def test_decode_item_token(self):
item = Item(name='Test')
db.session.add(item)
db.session.commit()
token = item.generate_item_token('Tester')
self.assertTrue(isinstance(token, bytes))
self.assertFalse(Item.decode_item_token(token) == None, None)
def receive_object():
#extract request data or none
data = request.get_json() or {}
#check if required fields exist (auth_token, and item_token)
if 'auth_token' not in data or 'item_token' not in data:
return bad_request('Auth token and item token must be included')
#authorise user from token
user = User.check_auth_token(data['auth_token'])
#check if user is authorised and is ssame as item's recipient
if not user:
return error_response(401, 'User not authorised.')
#get required item
recipient, item = Item.decode_item_token(data['item_token'])
#check if item and recipient were found
if item and recipient:
#if user is same as item's recipient
if recipient is user:
item.owner = user
db.session.commit()
#create response
response = jsonify(
{'message': "Object was succesfully transfered."})
response.status_code = 200
return response
else:
return error_response(403, 'Resource is forbidden.')
else:
return error_response(404, 'Item not found.')
