def test_delete_user_deletes_user_when_one_exists(self):
user_id = 'userid1'
password_hash = 'hash1'
db_access.create_user(user_id, password_hash)
assert db_access.get_user(user_id, password_hash) is not None
db_access.delete_user(user_id)
assert db_access.get_user(user_id, password_hash) is None
def test_create_user_does_not_change_existing_user_when_duplicate(self):
user_id = 'userid1'
password_hash_1 = 'hash1'
password_hash_2 = 'hash2'
db_access.create_user(user_id, password_hash_1)
db_access.create_user(user_id, password_hash_2)
assert db_access.get_user(user_id, password_hash_1) is not None
assert db_access.get_user(user_id, password_hash_2) is None
def test_get_user_returns_none_when_password_hash_used_for_wrong_user(self):
user_1_id = 'userid1'
user_2_id = 'userid2'
user_1_password_hash = 'passwordhash1'
user_2_password_hash = 'passwordhash2'
self._create_user(user_1_id, user_1_password_hash, 0)
self._create_user(user_2_id, user_2_password_hash, 0)
assert db_access.get_user(user_1_id, user_2_password_hash) is None
assert db_access.get_user(user_2_id, user_1_password_hash) is None
def test_update_user_updates_user_when_one_exists(self):
user_id = 'userid1'
password_hash_1 = 'hash1'
password_hash_2 = 'hash2'
db_access.create_user(user_id, password_hash_1)
db_access.update_user(user_id, password_hash_2)
user = db_access.get_user(user_id, password_hash_2)
assert user is not None
def test_create_user_creates_new_user_when_id_not_used_yet(self):
user_id = 'userid1'
password_hash = 'passwordhash1'
db_access.create_user(user_id, password_hash)
user = db_access.get_user(user_id, password_hash)
assert user is not None
assert user.user_id == user_id
assert user.password_hash == password_hash
assert user.failed_logins == 0
def test_get_user_returns_the_user_when_both_user_id_and_password_hash_match(self):
user_id = 'userid1'
password_hash = 'passwordhash1'
failed_login_attempts = 1
self._create_user(user_id, password_hash, failed_login_attempts)
user = db_access.get_user(user_id, password_hash)
assert user is not None
assert user.user_id == user_id
assert user.password_hash == password_hash
assert user.failed_logins == failed_login_attempts
def _handle_allowed_user_auth_request(user_id, password, failed_login_attempts):
password_salt = app.config['PASSWORD_SALT']
password_hash = security.get_user_password_hash(user_id, password, password_salt)
user = db_access.get_user(user_id, password_hash)
if user:
# Reset failed login attempts to zero and proceed
db_access.update_failed_logins(user_id, 0)
return Response(_authenticated_response_body(user), mimetype=JSON_CONTENT_TYPE)
else:
failed_login_attempts += 1
db_access.update_failed_logins(user_id, failed_login_attempts)
auditing.audit('Invalid credentials used. username: {}, attempt: {}.'.format(
user_id, failed_login_attempts
))
return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)
def test_get_user_returns_none_when_password_hash_does_not_match(self):
user_id = 'userid1'
self._create_user(user_id, 'passwordhash1', 0)
user = db_access.get_user(user_id, 'passwordhash2')
assert user is None
def test_get_user_returns_none_when_user_does_not_exist(self):
user = db_access.get_user('nonexistinguser', 'passwordhash')
assert user is None
def _hit_database_with_sample_query():
# hitting the database just to see if it responds properly
db_access.get_user('non-existing-user', 'password-hash')