def post(self): # get auth token auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200 else: responseObject = {'status': 'fail', 'message': resp} return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 403
def create_blacklisted_token(create_admin_user): from server.models import BlacklistToken auth_token = create_admin_user.encode_auth_token().decode() blacklist_token = BlacklistToken(token=auth_token) db.session.add(blacklist_token) db.session.commit() return blacklist_token
def logout(): auth_token = request.headers.get('Authentication-Token').split(" ")[1] blacklist_token = BlacklistToken(token=auth_token) # insert the token db.session.add(blacklist_token) db.session.commit() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), \ html_codes.HTTP_OK_BASIC
def test_logout_api(test_client, create_admin_user): """ GIVEN a Flask application WHEN the '/api/auth/logout/' api is posted to (POST) THEN check response is 200 and auth_token is added to blacklist """ from server.models import BlacklistToken create_admin_user.is_activated = True auth_token = create_admin_user.encode_auth_token().decode() response = test_client.post('/api/auth/logout/', headers=dict(Authorization=auth_token, Accept='application/json'), content_type='application/json', follow_redirects=True) assert response.status_code == 200 assert BlacklistToken.check_blacklist(auth_token) is True
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: resp_register = register_user(self, '*****@*****.**', '123456') # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = self.client.get( '/auth/status', headers=dict( Authorization='Bearer ' + json.loads( resp_register.data.decode() )['auth_token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_invalid_token_error(self): """ Test for a request with an invalid token """ with self.client: resp_register = register_user(self, '*****@*****.**', '123456') # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_register.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() response = self.client.post( '/auth/logout', headers={ 'Authentication-Token': 'Bearer 1245' } ) data = json.loads(response.get_data().decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Invalid token. Please log in again.' ) self.assertEqual(response.status_code, html_codes.HTTP_BAD_UNAUTHORIZED)
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # user registration resp_register = register_user(self, '*****@*****.**', '123456') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login resp_login = login_user(self, '*****@*****.**', '123456') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) db.session.add(blacklist_token) db.session.commit() # blacklisted valid token logout response = self.client.post( '/auth/logout', headers=dict( Authorization='Bearer ' + json.loads( resp_login.data.decode() )['auth_token'] ) ) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue(data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def logout(): auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[0] else: auth_token = "" if auth_token: resp = Staff.decode_token(auth_token) if isinstance(resp, int): blacklist_token = BlacklistToken(auth_token) try: db.session.add(blacklist_token) db.session.commit() response = { 'status': 'success', 'message': 'Logged out' } return make_response(jsonify(response)), 200 except Exception as e: response = { 'status': 'fail', 'message': e } return make_response(jsonify(response)), 200 else: response = { 'status': 'fail', 'message': resp } return make_response(jsonify(response)), 401 else: response = { 'status': 'fail', 'message': 'Invalid token' } return make_response(jsonify(response)), 403
def post(self): blacklist_token = BlacklistToken(token=self.get_auth_token()) db.session.add(blacklist_token) db.session.commit() return make_response(jsonify({})), HTTPStatus.OK
def blacklist_token(auth_token): blacklist_token = BlacklistToken(token=auth_token) db.session.add(blacklist_token) db.session.commit()