaS')) self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('TobiaS')) self.assertIsNone( lib.get_user_by_case_insensitive_nickname('puh_der_bär'))
def test_get_user_by_private_or_public_nickname(self): self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('tobias')) self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('Antonia')) self.assertIsNotNone( lib.get_user_by_case_insensitive_nickname('Jutta')) self.assertIsNone( lib.get_user_by_case_insensitive_nickname('puh_der_bär'))
def login_local_user(nickname: str, password: str, mailer: Mailer, lang='en') -> dict: """ Try to login the user whereby she is maybe a HHU-LDAP user or known locally :param nickname: User.nickname :param password: String :param mailer: request.mailer :param lang: current language :return: dict() or HTTPFound if the user is logged in and it is not the api """ LOG.debug("Trying to login user: %s", nickname) _tn = Translator(lang) # now we have several options: # 1. the user is unknown in our DB, maybe has HHU-LDAP account # 2. oauth nickname # 3. the user is known, but # a) keep local # b) keep in ldap db_user = get_user_by_case_insensitive_nickname(nickname) if not db_user: # this is 1. return __register_user_with_ldap_data(mailer, nickname, password, _tn) # this is 2. if len(str(db_user.oauth_provider)) > 4 and len( str(db_user.oauth_provider_id)) > 4: # >4 because len('None') is 4 return {'info': _tn.get(_.userIsOAuth)} # this is 3. return __check_in_local_known_user(db_user, password, _tn)
def __check_login_params(nickname, email, password, passwordconfirm) -> Keywords: db_nick1 = get_user_by_case_insensitive_nickname(nickname) db_nick2 = get_user_by_case_insensitive_public_nickname(nickname) db_mail = DBDiscussionSession.query(User).filter( func.lower(User.email) == func.lower(email)).first() is_mail_valid = validate_email(email, check_mx=True) # are the password equal? if not password == passwordconfirm: LOG.debug("Passwords are not equal") return _.pwdNotEqual # empty password? if len(password) <= 5: LOG.debug("Password too short") return _.pwdShort # is the nick already taken? if db_nick1 or db_nick2: LOG.debug("Nickname '%s' is taken", nickname) return _.nickIsTaken # is the email already taken? if db_mail: LOG.debug("E-Mail '%s' is taken", email) return _.mailIsTaken if len(email) < 2 or not is_mail_valid: LOG.debug("E-Mail '%s' is too short or not valid otherwise", email) return _.mailNotValid return None
def __check_login_params(nickname, email, password, passwordconfirm) -> Keywords: db_nick1 = get_user_by_case_insensitive_nickname(nickname) db_nick2 = get_user_by_case_insensitive_public_nickname(nickname) db_mail = DBDiscussionSession.query(User).filter( func.lower(User.email) == func.lower(email)).first() is_mail_valid = validate_email(email, check_mx=True) # are the password equal? if not password == passwordconfirm: logger('Auth.Login', 'Passwords are not equal') return _.pwdNotEqual # empty password? if len(password) <= 5: logger('Auth.Login', 'Password too short') return _.pwdShort # is the nick already taken? if db_nick1 or db_nick2: logger('Auth.Login', 'Nickname \'' + nickname + '\' is taken') return _.nickIsTaken # is the email already taken? if db_mail: logger('Auth.Login', 'E-Mail \'' + email + '\' is taken') return _.mailIsTaken if len(email) < 2 or not is_mail_valid: logger('Auth.Login', 'E-Mail \'' + email + '\' is too short or not valid') return _.mailNotValid return None
def __process_user_token(request, nickname, token): log.info("[API] Login Attempt from user {}".format(nickname)) db_user = get_user_by_case_insensitive_nickname(nickname) if not db_user.token or not db_user.token == token and not check_token(token): add_error(request, "Invalid token", status_code=401, location="header") return request.validated['user'] = db_user
def check_auth_token(request, nickname: str, token: str) -> bool: log.info("[API] Login attempt from user {}".format(nickname)) if is_api_token(token): if check_api_token(token): request.validated['user'] = get_user_by_case_insensitive_nickname(nickname) request.validated['auth-by-api-token'] = True return True else: add_error(request, "Invalid token", status_code=401, location="header") return False return check_jwt(request, token) and check_not_temporary_token(request)
def create_request_with_token_header(json_body=None, match_dict=None, nickname='Walter', token='mytoken'): token_to_database(get_user_by_case_insensitive_nickname(nickname), token) request = construct_dummy_request(json_body=json_body, match_dict=match_dict) request.headers['X-Authentication'] = json.dumps({ 'nickname': nickname, 'token': token }) return request
def test_valid_token(self): nickname = 'Walter' token = 'mytoken' token_to_database(get_user_by_case_insensitive_nickname(nickname), token) request = construct_dummy_request() request.headers[self.header] = json.dumps({ 'nickname': nickname, 'token': token }) valid_token(request) self.assertEqual(len(request.errors), 0) self.assertIn('user', request.validated)