Example #1
0
def test_user_password():
    password = "******"

    user = User(username="******")
    user.password = password
    assert user.verify(password) is True

    user.hashed_password = None
    assert user.verify(password) is False

    with pytest.raises(RuntimeError) as exc_info:
        assert not user.password

    assert str(exc_info.value) == "Invalid access: get password not allowed"
Example #2
0
def test_login_post(mocker, engine, session, app, client):
    now_dt = datetime.utcnow()
    mocker.patch("apitoolbox.tz.utcnow", return_value=now_dt)

    user = User(username="******")
    user.password = "******"
    session.add(user)
    session.commit()
    user = session.merge(user)

    endpoint = endpoints.LoginEndpoint(User, secret="s0secret")

    @app.post("/login")
    async def _post(username: str = fastapi.Form(None),
                    password: str = fastapi.Form(None)):
        return await endpoint.on_post(session, username, password)

    expiry = now_dt + timedelta(seconds=endpoint.token_expiry)

    expected_data = {
        **user.as_dict(),
        "exp": expiry,
    }
    expected_token = jwt.encode(
        expected_data, endpoint.secret,
        algorithm=endpoint.jwt_algorithm).decode("utf-8")

    res = client.post("/login",
                      data={
                          "username": "******",
                          "password": "******",
                      })
    assert res.status_code == 303
    assert res.headers.get("location") == "/"
    assert res.cookies.items() == [("jwt", expected_token)]
    assert res.json() == {
        **expected_data, "exp": expiry.isoformat(),
        "token": expected_token
    }
Example #3
0
def test_login_post_invalid_password(engine, session, app, client):
    password = "******"
    user = User(username="******")
    user.password = password
    session.add(user)
    session.commit()

    endpoint = endpoints.LoginEndpoint(User,
                                       secret="s0secret",
                                       template="<${error}")

    @app.post("/login")
    async def _post(username: str = fastapi.Form(None),
                    password: str = fastapi.Form(None)):
        return await endpoint.on_post(session, username, password)

    res = client.post("/login",
                      data={
                          "username": "******",
                          "password": password + "make_it_invalid",
                      })
    assert res.status_code == 401
    assert res.text == "<Login failed; Invalid userID or password"