def test_direct_login(uid, client, assert_redirect):
assert_redirect(client.get("/direct-login/?token=%s" % make_jwt(dict(
exp = get_time() + 60,
email = "*****@*****.**" % uid
))), route = "/")
assert_redirect(client.get("/logout/"), route = "/")
def login_google():
next = request.args.get("next", "/")
nonce = base64.b64encode(os.urandom(24)).decode('utf-8')
state = make_jwt(dict(next=next, nonce=nonce))
session['state'] = state
return google_oauth_client.authorize_user(state)
def test_interaction():
# Ensure that the JWT created by _jwt is equivalent to the one created by jwt
tkn1 = jwt.make_jwt(testing_payload)
tkn2 = _jwt.make_jwt(testing_payload, app.secret_key)
assert tkn1 == tkn2
# Make sure that all payloads are equivalent
payload1 = jwt.verify_jwt(tkn1)
payload2 = _jwt.verify_jwt(tkn2, app.secret_key)
assert payload1 == payload2
def make_test_user(num):
tclient = app.test_client()
email = "*****@*****.**" % num
res = tclient.post('/signup/', data=dict(email=email))
assert res.status_code == 303
res = tclient.post("/create-account/?token=%s" %
make_jwt(dict(email=email)),
data=dict(username="******" % num,
real_name="Test User %d" % num,
password="******" % num,
repeat_password="******" % num,
legal_agreement="y"))
assert res.status_code == 303
return tclient
def test_direct_login_expired(client):
assert client.get("/direct-login/?token=%s" % make_jwt(dict(
exp = get_time() - 1,
email = "*****@*****.**"
))).status_code == 400
def authorize_google():
if user:
next_url = request.args.get("next")
if next_url is None:
try:
if 'state' in session:
state = session['state']
else:
state = request.args.get("state", "")
data = verify_jwt(state)
next_url = data.get("next", "/")
except (InvalidJWT, ExpiredJWT):
next_url = "/"
return redirect(next_url, code=303)
if 'state' not in session:
return error_page(
400,
message=
"No state was provided! Please return to /login to retrieve a valid state."
)
state = request.args.get('state', '')
sess_state = session.get('state')
del session['state']
if state != sess_state:
return error_page(
400,
message=
"The provided state is invalid! Please return to /login to retrieve a new state."
)
try:
next_url = verify_jwt(sess_state).get("next", "/")
except (InvalidJWT, ExpiredJWT):
return error_page(
400,
message=
"The provided state is invalid! Please return to /login to retrieve a new state."
)
code = request.args.get('code', '')
userinfo = google_oauth_client.get_userinfo(code)
gid = str(userinfo.id)
email = userinfo.raw["email"]
link = GoogleLinks.query.filter_by(gid=gid).first()
if link is None:
link_user = Users.query.filter_by(email=email).first()
if link_user is not None:
link_token = make_jwt({
"provider": "Google",
"pid": gid,
"email": email,
"uid": link_user.id
})
return render_template("account/link-accounts.html",
provider="Google",
matches=[(email, link_user, link_token)],
no_signup=True,
pid=gid)
else:
connect_token = make_jwt({
"provider": "Google",
"pid": gid,
"email": email,
"real_name": userinfo.raw["name"]
})
return redirect("/oauth-create-account/?next=%s&token=%s" %
(next_url, connect_token))
else:
set_user(Users.query.filter_by(id=link.uid).first_or_404())
flash("Welcome back!", category="SUCCESS")
return redirect(next_url, code=303)
def test_create_account_redir(user1):
assert user1.get("/create-account/?token=%s" % make_jwt(
dict(email="*****@*****.**", exp=get_time() + 60))).status_code == 303
def test_create_account_valid(client):
assert client.get(
"/create-account/?token=%s" %
make_jwt(dict(email="*****@*****.**",
exp=get_time() + 60))).status_code == 200
def test_create_account_expired(client):
assert client.get("/create-account/?token=%s" % make_jwt(
dict(email="*****@*****.**", exp=get_time() - 1))).status_code == 400