def test_given_valid_auth_header_when_calling_login_then_token_is_returned():
# given
mock_user_collection = Mock()
mock_whitelisted_collection = Mock()
mock_user_collection.find_one.return_value = {
# hashed version of 'test' with salt
'password':
"******",
'name': 'dummy_name',
'_id': 'some_id'
}
auth_service = AuthService(mock_user_collection,
mock_whitelisted_collection, mock_private_key,
jwt)
# when
token = auth_service.login({"username": '******', 'password': '******'})
# then
data = jwt.decode(token, mock_public_key, algorithm='RS256')
assert 'some_id' == data['public_id']
assert data['exp'] is not None
# hashed version, no salt for 'test'
print data['key'] == "xzwXZ2CoOI8Z/2QH"
mock_user_collection.find_one.assert_called_once_with({'name': 'test'})
def __init__(self, config, api_url, user_agent, auth_url, client_id, client_secret, grant_type, scope):
self.config = config
self.config.load()
self.api_url = api_url
self.user_agent = user_agent
AuthService.__init__(self, auth_url, client_id, client_secret, grant_type, scope)
def __init__(self, config, api_url, user_agent, auth_url, client_id,
client_secret, grant_type, scope):
self.config = config
self.config.load()
self.api_url = api_url
self.user_agent = user_agent
AuthService.__init__(self, auth_url, client_id, client_secret,
grant_type, scope)
def test_given_not_registered_user__when_calling_login_then_UnrecognisedUserException_is_returned(
):
# given
mock_user_collection = Mock()
mock_whitelisted_collection = Mock()
mock_user_collection.find_one.return_value = False
auth_service = AuthService(mock_user_collection,
mock_whitelisted_collection, mock_private_key,
jwt)
# then
with raises(UnrecognisedUserException):
auth_service.login({'username': '******', "password": '******'})
def game_likes(request, game_id=None):
if (request.method == 'GET'):
game_likes = GameLike.objects.filter(game_id=game_id)
return HttpResponse(serializers.serialize('json', game_likes), content_type='application/json')
if (request.method == 'POST'):
if (AuthService.authenticate(request)):
payload = AuthService.getPayload(request.META['HTTP_AUTHORIZATION'])
current_user = User.objects.get(id=payload.get('id'))
json_data = json.loads(request.body.decode(encoding='UTF-8'))
game_id = json_data.get('game_id', None)
with transaction.atomic():
if (not GameLike.objects.filter(game_id=game_id, user_id=current_user.id).exists() or not current_user is None or not game_id is None):
GameLike.objects.create(game_id=game_id, user_id=current_user.id)
game = Game.objects.get(id=game_id)
current_like_count = game.game_likes_count
current_like_count += 1
Game.objects.filter(id=game_id).update(game_likes_count=current_like_count)
return HttpResponse(json.dumps({'result': True}), content_type='application/json')
else:
return HttpResponse('Unauthorized', status=401)
else:
return HttpResponse('Unauthorized', status=401)
if (request.method == 'DELETE'):
if (AuthService.authenticate(request)):
payload = AuthService.getPayload(request.META['HTTP_AUTHORIZATION'])
current_user = User.objects.get(id=payload.get('id'))
json_data = json.loads(request.body.decode(encoding='UTF-8'))
game_id = json_data.get('game_id', None)
with transaction.atomic():
if (GameLike.objects.filter(game_id=game_id, user_id=current_user.id).exists() or not current_user is None or not game_id is None):
GameLike.objects.filter(game_id=game_id, user_id=current_user.id).delete()
game = Game.objects.get(id=game_id)
current_like_count = game.game_likes_count
if (current_like_count > 0):
current_like_count -= 1
Game.objects.filter(id=game_id).update(game_likes_count=current_like_count)
return HttpResponse(json.dumps({'result': True}), content_type='application/json')
else:
return HttpResponse('Unauthorized', status=401)
else:
return HttpResponse('Unauthorized', status=401)
def test_given_whitelisted_and_not_registerd_before_user_when_calling_register_then_user_is_registerd(
):
# given
mock_user_collection = Mock()
mock_user_collection.find_one.return_value = False
mock_whitelisted_collection = Mock()
mock_whitelisted_collection.find_one.return_value = True
auth_service = AuthService(mock_user_collection,
mock_whitelisted_collection, mock_private_key,
jwt)
# when
status = auth_service.register("test", "password")
# then
assert status is True
def test_given_invalid_password_when_calling_login_then_WrongPasswordException_is_returned(
):
# given
mock_user_collection = Mock()
mock_whitelisted_collection = Mock()
mock_user_collection.find_one.return_value = {
# hashed version of 'test' with salt
'password':
"******",
'_id': 'some_id'
}
auth_service = AuthService(mock_user_collection,
mock_whitelisted_collection, mock_private_key,
jwt)
# then
with raises(WrongPasswordException):
auth_service.login({'username': '******', "password": '******'})
def test_given_invalid_header_when_calling_login_then_MissingAuthHeaderException_is_returned(
):
# given
mock_user_collection = Mock()
mock_whitelisted_collection = Mock()
auth_service = AuthService(mock_user_collection,
mock_whitelisted_collection, mock_private_key,
jwt)
# then
with raises(MissingAuthHeaderException):
auth_service.login({"password": '******'})
with raises(MissingAuthHeaderException):
auth_service.login({"username": '******'})
with raises(MissingAuthHeaderException):
auth_service.login(None)
def users(request):
if (request.method == 'POST'):
cipher = AesService(AesService.secret_key)
json_data = json.loads(request.body.decode(encoding='UTF-8'))
username = json_data.get('username', None)
password = cipher.encrypt(json_data.get('password', None))
if (username is None or password is None):
return HttpResponse('Unauthorized', status=401)
else:
if (not User.objects.filter(username=username, password=password).exists()):
user = User.objects.create(username=username, password=password)
token = AuthService.getToken(user)
return HttpResponse(json.dumps({'token': token}), content_type='application/json')
else:
return HttpResponse('Unauthorized', status=401)
def login(request):
if (request.method == 'GET'):
cipher = AesService(AesService.secret_key)
username = request.GET.get('username', None)
password = request.GET.get('password', None)
if (not username is None and not password is None):
try:
user = User.objects.get(username=username)
if (password == cipher.decrypt(user.password).decode(encoding='UTF-8')):
token = AuthService.getToken(user)
return HttpResponse(json.dumps({'token': token}), content_type='application/json')
else:
return HttpResponse('Unauthorized', status=401)
except ObjectDoesNotExist:
return HttpResponse('Unauthorized', status=401)
else:
return HttpResponse('Unauthorized', status=401)
import cherrypy
from auth_service import AuthService
from user_service import UserService
from subaccount_service import SubaccountService
from category_service import CategoryService
from currency_service import CurrencyService
from transaction_service import TransactionService
from csv_service import CSVService
from config import WITH_AUTHENTICATION, WITHOUT_AUTHENTICATION, CHERRYPY_CONFIG_DEFAULT
if __name__ == '__main__':
cherrypy.config.update(CHERRYPY_CONFIG_DEFAULT)
cherrypy.tree.mount(AuthService(), '/api/auth', WITHOUT_AUTHENTICATION)
cherrypy.tree.mount(UserService(), '/api/user', WITH_AUTHENTICATION)
cherrypy.tree.mount(SubaccountService(), '/api/subaccounts', WITH_AUTHENTICATION)
cherrypy.tree.mount(CategoryService(), '/api/categories', WITH_AUTHENTICATION)
cherrypy.tree.mount(TransactionService(), '/api/transactions', WITH_AUTHENTICATION)
cherrypy.tree.mount(CurrencyService(), '/api/currency', WITH_AUTHENTICATION)
cherrypy.tree.mount(CSVService(), '/api/csv', WITH_AUTHENTICATION)
cherrypy.engine.start()
cherrypy.engine.block()
