def post(self): # get auth token auth_header = request.headers.get('Authorization') if (auth_header is not None) and (' ' in auth_header): auth_token = auth_header.split(" ")[1] else: auth_token = auth_header if auth_token: resp = User.decode_auth_token(auth_token) if isinstance(resp, str) and ('Signature expired' not in resp) and ('Token blacklisted' not in resp): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token blacklist_token.save() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200 else: responseObject = {'status': 'fail', 'message': resp} return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 403
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # user registration resp_register = self.register_user("*****@*****.**", "password") data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login resp_login = self.login_user("*****@*****.**", "password") data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout response = self.client.post( '/auth/logout', headers=dict( Authorization='Bearer ' + json.loads(resp_login.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.')
def post(self, user=None, token_response=None, **kwargs): # get auth token auth_token = get_auth_token(request) # mark the token as blacklisted try: blacklist_token = BlacklistToken(token=auth_token) blacklist_token.save() # insert the token responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # user registration resp_register = self.register_user('*****@*****.**', 'crackthisidareyou') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login resp_login = self.login_user('*****@*****.**', 'crackthisidareyou') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout response = self.logout_user(resp_login.data.decode()) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def post(self): # get auth token auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 #OK except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200 #OK else: responseObject = {'status': 'fail', 'message': resp} return make_response( jsonify(responseObject)), 401 #Unauthorized else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 403 #Forbidden
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: # Registering a user resp_register = register_user(self, '*****@*****.**', 'test123') # Blacklisting the token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # Checking user status response = self.client.get( '/auth/status', headers = dict( Authorization = 'Bearer ' + json.loads( resp_register.data.decode() )['auth_token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: resp_register = self.client.post( '/auth/register', data=json.dumps(dict( email='*****@*****.**', password='******' )), content_type='application/json' ) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = self.client.get( '/auth/status', headers=dict( Authorization='Bearer ' + json.loads( resp_register.data.decode() )['auth_token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # user registration data_register, resp_register = self.register_user( '*****@*****.**', '123456') self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login data_login, resp_login = self.login_user('*****@*****.**', '123456') self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # blacklist a valid token blacklist_token = BlacklistToken(token=data_login['auth_token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout data, response = self.client_post('/auth/logout', token=data_login['auth_token']) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def post(self): auth_token = get_token() if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { 'status': 'exito', 'message': 'Cierre de sesion exitoso' } return make_response(jsonify(responseObject)) except Exception as e: responseObject = {'status': 'Error', 'message': e} return make_response(jsonify(responseObject)) else: responseObject = {'status': 'Error', 'message': resp} return make_response(jsonify(responseObject)) else: responseObject = {'status': 'Error', 'message': 'Token invalido'} return make_response(jsonify(responseObject))
def post(self): # get auth token auth_header = request.headers.get("Authorization") if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = "" if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { "status": "success", "message": "Successfully logged out.", } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {"status": "fail", "message": e} return make_response(jsonify(responseObject)), 200 else: responseObject = {"status": "fail", "message": resp} return make_response(jsonify(responseObject)), 401 else: responseObject = { "status": "fail", "message": "Provide a valid auth token.", } return make_response(jsonify(responseObject)), 403
def test_comment_ticket_add_not_logged_in(self): """ Test for creation of a comment when user is not logged in """ with self.client: create_ticket(self, "*****@*****.**", "byrd", "Hello World", "Bug Report", "High", "Testing") # user registration resp_register = register_user(self, '*****@*****.**', 'byrd') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # create comment request response = self.client.post( '/tickets/1/createComment', headers=dict( Authorization='Bearer ' + json.loads(resp_register.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail')
def test_ticket_update_not_logged_in(self): """ Test for ticket update when user is not logged in """ with self.client: # user registration resp_register = register_user(self, '*****@*****.**', 'byrd') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # Ticket Update Request response = self.client.put( '/tickets/edit', headers=dict( Authorization='Bearer ' + json.loads(resp_register.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail')
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: User.delete_one('joe') resp_register = register_user(self, 'joe', '*****@*****.**', '123456') # blacklist a valid token token = json.loads(resp_register.data.decode())['auth_token'] blacklist_token = BlacklistToken(token=token) blacklist_token.save() response = self.client.get('/auth/status', headers=dict(Authorization='Bearer ' + token)) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def get_user_from_token(auth_token, token_type="access") -> User: user_token = User.decode_auth_token(auth_token, token_type) user = User.query.filter_by(uuid=user_token['sub']).first() if not user: blacklist_token = BlacklistToken(token=auth_token) db.session.add(blacklist_token) db.session.commit() raise UnauthorizedError('User is unknown.') return user
def test_user_status_fails_when_token_blacklisted(self): with self.client: # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(self.resp_register.data.decode())['token']) blacklist_token.__repr__() db.session.add(blacklist_token) db.session.commit() response = self.client.get( '/auth/user', headers=dict( Authorization='Bearer ' + json.loads( self.resp_register.data.decode() )['token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def post(self): try: ''' auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] # throw acception is heades is incorrect else: auth_token = '' ''' auth_token = request.query_string if auth_token: resp = Сertificate.decode_auth_token( auth_token) # return action or string if not isinstance(resp, str): certificate = Сertificate.query.filter_by( token=auth_token).first().with_lockmode("update") if certificate: if (certificate.shards == 0): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) # insert the token db.session.add(blacklist_token) db.session.commit() return make_response( jsonify({ 'status': 0, 'message': 'Successful end of operation.' })), 200 elif (certificate.shards > 0): certificate.token -= 1 db.session.commit() return make_response( jsonify({ 'status': 0, 'message': 'Successful operation.' })), 200 return make_response( jsonify({ 'status': 1, 'message': 'Provide a valid auth token.' })), 403 except IndexError: # if header is incorrect return make_response( jsonify({ 'status': 1, 'message': 'Bearer token malformed.' })), 401 except Exception as e: return make_response(jsonify({'status': 1, 'message': e})), 200
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: resp_register = register_user(self) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = user_status(self, resp_register) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def post(self): # mark the token as blacklisted blacklist_token = BlacklistToken(token=g.auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() response_object = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(response_object)), 200 except Exception as e: response_object = {'status': 'fail', 'message': e} return make_response(jsonify(response_object)), 500
def post(self): try: auth_token = get_authorization_token(request) user = get_user_from_token(auth_token=auth_token) if user: user.update_last_activity() blacklist_token = BlacklistToken(token=auth_token) db.session.add(blacklist_token) db.session.commit() return make_response('', 204) except UnauthorizedError as e: return make_response(jsonify({'message': str(e)})), 401
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: data_register, resp_register = self.register_user( '*****@*****.**', '123456') # blacklist a valid token blacklist_token = BlacklistToken(token=data_register['auth_token']) db.session.add(blacklist_token) db.session.commit() data, response = self.client_get('/auth/status', token=data_register['auth_token']) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: register_user(self, '*****@*****.**', '123456') blacklist_token = BlacklistToken(token=json.loads( user_login(self, '*****@*****.**', '123456').data.decode()) ['auth_token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout response = user_logout(self, '*****@*****.**', '123456') data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: DatabasePrepare.create_new_user() resp_login = PostHTTP.login_success(self.client) data_login = json.loads(resp_login.data.decode()) # blacklist a valid token blacklist_token = BlacklistToken( token=data_login['auth_token']) db.session.add(blacklist_token) db.session.commit() response = PostHTTP.post_with_token(self.client,'/auth/status', resp_login.data.decode()) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token is blacklisted. Please login again.') self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_valid_blacklisted_token_logout(self): with self.client: resp_register = self.client.post( '/api/v1/auth/register', data=json.dumps( dict(email='*****@*****.**', password='******', first_name='monty', last_name='python', is_admin='0')), content_type='application/json', ) data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) resp_login = self.client.post('/api/v1/auth/login', data=json.dumps( dict(email='*****@*****.**', password='******')), content_type='application/json') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = self.client.post( '/api/v1/auth/logout', headers=dict( Authorization='Bearer ' + json.loads(resp_login.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(self.resp_login.data.decode())['token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout response = self.client.post( '/auth/logout', headers=dict( Authorization='Bearer ' + json.loads(self.resp_login.data.decode())['token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: resp_register = self.register_user('*****@*****.**', '123456') # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = self.client.get( '/auth/status', headers=dict( Authorization='Bearer ' + json.loads(resp_register.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_ticket_list_not_logged_in(self): """ Test for obtaining ticket list when user is not logged in """ with self.client: # user registration resp_register = register_user(self, '*****@*****.**', 'byrd') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = ticket_list(self, resp_register) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail')
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: resp_register = register_user(self, "*****@*****.**", "123456") # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())["auth_token"]) db.session.add(blacklist_token) db.session.commit() response = self.client.get( "/auth/status", headers=dict( Authorization="Bearer " + json.loads(resp_register.data.decode())["auth_token"]), ) data = json.loads(response.data.decode()) self.assertTrue(data["status"] == "fail") self.assertTrue( data["message"] == "Token blacklisted. Please log in again.") self.assertEqual(response.status_code, 401)
def post(self): # get auth token auth_token = RequestUtils.get_access_token(request) if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() DatabaseCheck.remove_key_pair(auth_token) return CommonResponseObject.logout_success() except Exception as e: return CommonResponseObject.logout_exception(e) else: return CommonResponseObject.token_response(resp) else: return CommonResponseObject.forbiden_token_response()
def post(self): # get auth token auth_header = request.headers.get('Authorization') if auth_header: try: auth_token = validate_token(auth_header) # TODO: Think of a better exception to throw here except Exception: response_object = { 'status': 'fail', 'message': 'Bearer token malformed.' } return make_response(jsonify(response_object)), 401 else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() response_object = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(response_object)), 200 except Exception as e: response_object = {'status': 'fail', 'message': e} return make_response(jsonify(response_object)), 200 else: response_object = {'status': 'fail', 'message': resp} return make_response(jsonify(response_object)), 401 else: response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(response_object)), 403
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # Registering a user resp_register = register_user(self, '*****@*****.**', 'test123') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # Logging in with the created user resp_login = login_user(self, '*****@*****.**', 'test123') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # Blacklisting the token blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # Logging out with a blacklisted token response = self.client.post( '/auth/logout', headers = dict( Authorization = 'Bearer ' + json.loads( resp_login.data.decode() )['auth_token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)