def test_lookup_user_token(): app = create_ctfd() with app.app_context(): user = gen_user(app.db) # Good Token token = gen_token(app.db, user_id=user.id) user = lookup_user_token(token.value) assert user.id == token.user_id # Expired Token expiration = datetime.datetime.utcnow() + datetime.timedelta(days=-1) token = gen_token(app.db, user_id=user.id, expiration=expiration) try: lookup_user_token(token.value) except UserTokenExpiredException: pass except Exception as e: raise e # Nonexistant token try: lookup_user_token("wat") except UserNotFoundException: pass except Exception as e: raise e destroy_ctfd(app)
def tokens(): token = request.headers.get("Authorization") if token and request.content_type == "application/json": try: token_type, token = token.split(" ", 1) user = lookup_user_token(token) except UserNotFoundException: abort(401) except UserTokenExpiredException: abort(401) except Exception: abort(401) else: login_user(user)