def get(self):
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
try:
expert = Expert.query.all()
contactsArr = []
for contact in expert:
contactsArr.append(contact.toDict())
return jsonify(contactsArr)
except Exception as e:
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
return "Error"
else:
return "Error"
def __check_for_require_params(self,auth_token,mac_address,key_mod,key_ex):
"""
Check if the params is qualified
:params auth_token mac_address public_key:
:return user_id or responseObject:
"""
if not auth_token:#check if auth_token is available
return CommonResponseObject.unauthorized_token_response()
#get user_id and key from the auth_token
user_id= User.decode_auth_token(auth_token)
if isinstance(user_id,str):#check if user_id is valid
return CommonResponseObject.unauthorized_token_response()
if not mac_address: #check if mac_address is valid
return CommonResponseObject.fail_response(
'Please provide your MAC address',
status.HTTP_412_PRECONDITION_FAILED)
#check if key is valid
modulus, exponent = User.decode_public_key(auth_token)
key = RSAPair.get_RSA_by_public(modulus)
if not key:#check if key is existed
return CommonResponseObject.response(
'Some errors occured, provided key does not exists')
user = User.get_user_by_id(user_id) #retrieve the user entity
if not user: #check if the user is existed
return CommonResponseObject.unauthorized_token_response()
#check if the mac_address is stored
if DatabaseCheck.is_mac_address_existed(mac_address):
if DatabaseCheck.is_root_by_mac(mac_address):
return CommonResponseObject.fail_response(
'Your device is the root device',
status.HTTP_202_ACCEPTED)
return CommonResponseObject.fail_response(
'Your device is already authorized',
status.HTTP_202_ACCEPTED)
return user,key
def update(id, **kwargs):
auth_header = request.headers.get('Authorization')
access_token = auth_header.split(" ")[1]
if access_token:
user_id = User.decode_auth_token(access_token)
if not isinstance(user_id, str):
gotData = Expert.query.filter_by(id=id).first()
if not gotData:
return "Error"
if request.method == 'PUT':
obj = request.get_json()
gotData.active = obj.get('active')
# db.session.add(gotData)
db.session.commit()
response = {
'status': 'Success',
'result': {
"id": gotData.id,
"name": gotData.name,
"nickname": gotData.nickname,
"active": gotData.active
},
'message': "Updated successfully"
}
return make_response(jsonify(response)), 200
else:
message = user_id
response = {
'message': message
}
return make_response(jsonify(response)), 401
def post(self):
post_data = request.get_json()
if not post_data or not post_data.get('mac_address'):
return CommonResponseObject.fail_response(
'Please provide your mac_address for deauthorization',
status.HTTP_412_PRECONDITION_FAILED)
auth_token = RequestUtils.get_access_token(request)
user_id = User.decode_auth_token(auth_token)
mac_address = post_data.get('mac_address')
device = DeviceList.get_device_by_user_id_and_mac(user_id, mac_address)
if not device:
return CommonResponseObject.fail_response(
'Invalid authentication token',status.HTTP_401_UNAUTHORIZED)
if device.root:
return CommonResponseObject.fail_response(
'You are not able to deauthorize without decoding your files to raw',
status.HTTP_403_FORBIDDEN)
try:
db.session.delete(device)
db.session.commit()
return CommonResponseObject.success_resp_with_mess(
'Your device is no longer authorized')
except Exception:
return CommonResponseObject.fail_response(
'Some errors occured, please try again')
def post(self):
post_data = request.get_json()
root_mac_address = post_data.get('root_mac_address')
mac_address = post_data.get('mac_address')
if not post_data or not mac_address or not root_mac_address:
return CommonResponseObject.fail_response(
'Please provide your mac_address and the mac_address of device for root changing',
status.HTTP_412_PRECONDITION_FAILED)
auth_token = RequestUtils.get_access_token(request)
user_id = User.decode_auth_token(auth_token)
device = DeviceList.get_device_by_user_id_and_mac(user_id,mac_address)
if not device:
return CommonResponseObject.fail_response(
'Your provided mac_address is unathorized',
status.HTTP_401_UNAUTHORIZED)
root_device = DeviceList.get_device_by_user_id_and_mac(user_id,root_mac_address)
if not root_device:
return CommonResponseObject.fail_response(
'Your provided mac address of root device is invalid',
status.HTTP_404_NOT_FOUND)
if not root_device.root:
return CommonResponseObject.fail_response(
'Your provided mac address of root device is unauthorized',
status.HTTP_401_UNAUTHORIZED)
try:
device.root = True
root_device.root = False
db.session.save()
db.session.commit()
return CommonResponseObject.success_resp_with_mess(
'Your root device is changed successfully')
except Exception:
return CommonResponseObject.fail_response(
'Some errors occurred')
def __check_for_require_params(self,auth_token,mac_address,encrypted_key):
"""
Check if the params is qualified, return error json response
if any requisite does not meet, else check and return user
entity for the corresponding user id
:params:
:auth_token:
:mac_address:
:public_key:
:return:
:user_id: or :responseObject:
"""
if not auth_token: # Check if the auth_token is valid
return CommonResponseObject.unauthorized_token_response()
user_id = User.decode_auth_token(auth_token)
if isinstance(user_id,str): # Check if user_id is provided
return CommonResponseObject.unauthorized_token_response()
if not isinstance(mac_address,str): # Check if mac address is provided
return CommonResponseObject.fail_response(
'Please provide your Mac address',
status.HTTP_412_PRECONDITION_FAILED)
if not encrypted_key:#check if encrypted_key is provided
return CommonResponseObject.fail_response(
'Please provide your encrypted key for authorization',
status.HTTP_412_PRECONDITION_FAILED)
user = User.get_user_by_id(user_id) #get user from the database
if not user:#if user is not available
return CommonResponseObject.unauthorized_token_response()
return user
def post(self):
# get the post data
auth_token = UserAPI.get_user_token(request)
post_data = request.get_json()
if auth_token:
user_id = User.decode_auth_token(auth_token)
if not isinstance(user_id, str):
try:
self.add_post_to_database(post_data, user_id)
responseObject = {
'status': 'success',
'message': 'Added new post.'
}
return make_response(jsonify(responseObject)), 200
except:
responseObject = {
'status': 'fail',
'message': 'Could not create post.'
}
return make_response(jsonify(responseObject)), 401
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def decorated(*args, **kwargs):
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
decoded_data = User.decode_auth_token(auth_token)
if not isinstance(decoded_data, str):
token_response, user = decoded_data[0], decoded_data[1]
return view_func(*args, **kwargs, user=user, token_response=token_response)
responseObject = {
'status': 'fail',
'message': decoded_data
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def _handle_request_with_authorisation_token(*args, **kwargs):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
return func(user=user, *args, **kwargs)
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def get(self):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
responseObject = {
'status': 'success',
'data': {
'user_id': user.id,
'email': user.email,
'admin': user.admin,
'registered_on': user.registered_on
}
}
return make_response(jsonify(responseObject)), 200
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def test_decode_auth_token(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
decoded = User.decode_auth_token(auth_token)
self.assertEqual(user.id, decoded)
def get(self):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
#result = ExpenseList.query.with_entities(ExpenseList.name, ExpenseList.money_spent).filter_by(user_id=resp).all()
#return make_response(jsonify(result)),200
#return make_response(jsonify([i.serialize for i in query.all()])),200
query = ExpenseList.query.filter_by(user_id=resp)
return make_response(
jsonify([i.graph_data for i in query.all()])), 200
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def post(self):
# get auth token
auth_header = request.headers.get("Authorization")
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ""
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
"status": "success",
"message": "Successfully logged out.",
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {"status": "fail", "message": e}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {"status": "fail", "message": resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
"status": "fail",
"message": "Provide a valid auth token.",
}
return make_response(jsonify(responseObject)), 403
def get(self, user_id):
# get the auth token
auth_token = UserAPI.get_user_token(request)
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
responseObject = UserAPI.get_user_by_id(resp)
if responseObject['data']['is_superuser']:
responseObject = UserAPI.get_user_by_id(user_id)
# deleting unrequested data
del responseObject['data']['user_id']
del responseObject['data']['is_superuser']
else:
responseObject = {
'status': 'fail',
'message': 'Access denied.'
}
return make_response(jsonify(responseObject)), 403
return make_response(jsonify(responseObject)), 200
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def post(self):
auth_token = get_token()
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'exito',
'message': 'Cierre de sesion exitoso'
}
return make_response(jsonify(responseObject))
except Exception as e:
responseObject = {'status': 'Error', 'message': e}
return make_response(jsonify(responseObject))
else:
responseObject = {'status': 'Error', 'message': resp}
return make_response(jsonify(responseObject))
else:
responseObject = {'status': 'Error', 'message': 'Token invalido'}
return make_response(jsonify(responseObject))
def test_decode_auth_token(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(auth_token) == 1)
def delete():
# get the put data
put_data = request.get_json()
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
db.session.delete(user)
db.session.commit()
responseObject = {'status': 'success'}
return make_response(jsonify(responseObject)), 200
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200 #OK
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200 #OK
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(
jsonify(responseObject)), 401 #Unauthorized
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403 #Forbidden
def __check_for_require_params(self, auth_token, mac_address, otp_modulus,
otp_exponent, main_key, backup_key):
"""
Check if the params is qualified
:params auth_token mac_address public_key:
:return user_id or responseObject:
"""
if not auth_token:
return CommonResponseObject.unauthorized_token_response()
user_id = User.decode_auth_token(auth_token)
if not main_key:
return CommonResponseObject.fail_response(
'Please provide the main key',
status.HTTP_412_PRECONDITION_FAILED)
if not backup_key:
return CommonResponseObject.fail_response(
'Please provide the backup_key',
status.HTTP_412_PRECONDITION_FAILED)
if isinstance(user_id, str):
return CommonResponseObject.unauthorized_token_response()
if not isinstance(mac_address, str):
return CommonResponseObject.fail_response(
'Please provide your Mac address',
status.HTTP_412_PRECONDITION_FAILED)
user = User.get_user_by_id(user_id)
if not user:
return CommonResponseObject.unauthorized_token_response()
if DatabaseCheck.is_mac_address_existed(mac_address):
return CommonResponseObject.fail_response(
'Your device is the root device or already requested for authorization',
status.HTTP_202_ACCEPTED)
return user
def get(self, user_id):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
authenticated_user = User.query.filter_by(id=resp).first()
responseObject = self.successful_response_object(
authenticated_user, user_id)
return make_response(jsonify(responseObject)), 200
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def post(self, ticketID):
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
post_data = request.get_json()
ticket = Ticket.query.filter_by(id=ticketID).first()
comment = Comment(email=post_data.get('email'),
comment=post_data.get('comment'))
ticket.ticketComments.append(comment)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Comment successfully added!'
}
return make_response(jsonify(responseObject)), 201
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def get(self):
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
days = request.args.get('filter_type')
current_time = datetime.datetime.now()
target_time = datetime.datetime.now() - datetime.timedelta(
days=int(days))
expense_list = ExpenseList.query.filter(
ExpenseList.created_on <= current_time).filter(
ExpenseList.created_on >= target_time).filter_by(
user_id=resp)
return make_response(
jsonify([i.serialize for i in expense_list.all()])), 200
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if (auth_header is not None) and (' ' in auth_header):
auth_token = auth_header.split(" ")[1]
else:
auth_token = auth_header
if auth_token:
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str) and ('Signature expired'
not in resp) and ('Token blacklisted'
not in resp):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
blacklist_token.save()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def delete(self, ticketID):
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
comments = Ticket.query.filter_by(
id=ticketID).first().ticketComments
for c in comments:
db.session.delete(c)
Ticket.query.filter_by(id=ticketID).delete()
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Ticket successfully deleted!'
}
return make_response(jsonify(responseObject)), 201
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
def parse_token_data(auth_token, token_type="access"):
token_data = User.decode_auth_token(auth_token, token_type)
return {
"issued_at": datetime.utcfromtimestamp(token_data['iat']).isoformat('T', 'milliseconds')+ 'Z',
"expires_at": datetime.utcfromtimestamp(token_data['exp']).isoformat('T', 'milliseconds')+ 'Z',
}
def __init__(self, header: str):
if header:
authorization = header.split(" ")
if (len(authorization) != 2):
self.error = APIError.TOKEN_NOT_PROVIDED
return
else:
token = authorization[1]
else:
token = ''
if token:
if not Token.is_present(token):
self.error = APIError.TOKEN_NOT_PRESENT
return
elif Token.is_blacklisted(token):
self.error = APIError.TOKEN_BLACKLISTED
return
else:
user_id, error = User.decode_auth_token(token)
if error:
self.error = APIError.TOKEN_NOT_DECODED
return
try:
user = User.query.filter_by(id=user_id).first()
except Exception:
self.error = APIError.UNKNOWN_EXCEPTION
return
if user:
self.token = token
self.user = user
else:
self.error = APIError.NO_USER_FOR_TOKEN
else:
self.error = APIError.TOKEN_NOT_PROVIDED
def get(self):
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
try:
user = User.query.filter_by(id=resp).first()
results = [
self.to_dict(entry)
for entry in Entry.query.filter_by(user_id=user.id).
order_by(Entry.created_on.desc()).all()
]
response_object = {
'status': 'success',
'message': 'retrieved entries',
'results': results
}
return make_response(jsonify(response_object)), 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return make_response(jsonify(response_object)), 200
else:
response_object = {'status': 'fail', 'message': resp}
return make_response(jsonify(response_object)), 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(response_object)), 403
def post(self):
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
try:
user = User.query.filter_by(id=resp).first()
post_data = request.get_json()
if all([
post_data.get('text'),
post_data.get('url'),
post_data.get('title')
]):
entry = Entry(user_id=user.id,
text=post_data.get('text'),
keywords=post_data.get('keywords', None),
url=post_data.get('url'),
title=post_data.get('title'))
db.session.add(entry)
db.session.commit()
response_object = {
'user_id': user.id,
'text': entry.text,
'keywords': entry.keywords,
'url': entry.url,
'title': entry.title,
'created_on':
entry.created_on.strftime('%m/%d/%Y'),
'status': 'success',
'message': 'created new entry'
}
else:
return make_response(
jsonify({
'status':
'fail',
'message':
'Please provide url, title, and text'
}))
return make_response(jsonify(response_object)), 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return make_response(jsonify(response_object)), 200
else:
response_object = {'status': 'fail', 'message': resp}
return make_response(jsonify(response_object)), 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(response_object)), 403
def test_decode_auth_token(self):
user = User(email="*****@*****.**", password="******")
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_decode_auth_token(self):
user = test_user()
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(
User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_decode_auth_token(self):
user = User(
email='*****@*****.**',
password='******'
)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(
auth_token.decode("utf-8") ) == 1)
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {
'status': 'fail',
'message': e
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def get(self):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
responseObject = {
'status': 'success',
'data': {
'user_id': user.id,
'email': user.email,
'admin': user.admin,
'registered_on': user.registered_on
}
}
return make_response(jsonify(responseObject)), 200
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
