def decode_auth_token(auth_token, token_type='Auth'):
"""
Validates the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token,
current_app.config['SECRET_KEY'],
algorithms='HS256',
options={
'verify_exp':
current_app.config['VERIFY_JWT_EXPIRY']
})
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return bytes(payload, 'utf-8') if isinstance(payload,
str) else payload
except jwt.ExpiredSignatureError:
return '{} Token Signature expired.'.format(token_type)
except jwt.InvalidTokenError:
return 'Invalid {} Token.'.format(token_type)
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[0]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
response_object = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(response_object)), 200
except Exception as e:
response_object = {'status': 'fail', 'message': e}
return make_response(jsonify(response_object)), 200
else:
response_object = {'status': 'fail', 'message': resp}
return make_response(jsonify(response_object)), 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(response_object)), 403
def create_blacklisted_token(authed_sempo_admin_user):
from server.models.blacklist_token import BlacklistToken
auth_token = authed_sempo_admin_user.encode_auth_token().decode()
blacklist_token = BlacklistToken(token=auth_token)
db.session.add(blacklist_token)
db.session.commit()
return blacklist_token
def test_logout_api(test_client, authed_sempo_admin_user):
"""
GIVEN a Flask application
WHEN the '/api/auth/logout/' api is posted to (POST)
THEN check response is 200 and auth_token is added to blacklist
"""
from server.models.blacklist_token import BlacklistToken
authed_sempo_admin_user.is_activated = True
auth_token = authed_sempo_admin_user.encode_auth_token().decode()
response = test_client.post('/api/v1/auth/logout/',
headers=dict(Authorization=auth_token, Accept='application/json'),
content_type='application/json', follow_redirects=True)
assert response.status_code == 200
assert BlacklistToken.check_blacklist(auth_token) is True
@pytest.mark.parametrize("email, tier, status_code", [
("*****@*****.**","admin",201),
("*****@*****.**","admin", 403),
])
def test_add_user_to_whitelist(test_client, authed_sempo_admin_user, email, tier, status_code):
"""
GIVEN a Flask application
WHEN the '/api/auth/permissions/' api is posted to (POST)
THEN check the response
"""
auth_token = authed_sempo_admin_user.encode_auth_token().decode()
register_response = test_client.post('/api/v1/auth/permissions/',
headers=dict(Authorization=auth_token, Accept='application/json'),
data=json.dumps(dict(email=email, tier=tier)),
content_type='application/json', follow_redirects=True)
assert register_response.status_code == status_code
def test_logout_api(test_client, authed_sempo_admin_user):
"""
GIVEN a Flask application
WHEN the '/api/auth/logout/' api is posted to (POST)
THEN check response is 200 and auth_token is added to blacklist
"""
from server.models.blacklist_token import BlacklistToken
authed_sempo_admin_user.is_activated = True
auth_token = authed_sempo_admin_user.encode_auth_token().decode()
response = test_client.post('/api/v1/auth/logout/',
headers=dict(Authorization=auth_token, Accept='application/json'),
content_type='application/json', follow_redirects=True)
assert response.status_code == 200
assert BlacklistToken.check_blacklist(auth_token) is True
def decode_auth_token(auth_token, token_type='Auth'):
"""
Validates the auth token
:param auth_token:
:return: integer|string
"""
try:
payload = jwt.decode(auth_token, current_app.config.get(
'SECRET_KEY'), algorithms='HS256')
is_blacklisted_token = BlacklistToken.check_blacklist(auth_token)
if is_blacklisted_token:
return 'Token blacklisted. Please log in again.'
else:
return payload
except jwt.ExpiredSignatureError:
return '{} Token Signature expired.'.format(token_type)
except jwt.InvalidTokenError:
return 'Invalid {} Token.'.format(token_type)