def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def create_blacklisted_token(create_admin_user):
from server.models import BlacklistToken
auth_token = create_admin_user.encode_auth_token().decode()
blacklist_token = BlacklistToken(token=auth_token)
db.session.add(blacklist_token)
db.session.commit()
return blacklist_token
def logout():
auth_token = request.headers.get('Authentication-Token').split(" ")[1]
blacklist_token = BlacklistToken(token=auth_token)
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), \
html_codes.HTTP_OK_BASIC
def test_logout_api(test_client, create_admin_user):
"""
GIVEN a Flask application
WHEN the '/api/auth/logout/' api is posted to (POST)
THEN check response is 200 and auth_token is added to blacklist
"""
from server.models import BlacklistToken
create_admin_user.is_activated = True
auth_token = create_admin_user.encode_auth_token().decode()
response = test_client.post('/api/auth/logout/',
headers=dict(Authorization=auth_token,
Accept='application/json'),
content_type='application/json',
follow_redirects=True)
assert response.status_code == 200
assert BlacklistToken.check_blacklist(auth_token) is True
def test_valid_blacklisted_token_user(self):
""" Test for user status with a blacklisted valid token """
with self.client:
resp_register = register_user(self, '*****@*****.**', '123456')
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.get(
'/auth/status',
headers=dict(
Authorization='Bearer ' + json.loads(
resp_register.data.decode()
)['auth_token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_invalid_token_error(self):
""" Test for a request with an invalid token """
with self.client:
resp_register = register_user(self, '*****@*****.**', '123456')
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_register.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
response = self.client.post(
'/auth/logout',
headers={
'Authentication-Token': 'Bearer 1245'
}
)
data = json.loads(response.get_data().decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Invalid token. Please log in again.'
)
self.assertEqual(response.status_code,
html_codes.HTTP_BAD_UNAUTHORIZED)
def test_valid_blacklisted_token_logout(self):
""" Test for logout after a valid token gets blacklisted """
with self.client:
# user registration
resp_register = register_user(self, '*****@*****.**', '123456')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# user login
resp_login = login_user(self, '*****@*****.**', '123456')
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# blacklist a valid token
blacklist_token = BlacklistToken(
token=json.loads(resp_login.data.decode())['auth_token'])
db.session.add(blacklist_token)
db.session.commit()
# blacklisted valid token logout
response = self.client.post(
'/auth/logout',
headers=dict(
Authorization='Bearer ' + json.loads(
resp_login.data.decode()
)['auth_token']
)
)
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.')
self.assertEqual(response.status_code, 401)
def logout():
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[0]
else:
auth_token = ""
if auth_token:
resp = Staff.decode_token(auth_token)
if isinstance(resp, int):
blacklist_token = BlacklistToken(auth_token)
try:
db.session.add(blacklist_token)
db.session.commit()
response = {
'status': 'success',
'message': 'Logged out'
}
return make_response(jsonify(response)), 200
except Exception as e:
response = {
'status': 'fail',
'message': e
}
return make_response(jsonify(response)), 200
else:
response = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(response)), 401
else:
response = {
'status': 'fail',
'message': 'Invalid token'
}
return make_response(jsonify(response)), 403
def post(self):
blacklist_token = BlacklistToken(token=self.get_auth_token())
db.session.add(blacklist_token)
db.session.commit()
return make_response(jsonify({})), HTTPStatus.OK
def blacklist_token(auth_token):
blacklist_token = BlacklistToken(token=auth_token)
db.session.add(blacklist_token)
db.session.commit()