Ejemplo n.º 1
0
    def setUp(self):
        self.auth_service = AuthService()

        self.account = Account.objects.create(username="******",
                                              password="******",
                                              name="thename",
                                              is_logged_in=False)
Ejemplo n.º 2
0
def commands(request):
    auth_service = AuthService()

    cmds = [
        Command("cr_account", "Create Account", 0xC, True),
        Command("set_password", "Change Password", 0xF, True),
        Command("update_contact", "Update Contact Info", 0xF, True),
        Command("view_contact_info", "Users", 0xF, True),
        Command("cr_course", "Create Course", 0xC, True),
        Command("my_courses", "My Courses", 0x2, True),
        Command("view_courses", "Courses", 0xC, True),
        Command("my_courses_ta", "My Courses Ta", 0x1, True),
        Command("notify", "Notify", 0xA, True),
    ]

    allowed_commands = [
        command for command in cmds if auth_service.is_authorized(
            request.session.get('username', None), command.req_permissions)
    ]

    return {
        'commands': allowed_commands,
        'username': request.session.get('username', '').lower(),
        'active': request.path.strip('/')
    }
Ejemplo n.º 3
0
def logout(auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        auth = auth_service.delete(auth.id)

        return jsonify({"auth": AuthVo(auth).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 4
0
def _bind(binder):

    # Auth
    auth_repository = AuthRepository(db)
    auth_service = AuthService(auth_repository)
    binder.bind(AuthRepository, to=auth_repository, scope=request)
    binder.bind(AuthService, to=auth_service, scope=request)

    # File
    file_repository = FileRepository(db)
    file_service = FileService(file_repository)
    binder.bind(FileRepository, to=file_repository, scope=request)
    binder.bind(FileService, to=file_service, scope=request)

    # User
    user_repository = UserRepository(db)
    user_service = UserService(user_repository)
    binder.bind(UserRepository, to=user_repository, scope=request)
    binder.bind(UserService, to=user_service, scope=request)

    # Tag
    tag_repository = TagRepository(db)
    binder.bind(TagRepository, to=tag_repository, scope=request)

    # Note
    note_repository = NoteRepository(db)
    note_service = NoteService(note_repository, tag_repository)
    binder.bind(NoteRepository, to=note_repository, scope=request)
    binder.bind(NoteService, to=note_service, scope=request)
Ejemplo n.º 5
0
def signin(auth_service: AuthService, user_serivce: UserService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        return jsonify({"auth": AuthVo(auth).to_dict(), "user": UserVo(auth.user).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 6
0
def delete(id: str, user_service: UserService, auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        user = user_service.delete(id)
        return jsonify({"user": UserVo(user).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 7
0
def signup(auth_service: AuthService, user_service: UserService):
    try:
        form = json.loads(request.data.decode('utf-8'))

        user = user_service.create(copy.deepcopy(form))
        auth = auth_service.login(copy.deepcopy(form), user.password)

        return jsonify({"auth": AuthVo(auth).to_dict(), "user": UserVo(user).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 8
0
def delete(id: str, note_service: NoteService, auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        note_model = note_service.delete(id)
        note = NoteVo(note_model).to_dict() if note_model else {}
        return jsonify({"note": note}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 9
0
def login(auth_service: AuthService, user_service: UserService):
    try:
        form = json.loads(request.data.decode('utf-8'))

        user = user_service.find_by_email(form["email"])
        if not user:
            return jsonify({"message": "User is not found."}), 400
        auth = auth_service.login(form, user.password)

        return jsonify({"auth": AuthVo(auth).to_dict(), "user": UserVo(user).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 10
0
    def signup(self, request: Any) -> str:
        try:
            if request.method != 'POST':
                return jsonify({})

            data = json.loads(request.data.decode('utf-8'))
            if 'email' not in data or 'name' not in data or 'password' not in data:
                abort(400, {'message': 'Incorrect form submission'})

            response = AuthService(self.context).signup(data)

            return jsonify(response)
        except Exception as e:
            self.logger.error(e)
            abort(500, {'message': 'Failed to signup ...'})
Ejemplo n.º 11
0
def upload(file_service: FileService, auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        if not request.files:
            return jsonify({'message': 'Fail is not found ...'}), 400

        file_ = request.files.get('file')
        file_model = file_service.create(auth.user.id, file_)

        return jsonify({"file": FileVo(file_model).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 12
0
def update(note_service: NoteService, auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        fields = json.loads(request.form["fields"])
        logger.error(fields["tags"])
        logger.error(type(fields["tags"]))
        fields = _convert_to_snake_case(fields)

        note = note_service.update(fields)

        return jsonify({"note": NoteVo(note).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 13
0
    def logout(self, request: Any) -> str:
        try:
            if request.method != 'DELETE':
                return jsonify({})

            authorization = request.headers["Authorization"]
            if not authorization:
                abort(400, {'message': 'Authorization does not exist.'})

            token = authorization.split()[1]
            response = AuthService(self.context).logout(token)

            if not response:
                abort(403, {'message': 'Not authorized.'})

            return jsonify(response)
        except Exception as e:
            self.logger.error(e)
            abort(500, {'message': 'Failed to logout ...'})
Ejemplo n.º 14
0
def update(user_service: UserService, file_service: FileService,
           auth_service: AuthService):
    try:
        auth = auth_service.validate(request.headers["Authorization"])
        if not auth:
            return jsonify({"message": "Not authorized"}), 401

        fields = json.loads(request.form["fields"])

        if request.files:
            file_ = request.files.get('file')
            file_model = file_service.create(fields["id"], file_)
            fields["avatar"] = file_model.path

        user = user_service.update(fields)

        return jsonify({"user": UserVo(user).to_dict()}), 200
    except Exception as e:
        logger.error(e)
        return jsonify({'message': 'Failed ...'}), 500
Ejemplo n.º 15
0
from django.shortcuts import redirect
from app.services.auth_service import AuthService
from app.models import Account

auth_service = AuthService()

paths = {
    "cr_account": 0xC,
    "update_contact": 0xF,
    "view_contact_info": 0xF,
    "assign_ta_course": 0x8,
    "assign_ins": 0x8,
    "view_courses": 0xC,
    "edit_account": 0xC,
    "course_details": 0xF,
    "cr_course": 0xC,
    "set_password": 0xF,
    "cr_lab": 0xC,
    "assign_ta_lab": 0xA,
    "view_lab_details": 0xC,
    "my_courses": 0x2,
    "my_courses_ta": 0x1
}


class VerifyPermissions(object):
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if request.path.strip('/') in paths:
Ejemplo n.º 16
0
class TestAuthService(TestCase):
    def setUp(self):
        self.auth_service = AuthService()

        self.account = Account.objects.create(username="******",
                                              password="******",
                                              name="thename",
                                              is_logged_in=False)

    def test_login_happy_path(self):
        expected_response = "Welcome, thename."
        actual_response = self.auth_service.login("theuser", "thepassword")
        self.assertEqual(expected_response, actual_response)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual(account.is_logged_in, True)

    def test_login_already_logged_in(self):
        self.account.is_logged_in = True
        self.account.save()
        self.auth_service.current_account = self.account

        expected_response = "Welcome, thename."
        actual_response = self.auth_service.login("theuser", "thepassword")
        self.assertEqual(expected_response, actual_response)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual(account.is_logged_in, True)

    def test_login_someone_else_already_logged_in(self):
        self.account.is_logged_in = True
        self.account.save()
        self.auth_service.current_account = self.account

        Account.objects.create(username="******",
                               password="******",
                               name="othername")

        expected_response = "Welcome, othername."
        actual_response = self.auth_service.login("otheruser", "thepassword")
        self.assertEqual(expected_response, actual_response)

        logged_in_account = Account.objects.filter(
            username__iexact="theuser").first()
        logged_out_account = Account.objects.filter(
            username__iexact="otheruser").first()
        self.assertEqual(logged_in_account.is_logged_in, True)
        self.assertEqual(logged_out_account.is_logged_in, True)

    def test_login_user_does_not_exist(self):
        expected_response = "Incorrect username."
        actual_response = self.auth_service.login("esmith", "thepassword")
        self.assertEqual(expected_response, actual_response)

    def test_login_wrong_password(self):
        expected_response = "Incorrect password."
        actual_response = self.auth_service.login("theuser", "wrongpassword")
        self.assertEqual(expected_response, actual_response)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual(account.is_logged_in, False)

    def test_is_logged_in_true(self):
        self.account.is_logged_in = True
        self.account.save()
        self.auth_service.current_account = self.account

        expected_response = True
        actual_response = self.auth_service.is_logged_in("theuser")
        self.assertEqual(expected_response, actual_response)

    def test_is_logged_in_false_user_exists(self):
        expected_response = False
        actual_response = self.auth_service.is_logged_in("theuser")
        self.assertEqual(expected_response, actual_response)

    def test_is_logged_in_false_user_dne(self):
        expected_response = False
        actual_response = self.auth_service.is_logged_in("theuser")
        self.assertEqual(expected_response, actual_response)

    def test_is_authorized_true(self):
        self.account.roles = 0xC
        self.account.save()

        expected_response = True
        actual_response = self.auth_service.is_authorized("theuser", 0x8)
        self.assertEqual(expected_response, actual_response)

    def test_is_authorized_false(self):
        self.account.roles = 0x1
        self.account.save()

        expected_response = False
        actual_response = self.auth_service.is_authorized("theuser", 0x4)
        self.assertEqual(expected_response, actual_response)

    def test_is_authorized_user_dne(self):
        actual_response = self.auth_service.is_authorized("nonuser", 0x4)
        expected_response = False
        self.assertEqual(expected_response, actual_response)

    def test_logout_happy_path(self):
        self.account.is_logged_in = True
        self.account.save()
        self.auth_service.current_account = self.account

        expected_response = "You are now logged out."
        actual_response = self.auth_service.logout("theuser")
        self.assertEqual(expected_response, actual_response)
        self.assertEqual(self.auth_service.get_current_username(), None)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual(account.is_logged_in, False)

    def test_logout_user_does_not_exist(self):
        expected_response = "Account for user anotheruser does not exist."
        actual_response = self.auth_service.logout("anotheruser")
        self.assertEqual(expected_response, actual_response)

    def test_logout_user_is_none(self):
        expected_response = "You need to log in first."
        actual_response = self.auth_service.logout(None)
        self.assertEqual(expected_response, actual_response)

    def test_logout_not_logged_in(self):
        expected_response = "You need to log in first."
        actual_response = self.auth_service.logout("theuser")
        self.assertEqual(expected_response, actual_response)

    def test_set_password_happy_path(self):
        self.auth_service.current_account = self.account

        expected_response = "Your password has been updated."
        actual_response = self.auth_service.set_password(
            self.account.username, "thepassword", "newpassword")
        self.assertEqual(expected_response, actual_response)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual("newpassword", account.password)

    def test_set_password_wrong_password(self):
        expected_response = "Incorrect current password."
        actual_response = self.auth_service.set_password(
            self.account.username, "password", "newpassword")
        self.assertEqual(expected_response, actual_response)

        account = Account.objects.filter(username__iexact="theuser").first()
        self.assertEqual("thepassword", account.password)
Ejemplo n.º 17
0
 def setUp(self):
     self.auth_service = AuthService()
Ejemplo n.º 18
0
class AuthServiceTest(unittest.TestCase):
    @classmethod
    def setUpClass(cls):
        if DatabaseContext.THREADS_MANAGER_CYCLING == False:
            DatabaseContext.THREADS_MANAGER_CYCLING = True
            ThreadsManager().start()

        CollectionsSimulator.build_users_col()

    def setUp(self):
        self.auth_service = AuthService()

    @classmethod
    def tearDownClass(cls):
        CollectionsSimulator.clean()
        DatabaseContext.THREADS_MANAGER_CYCLING = False

    def test_login_success_with_password(self):
        result = self.auth_service.login('admin', 'admin')
        self.assertEqual(result['login'], 'admin')

    def test_login_fail_with_password(self):
        try:
            self.auth_service.login('admin', 'false')
            self.fail()
        except AppException as e:
            self.assertEqual(e.message, 'Authentication failed')

    def test_get_user_by_token(self):
        result = self.auth_service.get_user_by_token(
            'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU5OTEwNDUsInN1YiI6MX0._jTMkfDl2RKzY_r6nUDVwFG8xlEuZPFFr7zvqWXJmcM'
        )
        self.assertEqual(result['id'], 1)
        self.assertEqual(result['login'], 'admin')

    def test_fail_get_user_by_invalid_token(self):
        try:
            self.auth_service.get_user_by_token(
                'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1NzU5OTEwNDUsInN1YiI6MX0._jTMkfDl2RKzY_r6nUDVwFG8xlEuZPFFr7zvqWXJmcN'
            )
            self.fail()
        except AppException as e:
            self.assertEqual(e.message, 'Authentication failed')

    def test_logout(self):
        token = self.auth_service.login('admin', 'admin')['token']
        result = self.auth_service.logout(token)
        self.assertTrue(token not in result['tokens'])

    def test_logout_all(self):
        token = self.auth_service.login('admin', 'admin')['token']
        result = self.auth_service.logout_all(token)
        self.assertEqual(len(result['tokens']), 0)

    def test_create_user(self):
        new_user = {'login': '******', 'password': '******'}
        user = self.auth_service.create_user(new_user)
        self.assertEqual(new_user['login'], user['login'])
        self.assertNotEqual(new_user['password'], user['password'])
        self.assertTrue('id' in user)
        self.assertTrue('tokens' in user)

    def suite():
        return unittest.TestLoader.loadTestsFromTestCase(AuthServiceTest)
Ejemplo n.º 19
0
from django.contrib import admin
from django.urls import path
import app.views
from app.services.auth_service import AuthService
from app.services.account_service import AccountService
from app.services.course_service import CourseService
from app.services.ta_service import TaService

deps = {
    'auth_service': AuthService(),
    'account_service': AccountService(),
    'course_service': CourseService(),
    'ta_service': TaService()
}

urlpatterns = [
    path('admin/', admin.site.urls),
    path("", app.views.Dashboard.as_view(**deps)),
    path("dashboard/", app.views.Dashboard.as_view(**deps)),
    path("view_contact_info/", app.views.ViewAccounts.as_view(**deps)),
    path("login/", app.views.Login.as_view(**deps)),
    path("logout/", app.views.Logout.as_view(**deps)),
    path("cr_account/", app.views.CreateAccount.as_view(**deps)),
    path("edit_account/", app.views.EditAccount.as_view(**deps)),
    path("update_contact/", app.views.UpdateContactInfo.as_view(**deps)),
    path("view_courses/", app.views.ViewCourses.as_view(**deps)),
    path("my_courses/", app.views.MyCourses.as_view(**deps)),
    path("course_details/", app.views.CourseDetails.as_view(**deps)),
    path("assign_ta_course/", app.views.AssignTaCourse.as_view(**deps)),
    path("cr_lab/", app.views.CreateLab.as_view(**deps)),
    path("cr_course/", app.views.CreateCourse.as_view(**deps)),