Example #1
0
 def test_users_delete(self):
     """Test to delete a user"""
     with app.app_context():
         User.create('todelete', '*****@*****.**', 'password')
         db.session.commit()
     status, data = self.delete('{}/{}'.format(USERS_URL, 'todelete'))
     self.assertEqual(status, 204)
Example #2
0
def create_user(username, email_addr, password, **kwargs):
    try:
        User.create(username, email_addr, password)
    except ValueError as e:
        print(e, file=sys.stderr)
        sys.exit(1)
    db.session.commit()
    print('User {} created'.format(username))
Example #3
0
 def post(self):
     """
     Get a JWT / refresh token pair
     """
     args = token_create_parser.parse_args()
     claimed_user = User.from_db_basic(args.username, args.password)
     if not claimed_user:
         api.abort(401, "Invalid username/password.")
     #if claimed_user.tokens:
     #    if claimed_user.tokens[1].has_expired() is False:
     #        api.abort(403, "{} already has an access token. Refresh the token instead.".format(args.username))
     access_token, refresh_token = TokenModel.create_pair(claimed_user)
     db.session.commit()
     tokens = {
         "access_token": {
             "value": access_token.value
         },
         "refresh_token": {
             "value":
             refresh_token.value,
             "expiration_time":
             datetime.timestamp(refresh_token.expiration_date)
         }
     }
     return tokens, 200
Example #4
0
    def patch(self, username):
        """
        Modify a specific user
        """
        user = User.from_db(username)
        if not user:
            api.abort(404, 'No such user')
        args = user_modify_parser.parse_args()

        try:
            user.modify(args.changes)
        except json.decoder.JSONDecodeError:
            api.abort(400, "Badly formatted JSON")
        except TypeError:
            api.abort(
                400, "A JSON list following the JSON patch format is expected")
        except (jsonpatch.InvalidJsonPatch, JsonPointerException) as e:
            api.abort(
                400,
                "Invalid JSON patch format. More information: {}".format(e))
        except jsonpatch.JsonPatchConflict as e:
            api.abort(
                409,
                "Conflict in the set of changes. More information: {}".format(
                    e))
        except ValueError as e:
            api.abort(
                400,
                "Invalid value(s) in the set of changes. More information: {}".
                format(e))

        db.session.commit()
        return user, 200
Example #5
0
 def get(self, username):
     args = get_stats_parser.parse_args()
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     if not get_current_user().has_right(
             'stats.get') and get_current_user().name != username:
         api.abort(
             403,
             'You don\'t have the proper right or try to access the stats of someone else'
         )
     try:
         start = datetime.fromtimestamp(int(
             args.start)) if args.start else datetime.fromtimestamp(0)
         end = datetime.fromtimestamp(int(
             args.end)) if args.end else datetime.fromtimestamp(2147483647)
     except ValueError:
         api.abort(400, "Invalid value, a timestamp in seconds is expected")
     from kovaak_stats.models.stat import Stat
     if args.scenarii:
         stats = Stat.query.filter_by(user_id=user.id).filter(
             Stat.scenario.in_(args.scenarii), Stat.creation_date >= start,
             Stat.creation_date <= end).order_by(Stat.execution_date).all()
     else:
         stats = Stat.query.filter_by(user_id=user.id).filter(
             Stat.creation_date >= start,
             Stat.creation_date <= end).order_by(Stat.execution_date).all()
     return format_users_stats(stats), 200
Example #6
0
 def get(self, username):
     """
     Get a user's rights
     """
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     return user, 200
Example #7
0
 def get(self, username):
     """
     Get a specific user
     """
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     return user, 200
Example #8
0
def request_loader(request):
    auth = request.headers.get('Authorization')

    if not auth:
        return None

    method, token = auth.split(' ')
    try:
        if method == 'Basic':
            return User.from_basic_auth(token)
        elif method == 'Bearer':
            return User.from_bearer_auth(token)
        else:
            abort(400)
    except AuthenticationError:
        abort(401)

    return None
Example #9
0
 def delete(self, username):
     """
     Delete a specific user
     """
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     user.delete()
     db.session.commit()
     return '', 204
Example #10
0
    def post(self):
        """
        Get a google token pair
        """
        args = google_tokens_parser.parse_args()
        client_id = current_app.config.get('GOOGLE_CLIENT_ID')
        client_secret = current_app.config.get('GOOGLE_CLIENT_SECRET')
        auth_code = args.auth
        try:
            credentials = client.credentials_from_code(client_id,
                                                       client_secret,
                                                       scope='',
                                                       code=auth_code)
        except client.FlowExchangeError as e:
            api.abort(400, e)

        r = requests.get('{}?access_token={}'.format(fetch_info_url,
                                                     credentials.access_token))
        content = json.loads(r.content.decode('utf-8'))
        user = User.from_db_by_email(content['email'])
        if not user:
            try:
                user = User.create_google(content['email'])
            except ValueError as e:
                api.abort(
                    400,
                    'Cannot create the user. More information: {}'.format(e))
        TokenModel.create_pair(user,
                               raw_access={
                                   'type': 'access-google',
                                   'value': credentials.access_token,
                                   'expiration_date': credentials.token_expiry
                               },
                               raw_refresh={
                                   'type': 'refresh-google',
                                   'value': credentials.refresh_token
                               })
        db.session.commit()
        return {
            'name': user.name,
            'access_token': credentials.access_token,
            'rights': user.rights
        }, 200
Example #11
0
 def tearDown(self):
     # Delete our test user
     with self.app.app_context():
         if os.path.isfile('./tests/app.conf'):
             self.app.config.from_pyfile('../tests/app.conf')
         user = User.from_db(self.app.config.get('TEST_USER'))
         if user:
             user.delete()
         db.session.remove()
         db.drop_all()
Example #12
0
 def post(self, username):
     args = password_recovery_parser.parse_args()
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     from kovaak_stats.models.recovery_code import RecoveryCode
     provided_code = RecoveryCode.from_db(args.recovery_code, user.id)
     if not provided_code or provided_code.has_expired():
         api.abort(403, "The recovery code is incorrect or has expired")
     user.hashed_pw = hash_pw(args.new_password).decode('utf-8')
     db.session.commit()
     return '', 204
Example #13
0
 def post(self):
     """
     Create a new user
     """
     args = user_create_parser.parse_args()
     try:
         user = User.create(args.username, args.email_addr, args.password)
     except ValueError as e:
         api.abort(400,
                   'Cannot create the user. More information: {}'.format(e))
     db.session.commit()
     return user, 200
Example #14
0
 def test_users_full_password_change_with_code_renewing(self):
     """Test to change the password of the test user after the 1st code has expired"""
     with app.app_context():
         self.get('{}/{}/{}'.format(USERS_URL,
                                    self.app.config.get('TEST_USER'),
                                    'recover'))
         user = User.from_db(self.app.config.get('TEST_USER'))
         delta = datetime.timedelta(
             minutes=self.app.config.get('RECOVERY_CODE_DURATION'))
         user.recovery_code.expiration_date = user.recovery_code.expiration_date - delta
         db.session.commit()
         self.get('{}/{}/{}'.format(USERS_URL,
                                    self.app.config.get('TEST_USER'),
                                    'recover'))
         user = User.from_db(self.app.config.get('TEST_USER'))
         code = user.recovery_code.value
         status, data = self.post(
             '{}/{}/{}'.format(USERS_URL, self.app.config.get('TEST_USER'),
                               'recover'), {
                                   'recovery_code': code,
                                   'new_password': '******'
                               })
         self.assertEqual(status, 204)
Example #15
0
    def test_users_full_password_change(self):
        """Test to change the password of the test user"""
        with self.app.app_context():
            status, data = self.get('{}/{}/{}'.format(
                USERS_URL, self.app.config.get('TEST_USER'), 'recover'))
            user = User.from_db(self.app.config.get('TEST_USER'))
            code = user.recovery_code.value
            self.assertEqual(status, 204)

            status, data = self.post(
                '{}/{}/{}'.format(USERS_URL, self.app.config.get('TEST_USER'),
                                  'recover'), {
                                      'recovery_code': code,
                                      'new_password': '******'
                                  })
            self.assertEqual(status, 204)
Example #16
0
    def post(self, username):
        """
        Add one or multiple rights to a user
        """
        args = right_add_parser.parse_args()
        user = User.from_db(username)
        if not user:
            api.abort(404, 'No such user')
        try:
            for right_name in args.rights:
                user.add_right_from_string(right_name)
        except ValueError as e:
            api.abort(400, e)
        db.session.commit()

        return '', 204
Example #17
0
    def delete(self, username, right_name):
        """
        Delete a right from a user
        """
        user = User.from_db(username)
        if not user:
            api.abort(404, 'No such user')
        from kovaak_stats.models.right import Right
        if not Right.exists(right_name):
            api.abort(404, 'No such right')
        try:
            user.del_right_from_string(right_name)
        except ValueError as e:
            api.abort(400, e)
        db.session.commit()

        return '', 204
Example #18
0
 def get(self, username):
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     code = user.gen_recovery_code()
     if not code:
         api.abort(409,
                   'A code has already been sent in the last 10 minutes')
     if send_email(
             '*****@*****.**', user.email_addr,
             'Recovery code kovaak stats viewer',
             'The code to change your kovaak stats viewer password is {}'.
             format(code)) is False:
         user.recovery_code.delete()
         db.session.commit()
         api.abort(400, 'Couldn\'t send an email with the code')
     return '', 204
Example #19
0
 def test_users_change_password_expired_code(self):
     """Test to change the password of the test user but provide an expired code"""
     with self.app.app_context():
         self.get('{}/{}/{}'.format(USERS_URL,
                                    self.app.config.get('TEST_USER'),
                                    'recover'))
         user = User.from_db(self.app.config.get('TEST_USER'))
         code = user.recovery_code.value
         delta = datetime.timedelta(
             minutes=self.app.config.get('RECOVERY_CODE_DURATION'))
         user.recovery_code.expiration_date = user.recovery_code.expiration_date - delta
         db.session.commit()
         status, data = self.post(
             '{}/{}/{}'.format(USERS_URL, self.app.config.get('TEST_USER'),
                               'recover'), {
                                   'recovery_code': code,
                                   'new_password': '******'
                               })
         self.assertEqual(status, 403)
Example #20
0
 def create(cls, token_type, username=None, raw_token=None):
     if token_type not in TOKEN_TYPES:
         return None
     token = cls()
     if raw_token:
         if 'expiration_date' in raw_token:
             token = cls(value=raw_token['value'],
                         type=token_type,
                         expiration_date=raw_token['expiration_date'])
         else:
             token = cls(value=raw_token['value'], type=token_type)
         db.session.add(token)
         return token
     if token_type == 'refresh':
         token.value = secrets.token_urlsafe(40)
         exp = datetime.datetime.now() + datetime.timedelta(
             days=current_app.config.get('REFRESH_TOKEN_DURATION'))
         token.expiration_date = exp
         token.type = token_type
     elif token_type == 'jwt':
         from kovaak_stats.models.user import User
         user = User.from_db(username)
         rightlist = list(map(lambda x: x.name, user.rights))
         payload = {
             'sub':
             username,
             'rights':
             rightlist,
             'iat':
             datetime.datetime.now(),
             'exp':
             datetime.datetime.now() + datetime.timedelta(
                 minutes=int(current_app.config.get('JWT_DURATION')))
         }
         token.value = jwt.encode(
             payload,
             current_app.config.get('JWT_SECRET')).decode('unicode_escape')
         exp = datetime.datetime.now() + datetime.timedelta(
             minutes=current_app.config.get('JWT_DURATION'))
         token.expiration_date = exp
         token.type = token_type
     db.session.add(token)
     return token
Example #21
0
 def setUp(self):
     self.app = app
     with self.app.app_context():
         db.drop_all()
         db.create_all()
         if os.path.isfile('./tests/app.conf'):
             self.app.config.from_pyfile('../tests/app.conf')
         # Create our test user
         user = User.create(self.app.config.get('TEST_USER'),
                            self.app.config.get('TEST_USERS_EMAIL'),
                            self.app.config.get('TEST_USERS_PASSWORD'))
         for right_name in rights:
             user.rights.append(Right.create(right_name))
         db.session.add(user)
         self._basic = b64encode('{0}:{1}'.format(
             self.app.config.get('TEST_USER'),
             self.app.config.get('TEST_USERS_PASSWORD')).encode(
                 'utf8')).decode('utf8')
         g.current_user = None
         db.session.commit()
Example #22
0
    def test_auth_refresh_with_expired_token(self):
        """Test to refresh an access token with an expired refresh token"""
        with self.app.app_context():
            status, data = self.post(
                '{}/{}'.format(AUTH_URL, 'token-pair'), {
                    'username': self.app.config.get('TEST_USER'),
                    'password': self.app.config.get('TEST_USERS_PASSWORD')
                })
            access_token = data['access_token']['value']
            refresh_token = data['refresh_token']['value']

            user = User.from_db(self.app.config.get('TEST_USER'))
            delta = datetime.timedelta(
                days=self.app.config.get('REFRESH_TOKEN_DURATION'))
            user.tokens[
                1].expiration_date = user.tokens[1].expiration_date - delta
            db.session.commit()

            status, data = self.post(
                '{}/{}/{}'.format(AUTH_URL, access_token, 'refresh'),
                {'refresh_token': refresh_token})
            self.assertEqual(status, 403)
Example #23
0
 def post(self, username):
     args = upload_parser.parse_args()
     user = User.from_db(username)
     if not user:
         api.abort(404, 'No such user')
     if not get_current_user().has_right(
             'stats.upload') and get_current_user().name != username:
         api.abort(
             403,
             'You don\'t have the proper right or try to upload some stats to someone else\'s account'
         )
     from kovaak_stats.models.stat import Stat
     for file in args.files:
         try:
             Stat.create(file, user)
         except ValueError as e:
             if args.silent_fail is None:
                 api.abort(400, e)
         except IndexError as e:
             if args.silent_fail is None:
                 api.abort(400, 'Wrong file format')
     db.session.commit()
     return '', 204
Example #24
0
    def test_auth_create_pair_create_after_expired(self):
        """Test to create a second token pair after the first one has expired"""
        with self.app.app_context():
            status, data = self.post(
                '{}/{}'.format(AUTH_URL, 'token-pair'), {
                    'username': self.app.config.get('TEST_USER'),
                    'password': self.app.config.get('TEST_USERS_PASSWORD')
                })
            self.assertEqual(status, 200)

            user = User.from_db(self.app.config.get('TEST_USER'))
            delta = datetime.timedelta(
                days=self.app.config.get('REFRESH_TOKEN_DURATION'))
            user.tokens[
                1].expiration_date = user.tokens[1].expiration_date - delta
            db.session.commit()

            status, data = self.post(
                '{}/{}'.format(AUTH_URL, 'token-pair'), {
                    'username': self.app.config.get('TEST_USER'),
                    'password': self.app.config.get('TEST_USERS_PASSWORD')
                })
            self.assertEqual(status, 200)
Example #25
0
def check_user(username):
    user = User.from_db(username)
    if not user:
        print('User {} doesn\'t exist'.format(username), file=sys.stderr)
        sys.exit(1)
    return user
Example #26
0
def load_user(user_id):
    return User.from_db(user_id)
Example #27
0
def specific_user_del(user, **kwargs):
    User.delete(user)
    db.session.commit()
    print('User {} has been deleted'.format(user.name))