def authenticate(self, provider, access_token):
'''
Authenticate user with the given access_token on the specific
provider method. If it returns the user data, try to fetch the user
on the database or create user if it doesn`t exist and then return
the user object. Otherwise, returns None, meaning invalid
authentication parameters.
'''
if provider == u'GooglePlus':
oauth_user = yield self.authenticate_on_google(access_token)
else:
oauth_user = None
if oauth_user:
db = self.application.db
user = User.by_email(oauth_user['email'], db)
if user:
user.last_login = datetime.utcnow()
db.flush()
db.commit() # FIXME, test if commit() is necessary
user.first_login = False
else:
user = User.add_user(db, oauth_user['fullname'],
oauth_user['email'], provider,
datetime.utcnow())
user.first_login = True
else:
user = None
raise gen.Return(user)
def test_authenticate_user_not_valid_for_this_app(self):
self.db.query(User).delete()
UserFactory(email='*****@*****.**')
mock_response = Mock(
code=200,
body='{"issued_to": "222", "email": "*****@*****.**"}'
)
def handle_request(url, handler, proxy_host, proxy_port):
handler(mock_response)
fetch_mock = Mock()
fetch_mock.side_effect = handle_request
config = Config()
config.GOOGLE_CLIENT_ID = '000'
access_token = '111'
User.authenticate(
access_token,
fetch_mock,
self.db,
config,
callback=self.stop
)
response = self.wait()
expect(response.get('status')).to_equal(401)
expect(response.get('reason')).to_equal(
"Token's client ID does not match app's."
)
def test_authenticate_unauthorized_user(self):
self.db.query(User).delete()
mock_response = Mock(
code=200,
body='{"issued_to": "000", "email": "*****@*****.**"}'
)
def handle_request(url, handler, proxy_host, proxy_port):
handler(mock_response)
fetch_mock = Mock()
fetch_mock.side_effect = handle_request
config = Config()
config.GOOGLE_CLIENT_ID = '000'
access_token = '111'
User.authenticate(
access_token,
fetch_mock,
self.db,
config,
callback=self.stop
)
response = self.wait()
expect(response.get('status')).to_equal(403)
expect(response.get('reason')).to_equal('Unauthorized user')
def authenticate(self, provider, access_token):
'''
Authenticate user with the given access_token on the specific
provider method. If it returns the user data, try to fetch the user
on the database or create user if it doesn`t exist and then return
the user object. Otherwise, returns None, meaning invalid
authentication parameters.
'''
if provider == u'GooglePlus':
oauth_user = yield self.authenticate_on_google(access_token)
else:
oauth_user = None
if oauth_user:
db = self.application.db
user = User.by_email(oauth_user['email'], db)
if user:
user.last_login = datetime.utcnow()
db.flush()
db.commit() # FIXME, test if commit() is necessary
user.first_login = False
else:
user = User.add_user(
db, oauth_user['fullname'], oauth_user['email'], provider,
datetime.utcnow()
)
user.first_login = True
else:
user = None
raise gen.Return(user)
def test_can_get_user_by_email(self):
self.db.query(User).delete()
user = UserFactory.create()
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
invalid_user = User.by_email('*****@*****.**', self.db)
expect(invalid_user).to_be_null()
def test_can_update_locale(self):
user = UserFactory.create(locale='es_ES')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
User.update_locale(self.db, user, 'pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
def post(self):
user = self.get_authenticated_user()
if not user:
return
post_data = loads(self.request.body)
locale = post_data.get('locale', None)
if locale:
User.update_locale(self.db, user, locale)
self.write_json(self._('OK'))
self.finish()
def post(self):
user = self.get_authenticated_user()
if not user:
return
post_data = loads(self.request.body)
locale = post_data.get('locale', None)
if locale:
User.update_locale(self.db, user, locale)
self.write_json(self._('OK'))
self.finish()
def test_can_authenticate_inexistent_user(self):
with patch.object(AuthenticateHandler,
'authenticate_on_google') as auth_mock:
result = gen.Future()
result.set_result({
'email': '*****@*****.**',
'fullname': 'Test',
'id': '12345'
})
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch('/authenticate',
method='POST',
body=dumps({
'provider':
'GooglePlus',
'access_token':
'VALID-TOKEN',
}))
except HTTPError, e:
response = e.response
user = User.by_email('*****@*****.**', self.db)
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_true()
expect(loads(response.body)['authenticated']).to_be_true()
expect(user).not_to_be_null()
def post(self):
access_token = self.request.headers.get('X-AUTH-HOLMES', None)
if access_token is None:
self.set_status(403)
self.write_json({'reason': 'Empty access token'})
return
result = yield User.authenticate(
access_token,
self.application.http_client.fetch,
self.db,
self.application.config
)
if result and result.get('user', None) is None:
self.set_status(403)
self.write_json({'reason': 'Not authorized user.'})
return
post_data = loads(self.request.body)
url = post_data.get('url', None)
connections = self.application.config.DEFAULT_NUMBER_OF_CONCURRENT_CONNECTIONS
value = post_data.get('value', connections)
if not url and not value:
self.set_status(400)
self.write_json({'reason': 'Not url or value'})
return
result = Limiter.add_or_update_limiter(self.db, url, value)
yield self.cache.remove_domain_limiters_key()
self.write_json(result)
def get_authenticated_user(self):
authenticated, payload = self.is_authenticated()
if authenticated:
user_email = payload['sub']
user = User.by_email(user_email, self.db)
return user
else:
return None
def get_authenticated_user(self):
authenticated, payload = self.is_authenticated()
if authenticated:
user_email = payload['sub']
user = User.by_email(user_email, self.db)
return user
else:
return None
def test_authenticate(self, datetime_mock):
dt = datetime(2014, 2, 14, 15, 0, 30)
datetime_mock.now.return_value = dt
self.db.query(User).delete()
UserFactory(email='*****@*****.**')
mock_response = Mock(
code=200,
body='{"issued_to": "000", "email": "*****@*****.**"}'
)
def handle_request(url, handler, proxy_host, proxy_port):
handler(mock_response)
fetch_mock = Mock()
fetch_mock.side_effect = handle_request
config = Config()
config.GOOGLE_CLIENT_ID = '000'
access_token = '111'
User.authenticate(
access_token,
fetch_mock,
self.db,
config,
callback=self.stop
)
response = self.wait()
expect(response).to_be_like({
'status': 200,
'user': {
'is_superuser': True,
'fullname': u'Marcelo Jorge Vieira',
'last_login': dt,
'email': u'*****@*****.**'
}
})
loaded_user = User.by_email('*****@*****.**', self.db)
expect(loaded_user.last_login).to_equal(dt)
def test_users_violations_prefs_str(self):
data = UsersViolationsPrefsFactory.create(
user=User(email='*****@*****.**', fullname='Sherlock Holmes'),
key=Key(name='some.random.fact'),
is_active=False)
loaded = self.db.query(UsersViolationsPrefs).get(data.id)
expect(str(loaded)).to_be_like('[email protected]: some.random.fact')
def test_can_save_user_locale(self):
user = UserFactory.create(locale='pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
response = yield self.authenticated_fetch('/users/locale/',
user_email=user.email,
method='POST',
body=dumps(
{'locale': 'es_ES'}))
expect(response.code).to_equal(200)
expect(loads(response.body)).to_equal('OK')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
def test_can_convert_to_dict(self):
data = UsersViolationsPrefsFactory.create(
user=User(email='*****@*****.**', fullname='Sherlock Holmes'),
key=Key(name='some.random.fact'),
is_active=False)
expect(data.to_dict()).to_be_like({
'user': '******',
'key': 'some.random.fact',
'is_active': False
})
def test_can_save_user_locale(self):
user = UserFactory.create(locale='pt_BR')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('pt_BR')
response = yield self.authenticated_fetch(
'/users/locale/',
user_email=user.email,
method='POST',
body=dumps({'locale': 'es_ES'})
)
expect(response.code).to_equal(200)
expect(loads(response.body)).to_equal('OK')
loaded_user = User.by_email(user.email, self.db)
expect(loaded_user.id).to_equal(user.id)
expect(loaded_user.locale).to_equal('es_ES')
def test_can_create_users_violations_prefs(self):
data = UsersViolationsPrefsFactory.create(
user=User(email='*****@*****.**', fullname='Sherlock Holmes'),
key=Key(name='some.random.fact'),
is_active=False)
loaded = self.db.query(UsersViolationsPrefs).get(data.id)
expect(loaded.user.email).to_equal('*****@*****.**')
expect(loaded.key.name).to_equal('some.random.fact')
expect(loaded.is_active).to_equal(False)
def test_authenticate_invalid_token(self):
self.db.query(User).delete()
UserFactory(email='*****@*****.**')
mock_response = Mock(
code=400,
body=dumps({
"error": "invalid_token",
"error_description": "Invalid Value"
})
)
def handle_request(url, handler, proxy_host, proxy_port):
handler(mock_response)
fetch_mock = Mock()
fetch_mock.side_effect = handle_request
config = Config()
config.GOOGLE_CLIENT_ID = '000'
access_token = '111'
User.authenticate(
access_token,
fetch_mock,
self.db,
config,
callback=self.stop
)
response = self.wait()
expect(response).to_be_like({
'status': 400,
'reason': 'Error',
'details': '{"error_description":"Invalid Value", \
"error":"invalid_token"}'
})
def handle(code, body):
if code > 399:
callback(({
'reason': 'Error',
'status': code,
'details': body
}))
return
data = loads(body)
# Verify that the access token is valid for this app.
if data.get('issued_to') != config.GOOGLE_CLIENT_ID:
callback({
'status': 401,
'reason': "Token's client ID does not match app's.",
})
return
user_email = data.get('email')
from holmes.models import User
user = User.by_email(user_email, db)
if user:
user.last_login = datetime.datetime.now()
db.flush()
db.commit()
callback({
'status': 200,
'user': user.to_dict()
})
return
callback({
'status': 403,
'reason': 'Unauthorized user'
})
return
def test_can_authenticate_inexistent_user(self):
with patch.object(AuthenticateHandler, 'authenticate_on_google') as auth_mock:
result = gen.Future()
result.set_result({
'email': '*****@*****.**',
'fullname': 'Test',
'id': '12345'
})
auth_mock.return_value = result
try:
response = yield self.anonymous_fetch(
'/authenticate', method='POST', body=dumps({
'provider': 'GooglePlus',
'access_token': 'VALID-TOKEN',
})
)
except HTTPError, e:
response = e.response
user = User.by_email('*****@*****.**', self.db)
expect(response.code).to_equal(200)
expect(loads(response.body)['first_login']).to_be_true()
expect(loads(response.body)['authenticated']).to_be_true()
expect(user).not_to_be_null()
