def test_encode_auth_token(self):
user = User(email='*****@*****.**',
password='******',
registered_on=datetime.datetime.utcnow())
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
def deploy():
upgrade()
admin_username = app.config['ADMIN_USERNAME']
admin_password = app.config['ADMIN_PASSWORD']
if admin_username and admin_password:
if not User.is_unique(id=0, username=admin_username):
print("Admin user with username '{}' already exists".format(
admin_username))
else:
user = User(admin_username, admin_password, admin=True)
db.session.add(user)
db.session.commit()
print("Admin user '{}' created.".format(admin_username))
def get_logged_in_user(new_request):
# get the auth token
auth_token = new_request.headers.get('Authorization')
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
response_object = {
'status': 'success',
'data': {
'user_id': user.id,
'email': user.email,
'admin': user.admin,
'registered_on': str(user.registered_on)
}
}
return response_object, 200
response_object = {'status': 'fail', 'message': resp}
return response_object, 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return response_object, 401
def dummy():
for i in range(100):
# Create a user if they do not exist.
user = User(
email=f"example{i}@bucketmail.com",
password="******",
public_id=f"public_{i}",
username=f"example{i}",
registered_on=datetime.datetime.utcnow()
)
db.session.add(user)
db.session.commit()
def test_get_admin_resource_with_admin_rights(self):
# create admin user
username = '******'
password = '******'
user = User(username, password, admin=True)
with self.app.app_context():
db.session.add(user)
db.session.commit()
# admin user login
response = self.login_user(username, password)
data = json.loads(response.data.decode())
access_token = data['access_token']
self.assertTrue(data['message'] == 'Logged in as {}'.format(username))
# access to UserList resource
headers = self.get_api_headers()
headers.update({
'Authorization': 'Bearer {}'.format(access_token),
})
response = self.client.get(
'/auth/users/',
headers=headers,
)
data = json.loads(response.data.decode())
self.assertEqual(data[0]['username'], username)
self.assertTrue(data[0]['url'])
self.assertEqual(response.status_code, 200)
# access to User resource
response = self.client.get(
'/auth/users/1',
headers=headers,
)
data = json.loads(response.data.decode())
self.assertEqual(data['username'], username)
self.assertTrue(data['password'])
self.assertTrue(data['registered_on'])
self.assertTrue(data['url'])
self.assertEqual(response.status_code, 200)
# delete user with admin rights
response = self.client.delete(
'/auth/users/1',
headers=headers,
)
self.assertEqual(response.status_code, 204)
def save_new_user(data):
user = User.query.filter_by(email=data['email']).first()
if not user:
new_user = User(public_id=str(uuid.uuid4()),
email=data['email'],
username=data['username'],
password=data['password'],
registered_on=datetime.datetime.utcnow())
save_changes(new_user)
return generate_token(new_user)
else:
response_object = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return response_object, 409
def logout_user(data):
if data:
auth_token = data.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
return save_token(token=auth_token)
else:
response_object = {'status': 'fail', 'message': resp}
return response_object, 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return response_object, 403