def test_no_aud(self):
payload = {
'user_id': 0
}
token = auth.create_jwt(payload, set_audience=False)
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, 'Token invalid')
def test_expired(self):
payload = {
'user_id': 0,
'exp': datetime(2000, 1, 1)
}
token = auth.create_jwt(payload)
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, 'Token is expired')
def test_invalid_signature(self):
payload = {
'user_id': 0,
'aud': self.client_id
}
token = jwt.encode(
payload,
'bla'
)
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, 'Token signature is invalid')
async def login_basic(auth: BasicAuth = Depends(basic_auth)):
if not auth:
response = Response(headers={"WWW-Authenticate": "Basic"},
status_code=401)
return response
try:
decoded = base64.b64decode(auth).decode("ascii")
username, _, password = decoded.partition(":")
user = authenticate_user(users_db, username, password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect email or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": username},
expires_delta=access_token_expires)
token = jsonable_encoder(access_token)
response = RedirectResponse(url="/docs")
response.set_cookie(
"Authorization",
value=f"Bearer {token}",
domain=getenv("WEB_HOSTNAME"),
httponly=True,
max_age=1800,
expires=1800,
)
return response
except Exception:
response = Response(headers={"WWW-Authenticate": "Basic"},
status_code=401)
return response
def test_valid_jwt_no_exp(self):
payload = {
'user_id': 0,
}
token = auth.create_jwt(payload)
user = auth.authenticate_user(token)
self.assertEqual(user['user_id'], 0)
def post(self):
with locks.global_lock:
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if username is None:
self.write(
render_template('auth_error.html',
error=lc.get('no_username')))
return
if password is None:
self.write(
render_template('auth_error.html',
error=lc.get('no_password')))
return
try:
session = auth.authenticate_user(username, password)
except auth.BaseAuthenticationError as e:
self.write(
render_template('auth_error.html', error=lc.get(e.text)))
return
self.set_cookie('session_id',
session.id,
expires=session.expires_at)
self.redirect('/')
def test_valid_jwt(self):
payload = {
'user_id': 0,
'exp': datetime.utcnow() + timedelta(days=1)
}
token = auth.create_jwt(payload)
user = auth.authenticate_user(token)
self.assertEqual(user['user_id'], 0)
def login():
data = json.loads(request.data)
print(data)
authentication = authenticate_user(data['email'], data['password'])
if authentication == None:
return json.dumps({"status": "error"})
else:
return json.dumps({"status": "success", "authtoken": authentication})
def validate_login(request):
email = request.POST.get('email') or request.GET.get('email')
password = request.POST.get('password') or request.GET.get('password')
if request.user.is_authenticated:
return HttpResponse(json.dumps({'status': -1, 'message': 'User already logged'}))
if not (password or email):
return HttpResponse(json.dumps({'status': -1, 'message': 'Empty details entered'}))
if auth.authenticate_user(email, password):
return HttpResponse(json.dumps({'status': 1, 'message': 'successful'}))
return HttpResponse(json.dumps({'status': -1, 'message': 'Please check if your entered correct credentials'}))
async def route_login_access_token(
form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(users_db, form_data.username, form_data.password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
def login_post():
username = flask.request.form["username"]
password = flask.request.form["password"]
# Link to the TTT React application
if auth.authenticate_user(username, password):
return flask.redirect("http://localhost:3000")
else:
flask.flash("Whoops, we don't recognize that account! Please try again.")
return flask.render_template("login.html")
async def user_signin(credentials: SignIn = Depends(),
db: Session = Depends(db_session)) -> Token:
"""Authenticate user using specified credentials."""
user = authenticate_user(db, credentials.username, credentials.password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect name or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"login": user.email},
expires_delta=access_token_expires)
return Token(access_token=access_token, token_type="bearer")
def login_for_access_token(form_data: User, authorize: AuthJWT = Depends()):
"""Check username and password and return a token"""
user = authenticate_user(users_db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token = authorize.create_access_token(subject=form_data.username)
authorize.set_access_cookies(access_token)
return {"msg": "Successfully login"}
def login():
if flask.request.method == 'POST':
username = flask.request.form['username']
password = flask.request.form['password']
if not username or not password:
return flask.render_template('login.html', message='Missing required field')
elif authenticate_user(username, password):
flask.session['username'] = flask.request.form['username']
return flask.render_template('menu.html', username=username)
else:
return flask.render_template('login.html', message='Invalid credentials')
else:
return flask.render_template('login.html')
def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": user.email}, expires_delta=access_token_expires
)
return {"access_token": access_token, "token_type": "bearer"}
def main(args):
if len(args) == 0:
print("------ Help on Usage -------")
print(
"To upload : Client.py put Destination/to/the/src/file Name_of_the_file_in_the_GFS "
)
print("To download: Client.py get Name_of_the_file_in_the_GFS")
print("To delete: Client.py delete Name_of_the_file_in_the_GFS")
print(
"To overwite: Client.py put Destination/to/the/src/file Name_of_the_file_in_the_GFS"
)
return
auth_flag = auth.authenticate_user()
if auth_flag == -1:
sys.exit(0)
try:
con = rpyc.connect("localhost", port=2131)
master = con.root.Master()
except:
print("Master Server not found ")
print("launch Master Server and try again")
return
init_time = time.time()
if args[0] == "get":
get(master, args[1])
elif args[0] == "put":
put(master, args[1], args[2])
elif args[0] == "delete":
delete(master, args[1])
elif args[0] == "list":
list_files(master)
else:
print("Incorrect command \n")
print("------ Help on Usage -------")
print(
"To upload : Client.py put Destination/to/the/src/file Name_of_the_file_in_the_GFS "
)
print("To download: Client.py get Name_of_the_file_in_the_GFS")
print("To delete: Client.py delete Name_of_the_file_in_the_GFS")
print(
"To overwite: Client.py put Destination/to/the/src/file Name_of_the_file_in_the_GFS"
)
final_time = time.time()
print(
f"The time required: {format(final_time - init_time, '0.2f')} seconds")
def login_auth(n_clicks,email,pw):
'''
check credentials
if correct, authenticate the session
otherwise, authenticate the session and send user to login
'''
if n_clicks is None or n_clicks==0:
return no_update,no_update
credentials = {'user':email,"password":pw}
if authenticate_user(credentials):
session['authed'] = True
return '/home',''
session['authed'] = False
return no_update,dbc.Alert('Incorrect credentials.',color='danger',dismissable=True)
def login(request):
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
email = form.cleaned_data.get('email')
password = form.cleaned_data.get('password')
if not auth.does_account_exist(email):
return render(request, "oops.html", {'error_code': 100, 'message': 'Account does not exist'})
user = auth.authenticate_user(email, password)
if user:
auth.login(request, user)
return HttpResponseRedirect('/home')
return HttpResponse(json.dumps({'status': -200, 'message': 'authentication error'}))
else:
return HttpResponse('<h1>Invalid form submitted</h1<')
return HttpResponseRedirect('/')
def login_auth(n_clicks, user, pw):
'''
check credentials
if correct, authenticate the session
otherwise, authenticate the session and send user to login
'''
if n_clicks is None or n_clicks == 0:
return no_update, no_update
credentials = {'user': user, "password": pw}
if authenticate_user(credentials):
session['authed'] = True
session['isadmin'] = True if authenticate_admin_user(credentials) else False
session['user'] = credentials['user']
session['session_id'] = shortuuid.uuid()
add_user_session_info(session['user'], 'login', session['session_id'])
return '/home', ''
session['authed'] = False
session['isadmin'] = False
session['user'] = ''
session['session_id'] = ''
return no_update, dbc.Alert('Incorrect credentials.', color='danger', dismissable=True)
def login():
if 'user' in session:
flash(ALREADY_LOGGED_IN)
return redirect(url_for('dashboard'))
# Logging in
if request.method == 'POST':
user = request.form['user']
pwd = request.form['pwd']
# Login attempt
result, passed = auth.authenticate_user(user, pwd)
if result: # Success
session['user'] = user
flash(passed)
#redirect(url_for('dashboard'))
return redirect('dashboard')
else: # Failure
flash(passed)
return render_template("login.html")
else:
return render_template("login.html")
def test_invalid_signature(self):
payload = {"user_id": 0, "aud": self.client_id}
token = jwt.encode(payload, "bla")
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, "Token signature is invalid")
async def route_login_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(db, form_data.username, form_data.password)
if not user:
raise HTTPException(status_code=400, detail="Incorrect email or password")
access_token = create_access_token(data={"username": form_data.username})
return {"id": user.id, "access_token": access_token, "token_type": "bearer"}
def test_valid_jwt_no_exp(self):
payload = {"user_id": 0}
token = auth.create_jwt(payload)
user = auth.authenticate_user(token)
self.assertEqual(user["user_id"], 0)
def test_valid_jwt(self):
payload = {"user_id": 0, "exp": datetime.utcnow() + timedelta(days=1)}
token = auth.create_jwt(payload)
user = auth.authenticate_user(token)
self.assertEqual(user["user_id"], 0)
def test_expired(self):
payload = {"user_id": 0, "exp": datetime(2000, 1, 1)}
token = auth.create_jwt(payload)
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, "Token is expired")
def test_invalid_aud(self):
payload = {"user_id": 0, "aud": "bla"}
token = auth.create_jwt(payload, set_audience=False)
with self.assertRaises(Unauthorized) as cm:
auth.authenticate_user(token)
self.assertEqual(cm.exception.description, "Incorrect audience")
