def login_user(event, _): """ Login a user :param event: event :return: 200 and a login cookie if successful, 401 otherwise """ # Parse the paramteres params = parse_qs(event["body"]) # Make sure that the request contains all needed data if "identifier" in params and "password" in params: # Try to login the user user = User() username = user.login_user(params["identifier"][0], params["password"][0]) if username: cookie_content = f"user={username}" cookie_content_signed = sign_cookie(cookie_content) expiration_date = datetime.now() + timedelta(days=30) cookie = f"{cookie_content_signed};SameSite=Strict;Path=/;Expires={get_cookie_date(expiration_date)};HttpOnly" return create_response( 200, "POST", username, { "Access-Control-Allow-Credentials": "true", "Set-Cookie": cookie }, ) return create_response(401, "POST")
def test_login_user(self, _): user = User() # Test correct identifier and password self.assertEqual("user_1", user.login_user("user_1", "test")) self.assertEqual("user_1", user.login_user("*****@*****.**", "test")) # Test wrong identifier or password self.assertFalse(user.login_user("user_1", "wrong_password")) self.assertFalse(user.login_user("user_1", "test2")) self.assertFalse(user.login_user("user_3", "test3")) self.assertFalse(user.login_user("*****@*****.**", "test3")) # Test last active password self.assertEqual("1111", user.get_user_by_username("user_2")["last_active"]) user.login_user("user_2", "test2") self.assertEqual("9999", user.get_user_by_username("user_2")["last_active"])