def test_delete_user_deletes_user_when_one_exists(self): user_id = 'userid1' password_hash = 'hash1' db_access.create_user(user_id, password_hash) assert db_access.get_user(user_id, password_hash) is not None db_access.delete_user(user_id) assert db_access.get_user(user_id, password_hash) is None
def test_create_user_does_not_change_existing_user_when_duplicate(self): user_id = 'userid1' password_hash_1 = 'hash1' password_hash_2 = 'hash2' db_access.create_user(user_id, password_hash_1) db_access.create_user(user_id, password_hash_2) assert db_access.get_user(user_id, password_hash_1) is not None assert db_access.get_user(user_id, password_hash_2) is None
def test_get_user_returns_none_when_password_hash_used_for_wrong_user(self): user_1_id = 'userid1' user_2_id = 'userid2' user_1_password_hash = 'passwordhash1' user_2_password_hash = 'passwordhash2' self._create_user(user_1_id, user_1_password_hash, 0) self._create_user(user_2_id, user_2_password_hash, 0) assert db_access.get_user(user_1_id, user_2_password_hash) is None assert db_access.get_user(user_2_id, user_1_password_hash) is None
def test_update_user_updates_user_when_one_exists(self): user_id = 'userid1' password_hash_1 = 'hash1' password_hash_2 = 'hash2' db_access.create_user(user_id, password_hash_1) db_access.update_user(user_id, password_hash_2) user = db_access.get_user(user_id, password_hash_2) assert user is not None
def test_create_user_creates_new_user_when_id_not_used_yet(self): user_id = 'userid1' password_hash = 'passwordhash1' db_access.create_user(user_id, password_hash) user = db_access.get_user(user_id, password_hash) assert user is not None assert user.user_id == user_id assert user.password_hash == password_hash assert user.failed_logins == 0
def test_get_user_returns_the_user_when_both_user_id_and_password_hash_match(self): user_id = 'userid1' password_hash = 'passwordhash1' failed_login_attempts = 1 self._create_user(user_id, password_hash, failed_login_attempts) user = db_access.get_user(user_id, password_hash) assert user is not None assert user.user_id == user_id assert user.password_hash == password_hash assert user.failed_logins == failed_login_attempts
def _handle_allowed_user_auth_request(user_id, password, failed_login_attempts): password_salt = app.config['PASSWORD_SALT'] password_hash = security.get_user_password_hash(user_id, password, password_salt) user = db_access.get_user(user_id, password_hash) if user: # Reset failed login attempts to zero and proceed db_access.update_failed_logins(user_id, 0) return Response(_authenticated_response_body(user), mimetype=JSON_CONTENT_TYPE) else: failed_login_attempts += 1 db_access.update_failed_logins(user_id, failed_login_attempts) auditing.audit('Invalid credentials used. username: {}, attempt: {}.'.format( user_id, failed_login_attempts )) return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)
def test_get_user_returns_none_when_password_hash_does_not_match(self): user_id = 'userid1' self._create_user(user_id, 'passwordhash1', 0) user = db_access.get_user(user_id, 'passwordhash2') assert user is None
def test_get_user_returns_none_when_user_does_not_exist(self): user = db_access.get_user('nonexistinguser', 'passwordhash') assert user is None
def _hit_database_with_sample_query(): # hitting the database just to see if it responds properly db_access.get_user('non-existing-user', 'password-hash')