def test_encode_auth_tokens(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
self.assertTrue(isinstance(access_token, bytes))
self.assertTrue(isinstance(refresh_token, bytes))
self.assertTrue(isinstance(refresh_token_id, str))
def test_encode_access_token(self):
username = '******'
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
access_token = user.encode_access_token(username)
self.assertTrue(isinstance(access_token, bytes))
payload = jwt.decode(access_token, key)
self.assertTrue(payload.get('sub') == username)
def test_decode_refresh_token(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
self.assertTrue(isinstance(access_token, bytes))
self.assertTrue(isinstance(refresh_token, bytes))
self.assertTrue(isinstance(refresh_token_id, str))
response = UserModel.decode_refresh_token(refresh_token)
self.assertTrue(isinstance(response, str))
def test_validate_token(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
_, refresh_token, _ = user.encode_auth_tokens(user.username)
with mock.patch('authApi.api.utils.tokenutils.request') as mocked_request:
mocked_request.headers = dict(Authorization='Bearer ' + refresh_token.decode())
@validate_token
def a():
return 'test_function'
result = a()
self.assertTrue(result == 'test_function')
def test_change_password(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
self.assertTrue(user.check_password('Password2'))
user.change_password('Password3')
self.assertTrue(user.check_password('Password3'))
self.assertTrue(user.updated_by == user.public_id)
user.change_password('Password4', principal='SYSTEM')
self.assertTrue(user.check_password('Password4'))
self.assertTrue(user.updated_by == 'SYSTEM')
def post(self):
token = get_token()
try:
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
access_token = user.encode_access_token(user.username)
response_obj = dict(status='Success',
message='Generated new access token',
refresh_token_renewed=False,
access_token=access_token.decode())
return make_response(jsonify(response_obj), 200)
except ExpiredToken as e:
payload = UserModel.decode_expired_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
blacklisted_token = BlackListTokenModel(
token_id=payload_dict.get('token_id'))
user.token_id = refresh_token_id
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(
status='Success',
message='Generated new refresh and access tokens',
refresh_token_renewed=True,
access_token=access_token.decode(),
refresh_token=refresh_token.decode())
return make_response(jsonify(response_obj), 200)
except InvalidToken as err:
blacklisted_token = create_blacklisted_token(err, token)
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
except (BlacklistedToken, Exception) as err:
error = None
if isinstance(err, BlacklistedToken):
error = BlacklistedToken.__name__
else:
error = OtherError.__name__
response_obj = dict(status='Fail', message=str(err), error=error)
return make_response(jsonify(response_obj), 500)
def test_decode_expired_token(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
_, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
self.assertTrue(isinstance(refresh_token, bytes))
payload = jwt.decode(refresh_token, key)
payload['exp'] = datetime.datetime.utcnow() - datetime.timedelta(
minutes=32)
token = jwt.encode(payload, key, algorithm='HS256')
response = UserModel.decode_expired_token(token)
resp = json.loads(response)
self.assertTrue(resp.get('name') == payload.get('sub'))
self.assertTrue(resp.get('token_id') == payload.get('jti'))
def create_blacklisted_token(e, token):
blacklisted_token = None
if isinstance(e, ExpiredToken):
payload = UserModel.decode_expired_token(token)
payload_dict = json.loads(payload)
blacklisted_token = BlackListTokenModel(
token_id=payload_dict.get('token_id'))
elif isinstance(e, InvalidToken):
blacklisted_token = BlackListTokenModel(token=token)
return blacklisted_token
def get(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
response_obj = dict(status='Success',
data=dict(username=user.username,
registered_on=user.registered_on,
admin=user.admin,
anonymous=user.anonymous))
return make_response(jsonify(response_obj), 200)
def post(self):
json_object = request.get_json()
user = UserModel.query.filter_by(
username=json_object.get('username')).first()
if user:
response_obj = dict(status='Fail',
message=str(UserAlreadyExist()),
error=UserAlreadyExist.__name__)
return make_response(jsonify(response_obj), 500)
user = UserModel(username=json_object.get('username'),
password=json_object.get('password'))
if json_object.get('admin'):
user.admin = json_object.get('admin')
if json_object.get('anonymous'):
user.anonymous = json_object.get('anonymous')
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
user.token_id = refresh_token_id
db.session.add(user)
db.session.commit()
response_obj = dict(status='Success',
message='Successfully registered',
access_token=access_token.decode(),
refresh_token=refresh_token.decode())
return make_response(jsonify(response_obj), 201)
def test_registration_with_already_registered_user(self):
user = UserModel(
username='******',
password='******'
)
db.session.add(user)
db.session.commit()
with self.client:
response = register_user(self, 'fmaketouser', '123456')
data = json.loads(response.data.decode())
self.assertTrue(data.get('status') == 'Fail')
self.assertTrue(data.get('message') == str(UserAlreadyExist()))
self.assertTrue(data.get('error') == UserAlreadyExist.__name__)
self.assertEqual(response.status_code, 500)
def post(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
blacklisted_token = BlackListTokenModel(token_id=user.token_id)
user.token_id = ''
if user.anonymous:
db.session.delete(user)
db.session.commit()
response_obj = dict(status='Success',
message='Successfully logged out')
return make_response(jsonify(response_obj), 200)
def get(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
if payload_dict.get('admin'):
users = UserModel.query.all()
users[:] = [(user.username, user.registered_on) for user in users]
response_obj = dict(status='Success', message=users)
return make_response(jsonify(response_obj), 200)
else:
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
def post(self):
token = get_token()
post_data = request.get_json()
if any([
'typeOfChange' not in post_data.keys(), 'message'
not in post_data.keys()
]):
response_obj = dict(
status='Fail',
message=
'You are missing either "typeOfChange" or "message" or both',
error=OtherError.__name__)
return make_response(jsonify(response_obj), 500)
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
if post_data.get('typeOfChange') == 'password':
user.change_password(post_data.get('message'))
if post_data.get('typeOfChange') == 'username':
user.change_username(post_data.get('message'))
if post_data.get('typeOfChange') == 'both':
user.change_password(post_data.get('message').get('password'))
user.change_username(post_data.get('message').get('username'))
blacklisted_token = BlackListTokenModel(token_id=user.token_id)
user.token_id = ''
db.session.add(blacklisted_token)
db.session.commit()
message = ''
if post_data.get('typeOfChange') == 'password':
message = 'Changed your password'
if post_data.get('typeOfChange') == 'username':
message = 'Changed your username'
if post_data.get('typeOfChange') == 'both':
message = 'Changed your username and password'
response_obj = dict(status='Success', message=message)
return make_response(jsonify(response_obj), 200)
def decorated(*args, **kwargs):
token = get_token()
try:
payload = UserModel.decode_refresh_token(token)
return func(*args, **kwargs)
except (InvalidToken, ExpiredToken) as e:
blacklisted_token = create_blacklisted_token(e, token)
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
except (BlacklistedToken, Exception) as err:
if isinstance(err, BlacklistedToken):
response_obj = dict(status='Fail',
message=str(BlacklistedToken()),
error=BlacklistedToken.__name__)
return make_response(jsonify(response_obj), 403)
response_obj = dict(status='Fail',
message=str(err),
error=OtherError.__name__)
return make_response(jsonify(response_obj), 500)
def test_check_password(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
self.assertTrue(user.check_password('Password2'))
self.assertFalse(user.check_password('Pass23word'))
