def test_valid_already_taken_token(client):
token = Token()
token.used = True
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def test_expired_token(client):
token = Token()
token.save()
time.sleep(config.get('AUTH_DATETIME_PADDING') + 1)
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 403
token.delete_instance()
def get_new_token(type: str) -> str:
"""
Генерирует новый токен и сохраняет в БД
:return: Строка с ключом токена
"""
token_key = ""
for i in range(15):
token_key = token_key + str(random.choice("0123456789ABCDEF"))
token = Token()
token.set_token_key(token_key)
token.type = type
token.save()
return token_key
def test_valid_token_busy_line(client):
token = Token()
token.save()
dummy_caller_id = '123456789'
call = Call()
call.get_the_line(dummy_caller_id)
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 423
call.delete_instance()
token.delete_instance()
def call(self):
"""
Simulate a notification and let us access the page with a new token.
Useful for development. Should be NEVER accessible on production
"""
token = Token()
token.save()
url = 'https://{domain}:{port}?token={token}'.format(
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token
)
return redirect(url, 301)
def authenticate():
if not request.json:
return {'message': 'Request is not JSON.'}, 400
schema = {
'username': {
'type': 'string',
'required': True
},
'url': {
'type': 'string',
'required': True
},
'password': {
'type': 'string',
'required': True
}
}
validator = Validator(schema)
if not validator.validate(request.json):
return {'message': 'Required parameters are missing!'}, 400
payload = request.get_json()
username = payload['username'].lower()
url = payload['url']
password = payload['password']
user = User.find_by_username_password(username=username, password=password)
if user:
try:
Token.delete_all_tokens(user.id)
token = Token(url=url, user_id=user.id)
token.save()
if token:
return {
'message': 'Token has been created',
'token': token.token
}, 201
else:
return {'message': 'Unable to generate token.'}, 500
except:
return {'message': 'Unable to generate token.'}, 500
else:
return {'message': 'User does not exist!'}, 404
def test_hang_up(client):
token = Token()
token.save()
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
call = Call.get_call()
assert call.status == Call.ON_CALL
response = client.get(url_for('mobile_bp.hang_up', _external=False))
call.refresh_from_db()
assert response.status_code == 200
assert call.status == Call.HUNG_UP
response = client.get(
url_for('mobile_bp.validate_session', _external=False))
assert response.status_code == 403
def test_valid_token(client):
token = Token()
token.save()
# Try with querystring
response = client.get(
url_for('mobile_bp.index', token=token.token, _external=False))
assert response.status_code == 200
# Then session
response = client.get(url_for('mobile_bp.index', _external=False))
assert response.status_code == 200
token.refresh_from_db()
assert token.used is True
token.delete_instance()
call = Call.get_call()
assert call.status == Call.ON_CALL
call.delete_instance()
def access_token():
client_id = request.form.get('client_id')
client_secret = request.form.get('client_secret')
if not client_id:
client_id = request.args.get('client_id')
if not client_secret:
client_secret = request.args.get('client_secret')
client = Client.query.filter({
'client_id': client_id,
'client_secret': client_secret
}).first()
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
if not client:
return jsonify(
error={'message': 'Error validating verfication code'}), 401
# remove expired token
db.session.db.Token.remove(
{'created_time': {
'$lt': datetime.now() - timedelta(hours=1)
}},
safe=True)
# create new token
token = Token(token=str(uuid.uuid4()),
client=client,
created_time=datetime.now())
token.save()
expired_time = token.created_time + timedelta(hours=1)
expired_in = (expired_time - datetime.now()).total_seconds()
return jsonify(access_token=token.token, expired_in=expired_in)
def run(self):
now = datetime.datetime.now().replace(microsecond=0).isoformat()
if self.__picture is None:
if self.__front_door:
token = Token()
token.save()
auth_web_app_link = 'https://{domain}:{port}?token={token}'.format(
message=config.get('NOTIFICATION_FRONT_DOOR_MESSAGE'),
domain=config.get('WEB_APP_DOMAIN_NAME'),
port=config.get('WEB_APP_PORT'),
token=token.token)
message = '{message}\n' \
'[{call_cta_label}]({call_cta_link})'.\
format(
message=_('daemon/notification/front_door_message'),
call_cta_label=_('daemon/notification/call_cta_label'),
call_cta_link=auth_web_app_link)
else:
message = _('daemon/notification/back_door_message')
bot.send_message(chat_id=config.get('TELEGRAM_CHAT_ID'),
text=message,
parse_mode=telegram.ParseMode.MARKDOWN)
logger.debug('Ring notification sent to Telegram')
return # Close thread
try:
bot.send_photo(chat_id=config.get('TELEGRAM_CHAT_ID'),
photo=self.__picture,
caption=_('Photo'),
disable_notification=True)
logger.debug('Photo sent to Telegram')
except Exception as e:
logger.error('Could not send attachment to Telegram: {}'.format(
str(e)))
return # Close thread
