def test_valid_already_taken_token(client): token = Token() token.used = True token.save() response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 403 token.delete_instance()
def test_expired_token(client): token = Token() token.save() time.sleep(config.get('AUTH_DATETIME_PADDING') + 1) # Try with querystring response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 403 token.delete_instance()
def get_new_token(type: str) -> str: """ Генерирует новый токен и сохраняет в БД :return: Строка с ключом токена """ token_key = "" for i in range(15): token_key = token_key + str(random.choice("0123456789ABCDEF")) token = Token() token.set_token_key(token_key) token.type = type token.save() return token_key
def test_valid_token_busy_line(client): token = Token() token.save() dummy_caller_id = '123456789' call = Call() call.get_the_line(dummy_caller_id) response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 423 call.delete_instance() token.delete_instance()
def call(self): """ Simulate a notification and let us access the page with a new token. Useful for development. Should be NEVER accessible on production """ token = Token() token.save() url = 'https://{domain}:{port}?token={token}'.format( domain=config.get('WEB_APP_DOMAIN_NAME'), port=config.get('WEB_APP_PORT'), token=token.token ) return redirect(url, 301)
def authenticate(): if not request.json: return {'message': 'Request is not JSON.'}, 400 schema = { 'username': { 'type': 'string', 'required': True }, 'url': { 'type': 'string', 'required': True }, 'password': { 'type': 'string', 'required': True } } validator = Validator(schema) if not validator.validate(request.json): return {'message': 'Required parameters are missing!'}, 400 payload = request.get_json() username = payload['username'].lower() url = payload['url'] password = payload['password'] user = User.find_by_username_password(username=username, password=password) if user: try: Token.delete_all_tokens(user.id) token = Token(url=url, user_id=user.id) token.save() if token: return { 'message': 'Token has been created', 'token': token.token }, 201 else: return {'message': 'Unable to generate token.'}, 500 except: return {'message': 'Unable to generate token.'}, 500 else: return {'message': 'User does not exist!'}, 404
def test_hang_up(client): token = Token() token.save() response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 200 call = Call.get_call() assert call.status == Call.ON_CALL response = client.get(url_for('mobile_bp.hang_up', _external=False)) call.refresh_from_db() assert response.status_code == 200 assert call.status == Call.HUNG_UP response = client.get( url_for('mobile_bp.validate_session', _external=False)) assert response.status_code == 403
def test_valid_token(client): token = Token() token.save() # Try with querystring response = client.get( url_for('mobile_bp.index', token=token.token, _external=False)) assert response.status_code == 200 # Then session response = client.get(url_for('mobile_bp.index', _external=False)) assert response.status_code == 200 token.refresh_from_db() assert token.used is True token.delete_instance() call = Call.get_call() assert call.status == Call.ON_CALL call.delete_instance()
def access_token(): client_id = request.form.get('client_id') client_secret = request.form.get('client_secret') if not client_id: client_id = request.args.get('client_id') if not client_secret: client_secret = request.args.get('client_secret') client = Client.query.filter({ 'client_id': client_id, 'client_secret': client_secret }).first() db.session.db.Token.remove( {'created_time': { '$lt': datetime.now() - timedelta(hours=1) }}, safe=True) if not client: return jsonify( error={'message': 'Error validating verfication code'}), 401 # remove expired token db.session.db.Token.remove( {'created_time': { '$lt': datetime.now() - timedelta(hours=1) }}, safe=True) # create new token token = Token(token=str(uuid.uuid4()), client=client, created_time=datetime.now()) token.save() expired_time = token.created_time + timedelta(hours=1) expired_in = (expired_time - datetime.now()).total_seconds() return jsonify(access_token=token.token, expired_in=expired_in)
def run(self): now = datetime.datetime.now().replace(microsecond=0).isoformat() if self.__picture is None: if self.__front_door: token = Token() token.save() auth_web_app_link = 'https://{domain}:{port}?token={token}'.format( message=config.get('NOTIFICATION_FRONT_DOOR_MESSAGE'), domain=config.get('WEB_APP_DOMAIN_NAME'), port=config.get('WEB_APP_PORT'), token=token.token) message = '{message}\n' \ '[{call_cta_label}]({call_cta_link})'.\ format( message=_('daemon/notification/front_door_message'), call_cta_label=_('daemon/notification/call_cta_label'), call_cta_link=auth_web_app_link) else: message = _('daemon/notification/back_door_message') bot.send_message(chat_id=config.get('TELEGRAM_CHAT_ID'), text=message, parse_mode=telegram.ParseMode.MARKDOWN) logger.debug('Ring notification sent to Telegram') return # Close thread try: bot.send_photo(chat_id=config.get('TELEGRAM_CHAT_ID'), photo=self.__picture, caption=_('Photo'), disable_notification=True) logger.debug('Photo sent to Telegram') except Exception as e: logger.error('Could not send attachment to Telegram: {}'.format( str(e))) return # Close thread