Beispiel #1
0
def create_user():
    db.create_all()

    # Setup admin and guest roles
    initialize_default_resources_admin()
    initialize_default_resources_guest()

    # Setup admin user
    admin_role = Role.query.filter_by(id=1).first()
    admin_user = User.query.filter_by(username="******").first()
    if not admin_user:
        add_user(username='******', password='******', roles=[1])
    elif admin_role not in admin_user.roles:
        admin_user.roles.append(admin_role)

    db.session.commit()

    apps = set(helpers.list_apps()) - set(
        [_app.name for _app in device_db.session.query(App).all()])
    app.logger.debug('Found apps: {0}'.format(apps))
    for app_name in apps:
        device_db.session.add(App(name=app_name, devices=[]))
    db.session.commit()
    device_db.session.commit()
    CaseSubscription.sync_to_subscriptions()

    app.logger.handlers = logging.getLogger('server').handlers
Beispiel #2
0
 def test_login_updates_user(self):
     user = add_user(username='******', password='******')
     self.app.post('/api/auth',
                   content_type="application/json",
                   data=json.dumps(
                       dict(username='******', password='******')))
     self.assertEqual(user.login_count, 1)
     self.assertTrue(user.active)
Beispiel #3
0
 def test_delete_current_user(self):
     user = add_user('test', 'test')
     user.set_roles({'admin'})
     response = self.app.post('/api/auth', content_type="application/json",
                              data=json.dumps(dict(username='******', password='******')))
     key = json.loads(response.get_data(as_text=True))
     access_token = key['access_token']
     headers = {'Authorization': 'Bearer {}'.format(access_token)}
     self.delete_with_status_check('/api/users/{}'.format(user.id), headers=headers, status_code=FORBIDDEN_ERROR)
Beispiel #4
0
 def test_login_inactive_user(self):
     user = add_user(username='******', password='******')
     user.active = False
     response = self.app.post('/api/auth',
                              content_type="application/json",
                              data=json.dumps(
                                  dict(username='******',
                                       password='******')))
     self.assertEqual(response.status_code, UNAUTHORIZED_ERROR)
Beispiel #5
0
    def test_logout_mismatched_tokens(self):
        response = self.app.post('/api/auth',
                                 content_type="application/json",
                                 data=json.dumps(
                                     dict(username='******', password='******')))
        key = json.loads(response.get_data(as_text=True))
        headers = {'Authorization': 'Bearer {}'.format(key['access_token'])}

        add_user(username='******', password='******')

        db.session.commit()
        response = self.app.post('/api/auth',
                                 content_type="application/json",
                                 data=json.dumps(
                                     dict(username='******', password='******')))
        key = json.loads(response.get_data(as_text=True))
        token = key['refresh_token']

        response = self.app.post('/api/auth/logout',
                                 headers=headers,
                                 content_type="application/json",
                                 data=json.dumps(dict(refresh_token=token)))
        self.assertEqual(response.status_code, BAD_REQUEST)
        self.assertEqual(len(BlacklistedToken.query.all()), 0)
Beispiel #6
0
 def test_logout_updates_user(self):
     user = add_user('testlogout', 'test')
     response = self.app.post('/api/auth',
                              content_type="application/json",
                              data=json.dumps(
                                  dict(username='******',
                                       password='******')))
     key = json.loads(response.get_data(as_text=True))
     access_token = key['access_token']
     refresh_token = key['refresh_token']
     headers = {'Authorization': 'Bearer {}'.format(access_token)}
     self.app.post('/api/auth/logout',
                   headers=headers,
                   content_type="application/json",
                   data=json.dumps(dict(refresh_token=refresh_token)))
     self.assertEqual(user.login_count, 0)
Beispiel #7
0
    def test_refresh_deactivated_user(self):
        user = add_user(username='******', password='******')

        db.session.commit()
        response = self.app.post('/api/auth',
                                 content_type="application/json",
                                 data=json.dumps(
                                     dict(username='******', password='******')))
        key = json.loads(response.get_data(as_text=True))
        token = key['refresh_token']
        headers = {'Authorization': 'Bearer {}'.format(token)}
        user.active = False
        refresh = self.app.post('/api/auth/refresh',
                                content_type="application/json",
                                headers=headers)
        self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR)
Beispiel #8
0
    def __func():
        data = request.get_json()
        username = data['username']
        if not User.query.filter_by(username=username).first():
            user = add_user(username=username, password=data['password'])

            if 'roles' in data or 'active' in data:
                role_update_user_fields(data, user)

            db.session.commit()
            current_app.logger.info('User added: {0}'.format(user.as_json()))
            return user.as_json(), OBJECT_CREATED
        else:
            current_app.logger.warning(
                'Could not create user {0}. User already exists.'.format(
                    username))
            return {
                "error": "User {0} already exists.".format(username)
            }, OBJECT_EXISTS_ERROR
Beispiel #9
0
    def test_refresh_with_blacklisted_token(self):
        user = add_user(username='******', password='******')

        db.session.commit()
        response = self.app.post('/api/auth',
                                 content_type="application/json",
                                 data=json.dumps(
                                     dict(username='******', password='******')))
        key = json.loads(response.get_data(as_text=True))
        token = key['refresh_token']
        db.session.delete(user)
        db.session.commit()
        headers = {'Authorization': 'Bearer {}'.format(token)}
        self.app.post('/api/auth/refresh',
                      content_type="application/json",
                      headers=headers)
        refresh = self.app.post('/api/auth/refresh',
                                content_type="application/json",
                                headers=headers)
        self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR)
        response = json.loads(refresh.get_data(as_text=True))
        self.assertDictEqual(response, {'error': 'Token is revoked'})
Beispiel #10
0
    def test_refresh_invalid_user_blacklists_token(self):
        user = add_user(username='******', password='******')

        db.session.commit()
        response = self.app.post('/api/auth',
                                 content_type="application/json",
                                 data=json.dumps(
                                     dict(username='******', password='******')))
        key = json.loads(response.get_data(as_text=True))
        token = key['refresh_token']
        db.session.delete(user)
        db.session.commit()
        headers = {'Authorization': 'Bearer {}'.format(token)}
        refresh = self.app.post('/api/auth/refresh',
                                content_type="application/json",
                                headers=headers)
        self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR)
        token = decode_token(token)
        from walkoff.database.tokens import BlacklistedToken

        tokens = BlacklistedToken.query.filter_by(jti=token['jti']).all()
        self.assertEqual(len(tokens), 1)
Beispiel #11
0
 def setup_guest_user(self):
     user = add_user('guest', 'guest', ['guest'])
     db.session.add(user)
     db.session.commit()
     return user
Beispiel #12
0
 def test_add_user_already_exists(self):
     user = User('username', 'password')
     db.session.add(user)
     db.session.commit()
     user = add_user('username', 'password')
     self.assertIsNone(user)
Beispiel #13
0
 def test_add_user(self):
     user = add_user('username', 'password')
     self.assertIsNotNone(user)
     self.assertEqual(user.username, 'username')
     self.assertIsNotNone(User.query.filter_by(username='******').first())