def test_invalid_logout(self): """ Testing logout after the token expires """ with self.client: # user registration User.delete_one('joe') resp_register = register_user(self, 'joe', '*****@*****.**', '123456') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login resp_login = login_user(self, 'joe', '123456') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # invalid token logout time.sleep(6) response = self.client.post( '/auth/logout', headers=dict( Authorization='Bearer ' + json.loads(resp_login.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Signature expired. Please log in again.') self.assertEqual(response.status_code, 401)
def create(): if current_user.is_admin(): form = CreateUserForm(request.form) form.racer.choices = get_availableRacers('NONE') if form.validate_on_submit(): user = User(email=form.email.data, password=form.password.data, admin=form.admin.data) if form.racer.data != 0: racer = db.session.query(Racer).filter_by( id=form.racer.data).first() user.racer = racer db.session.add(user) db.session.commit() flash('New user created.', 'success') return redirect(url_for("admin_user.main", pghead=get_pghead())) return render_template('admin/user/create.html', form=form, pghead=get_pghead()) else: flash('You are not an admin!', 'danger') return redirect(url_for("user.members"))
def post(self): # get the post data post_data = request.get_json() # check if user already exists user = User.query.filter_by(email=post_data.get('email')).first() if not user: try: user = User( email=post_data.get('email'), password=post_data.get('password') ) # insert the user db.session.add(user) db.session.commit() # generate the auth token auth_token = user.encode_auth_token(user.id) responseObject = { 'status': 'success', 'message': 'Successfully registered.', 'auth_token': auth_token.decode() } return make_response(jsonify(responseObject)), 201 except Exception as e: responseObject = { 'status': 'fail', 'message': 'Some error occurred. Please try again.' } return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'User already exists. Please Log in.', } return make_response(jsonify(responseObject)), 202
def test_stat_api(self): with self.client: # like adding test user = User('*****@*****.**', 'nopassword', is_superuser=True) db.session.add(user) default_user = User('*****@*****.**', 'diff_pas', False) db.session.add(default_user) db.session.flush() # creating test posts posts = [] for i in range(3): posts.append(Post('some text' + str(i), user.id)) db.session.add_all(posts) db.session.flush() likes = [] for i in range(3): likes.append(Likes(user.id, posts[i].id)) db.session.add_all(likes) db.session.flush() aut_token = user.encode_auth_token(user.id) aut_token_non_admin = user.encode_auth_token(default_user.id) # Test analytics for admin user response = self.client.get( 'api/analitics/?date_from=2020-01-15&date_to=2020-02-15', headers=dict(Authorization='Bearer ' + str(aut_token, 'UTF-8')), content_type='application/json') data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'success') self.assertEqual(response.status_code, 200) # Test for 3 posts response = self.client.get( 'api/analitics/?date_from=2020-01-15&date_to=2022-02-15', headers=dict(Authorization='Bearer ' + str(aut_token, 'UTF-8')), content_type='application/json') data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'success') self.assertTrue(data['likes_counter'] == len(likes)) self.assertEqual(response.status_code, 200) # Test analytics for non admin user response = self.client.get( 'api/analitics/?date_from=2020-01-15&date_to=2020-02-15', headers=dict(Authorization='Bearer ' + str(aut_token_non_admin, 'UTF-8')), content_type='application/json') data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Access denied.') self.assertEqual(response.status_code, 404)
def __check_for_require_params(self,auth_token,mac_address,key_mod,key_ex): """ Check if the params is qualified :params auth_token mac_address public_key: :return user_id or responseObject: """ if not auth_token:#check if auth_token is available return CommonResponseObject.unauthorized_token_response() #get user_id and key from the auth_token user_id= User.decode_auth_token(auth_token) if isinstance(user_id,str):#check if user_id is valid return CommonResponseObject.unauthorized_token_response() if not mac_address: #check if mac_address is valid return CommonResponseObject.fail_response( 'Please provide your MAC address', status.HTTP_412_PRECONDITION_FAILED) #check if key is valid modulus, exponent = User.decode_public_key(auth_token) key = RSAPair.get_RSA_by_public(modulus) if not key:#check if key is existed return CommonResponseObject.response( 'Some errors occured, provided key does not exists') user = User.get_user_by_id(user_id) #retrieve the user entity if not user: #check if the user is existed return CommonResponseObject.unauthorized_token_response() #check if the mac_address is stored if DatabaseCheck.is_mac_address_existed(mac_address): if DatabaseCheck.is_root_by_mac(mac_address): return CommonResponseObject.fail_response( 'Your device is the root device', status.HTTP_202_ACCEPTED) return CommonResponseObject.fail_response( 'Your device is already authorized', status.HTTP_202_ACCEPTED) return user,key
def setUp(self): db.create_all() user = User( email='*****@*****.**', username='******', password='******', admin=True ) duplicate_user = User( email='*****@*****.**', username='******', password='******' ) data = Bathroom( name='test bathroom', location='NYC', open_year_round=True, handicap_accessible=True, borough='Manhattan', latlong="{'lng': -73.9712488, 'lat': 40.7830603}" ) db.session.add(user) db.session.add(duplicate_user) db.session.add(data) bathroom = Bathroom.query.first() user = User.query.first() rating = Rating( user_id=user.id, bathroom_id=bathroom.id, rating=5 ) db.session.add(rating) db.session.commit()
def __check_for_require_params(self,auth_token,mac_address,encrypted_key): """ Check if the params is qualified, return error json response if any requisite does not meet, else check and return user entity for the corresponding user id :params: :auth_token: :mac_address: :public_key: :return: :user_id: or :responseObject: """ if not auth_token: # Check if the auth_token is valid return CommonResponseObject.unauthorized_token_response() user_id = User.decode_auth_token(auth_token) if isinstance(user_id,str): # Check if user_id is provided return CommonResponseObject.unauthorized_token_response() if not isinstance(mac_address,str): # Check if mac address is provided return CommonResponseObject.fail_response( 'Please provide your Mac address', status.HTTP_412_PRECONDITION_FAILED) if not encrypted_key:#check if encrypted_key is provided return CommonResponseObject.fail_response( 'Please provide your encrypted key for authorization', status.HTTP_412_PRECONDITION_FAILED) user = User.get_user_by_id(user_id) #get user from the database if not user:#if user is not available return CommonResponseObject.unauthorized_token_response() return user
def post(self): post_data = request.get_json() user = User.query.filter_by(email=post_data.get("email")).first() if not user: try: user = User(email=post_data.get("email"), password=post_data.get("password")) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) response_object = { "status": "success", "message": "Successfully registered.", "auth_token": auth_token, "user_id": user.id } return make_response(jsonify(response_object)), 201 except Exception as e: print(e) response_object = { "status": "fail", "message": "Some error occured. Please try again." } return make_response(jsonify(response_object)), 401 else: response_object = { "status": "fail", "message": "User already exists. Please log in." } return make_response(jsonify(response_object)), 202
def test_decode_auth_token(self): user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) decoded = User.decode_auth_token(auth_token) self.assertEqual(user.id, decoded)
def test_post_creation(self): """ Test for post creation """ with self.client: user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.flush() aut_token = user.encode_auth_token(user.id) response = self.client.post( '/post/create', headers=dict(Authorization='Bearer ' + str(aut_token, 'UTF-8')), data=json.dumps(dict(post_text="Testing post creation")), content_type='application/json') data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'success') self.assertTrue(data['message'] == 'Added new post.') self.assertTrue(response.content_type == 'application/json') self.assertEqual(response.status_code, 200) test_post = Post.query.filter_by(id=1).first() self.assertTrue(test_post.post_text == "Testing post creation") self.assertTrue(isinstance(test_post.created_on, dtm))
def post(self): response_msg = [] email = request.json.get('email', None) password = request.json.get('password', None) first_name = request.json.get('first_name', None) last_name = request.json.get('last_name', None) is_admin = request.json.get('is_admin', None) if not email: response_msg.append('email must be non-empty') if not password: response_msg.append('password must be non-empty') if not first_name: response_msg.append('first_name must be non-empty') if not last_name: response_msg.append('last_name must be non-empty') if is_admin is None: response_msg.append('is_admin must be non-empty') if len(response_msg) > 0: responseObject = { 'status': 'failed', 'message': response_msg } return make_response(jsonify(responseObject)), 400 user = User.query.filter_by(email=email).first() if not user: try: user = User( email=email, password=password, first_name=first_name, last_name=last_name, is_admin=is_admin ) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id, int(is_admin)) responseObject = { 'status': 'success', 'message': 'Successfully registered.', 'auth_token': auth_token.decode() } return make_response(jsonify(responseObject)), 201 except Exception as e: print(e) responseObject = { 'status': 'fail', 'message': 'Some error occurred. Please try again.' } return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'User already exists. Please Log in.', } return make_response(jsonify(responseObject)), 202
def test_decode_auth_token(self): user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token, bytes)) self.assertTrue(User.decode_auth_token(auth_token) == 1)
def post(self): # get the post data post_data = request.get_json() # check if user already exists user = User.query.filter_by(email=post_data.get("email")).first() if not user: try: user = User(email=post_data.get("email"), password=post_data.get("password")) # insert the user db.session.add(user) db.session.commit() # generate the auth token auth_token = user.encode_auth_token(user.id) responseObject = { "status": "success", "message": "Successfully registered.", "auth_token": auth_token.decode(), } return make_response(jsonify(responseObject)), 201 except Exception as e: responseObject = { "status": "fail", "message": "Some error occurred. Please try again.", } return make_response(jsonify(responseObject)), 401 else: responseObject = { "status": "fail", "message": "User already exists. Please Log in.", } return make_response(jsonify(responseObject)), 202
def post(self): # mengambil data post_data = request.get_json() # kemudian check apakah user sudah ada user = User.query.filter_by(email=post_data.get('email')).first() if not user: try: user = User( email=post_data.get('email'), password=post_data.get('password') ) # bila belum maka masukan user baru db.session.add(user) db.session.commit() # bila input berhasil maka akan menampilkan token auth_token = user.encode_auth_token(user.id) responseObject = { 'status': 'success', 'message': 'Successfully registered.', 'auth_token': auth_token.decode() } return make_response(jsonify(responseObject)), 201 except Exception as e: responseObject = { 'status': 'fail', 'message': 'Some error occurred. Please try again.' } return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'User already exists. Please Log in.', } return make_response(jsonify(responseObject)), 202
def __check_for_require_params(self, auth_token, mac_address, otp_modulus, otp_exponent, main_key, backup_key): """ Check if the params is qualified :params auth_token mac_address public_key: :return user_id or responseObject: """ if not auth_token: return CommonResponseObject.unauthorized_token_response() user_id = User.decode_auth_token(auth_token) if not main_key: return CommonResponseObject.fail_response( 'Please provide the main key', status.HTTP_412_PRECONDITION_FAILED) if not backup_key: return CommonResponseObject.fail_response( 'Please provide the backup_key', status.HTTP_412_PRECONDITION_FAILED) if isinstance(user_id, str): return CommonResponseObject.unauthorized_token_response() if not isinstance(mac_address, str): return CommonResponseObject.fail_response( 'Please provide your Mac address', status.HTTP_412_PRECONDITION_FAILED) user = User.get_user_by_id(user_id) if not user: return CommonResponseObject.unauthorized_token_response() if DatabaseCheck.is_mac_address_existed(mac_address): return CommonResponseObject.fail_response( 'Your device is the root device or already requested for authorization', status.HTTP_202_ACCEPTED) return user
def post(self): # get the post data post_data = request.get_json() # check if user already exists user = User.query.filter_by(email=post_data.get('email')).first() if not user: try: user = User(email=post_data.get('email'), password=post_data.get('password')) # insert the user db.session.add(user) db.session.commit() # generate the auth token auth_token = user.encode_auth_token(user.id) responseObject = { 'status': 'exito', 'message': 'Registro exitoso', 'auth_token': auth_token.decode() } return make_response(jsonify(responseObject)) except Exception as e: responseObject = { 'status': 'Error', 'message': 'Algo ocurrio, intenta de nuevo' } return make_response(jsonify(responseObject)) else: responseObject = { 'status': 'Error', 'message': 'Usuario ya registrado. Inicie Sesion', } return make_response(jsonify(responseObject))
def post(self): # get the post data post_data = request.get_json() try: # fetch the user data username = post_data.get('username') user = User.find_one_by_username(username) print(user) if user and bcrypt.check_password_hash(user["password"], post_data.get('password')): auth_token = User.encode_auth_token(user["_id"]) auth_token_decoded = auth_token.decode() if auth_token: responseObject = { 'status': 'success', 'message': 'Successfully logged in.', 'auth_token': auth_token_decoded } return make_response(jsonify(responseObject)), 200 else: responseObject = { 'status': 'fail', 'message': 'User does not exist.' } return make_response(jsonify(responseObject)), 404 except Exception as e: print(e) responseObject = {'status': 'fail', 'message': 'Try again'} return make_response(jsonify(responseObject)), 500
def test_secured_hello_world2(self): with self.client: User.delete_one('joe') response = self.client.get('/hello_secured?user=me', headers=dict(Authorization='Bearer ' + '-----')) self.assertEqual(response.status_code, 401) User.delete_one('joe')
def setUp(self): BaseTestCase.setUp(self) self.user = User( username='******', password='******' ) db.session.add(self.user) db.session.commit()
def test_decode_auth_token(self): user = User(email="*****@*****.**", password="******") db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token, bytes)) self.assertTrue(User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_decode_auth_token(self): """ Test for decoding authentication token """ user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token, bytes)) self.assertTrue( User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_encode_auth_token(self): user = User( email='*****@*****.**', password='******' ) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token, bytes))
def setUp(self): db.create_all() user = User(email="*****@*****.**", password="******") db.session.add(user) db.session.commit() user = User(email="*****@*****.**", password="******") db.session.add(user) db.session.commit()
def test_encode_auth_token(self): user = User(email='*****@*****.**', password='******', screen_name='joeThePlumber') db.session.add(user) db.session.commit() auth_token, exp = user.encode_auth_token(user.id) print(exp) self.assertTrue(isinstance(auth_token, bytes))
def test_add_favourite(self): user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.commit() user.add_favourite(tmdb_id=69740) favourites = user.favourites favourite = favourites.pop() self.assertEqual(favourite.user_id, 1) self.assertEqual(favourite.tmdb_id, 69740)
def test_get_show(self): user = User(email='*****@*****.**', password='******') db.session.add(user) db.session.commit() user.add_favourite(tmdb_id=69740) favourites = user.favourites favourite = favourites.pop() show = favourite.get_show() self.assertEqual(show.name, 'Ozark')
def test_encode_auth_token(self): user = User(email='*****@*****.**', password='******', first_name='test', last_name='user', is_admin=0) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id, user.is_admin) self.assertTrue(isinstance(auth_token, bytes))
def test_registration(self): """ Test for user registration """ User.delete_one('joe') with self.client: response = register_user(self, 'joe', '*****@*****.**', '123456') data = json.loads(response.data) print(data['message']) self.assertTrue( (data['message'] == 'Successfully registered.') or (data['message'] == 'User already exists. Please Log in.')) User.delete_one('joe')
def test_non_registered_user_login(self): """ Test for login of non-registered user """ with self.client: response = login_user(self, 'joe2', '123456') data = json.loads(response.data) self.assertTrue(data['status'] == 'fail') print(data) self.assertTrue(data['message'] == 'User does not exist.') self.assertTrue(response.content_type == 'application/json') self.assertEqual(response.status_code, 404) User.delete_one('joe2')
def post(self): post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) the_type = data.get('type') if not the_type or the_type != 'auth': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) email = attributes.get('email') first_name = attributes.get('firstName') last_name = attributes.get('lastName') password = attributes.get('password') if (not email or not is_email_valid(email)) or ( not first_name or not first_name.strip()) or ( not last_name or not last_name.strip()) or (not password or not password.strip()): return make_bad_request_response(APIError.WRONG_API) user = User.query.filter_by(email=email).first() if not user: try: admin = User.query.count() == 0 user = User(email=email, first_name=first_name, last_name=last_name, password=password, admin=admin) db.session.add(user) db.session.commit() auth_token = User.encode_auth_token(user.id) token = Token(auth_token.decode(), user.id) db.session.add(token) db.session.commit() response_object = default_response_object() response_object['data'] = { 'type': 'auth', 'attributes': { 'token': auth_token.decode() }, 'links': { 'self': url_for('auth.register_api') } } return make_success_response(response_object, 201) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION) else: return make_conflict_response(APIError.USER_ALREADY_EXISTS)
def test_encode_auth_token(self): user = User( email='*****@*****.**', password='******', bday='02/12/2017', fullname='tester' ) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token,bytes))
def post(self): # get auth token auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = { 'status': 'fail', 'message': e } return make_response(jsonify(responseObject)), 200 else: responseObject = { 'status': 'fail', 'message': resp } return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 403
def get(self): # get the auth token auth_header = request.headers.get('Authorization') if auth_header: try: auth_token = auth_header.split(" ")[1] except IndexError: responseObject = { 'status': 'fail', 'message': 'Bearer token malformed.' } return make_response(jsonify(responseObject)), 401 else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): user = User.query.filter_by(id=resp).first() responseObject = { 'status': 'success', 'data': { 'user_id': user.id, 'email': user.email, 'admin': user.admin, 'registered_on': user.registered_on } } return make_response(jsonify(responseObject)), 200 responseObject = { 'status': 'fail', 'message': resp } return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 401