def handler(event, context): headers = event.get('headers') or {} query_params = event.get('queryStringParameters') or {} authorization = headers.get('Authorization') try: body = json.loads(event.get('body')) except: body = {} decoded = jwt_decode(authorization) keys = body.get('props') or split(query_params.get('props')) verbose = body.get('verbose') or boolean(query_params.get('verbose')) user_id = decoded.get('user_id') email = body.get('email') or query_params.get('email') username = body.get('username') or query_params.get('username') raw_password = body.get('password') or query_params.get('password') if raw_password is not None: credential = (db.table('userProperty').or_where(db.query().where({ 'key': 'email', 'value': email, 'active': True, })).or_where(db.query().where({ 'key': 'username', 'value': username, 'active': True, })).first()) if credential is None: return abort(400, new_error('invalid credentials', 2)) user_id = credential.get('userId') user_password = get_props(user_id, keys=['password'])['password'] if password(raw_password) != user_password: return abort(400, new_error('invalid credentials', 2)) if db.table('user').where('id', user_id).first() is None: return abort(400, new_error('invalid token', 1)) data = get(user_id, keys=keys, verbose=verbose, is_me=True) return { 'body': json.dumps({'data': data}), 'headers': { 'Access-Control-Allow-Origin': '*' }, 'statusCode': 200, }
def handler(event, context): headers = event.get('headers') or {} authorization = headers.get('Authorization') try: body = json.loads(event.get('body')) except: body = {} try: decoded = jwt_decode(authorization) except: decoded = {} props = body.get('props') or {} verbose = body.get('verbose') user_id = decoded.get('user_id') unique_props = {k: v for k, v in props.items() if k in UNIQUE_KEYS} custom_props = {k: v for k, v in props.items() if k not in unique_props} if db.table('user').where('id', user_id).first() is None: return abort(401, new_error('invalid token', 1)) if 'password' in custom_props: custom_props['password'] = password(custom_props['password']) try: set_props(user_id, props=unique_props, unique=True) set_props(user_id, props=custom_props) except Exception as e: return abort(400, parse_sql_error(e)) return { 'body': json.dumps({ 'data': get( user_id, keys=props.keys(), verbose=verbose, ), }), 'headers': {'Access-Control-Allow-Origin': '*'}, 'statusCode': 200, }
def handler(event, context): user_id = new_id() while db.table('user').where({'id': user_id}).first(): user_id = new_id() try: body = json.loads(event.get('body')) except: body = {} props = body.get('props') or {} verbose = body.get('verbose') unique_props = {k: v for k, v in props.items() if k in UNIQUE_KEYS} custom_props = {k: v for k, v in props.items() if k not in unique_props} if 'password' in custom_props: custom_props['password'] = password(custom_props['password']) try: set_props(user_id, props=unique_props, unique=True) set_props(user_id, props=custom_props) db.table('user').insert(id=user_id) except Exception as e: return abort(400, parse_sql_error(e)) return { 'body': dumps({ 'data': get( user_id, keys=props.keys(), verbose=verbose, is_me=True, ) }), 'headers': { 'Access-Control-Allow-Origin': '*' }, 'statusCode': 201, }
def test_me_by_email_and_password(self): user_id = new_id() db.table('user').insert(id=user_id) set_props(user_id, props={ 'key': 'value', 'email': '*****@*****.**', 'password': password('password'), }, unique=True) res = handler({ 'body': json.dumps({ 'email': '*****@*****.**', 'password': '******', 'props': ['key', 'anonymous'], }), }, None) body = json.loads(res['body']) self.assertEqual(res['statusCode'], 200) self.assertEqual(body['data']['id'], user_id) self.assertIsNotNone(body['data']['ssid']) self.assertEqual(body['data']['props']['key'], 'value') self.assertIsNone(body['data']['props']['anonymous']) res = handler({ 'queryStringParameters': { 'email': '*****@*****.**', 'password': '******', 'props': 'key,anonymous', }, }, None) body = json.loads(res['body']) self.assertEqual(res['statusCode'], 200) self.assertEqual(body['data']['id'], user_id) self.assertIsNotNone(body['data']['ssid']) self.assertEqual(body['data']['props']['key'], 'value') self.assertIsNone(body['data']['props']['anonymous'])
def test_password(self): self.assertNotEqual(password('password'), 'password') self.assertEqual(password('password'), password('password')) self.assertNotEqual(password('passwOrd'), password('password')) self.assertEqual(password('비밀번호'), password('비밀번호')) self.assertEqual(password('😘'), password('😘'))