Ejemplo n.º 1
0
    def test_update_user_calls_db_access_to_update_user(self):
        user_id = 'userid1'
        password = '******'
        valid_body = '{"user": {"password": "******"}}' % (password)

        mock_db_access = MagicMock()
        mock_db_access.update_user.return_value = 1
        server.db_access = mock_db_access

        self.app.post(UPDATE_USER_ROUTE_FORMAT.format(user_id),
                      data=valid_body,
                      headers=JSON_CONTENT_TYPE_HEADER)

        expected_password_hash_to_pass = get_user_password_hash(
            user_id, password, app.config['PASSWORD_SALT'])
        mock_db_access.update_user.assert_called_once_with(
            user_id=user_id, password_hash=expected_password_hash_to_pass)
Ejemplo n.º 2
0
def _handle_allowed_user_auth_request(user_id, password, failed_login_attempts):
    password_salt = app.config['PASSWORD_SALT']
    password_hash = security.get_user_password_hash(user_id, password, password_salt)
    user = db_access.get_user(user_id, password_hash)

    if user:
        # Reset failed login attempts to zero and proceed
        db_access.update_failed_logins(user_id, 0)
        return Response(_authenticated_response_body(user), mimetype=JSON_CONTENT_TYPE)
    else:
        failed_login_attempts += 1
        db_access.update_failed_logins(user_id, failed_login_attempts)
        auditing.audit('Invalid credentials used. username: {}, attempt: {}.'.format(
            user_id, failed_login_attempts
        ))

        return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)
Ejemplo n.º 3
0
    def test_create_user_calls_db_access_to_create_user(self):
        user_id = 'userid1'
        password = '******'
        valid_body_format = '{"user": {"user_id": "%s", "password": "******"}}'
        valid_body = valid_body_format % (user_id, password)

        mock_db_access = MagicMock()
        mock_db_access.create_user.return_value = True
        server.db_access = mock_db_access

        self.app.post(CREATE_USER_ROUTE,
                      data=valid_body,
                      headers=JSON_CONTENT_TYPE_HEADER)

        expected_password_hash_to_pass = get_user_password_hash(
            user_id, password, app.config['PASSWORD_SALT'])
        mock_db_access.create_user.assert_called_once_with(
            user_id, expected_password_hash_to_pass)
Ejemplo n.º 4
0
def create_user():
    request_json = _try_get_request_json(request)
    if request_json and _is_create_request_data_valid(request_json):
        user = request_json['user']
        user_id = user['user_id']
        password = user['password']
        # TODO: common code
        password_hash = security.get_user_password_hash(
            user_id,
            password,
            app.config['PASSWORD_SALT']
        )
        if db_access.create_user(user_id, password_hash):
            auditing.audit('Created user {}'.format(user_id))
            return Response(json.dumps({'created': True}), mimetype=JSON_CONTENT_TYPE)
        else:
            response_body = json.dumps({'error': 'User already exists'})
            return Response(response_body, 409, mimetype=JSON_CONTENT_TYPE)
    else:
        return INVALID_REQUEST_RESPONSE
Ejemplo n.º 5
0
    def test_authenticate_user_calls_db_access_to_find_user(self):
        user_id = 'userid1'
        password = '******'
        body_format = '{"credentials": {"user_id": "%s", "password": "******"}}'
        valid_body = body_format % (user_id, password)

        mock_db_access = MagicMock()
        mock_db_access.get_user.return_value = FakeUser(
            user_id, 'passwordhash', 0)
        mock_db_access.get_failed_logins = lambda self, *args, **kwargs: 0
        mock_db_access.update_failed_logins = lambda self, *args, **kwargs: 1
        server.db_access = mock_db_access

        self.app.post(AUTHENTICATE_ROUTE,
                      data=valid_body,
                      headers=JSON_CONTENT_TYPE_HEADER)

        expected_password_hash_to_pass = get_user_password_hash(
            user_id, password, app.config['PASSWORD_SALT'])
        mock_db_access.get_user.assert_called_once_with(
            user_id, expected_password_hash_to_pass)
Ejemplo n.º 6
0
def update_user(user_id):
    request_json = _try_get_request_json(request)
    if request_json and _is_update_request_data_valid(request_json):
        new_password = request_json['user']['password']
        new_password_hash = security.get_user_password_hash(
            user_id,
            new_password,
            app.config['PASSWORD_SALT']
        )
        if db_access.update_user(
            user_id=user_id,
            password_hash=new_password_hash
        ):
            auditing.audit('Updated user {}'.format(user_id))
            return Response(
                json.dumps({'updated': True}),
                mimetype=JSON_CONTENT_TYPE
            )
        else:
            return USER_NOT_FOUND_RESPONSE
    else:
        return INVALID_REQUEST_RESPONSE
Ejemplo n.º 7
0
 def test_get_user_password_hash_returns_same_hash_for_same_data(self):
     hash1 = security.get_user_password_hash('user1', 'password1', 'salt1')
     hash2 = security.get_user_password_hash('user1', 'password1', 'salt1')
     assert hash1 == hash2
Ejemplo n.º 8
0
 def test_get_userpass_returns_different_hash_for_different_passwords(self):
     hash1 = security.get_user_password_hash('user1', 'password1', 'salt1')
     hash2 = security.get_user_password_hash('user1', 'password2', 'salt1')
     assert hash1 != hash2