def add_note():
"""
Adds a note to the user's notebook. The request should be in this format:
{
"message": "note message."
}
"""
# Verify Firebase auth.
claims = firebase_helper.verify_auth_token(request)
if not claims:
return 'Unauthorized', 401
# [START create_entity]
data = request.get_json()
# Populates note properties according to the model,
# with the user ID as the key name.
note = Note(
parent=ndb.Key(Note, claims['sub']),
message=data['message'])
# Some providers do not provide one of these so either can be used.
note.friendly_id = claims.get('name', claims.get('email', 'Unknown'))
# [END create_entity]
# Stores note in database.
note.put()
return 'OK', 200
def add_note():
"""
Adds a note to the user's notebook. The request should be in this format:
{
"message": "note message."
}
"""
# Verify Firebase auth.
claims = firebase_helper.verify_auth_token(request)
if not claims:
return 'Unauthorized', 401
# [START create_entity]
data = request.get_json()
# Populates note properties according to the model,
# with the user ID as the key name.
note = Note(parent=ndb.Key(Note, claims['sub']), message=data['message'])
# Some providers do not provide one of these so either can be used.
note.friendly_id = claims.get('name', claims.get('email', 'Unknown'))
# [END create_entity]
# Stores note in database.
note.put()
return 'OK', 200
def test_verify_auth_token_invalid_key_id(test_certificate):
_, _, _, private_key_bytes = test_certificate
jwt = make_jwt(private_key_bytes, headers={'kid': 'invalid'})
request = mock.Mock()
request.headers = {'Authorization': 'Bearer {}'.format(jwt)}
get_cert_patch = mock.patch('firebase_helper.get_firebase_certificates')
with get_cert_patch as get_cert_mock:
# Make get_firebase_certificates return no certificates
get_cert_mock.return_value = {}
assert firebase_helper.verify_auth_token(request) is None
def list_notes():
"""Returns a list of notes added by the current Firebase user."""
# Verify Firebase auth.
claims = firebase_helper.verify_auth_token(request)
if not claims:
return 'Unauthorized', 401
notes = query_database(claims['sub'])
return jsonify(notes)
def list_notes():
"""Returns a list of notes added by the current Firebase user."""
# Verify Firebase auth.
claims = firebase_helper.verify_auth_token(request)
if not claims:
return 'Unauthorized', 401
notes = query_database(claims['sub'])
return jsonify(notes)
def test_verify_auth_token_invalid_key_id(test_certificate):
_, _, _, private_key_bytes = test_certificate
jwt = make_jwt(private_key_bytes, headers={'kid': 'invalid'})
request = mock.Mock()
request.headers = {'Authorization': 'Bearer {}'.format(jwt)}
get_cert_patch = mock.patch('firebase_helper.get_firebase_certificates')
with get_cert_patch as get_cert_mock:
# Make get_firebase_certificates return no certificates
get_cert_mock.return_value = {}
assert firebase_helper.verify_auth_token(request) is None
def user_car_filter(request):
"""Returns cars by user or by session
If user is verified as logged in, returns user's cars.
Otherwise the cars associated with the session are returned.
"""
try:
claims = firebase_helper.verify_auth_token(request)
if not claims:
cars = get_cars(str(session['sid']))
else:
cars = get_cars(claims['sub'])
except:
cars = get_cars(str(session['sid']))
return cars
def user_new_car_filter(request):
"""Returns a new car object
If the user is logged in, creates a new car using "subject" returned
by Firebase.
Otherwise, creates a new car using session ID.
"""
try:
claims = firebase_helper.verify_auth_token(request)
if not claims:
new_car = Car(parent=ndb.Key(Car, str(session['sid'])))
else:
new_car = Car(parent=ndb.Key(Car, claims['sub']))
except:
new_car = Car(parent=ndb.Key(Car, str(session['sid'])))
return new_car
def post(self):
# Verify Firebase auth.
claims = firebase_helper.verify_auth_token(self.request)
if not claims:
self.abort(401, detail='Unauthorized access attempted')
# We set the same parent key on the 'Greeting' to ensure each
# Greeting is in the same entity group. Queries across the
# single entity group will be consistent. However, the write
# rate to a single entity group should be limited to
# ~1/second.
register_name = self.request.get('register_name',
DEFAULT_REGISTER_NAME)
key = self.request.get('key')
print 'block is ' + self.request.get('block')
block = int(self.request.get('block'))
current = self.request.get('Current')
desired = self.request.get('Desired')
if key:
trade = ndb.Key(urlsafe=key).get()
trade.current = current
trade.desired = desired
else:
trade = ClerkshipTrade(parent=register_key(register_name))
trade.student = Student(email=claims.get('email'))
print trade.student.email
trade.block = block
trade.current = current
trade.desired = desired
if trade.is_valid():
trade.put()
print 'trade was put'
self.response.headers['Content-Type'] = 'application/json'
response_obj = {'data': trade.get_json()}
self.response.out.write(json.dumps(response_obj))
else:
self.abort(500, detail='Unable to save record')
def test_verify_auth_token(test_certificate, monkeypatch):
_, certificate_pem, _, private_key_bytes = test_certificate
# The Firebase project ID is used as the JWT audience.
monkeypatch.setenv('FIREBASE_PROJECT_ID', 'test_audience')
# Generate a jwt to include in the request.
jwt = make_jwt(private_key_bytes, headers={'kid': '1'})
# Make a mock request
request = mock.Mock()
request.headers = {'Authorization': 'Bearer {}'.format(jwt)}
get_cert_patch = mock.patch('firebase_helper.get_firebase_certificates')
with get_cert_patch as get_cert_mock:
# Make get_firebase_certificates return our test certificate.
get_cert_mock.return_value = {'1': certificate_pem}
claims = firebase_helper.verify_auth_token(request)
assert claims['user_id'] == '123'
def test_verify_auth_token_expired(test_certificate, monkeypatch):
_, certificate_pem, _, private_key_bytes = test_certificate
# The Firebase project ID is used as the JWT audience.
monkeypatch.setenv('FIREBASE_PROJECT_ID', 'test_audience')
# Generate a jwt to include in the request.
jwt = make_jwt(private_key_bytes,
claims={'exp': int(time.time()) - 60},
headers={'kid': '1'})
# Make a mock request
request = mock.Mock()
request.headers = {'Authorization': 'Bearer {}'.format(jwt)}
get_cert_patch = mock.patch('firebase_helper.get_firebase_certificates')
with get_cert_patch as get_cert_mock:
# Make get_firebase_certificates return our test certificate.
get_cert_mock.return_value = {'1': certificate_pem}
assert firebase_helper.verify_auth_token(request) is None
def get(self):
# Verify Firebase auth.
print self.request
claims = firebase_helper.verify_auth_token(self.request)
register_name = self.request.get('register_name',
DEFAULT_REGISTER_NAME)
if claims:
print 'claims found'
trade_query = ClerkshipTrade.query(
ClerkshipTrade.student.email == claims.get('email'),
ancestor=register_key(register_name))
trades = trade_query.fetch()
else:
trades = []
data = {}
for trade in trades:
data[trade.block] = trade.get_json()
response_obj = {'data': data}
self.response.headers['Content-Type'] = 'application/json'
self.response.out.write(json.dumps(response_obj))
def test_verify_auth_token_no_auth_header():
request = mock.Mock()
request.headers = {}
assert firebase_helper.verify_auth_token(request) is None
def test_verify_auth_token_no_auth_header():
request = mock.Mock()
request.headers = {}
assert firebase_helper.verify_auth_token(request) is None
