def step_impl(context):
with patch.object(BaseDB, 'remove_list_item') as mck_remove:
authentication = AuthenticationManager()
context.result = authentication.delete_user(context.app_id,
context.user_info)
assert mck_remove.called_with(USER_COLLECTION, APP_KEY, context.app_id,
USER_ITEM, context.user_info)
def step_impl(context):
context.usernew = {
'token': 'abababab',
'username': context.username,
'email': '*****@*****.**',
'fname': 'teste',
'lname': 'teste'
}
context.userold = {'username': context.username}
with patch.object(BaseDB, 'get') as mck_get:
with patch.object(AuthenticationManager,
'verify_token',
return_value=True) as mck_verify:
with patch.object(AuthenticationManager,
'delete_user',
return_value=1) as mck_delete:
with patch.object(BaseDB, 'insert',
return_value=1) as mck_insert:
authentication = AuthenticationManager()
result = authentication.update_user(
context.app_id, context.usernew)
assert mck_get.called
assert mck_verify.called
assert mck_delete.called
assert mck_insert.called
assert result > 0
def step_impl(context):
context.token = 'ababab'
with patch.object(BaseDB, 'remove') as mck_remove:
authentication = AuthenticationManager()
context.result = authentication.remove_token(context.token)
assert mck_remove.called
assert mck_remove.called_with('Token', 'token', context.token)
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.infra = Infra()
self.auth = AuthenticationManager()
self.token = Token()
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.authentication = AuthenticationManager()
self.sendEmail = SendEmail()
self.emailToken = EmailToken()
self.token = Token()
def step_impl(context):
authentication = AuthenticationManager()
context.result = authentication.generate_token(
context.user_info).encode('utf-8')
hashed = bcrypt.hashpw(
(SECRET + json.dumps(context.user_info)).encode('utf-8'),
base64.b64decode(context.result))
assert base64.b64encode(hashed) == context.result
def step_impl(context):
authentication = AuthenticationManager()
hashed = authentication._hashpwd('pwd')
context.info = {'username': '******', 'password': hashed}
ret = [{'auth': [context.info]}]
with patch.object(BaseDB, 'get', return_value=ret) as mck_get:
context.result = authentication.access_app(1, context.username,
context.password)
assert mck_get.called
def step_impl(context):
with patch.object(AuthenticationManager,
'_is_user_unique',
return_value=True) as mck_unique:
with patch.object(BaseDB, 'insert', return_value=None) as mck_insert:
authentication = AuthenticationManager()
result = authentication.insert_user(context.app_id,
context.user_info)
assert mck_insert.called
assert mck_unique.called
def step_impl(context):
context.token = 'abababab'
ret = [{
'data': [{
'app_id': context.app_id,
'user': context.user_info
}],
'token': context.token
}]
with patch.object(BaseDB, 'get_all', return_value=ret) as mck_get:
authentication = AuthenticationManager()
context.result = authentication.get_token(context.app_id,
context.user_info)
def step_impl(context):
with patch.object(AuthenticationManager,
'_is_user_unique',
return_value=False) as mck_unique:
with patch.object(BaseDB, 'insert', return_value=None) as mck_insert:
authentication = AuthenticationManager()
result = authentication.insert_user(context.app_id,
context.user_info)
assert not mck_insert.called
assert mck_unique.called
print(result)
assert len(result) == 2
assert result[0] == None
assert result[1] == 'users'
def step_impl(context):
authentication = AuthenticationManager()
for item in context.invalid_passwords:
if not authentication.validate_pwd({
'username': '******',
'password': item,
'fname': 'teste',
'lname': 'teste',
'email': '*****@*****.**'
}):
context.result = False
context.value = item + ' is invalid'
context.result = True
context.value = 'valid'
def step_impl(context):
context.app_id = 1
context.username = '******'
context.user_info = {'username': context.username, 'password': '******'}
context.token = 'ababab'
context.data = {
'app_id': context.app_id,
'created': datetime.datetime.now(),
'user': context.user_info
}
with patch.object(BaseDB, 'insert') as mck_insert:
authentication = AuthenticationManager()
context.result = authentication.insert_token(context.app_id,
context.user_info,
context.token)
assert mck_insert.called
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.favorites = Favorites()
self.authentication = AuthenticationManager()
self.token = Token()
def step_impl(context):
context.app_id = 1
context.username = '******'
context.user_info = {'username': context.username, 'password': '******'}
context.token = 'ababab'
ret = [{
'data': [{
'app_id': context.app_id,
'created': datetime.datetime.now(),
'user': context.user_info
}],
'token':
context.token
}]
with patch.object(BaseDB, 'get', return_value=ret) as mck_get:
authentication = AuthenticationManager()
context.result = authentication.verify_token(context.app_id,
context.token)
assert mck_get.called
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self.authentication = AuthenticationManager()
class InfraRestView:
"""
Implements infra REST API.
"""
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.infra = Infra()
self.auth = AuthenticationManager()
self.token = Token()
@view_config(route_name=Route.INSERT_DATA_INFRA,
request_method='POST',
renderer='json')
def create(self):
"""
This method is called from **/engine/api/insert_data_infra**.
This method is used to create infra association.
Arguments:
username (str): the username;
principal (dict): principal;
secret (dict): secret.
Returns:
success (bool): True if sucessfully created and False
otherwise;
error (str): an error message if an error occured and an empty
string otherwise.
"""
msg = ''
try:
username = self.request.params['username']
infra_info = {
'principal': self.request.params['principal'],
'secret': self.request.params['secret']
}
#token = self.request.params['token']
#usr = self.token.verify_token(2, token)
#if usr != 'invalid token' and usr == username:
auth = self.infra.create(username, infra_info)
if auth is not None:
return {'success': 'Infra data successfully created.'}
else:
return {'error': 'Invalid infra data.'}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.CHECKIN_DATA_INFRA,
request_method='POST',
renderer='json')
def read(self):
"""
This method is called from **/engine/api/checkin_data_infra**.
This method is used to insert infra credentials.
Arguments:
username (str): the username;
principal (str): password.
Returns:
success (bool): True if sucessfully created and False
otherwise;
data (dict): object with infra data;
error (str): an error message if an error occured and an empty
string otherwise.
"""
msg = ''
try:
usr = self.request.params['username']
pwd = self.request.params['pwd']
user, msg = self.auth.access_app(
2,
usr,
pwd,
Auth.USERS)
if user is not None:
result = self.infra.read(usr)
if result is not None:
return {'success': 'Infra data successfully read.',
'data': result}
else:
return {'error': 'Invalid username.'}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
class RestView:
""" Implements the main REST API """
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.authentication = AuthenticationManager()
@view_config(route_name=Route.CHECKIN,
request_method='POST',
renderer='json')
def checkin(self):
""" This method is called from **/engine/api/checkin**.
"""
usr = self.request.params['user']
pwd = self.request.params['pwd']
user = self.authentication.access_app(2, usr,
self.authentication._hash(pwd),
Auth.USERS)
token = self.authentication.generate_token(user)
response = self.authentication.insert_token(2, user, token)
if user is not None:
log.info('#### authenticated!')
return {
'success': True,
'cancelled': False,
'user_info': {
'user_token': token,
'user': user
},
'error': ''
}
else:
log.info('#### not authenticated!')
return {
'success': False,
'cancelled': False,
'user_info': None,
'error': 'Invalid username or password.'
}
return {}
@view_config(route_name=Route.CHECKOUT,
request_method='POST',
renderer='json')
def checkout(self):
""" This method is called from **/engine/api/checkout**.
"""
token = self.request.params['token']
self.authentication.remove_token(token)
return {}
@view_config(route_name=Route.VERIFY_TOKEN,
request_method='POST',
accept='application/json',
renderer='json')
def verify_token(self):
""" This method is called from **/engine/api/verify_token**.
"""
token = self.request.params['token']
response = self.authentication.verify_token(2, token)
return {'response': response}
@view_config(route_name=Route.SIGNUP,
request_method='POST',
accept='application/json',
renderer='json')
def signup(self):
""" This method is called from **/engine/api/signup**.
"""
log.info('#### awaits filling forms...')
#needs to collect info from forms, verify them, and input in database
usr = self.request.params['user']
pwd = self.request.params['pwd']
fname = self.request.params['fname']
lname = self.request.params['lname']
email = self.request.params['email']
log.info('usr: %s' % usr)
log.info('pwd: %s' % pwd)
log.info('fname: %s' % fname)
log.info('lname: %s' % lname)
log.info('email: %s' % email)
user_info = {
'username': usr,
'password': pwd,
'fname': fname,
'lname': lname
}
#user = insert_user(1, auth_info)
result = self.authentication.insert_user(2, user_info)
log.info('#### result: %s, %s' % result)
if result[0] is not None:
log.info('User registered!!!')
return {'success': 'User signed up with success!'}
else:
log.info('Username already exists...')
return {
'error':
'Username already exists. Please choose a different one.'
}
return {}
def step_impl(context):
with patch.object(BaseDB, 'remove') as mck_remove:
authentication = AuthenticationManager()
context.result = authentication.remove_app(context.app_id)
assert mck_remove.called
assert mck_remove.called_with(USER_COLLECTION, APP_KEY, context.app_id)
class AuthenticationRestView:
"""
Implements the main REST API.
"""
def __init__(self, request):
self.request = request
self._settings = request.registry.settings
self._data = self._settings['data']
self.authentication = AuthenticationManager()
self.sendEmail = SendEmail()
self.emailToken = EmailToken()
self.token = Token()
@view_config(route_name=Route.CHECKIN,
request_method='POST',
renderer='json')
def checkin(self):
"""
This method is called from **/engine/api/checkin_data**.
This method is used to authentication user to access the application.
Arguments:
user (str): the username;
pwd (str): the user password.
Returns:
success (bool): True if sucessfully authenticated and False
otherwise;
cancelled (bool): True if operation is cancelled by the user and
False otherwise;
user_info (dict): contains information about the user, such as
the authentication token and username;
error (str): an error message if an error occured and an empty
string otherwise.
"""
msg = ''
try:
usr = self.request.params['user']
pwd = self.request.params['pwd']
# TODO: aap_id = 2 is hardcoded
user, msg = self.authentication.access_app(
2,
usr,
pwd,
Auth.USERS)
if user is not None:
token = self.token.generate_token(user)
response = self.token.insert_token(2, user, token)
if 'stayin' in self.request.params:
res = self.authentication.update_user_stayin(user, self.request.params['stayin'])
user['token'] = token
del user['token']
LOG.info('Successfully authenticated.')
return {
'success': True,
'cancelled': False,
'user_info': {'user_token': token, 'user': user},
'error': ''
}
else:
error_msg = ''
if msg == '':
LOG.info('User not authenticated.')
error_msg = 'Invalid username or password.'
else:
LOG.info(msg)
error_msg = msg
return {
'success': False,
'cancelled': False,
'user_info': None,
'error': error_msg
}
return {}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.CHECKOUT,
request_method='POST',
renderer='json')
def checkout(self):
"""
This method is called from **/engine/api/checkout_data**.
This method is used to logout. It revocates current user token and
logs the operation for accounting purposes.
Args:
token (str): hexadecimal representation of user token.
"""
msg = ''
try:
token = self.request.params['token']
result = self.token.remove_token(token)
if result is not None:
LOG.info('Successfully checkout.')
return {
'success': True,
'cancelled': False,
'user_info': {'user_token': token},
'error': ''
}
else:
LOG.info('User not checkin.')
return {
'success': False,
'cancelled': False,
'user_info': None,
'error': 'Invalid token.'
}
return {}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.VERIFY_TOKEN,
request_method='POST',
accept='application/json',
renderer='json')
def verify_token(self):
"""
This method is called from **/engine/api/verify_token**.
Verify the validity of user token.
Args:
token (str): hexadecimal representation of user token.
Returns:
response (str): username if token is valid and 'invalid token'
otherwise.
"""
msg = ''
try:
token = self.request.params['token']
LOG.info('#### Input token: %s' % token)
response = self.token.verify_token(2, token)
return {'response': response}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.READ_USER_INFO,
request_method='POST',
accept='application/json',
renderer='json')
def read_user_info(self):
"""
This method is called from **/engine/api/read_user_info**.
Verify the validity of user token.
Args:
token (str): hexadecimal representation of user token.
Returns:
response (str): username if token is valid and 'invalid token'
otherwise.
"""
msg = ''
try:
token = self.request.params['token']
LOG.info('#### Input token: %s' % token)
response = self.token.read_user_info(2, token)
return {'response': response,
'success': 'User info read successfully.'}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.SIGNUP,
request_method='POST',
accept='application/json',
renderer='json')
def signup(self):
"""
This method is called from **/engine/api/signup**.
Method used to register new user into the system.
Args:
user (str): username;
pwd (str): user password;
fname (str): user first name;
lname (str): user last name;
email (str): user email address.
"""
msg = ''
try:
LOG.info('Awaits filling forms...')
usr = self.request.params['user']
pwd = self.request.params['pwd']
fname = self.request.params['fname']
lname = self.request.params['lname']
email = self.request.params['email']
stayin = False
user_info = {
'username': usr,
'password': pwd,
'fname': fname,
'lname': lname,
'email': email,
'stayin': stayin
}
# app_id = 2 is hardcoded for now.
# TODO: remove hardcoded data
result = self.authentication.insert_user(2, user_info)
if result[0] is not None and result[1] == '':
LOG.info('User successfully registered.')
return {'success': 'User signed up with success.'}
if result[0] is None and result[1] != '':
LOG.info(result[1])
return {'error': result[1]}
else:
LOG.info('Username already exists.')
return {'error':\
'Username already exists. Please choose a different one.'
}
return {}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.UPDATE_USER,
request_method='POST',
accept='application/json',
renderer='json')
def update_user(self):
"""
This method is called from **/engine/api/update_user**.
Method used to update user information on the system.
Args:
user (str): username;
pwd (str): user password;
fname (str): user first name;
lname (str): user last name;
email (str): user email address.
"""
msg = ''
try:
usr = self.request.params['user']
fname = self.request.params['fname']
lname = self.request.params['lname']
stayin = self.request.params['stayin']
token = self.request.params['token']
LOG.info('#### usr: %s' % usr)
LOG.info('#### fname: %s' % fname)
LOG.info('#### lname: %s' % lname)
LOG.info('#### token: %s' % token)
user_info = {
'username': usr,
'fname': fname,
'lname': lname,
'stayin': stayin,
'token': token
}
result = self.authentication.update_user(2, user_info)
LOG.info('#### result: %s' % result)
if result > 0:
msg = 'User information updated successfully.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'Username does not exist.'
LOG.info(msg)
return {'error': msg}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.CHANGE_PASSWORD,
request_method='POST',
accept='application/json',
renderer='json')
def change_password(self):
"""
This method is called from **/engine/api/update_user**.
Method used to update user information on the system.
Args:
user (str): username;
oldpwd (str): old password;
newpwd (str): new password;
token (str): token.
"""
msg = ''
try:
usr = self.request.params['user']
oldpwd = self.request.params['oldpwd']
newpwd = self.request.params['newpwd']
token = self.request.params['token']
LOG.info('#### usr: %s' % usr)
LOG.info('#### oldpwd: %s' % oldpwd)
LOG.info('#### newpwd: %s' % newpwd)
LOG.info('#### token: %s' % token)
user_info = {
'username': usr,
'oldpwd': oldpwd,
'newpwd':newpwd,
'token': token
}
result = self.authentication.change_password(2, user_info)
LOG.info('#### result: %s' % result)
if result > 0:
msg = 'Password updated successfully.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'Username does not exist.'
LOG.info(msg)
return {'error': msg}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.DELETE_USER,
request_method='POST',
accept='application/json',
renderer='json')
def delete_user(self):
"""
This method is called from **/engine/api/delete_user
Method used to delete user information from application.
Args:
username (str): username;
pwd (str): user password;
fname (str): user first name;
lname (str): user last name;
email (str): user email address.
"""
msg = ''
try:
usr = self.request.params['user']
token = self.request.params['token']
user_info = {
'username': usr,
'token': token,
}
result = self.authentication.delete_user(2, user_info)
LOG.info('#### result: %s' % result)
if result > 0:
msg = 'User deleted with success.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'User does not exist.'
LOG.info(msg)
return {'error': msg}
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.EMAIL_CONFIRMATION,
request_method='POST',
accept='application/json',
renderer='json')
def email_confirmation(self):
"""
This method is called from **/engine/api/email_confirmation
Method used to confirm that the user possess given email address.
Args:
username (str): username;
email_token (str): unique email token.
email (str): user email.
"""
msg = ''
try:
username = self.request.params['username']
email_token = self.request.params['token']
email = self.request.params['email']
result = self.emailToken.email_confirmation(username, email, email_token)
if result:
msg = 'User email confirmed with success.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'User email was not confirmed.'
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.SEND_EMAIL_TOKEN,
request_method='POST',
accept='application/json',
renderer='json')
def send_email_token(self):
"""
This method is called from **/engine/api/send_email_token
Method used to send email with token.
Args:
username (str): username;
email (str): user email.
"""
msg = ''
try:
username = self.request.params['username']
email = self.request.params['email']
result = self.emailToken.send_email_token(username, email)
if result:
msg = 'Email sent with success.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'Email was not sent.'
LOG.info(msg)
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}
@view_config(route_name=Route.FORGOT_PASSWORD,
request_method='POST',
accept='application/json',
renderer='json')
def forgot_password(self):
"""
This method is called from **/engine/api/forgot_password
Method used to change password.
Args:
username (str): username;
email (str): user email.
"""
msg = ''
try:
username = self.request.params['username']
email = self.request.params['email']
result = self.authentication.gen_password(2, username, email)
if result == 1:
msg = 'Email sent with success.'
LOG.info(msg)
return {'success': msg}
else:
msg = 'Email was not sent.'
LOG.info(msg)
except KeyError as e:
msg = 'Missing mandatory parameter: ' + str(e)
raise e
except Exception as e:
msg = 'Unknown error occurred: ' + str(e)
raise e
LOG.info(msg)
return {'error': msg}