def get_user_status():
# get auth token
auth_header = request.headers.get("Authorization")
response_object = {
"status": "fail",
"message": "Provide a valid auth token."
}
if auth_header:
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
response_object.update({
"status": "success",
"message": "Success",
"data": {
"id": user.id,
"username": user.username,
"email": user.email,
"active": user.active,
"created_at": user.created_at,
}
})
return jsonify(response_object), 200
response_object["message"] = resp
return jsonify(response_object), 401
else:
return jsonify(response_object), 401
def post(self):
""" Logout Existing User """
# Authenticate using Auth-Token
auth_header = request.headers.get('Auth-Token')
uid = request.headers.get('UID')
print(request.headers)
if auth_header:
auth_token = auth_header
print("Here is our token: %s" % (auth_token))
resp = User.decode_auth_token(auth_token)
if resp == uid:
response = jsonify({
'status': 'success',
'message': 'Successfully logged out.'
})
response.status_code = 200
return response
else:
response = jsonify({
'status': 'error',
'message': 'Invalid UID or Auth-Token'
})
response.status_code = 401
return response
# handle error
else:
response = jsonify({
'status ': 'error',
'message': 'Invalid token. Please login again.'
})
response.status_code = 403
return response
def test_decode_auth_token(self):
"""Ensure auth tokens are decoded correctly."""
user = add_user('*****@*****.**', 'test')
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(
User.decode_auth_token(auth_token.decode("utf-8")) == 1)
def status():
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
response_object['status'] = 'success'
response_object['message'] = 'Success.'
response_object['data'] = user.to_json()
return jsonify(response_object), 200
else:
response_object['message'] = resp
return jsonify(response_object), 401
else:
return jsonify(response_object), 403
def decorated_function(*args, **kwargs):
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
auth_header = request.headers.get('Authorization')
# check if the header is provided
if not auth_header:
return jsonify(response_object), 403
# get the token and decode it
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
# this means that an exception is caught
response_object['message'] = resp
return jsonify(response_object), 401
# get the user and varify its identity and activity
user = User.query.filter_by(id=resp).first()
if not user or not user.active:
return jsonify(response_object), 401
return f(resp, *args, **kwargs)
def get_user_status():
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
# get auth header
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(' ')[-1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
print(f'resp = {resp}, {type(resp)}')
user = User.query.filter_by(id=resp).first()
response_object['status'] = 'success'
response_object['data'] = {
'username': user.username,
'email': user.email,
'active': user.active
}
return jsonify(response_object), 200
response_object['message'] = resp
return jsonify(response_object), 401
else:
jsonify(response_object), 401
def post(self):
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
auth_token = ''
if auth_token:
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
try:
# insert the token
db.session.add(blacklist_token)
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged out.'
}
return make_response(jsonify(responseObject)), 200
except Exception as e:
responseObject = {'status': 'fail', 'message': e}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {'status': 'fail', 'message': resp}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(responseObject)), 403
def post(self):
""" Current User Status """
auth_header = request.headers.get('Auth-Token')
uid = request.headers.get('UID')
# get auth token
if auth_header:
auth_token = auth_header
resp = User.decode_auth_token(auth_token)
if resp == uid:
user = User.query.filter_by(uid=resp).first()
response = jsonify({
'status': 'success',
'data': {
'status': user.status
}
})
response.status_code = 200
return response
response = jsonify({'status': 'error', 'message': resp})
response.status_code = 401
return response
# handle error
else:
response = jsonify({
'status': 'error',
'message': 'Provide a valid auth token.'
})
response.status_code = 401
return response
def test_decode_auth_token(self):
company = add_company('Kalkuli', '00.000.000/0000-00',
'*****@*****.**', 'kaliu', '789548546',
'ceilandia', 'df', '40028922')
user = add_user('dutra', '*****@*****.**', 'test', company.id)
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertEqual(User.decode_auth_token(auth_token), user.id)
def test_decode_auth_token(self):
"""
Ensure that we can decode auth token
"""
user = add_user('0x0e35462535dae6fd521f0eea67dc4e9485c714dc')
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertEqual(User.decode_auth_token(auth_token), user.id)
def test_decode_auth_token(self):
school = add_school('testschool')
user = add_user('justatest', '*****@*****.**', 'test', TEACHER, 'MAO',
school.id)
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
self.assertTrue(User.decode_auth_token(auth_token), user.id)
def get(self, uid):
# Authenticate using Auth-Token
auth_header = request.headers.get('Auth-Token')
if auth_header:
auth_token = auth_header
print("AUTH TOKEN: %s"%(auth_token))
resp = User.decode_auth_token(auth_token)
print("RESP : %s"%(resp))
if resp == uid:
""" Getting single user details """
userData = User.query.filter_by(uid=uid).first()
if not userData:
response = jsonify({
'status':'fail',
'message': 'Fail to pull user data',
'status_code': 401
})
else:
response = jsonify({
'status': 'success',
'message': 'Successful pull user data',
'data': {
'first_name':userData.first_name,
'last_name':userData.last_name,
'email':userData.email,
'admin':userData.admin,
'status':userData.status,
'username':userData.username,
'profile':userData.profile,
'ssn':userData.ssn,
'created_at':userData.created_at,
'driverLicense':userData.driverLicense,
'birthday':userData.birthday.strftime("%Y-%m-%d"),
'company':userData.company,
'last_step':userData.last_step,
'dl_front':userData.dl_front,
'dl_back':userData.dl_back,
},
'status_code': 200
})
return response
else:
response = jsonify({
'status':'error',
'message': resp
})
response.status_code = 401
return response
# handle error
else:
response = jsonify({
'status ': 'error',
'message': 'Invalid token. Please login again.'
})
response.status_code = 403
return response
def test_decode_auth_token(self):
user = User(username='******',
email='*****@*****.**',
password="******")
db.session.add(user)
db.session.commit()
token = user.encode_auth_token()
user_obj = User.decode_auth_token(token)
self.assertTrue(user_obj.id == user.id)
def get(self):
auth_header = request.headers.get("Authorization")
if not auth_header:
return {"message": "Provide a valid auth token."}, 403
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
return {"message": resp}, 401
return {"message": "Successfully signed out."}, 200
def test_decode_auth_expired_token(self):
user = User(username='******',
email='*****@*****.**',
password="******")
db.session.add(user)
db.session.commit()
token = user.encode_auth_token()
time.sleep(6)
message = User.decode_auth_token(token)
self.assertEqual(message, 'Signature expired. Please log in again.')
def test_req_marked_done_by_teacher(self):
"""ensure correct response if req is marked done by a teacher"""
school = add_school(name='testschool')
teacher = add_user('ollie mansell', '*****@*****.**', 'olliepass',
TEACHER, 'MAO', school.id)
add_user('gary tyler', '*****@*****.**', 'garypass', TECHNICIAN, 'TGA',
school.id)
now = datetime.now()
req = add_req("title", "equipment", "notes", now, teacher.id,
school.id)
req.isDone = False
with self.client:
resp_login = self.client.post('/auth/login',
data=json.dumps({
'email':
'*****@*****.**',
'password':
'******'
}),
content_type='application/json')
token = json.loads(resp_login.data.decode())['user']['token']
User.decode_auth_token(token)
response = self.client.patch(
'/reqs/' + str(req.id),
content_type='application/json',
data=json.dumps([{
"op": "replace",
"path": "/isDone",
"value": True
}]),
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 401)
self.assertIn('You are not authorised to do that.',
data['message'])
self.assertIn('fail', data['status'])
def decorated_function(*args, **kwargs):
auth_header = request.headers.get("Authorization")
if not auth_header:
return f(None, *args, **kwargs)
auth_token = auth_header.split(" ")[1]
valid_token, value = User.decode_auth_token(auth_token)
if not valid_token:
return f(None, *args, **kwargs)
user = User.query.filter_by(user_id=value).first()
if user is None:
return f(None, *args, **kwargs)
return f(value, *args, **kwargs)
def auth_logout():
auth_header = request.headers.get('Authorization')
INVALID_MESSAGE = {'status': 'fail', 'message': 'Token missing'}
resp = ""
try:
token = auth_header.split(' ')
resp = User.decode_auth_token(token[1])
print(resp)
if not isinstance(resp, str):
return jsonify({'status': 'success', 'message': 'logged out'}), 200
except Exception as e:
resp = str(e)
print(resp)
return jsonify({'status': 'fail', 'message': resp}), 401
def decorated_function(*args, **kwargs):
response_object = {"status": "fail", "message": "Provide a valid auth token."}
auth_header = request.headers.get("Authorization")
if not auth_header:
return jsonify(response_object), 403
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
response_object["message"] = resp
return jsonify(response_object), 401
user = User.query.filter_by(id=resp).first()
if not user or not user.active:
return jsonify(response_object), 401
return f(resp, *args, **kwargs)
def decorated_function(*args, **kwargs):
response = {'status': 'fail', 'message': 'Provide a valid auth token'}
auth_header = request.headers.get('Authorization')
if not auth_header:
return jsonify(response), 403
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
response['message'] = resp
return jsonify(response), 401
user = User.query.filter_by(id=resp).first()
if not user or not user.active:
return jsonify(response), 401
return f(resp, *args, **kwargs)
def decorated_function(*args, **kwargs):
response = {"message": "Provide a valid auth token."}
auth_header = request.headers.get("Authorization")
if not auth_header:
return jsonify(response), 403
auth_token = auth_header.split(" ")[1]
valid_token, value = User.decode_auth_token(auth_token)
if not valid_token:
response["message"] = value
return jsonify(response), 401
user = User.query.filter_by(user_id=value).first()
if user is None:
return jsonify(response), 401
return f(value, *args, **kwargs)
def logout_user():
auth_header = request.headers.get('Authorization')
response_object = {'status': 'fail', 'message': 'Provide a valid token.'}
if auth_header:
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
response_object['status'] = 'success'
response_object['message'] = 'Successfully logged out.'
return jsonify(response_object), 200
else:
response_object['message'] = resp
return jsonify(response_object), 401
else:
return jsonify(response_object), 403
def logout_user():
auth_header = request.headers.get("Authorization")
response_object = {"status": "fail", "message": "Provide a valid auth token."}
if auth_header:
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
response_object["status"] = "success"
response_object["message"] = "Successfully logged out."
return jsonify(response_object), 200
else:
response_object["message"] = resp
return jsonify(response_object), 401
else:
return jsonify(response_object), 403
def get_user_status():
auth_header = request.headers.get("Authorization")
response_object = {"status": "fail", "message": "Provide a valid auth token."}
if auth_header:
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(resp, str):
user = User.query.filter_by(id=resp).first()
response_object["status"] = "success"
response_object["message"] = "Success."
response_object['data'] = user.to_json()
return jsonify(response_object), 200
response_object['message'] = resp
return jsonify(response_object), 401
else:
return jsonify(response_object), 401
def get_user_status():
authorization = request.headers.get('Authorization')
response = {'status': 'fail', 'message': 'Provide a valid auth token.'}
if authorization:
auth_token = authorization.split(' ')[1]
token_res = User.decode_auth_token(auth_token)
if not isinstance(token_res, str):
user = User.query.filter_by(id=token_res).first()
response['status'] = 'success'
response['message'] = 'Success'
response['data'] = user.to_json()
return jsonify(response), 200
response['message'] = token_res
return jsonify(response), 401
else:
return jsonify(response), 401
def auth_status():
auth_header = request.headers.get('Authorization')
resp = ""
try:
token = auth_header.split(' ')[1]
response = User.decode_auth_token(token)
if (isinstance(response, User)):
data = {'status': 'success', 'data': response.to_json()}
status_code = 200
else:
data = {'status': 'fail', 'message': response}
status_code = 401
return jsonify(data), status_code
except Exception as e:
resp = str(e)
return jsonify({'status': 'fail', 'message': resp}), 401