def test_hexadecimal_token_validation_error_expired_token(self):
TokenHandler._Session = Mock()
TokenHandler._Session().query().filter_by().order_by().first = Mock(
return_value=Token(deactivate=False, time_limit=(datetime.utcnow()) - timedelta(minutes=2)))
with self.assertRaises(TimeoutException) as ex:
TokenHandler.hexadecimal_token_validation(1, 'token')
self.assertEqual('Token is Expired!', str(ex.exception))
def test_verification_token_error_if_user_id_is_wrong(self):
user_id = self.create_user()
# empty database
with self.assertRaises(SecurityException) as ex:
TokenHandler.hexadecimal_token_validation(0, "some wrong Token")
self.assertEqual('User has no token!', str(ex.exception))
# wrong user_id
with self.assertRaises(SecurityException) as ex:
TokenHandler.hexadecimal_token_validation(0, "some wrong Token")
self.assertEqual('User has no token!', str(ex.exception))
def test_verification_token(self):
user_id = self.create_user()
session = DBInitializer.get_session()
# for Phone
token = session.query(Token).filter_by(
exchange_method=ExchangeMethods.PHONE.value).first()
self.assertIsNone(token.last_used_time)
tk_ex_method = TokenHandler.hexadecimal_token_validation(
user_id, token.hex_token, ExchangeMethods.PHONE)
self.assertIsNotNone(tk_ex_method)
self.assertEqual(ExchangeMethods.PHONE.value, tk_ex_method)
session.refresh(token)
self.assertIsNotNone(token.last_used_time)
self.assertTrue(
datetime.utcnow() > token.last_used_time > datetime.utcnow() -
timedelta(minutes=1))
tk_user_id, ex_method = TokenHandler.url_token_validation(
token.url_token)
self.assertEqual(user_id, tk_user_id)
self.assertEqual(ExchangeMethods.PHONE.value, ex_method)
self.assertTrue(
datetime.utcnow() > token.last_used_time > datetime.utcnow() -
timedelta(minutes=1))
# for EMAIL
token = session.query(Token).filter_by(
exchange_method=ExchangeMethods.EMAIL.value).first()
self.assertIsNone(token.last_used_time)
tk_ex_method = TokenHandler.hexadecimal_token_validation(
user_id, token.hex_token, ExchangeMethods.EMAIL)
self.assertIsNotNone(tk_ex_method)
self.assertEqual(ExchangeMethods.EMAIL.value, tk_ex_method)
session.refresh(token)
self.assertIsNotNone(token.last_used_time)
self.assertTrue(
datetime.utcnow() > token.last_used_time > datetime.utcnow() -
timedelta(minutes=1))
tk_user_id, ex_method = TokenHandler.url_token_validation(
token.url_token)
self.assertEqual(user_id, tk_user_id)
self.assertEqual(ExchangeMethods.EMAIL.value, ex_method)
self.assertTrue(
datetime.utcnow() > token.last_used_time > datetime.utcnow() -
timedelta(minutes=1))
def test_verification_token_error_expired_token(self):
# generate a token
user_id = self.create_user(just_phone=True)
# update it's database session with expired token
session = DBInitializer.get_session()
token = session.query(Token).one()
token.time_limit = datetime.utcnow() - timedelta(minutes=1)
session.commit()
# check if raise expires
with self.assertRaises(TimeoutException):
TokenHandler.hexadecimal_token_validation(user_id, token.hex_token)
with self.assertRaises(TimeoutException):
TokenHandler.url_token_validation(token.url_token)
result = self.generate_toke(user_id=user_id)
self.assertTrue(result)
def verify_user_phone_by_hex_token(cls, user_id: int, hex_token: str):
session = cls._Session()
user = session.query(User).get(user_id)
if user.is_phone_verified:
return True
if not TokenHandler.hexadecimal_token_validation(
user_id, hex_token, ExchangeMethods.PHONE):
return False
user.is_phone_verified = True
user.state = get_user_state(user).value
session.commit()
def test_verification_token_error_wrong_token_and_deactivated_token(self):
user_id = self.create_user(just_phone=True)
with self.assertRaises(AuthenticationException) as ex:
TokenHandler.url_token_validation("some wrong Token")
self.assertEqual('Url Token is not valid!', str(ex.exception))
# failed 3 times
for i in range(3):
with self.assertRaises(AuthenticationException) as ex:
TokenHandler.hexadecimal_token_validation(
user_id, 'wrong token')
self.assertEqual("Token is not valid!", str(ex.exception))
for i in range(2):
with self.assertRaises(SecurityException) as ex:
TokenHandler.hexadecimal_token_validation(
user_id, 'wrong token')
self.assertEqual('Token is Deactivated!', str(ex.exception))
# check deactivated token raise exception even for right Hex token
session = DBInitializer.get_session()
token = session.query(Token).one()
with self.assertRaises(SecurityException) as ex:
TokenHandler.hexadecimal_token_validation(user_id, token.hex_token)
self.assertEqual('Token is Deactivated!', str(ex.exception))
# check deactivated token raise exception even for right URL token
with self.assertRaises(SecurityException) as ex:
TokenHandler.url_token_validation(token.url_token)
self.assertEqual('Token is Deactivated!', str(ex.exception))
def test_hexadecimal_token_validation_error_deactivated_token(self):
TokenHandler._Session = Mock()
TokenHandler._Session().query().filter_by().order_by().first = Mock(return_value=Token(deactivate=True))
with self.assertRaises(SecurityException) as ex:
TokenHandler.hexadecimal_token_validation(1, 'token')
self.assertEqual('Token is Deactivated!', str(ex.exception))