def is_valid_user(request):
"""
Returns true if user is logged in, false if not.
"""
sec = Security(EvilMommy.Config.encryption_key)
token = request.cookies.get('auth_token');
print token
return sec.is_valid_user(token,
EvilMommy.Config.valid_users,
request.remote_addr)
def login():
user = request.form['user']
# Log to STDOUT during dev
print ("\nLogin attempty from user %s\n" % (user))
if user in EvilMommy.Config.valid_users:
sec = Security(EvilMommy.Config.encryption_key)
resp = redirect(url_for('status') + '?msg=Welcome!')
resp.set_cookie('auth_token',
sec.create_auth_token(user, request.remote_addr))
return resp
else:
return render_template("login.html", message = "Login Incorrect")
class TestSecurity(unittest.TestCase):
def setUp(self):
self.security = Security(Config.encryption_key)
def sample_token(self):
return self.security.create_auth_token('Homer', '127.0.0.1')
def test_create_auth_token(self):
token = self.sample_token()
self.assertTrue(isinstance(token, basestring))
token2 = self.security.create_auth_token('Homer', '127.0.0.1')
self.assertFalse(token == token2)
def test_unpack_auth_token(self):
token = self.sample_token()
data = self.security.unpack_auth_token(token)
self.assertEqual('Homer', data['user_name']);
self.assertEqual('127.0.0.1', data['remote_addr']);
self.assertIsNone(self.security.unpack_auth_token('BadAuthToken'))
def test_is_valid_user(self):
token = self.sample_token()
# Valid user and address
self.assertTrue(self.security.is_valid_user(token,
['Homer', 'Moe'],
'127.0.0.1'))
# User not in user list
self.assertFalse(self.security.is_valid_user(token,
['Marge', 'Lisa'],
'127.0.0.1'))
# Remote address does not match token
self.assertFalse(self.security.is_valid_user(token,
['Homer', 'Moe'],
'10.10.10.10'))
# Bad token
self.assertFalse(self.security.is_valid_user('Bad Token',
['Homer', 'Moe'],
'127.0.0.1'))
def setUp(self):
self.security = Security(Config.encryption_key)
