def test_invalid_logout(self):
""" Testing logout after the token expires """
with self.client:
# user registration
User.delete_one('joe')
resp_register = register_user(self, 'joe', '*****@*****.**',
'123456')
data_register = json.loads(resp_register.data.decode())
self.assertTrue(data_register['status'] == 'success')
self.assertTrue(
data_register['message'] == 'Successfully registered.')
self.assertTrue(data_register['auth_token'])
self.assertTrue(resp_register.content_type == 'application/json')
self.assertEqual(resp_register.status_code, 201)
# user login
resp_login = login_user(self, 'joe', '123456')
data_login = json.loads(resp_login.data.decode())
self.assertTrue(data_login['status'] == 'success')
self.assertTrue(data_login['message'] == 'Successfully logged in.')
self.assertTrue(data_login['auth_token'])
self.assertTrue(resp_login.content_type == 'application/json')
self.assertEqual(resp_login.status_code, 200)
# invalid token logout
time.sleep(6)
response = self.client.post(
'/auth/logout',
headers=dict(
Authorization='Bearer ' +
json.loads(resp_login.data.decode())['auth_token']))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Signature expired. Please log in again.')
self.assertEqual(response.status_code, 401)
def create():
if current_user.is_admin():
form = CreateUserForm(request.form)
form.racer.choices = get_availableRacers('NONE')
if form.validate_on_submit():
user = User(email=form.email.data,
password=form.password.data,
admin=form.admin.data)
if form.racer.data != 0:
racer = db.session.query(Racer).filter_by(
id=form.racer.data).first()
user.racer = racer
db.session.add(user)
db.session.commit()
flash('New user created.', 'success')
return redirect(url_for("admin_user.main", pghead=get_pghead()))
return render_template('admin/user/create.html',
form=form,
pghead=get_pghead())
else:
flash('You are not an admin!', 'danger')
return redirect(url_for("user.members"))
def post(self):
# get the post data
post_data = request.get_json()
# check if user already exists
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(
email=post_data.get('email'),
password=post_data.get('password')
)
# insert the user
db.session.add(user)
db.session.commit()
# generate the auth token
auth_token = user.encode_auth_token(user.id)
responseObject = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 201
except Exception as e:
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(responseObject)), 202
def test_stat_api(self):
with self.client:
# like adding test
user = User('*****@*****.**', 'nopassword', is_superuser=True)
db.session.add(user)
default_user = User('*****@*****.**', 'diff_pas', False)
db.session.add(default_user)
db.session.flush()
# creating test posts
posts = []
for i in range(3):
posts.append(Post('some text' + str(i), user.id))
db.session.add_all(posts)
db.session.flush()
likes = []
for i in range(3):
likes.append(Likes(user.id, posts[i].id))
db.session.add_all(likes)
db.session.flush()
aut_token = user.encode_auth_token(user.id)
aut_token_non_admin = user.encode_auth_token(default_user.id)
# Test analytics for admin user
response = self.client.get(
'api/analitics/?date_from=2020-01-15&date_to=2020-02-15',
headers=dict(Authorization='Bearer ' +
str(aut_token, 'UTF-8')),
content_type='application/json')
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'success')
self.assertEqual(response.status_code, 200)
# Test for 3 posts
response = self.client.get(
'api/analitics/?date_from=2020-01-15&date_to=2022-02-15',
headers=dict(Authorization='Bearer ' +
str(aut_token, 'UTF-8')),
content_type='application/json')
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'success')
self.assertTrue(data['likes_counter'] == len(likes))
self.assertEqual(response.status_code, 200)
# Test analytics for non admin user
response = self.client.get(
'api/analitics/?date_from=2020-01-15&date_to=2020-02-15',
headers=dict(Authorization='Bearer ' +
str(aut_token_non_admin, 'UTF-8')),
content_type='application/json')
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'Access denied.')
self.assertEqual(response.status_code, 404)
def __check_for_require_params(self,auth_token,mac_address,key_mod,key_ex):
"""
Check if the params is qualified
:params auth_token mac_address public_key:
:return user_id or responseObject:
"""
if not auth_token:#check if auth_token is available
return CommonResponseObject.unauthorized_token_response()
#get user_id and key from the auth_token
user_id= User.decode_auth_token(auth_token)
if isinstance(user_id,str):#check if user_id is valid
return CommonResponseObject.unauthorized_token_response()
if not mac_address: #check if mac_address is valid
return CommonResponseObject.fail_response(
'Please provide your MAC address',
status.HTTP_412_PRECONDITION_FAILED)
#check if key is valid
modulus, exponent = User.decode_public_key(auth_token)
key = RSAPair.get_RSA_by_public(modulus)
if not key:#check if key is existed
return CommonResponseObject.response(
'Some errors occured, provided key does not exists')
user = User.get_user_by_id(user_id) #retrieve the user entity
if not user: #check if the user is existed
return CommonResponseObject.unauthorized_token_response()
#check if the mac_address is stored
if DatabaseCheck.is_mac_address_existed(mac_address):
if DatabaseCheck.is_root_by_mac(mac_address):
return CommonResponseObject.fail_response(
'Your device is the root device',
status.HTTP_202_ACCEPTED)
return CommonResponseObject.fail_response(
'Your device is already authorized',
status.HTTP_202_ACCEPTED)
return user,key
def setUp(self):
db.create_all()
user = User(
email='*****@*****.**',
username='******',
password='******',
admin=True
)
duplicate_user = User(
email='*****@*****.**',
username='******',
password='******'
)
data = Bathroom(
name='test bathroom',
location='NYC',
open_year_round=True,
handicap_accessible=True,
borough='Manhattan',
latlong="{'lng': -73.9712488, 'lat': 40.7830603}"
)
db.session.add(user)
db.session.add(duplicate_user)
db.session.add(data)
bathroom = Bathroom.query.first()
user = User.query.first()
rating = Rating(
user_id=user.id,
bathroom_id=bathroom.id,
rating=5
)
db.session.add(rating)
db.session.commit()
def __check_for_require_params(self,auth_token,mac_address,encrypted_key):
"""
Check if the params is qualified, return error json response
if any requisite does not meet, else check and return user
entity for the corresponding user id
:params:
:auth_token:
:mac_address:
:public_key:
:return:
:user_id: or :responseObject:
"""
if not auth_token: # Check if the auth_token is valid
return CommonResponseObject.unauthorized_token_response()
user_id = User.decode_auth_token(auth_token)
if isinstance(user_id,str): # Check if user_id is provided
return CommonResponseObject.unauthorized_token_response()
if not isinstance(mac_address,str): # Check if mac address is provided
return CommonResponseObject.fail_response(
'Please provide your Mac address',
status.HTTP_412_PRECONDITION_FAILED)
if not encrypted_key:#check if encrypted_key is provided
return CommonResponseObject.fail_response(
'Please provide your encrypted key for authorization',
status.HTTP_412_PRECONDITION_FAILED)
user = User.get_user_by_id(user_id) #get user from the database
if not user:#if user is not available
return CommonResponseObject.unauthorized_token_response()
return user
def post(self):
post_data = request.get_json()
user = User.query.filter_by(email=post_data.get("email")).first()
if not user:
try:
user = User(email=post_data.get("email"), password=post_data.get("password"))
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
response_object = {
"status": "success",
"message": "Successfully registered.",
"auth_token": auth_token,
"user_id": user.id
}
return make_response(jsonify(response_object)), 201
except Exception as e:
print(e)
response_object = {
"status": "fail",
"message": "Some error occured. Please try again."
}
return make_response(jsonify(response_object)), 401
else:
response_object = {
"status": "fail",
"message": "User already exists. Please log in."
}
return make_response(jsonify(response_object)), 202
def test_decode_auth_token(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
decoded = User.decode_auth_token(auth_token)
self.assertEqual(user.id, decoded)
def test_post_creation(self):
""" Test for post creation """
with self.client:
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.flush()
aut_token = user.encode_auth_token(user.id)
response = self.client.post(
'/post/create',
headers=dict(Authorization='Bearer ' +
str(aut_token, 'UTF-8')),
data=json.dumps(dict(post_text="Testing post creation")),
content_type='application/json')
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'success')
self.assertTrue(data['message'] == 'Added new post.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 200)
test_post = Post.query.filter_by(id=1).first()
self.assertTrue(test_post.post_text == "Testing post creation")
self.assertTrue(isinstance(test_post.created_on, dtm))
def post(self):
# get the post data
post_data = request.get_json()
# check if user already exists
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(
email=post_data.get('email'),
password=post_data.get('password')
)
# insert the user
db.session.add(user)
db.session.commit()
# generate the auth token
auth_token = user.encode_auth_token(user.id)
responseObject = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 201
except Exception as e:
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(responseObject)), 202
def post(self):
response_msg = []
email = request.json.get('email', None)
password = request.json.get('password', None)
first_name = request.json.get('first_name', None)
last_name = request.json.get('last_name', None)
is_admin = request.json.get('is_admin', None)
if not email:
response_msg.append('email must be non-empty')
if not password:
response_msg.append('password must be non-empty')
if not first_name:
response_msg.append('first_name must be non-empty')
if not last_name:
response_msg.append('last_name must be non-empty')
if is_admin is None:
response_msg.append('is_admin must be non-empty')
if len(response_msg) > 0:
responseObject = {
'status': 'failed',
'message': response_msg
}
return make_response(jsonify(responseObject)), 400
user = User.query.filter_by(email=email).first()
if not user:
try:
user = User(
email=email,
password=password,
first_name=first_name,
last_name=last_name,
is_admin=is_admin
)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id, int(is_admin))
responseObject = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 201
except Exception as e:
print(e)
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(responseObject)), 202
def test_decode_auth_token(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(auth_token) == 1)
def post(self):
# get the post data
post_data = request.get_json()
# check if user already exists
user = User.query.filter_by(email=post_data.get("email")).first()
if not user:
try:
user = User(email=post_data.get("email"),
password=post_data.get("password"))
# insert the user
db.session.add(user)
db.session.commit()
# generate the auth token
auth_token = user.encode_auth_token(user.id)
responseObject = {
"status": "success",
"message": "Successfully registered.",
"auth_token": auth_token.decode(),
}
return make_response(jsonify(responseObject)), 201
except Exception as e:
responseObject = {
"status": "fail",
"message": "Some error occurred. Please try again.",
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
"status": "fail",
"message": "User already exists. Please Log in.",
}
return make_response(jsonify(responseObject)), 202
def post(self):
# mengambil data
post_data = request.get_json()
# kemudian check apakah user sudah ada
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(
email=post_data.get('email'),
password=post_data.get('password')
)
# bila belum maka masukan user baru
db.session.add(user)
db.session.commit()
# bila input berhasil maka akan menampilkan token
auth_token = user.encode_auth_token(user.id)
responseObject = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 201
except Exception as e:
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(responseObject)), 202
def __check_for_require_params(self, auth_token, mac_address, otp_modulus,
otp_exponent, main_key, backup_key):
"""
Check if the params is qualified
:params auth_token mac_address public_key:
:return user_id or responseObject:
"""
if not auth_token:
return CommonResponseObject.unauthorized_token_response()
user_id = User.decode_auth_token(auth_token)
if not main_key:
return CommonResponseObject.fail_response(
'Please provide the main key',
status.HTTP_412_PRECONDITION_FAILED)
if not backup_key:
return CommonResponseObject.fail_response(
'Please provide the backup_key',
status.HTTP_412_PRECONDITION_FAILED)
if isinstance(user_id, str):
return CommonResponseObject.unauthorized_token_response()
if not isinstance(mac_address, str):
return CommonResponseObject.fail_response(
'Please provide your Mac address',
status.HTTP_412_PRECONDITION_FAILED)
user = User.get_user_by_id(user_id)
if not user:
return CommonResponseObject.unauthorized_token_response()
if DatabaseCheck.is_mac_address_existed(mac_address):
return CommonResponseObject.fail_response(
'Your device is the root device or already requested for authorization',
status.HTTP_202_ACCEPTED)
return user
def post(self):
# get the post data
post_data = request.get_json()
# check if user already exists
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(email=post_data.get('email'),
password=post_data.get('password'))
# insert the user
db.session.add(user)
db.session.commit()
# generate the auth token
auth_token = user.encode_auth_token(user.id)
responseObject = {
'status': 'exito',
'message': 'Registro exitoso',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject))
except Exception as e:
responseObject = {
'status': 'Error',
'message': 'Algo ocurrio, intenta de nuevo'
}
return make_response(jsonify(responseObject))
else:
responseObject = {
'status': 'Error',
'message': 'Usuario ya registrado. Inicie Sesion',
}
return make_response(jsonify(responseObject))
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
username = post_data.get('username')
user = User.find_one_by_username(username)
print(user)
if user and bcrypt.check_password_hash(user["password"],
post_data.get('password')):
auth_token = User.encode_auth_token(user["_id"])
auth_token_decoded = auth_token.decode()
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token_decoded
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def test_secured_hello_world2(self):
with self.client:
User.delete_one('joe')
response = self.client.get('/hello_secured?user=me',
headers=dict(Authorization='Bearer ' +
'-----'))
self.assertEqual(response.status_code, 401)
User.delete_one('joe')
def setUp(self):
BaseTestCase.setUp(self)
self.user = User(
username='******',
password='******'
)
db.session.add(self.user)
db.session.commit()
def test_decode_auth_token(self):
user = User(email="*****@*****.**", password="******")
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_decode_auth_token(self):
""" Test for decoding authentication token """
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(
User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def test_encode_auth_token(self):
user = User(
email='*****@*****.**',
password='******'
)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
def setUp(self):
db.create_all()
user = User(email="*****@*****.**", password="******")
db.session.add(user)
db.session.commit()
user = User(email="*****@*****.**", password="******")
db.session.add(user)
db.session.commit()
def test_encode_auth_token(self):
user = User(email='*****@*****.**',
password='******',
screen_name='joeThePlumber')
db.session.add(user)
db.session.commit()
auth_token, exp = user.encode_auth_token(user.id)
print(exp)
self.assertTrue(isinstance(auth_token, bytes))
def test_add_favourite(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
user.add_favourite(tmdb_id=69740)
favourites = user.favourites
favourite = favourites.pop()
self.assertEqual(favourite.user_id, 1)
self.assertEqual(favourite.tmdb_id, 69740)
def test_get_show(self):
user = User(email='*****@*****.**', password='******')
db.session.add(user)
db.session.commit()
user.add_favourite(tmdb_id=69740)
favourites = user.favourites
favourite = favourites.pop()
show = favourite.get_show()
self.assertEqual(show.name, 'Ozark')
def test_encode_auth_token(self):
user = User(email='*****@*****.**',
password='******',
first_name='test',
last_name='user',
is_admin=0)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id, user.is_admin)
self.assertTrue(isinstance(auth_token, bytes))
def test_registration(self):
""" Test for user registration """
User.delete_one('joe')
with self.client:
response = register_user(self, 'joe', '*****@*****.**', '123456')
data = json.loads(response.data)
print(data['message'])
self.assertTrue(
(data['message'] == 'Successfully registered.')
or (data['message'] == 'User already exists. Please Log in.'))
User.delete_one('joe')
def test_non_registered_user_login(self):
""" Test for login of non-registered user """
with self.client:
response = login_user(self, 'joe2', '123456')
data = json.loads(response.data)
self.assertTrue(data['status'] == 'fail')
print(data)
self.assertTrue(data['message'] == 'User does not exist.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 404)
User.delete_one('joe2')
def post(self):
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'auth':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
first_name = attributes.get('firstName')
last_name = attributes.get('lastName')
password = attributes.get('password')
if (not email or not is_email_valid(email)) or (
not first_name or not first_name.strip()) or (
not last_name
or not last_name.strip()) or (not password
or not password.strip()):
return make_bad_request_response(APIError.WRONG_API)
user = User.query.filter_by(email=email).first()
if not user:
try:
admin = User.query.count() == 0
user = User(email=email,
first_name=first_name,
last_name=last_name,
password=password,
admin=admin)
db.session.add(user)
db.session.commit()
auth_token = User.encode_auth_token(user.id)
token = Token(auth_token.decode(), user.id)
db.session.add(token)
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': auth_token.decode()
},
'links': {
'self': url_for('auth.register_api')
}
}
return make_success_response(response_object, 201)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
else:
return make_conflict_response(APIError.USER_ALREADY_EXISTS)
def test_encode_auth_token(self):
user = User(
email='*****@*****.**',
password='******',
bday='02/12/2017',
fullname='tester'
)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token,bytes))
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {
'status': 'fail',
'message': e
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def get(self):
# get the auth token
auth_header = request.headers.get('Authorization')
if auth_header:
try:
auth_token = auth_header.split(" ")[1]
except IndexError:
responseObject = {
'status': 'fail',
'message': 'Bearer token malformed.'
}
return make_response(jsonify(responseObject)), 401
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
responseObject = {
'status': 'success',
'data': {
'user_id': user.id,
'email': user.email,
'admin': user.admin,
'registered_on': user.registered_on
}
}
return make_response(jsonify(responseObject)), 200
responseObject = {
'status': 'fail',
'message': resp
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 401
