def api_key_create():
content = request.get_json(force=True)
if content is None:
return bad_request(web_utils.INVALID_JSON)
params, err_response = get_json_params(
content, ["email", "password", "device_name"])
if err_response:
return err_response
email, password, device_name = params
if not email:
return bad_request(web_utils.INVALID_EMAIL)
email = email.lower()
user = User.from_email(db.session, email)
if not user:
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
if not flask_security.verify_password(password, user.password):
time.sleep(5)
return bad_request(web_utils.AUTH_FAILED)
api_key = ApiKey(user, device_name)
for name in Permission.PERMS_ALL:
perm = Permission.from_name(db.session, name)
api_key.permissions.append(perm)
db.session.add(api_key)
db.session.commit()
return jsonify(
dict(token=api_key.token,
secret=api_key.secret,
device_name=api_key.device_name,
expiry=api_key.expiry))
def validate_user(user_id: str, password: str):
cur_user = USER_DATASTORE.find_user(user_id=user_id)
if cur_user is None:
return
if verify_password(password, cur_user.password):
return cur_user
return None
def test_cli_change_password(script_info):
runner = CliRunner()
runner.invoke(
users_create,
[
"*****@*****.**", "username:lookatme!", "--password",
"battery staple"
],
obj=script_info,
)
result = runner.invoke(
users_change_password,
["*****@*****.**", "--password", "battery_staple"],
obj=script_info,
)
assert result.exit_code == 0
# check too short a password
result = runner.invoke(
users_change_password,
["*****@*****.**", "--password", "hi"],
obj=script_info,
)
assert result.exit_code == 2
assert "Password must be at least" in result.output
# check that password is properly normalized
result = runner.invoke(
users_change_password,
[
"*****@*****.**", "--password",
"battery staple\N{ROMAN NUMERAL ONE}"
],
obj=script_info,
)
assert result.exit_code == 0
app = script_info.load_app()
with app.app_context():
user = app.security.datastore.find_user(email="*****@*****.**")
assert verify_password("battery staple\N{LATIN CAPITAL LETTER I}",
user.password)
result = runner.invoke(users_change_password, ["--help"])
assert "IDENTITY" in result.output
# check unknown user
result = runner.invoke(
users_change_password,
["*****@*****.**", "--password", "battery_staple"],
obj=script_info,
)
assert result.exit_code == 2
assert "User not found" in result.output
def test_cli_createuser_normalize(script_info):
"""Test create user CLI that is properly normalizes email and password."""
runner = CliRunner()
result = runner.invoke(
users_create,
[
"*****@*****.**", "--password",
"battery staple\N{ROMAN NUMERAL ONE}"
],
obj=script_info,
)
assert result.exit_code == 0
assert "*****@*****.**" in result.stdout
app = script_info.load_app()
with app.app_context():
user = app.security.datastore.find_user(email="*****@*****.**")
assert verify_password("battery staple\N{LATIN CAPITAL LETTER I}",
user.password)
def post(self):
"""
Returns user's authentication token
---
tags:
- users
description: Given user's email and password checks if user is registered so as to retrieve acess token
parameters:
- in: body
name: email
required: true
type: string
description: User's email.
example: [email protected]
- in: body
name: password
required: true
type: string
description: User's password.
example: some_strong_password
responses:
200:
description: User was found in the database and their token was returned
400:
description: Either user was not found or password was incorrect
"""
data = request.get_json()
user_schema = UserSchema()
user = user_schema.load(data)
if not (user.get('email') and user.get('password')):
return make_response('', 400)
user_fetched = user_datastore.find_user(email=user.get('email'))
if not user_fetched:
return make_response('', 400)
if not verify_password(user.get('password'), user_fetched.password):
return make_response('', 400)
return make_response(
jsonify({'access_token': user_fetched.get_auth_token()}), 200)
def validate_password(self, password):
if not verify_password(password, self.__user.password):
logger.debug(f'User "{self.__user.email}" password '
f'does not match.')
raise Unauthorized('Credentials invalid')