def before_request():
"""Before the request we're doing some authentication.
"""
# if the client is sending data to the server, verify it is valid json
if request.method in ['POST', 'PUT']:
# check for the json content-type
content_type = request.headers.get('Content-Type')
if not content_type or content_type != 'application/json':
return jsonify(message=strings.API_NOT_JSON_TYPE), 400
req_json = request.get_json(silent=True)
if not req_json:
return jsonify(message=strings.API_INVALID_JSON), 400
# if the client is trying to log in, don't enforce a token
if request.path == AUTHENTICATION_ROUTE:
return
# possibly get the token from the request headers
token = request.headers.get(TOKEN_HEADER_KEY)
# if they didn't supply a request token
if token is None:
return jsonify(message=strings.API_MISSING_TOKEN), 401
# validate the token
valid = AuthService.verify_token(token)
if not valid:
return jsonify(message=strings.API_BAD_TOKEN), 401
def before_request():
"""Before the request we're doing some authentication.
"""
# if the client is sending data to the server, verify it is valid json
if request.method in ['POST', 'PUT']:
# check for the json content-type
content_type = request.headers.get('Content-Type')
if not content_type or content_type != 'application/json':
return jsonify(message=strings.API_NOT_JSON_TYPE), 400
req_json = request.get_json(silent=True)
if not req_json:
return jsonify(message=strings.API_INVALID_JSON), 400
# if the client is trying to log in, don't enforce a token
if request.path == AUTHENTICATION_ROUTE:
return
# possibly get the token from the request headers
token = request.headers.get(TOKEN_HEADER_KEY)
# if they didn't supply a request token
if token is None:
return jsonify(message=strings.API_MISSING_TOKEN), 401
# validate the token
valid = AuthService.verify_token(token)
if not valid:
return jsonify(message=strings.API_BAD_TOKEN), 401
def test_good_login_without_session_succeeds(self):
token = AuthService.attempt_login('username', 'password')
assert token == 'generated_token'
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 1
assert self.mock_gen_token.call_count == 1
assert self.mock_create_session.call_count == 1
def test_good_login_without_session_succeeds(self):
token = AuthService.attempt_login('username', 'password')
assert token == 'generated_token'
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 1
assert self.mock_gen_token.call_count == 1
assert self.mock_create_session.call_count == 1
def test_bad_password_without_session_fails(self):
self.mock_hash_password.return_value = 'wrong_hashed_pass'
token = AuthService.attempt_login('username', 'not_my_password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_username_fails(self):
self.mock_get_user.return_value = None
token = AuthService.attempt_login('not_a_username', 'password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 0
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_password_without_session_fails(self):
self.mock_hash_password.return_value = 'wrong_hashed_pass'
token = AuthService.attempt_login('username', 'not_my_password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_username_fails(self):
self.mock_get_user.return_value = None
token = AuthService.attempt_login('not_a_username', 'password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 0
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_good_login_with_session_succeeds(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
token = AuthService.attempt_login('username', 'password')
assert token == 'token'
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 1
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_good_login_with_session_succeeds(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
token = AuthService.attempt_login('username', 'password')
assert token == 'token'
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 1
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
self.mock_hash_password.return_value = 'wrong_hashed_pass'
token = AuthService.attempt_login('username', 'not_my_password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self):
user = User(
username='******',
password='******',
salt='salt',
)
self.mock_get_session_by_user.return_value = Session(
user=user,
token='token',
)
self.mock_hash_password.return_value = 'wrong_hashed_pass'
token = AuthService.attempt_login('username', 'not_my_password')
assert token is None
assert self.mock_get_user.call_count == 1
assert self.mock_hash_password.call_count == 1
assert self.mock_get_session_by_user.call_count == 0
assert self.mock_gen_token.call_count == 0
assert self.mock_create_session.call_count == 0
def post(self):
""" Handles client requests to authenticate with the system """
# validate the json request
req_json = request.get_json(silent=True)
err = validate(req_json, auth_schema)
if err:
res = jsonify(message=err)
res.status_code = 400
return res
# get the username and password and attempt to login
username = req_json.get('username')
password = req_json.get('password')
res = AuthService.attempt_login(username, password)
# if theres no user matching those credentials
if res is None:
res = jsonify(message=strings.API_BAD_CREDENTIALS)
res.status_code = 401
return res
# if it's valid, return a json object with their auth token
else:
return jsonify(token=res)
def post(self):
""" Handles client requests to authenticate with the system """
# validate the json request
req_json = request.get_json(silent=True)
err = validate(req_json, auth_schema)
if err:
res = jsonify(message=err)
res.status_code = 400
return res
# get the username and password and attempt to login
username = req_json.get('username')
password = req_json.get('password')
res = AuthService.attempt_login(username, password)
# if theres no user matching those credentials
if res is None:
res = jsonify(message=strings.API_BAD_CREDENTIALS)
res.status_code = 401
return res
# if it's valid, return a json object with their auth token
else:
return jsonify(token=res)
def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('not_a_token')
assert not is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('token')
assert is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_false_if_not_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('not_a_token')
assert not is_valid
assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token):
is_valid = AuthService.verify_token('token')
assert is_valid
assert mock_get_session_by_token.call_count == 1
