def post(self): # get auth token auth_header = request.headers.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token db.session.add(blacklist_token) db.session.commit() response_object = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(response_object), 200) except Exception as e: response_object = {'status': 'fail', 'message': e} return make_response(jsonify(response_object), 200) else: response_object = {'status': 'fail', 'message': resp} return make_response(jsonify(response_object), 401) else: response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(response_object), 403)
def get(self): # get the auth token auth_header = request.headers.get('Authorization') if auth_header: try: auth_token = auth_header.split(" ")[1] except IndexError: responseObject = { 'status': 'fail', 'message': 'Bearer token malformed.' } return make_response(jsonify(responseObject)), 401 else: auth_token = '' if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): user = User.query.filter_by(id=resp).first() responseObject = { 'status': 'success', 'data': { 'user_id': user.id, 'email': user.email, 'user_role': user.user_role } } return make_response(jsonify(responseObject)), 200 responseObject = {'status': 'fail', 'message': resp} return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 401
def get(self): # get auth token auth_json = jsonify({"status": "authorised"}) unauth_json = jsonify({"status": "Unauthorized"}) auth_header = request.cookies.get('Authorization') if auth_header: auth_token = auth_header.split(" ")[1] else: auth_token = None if auth_token: resp = User.decode_auth_token(auth_token) if not isinstance(resp, str): try: return make_response(auth_json, 200) except Exception as e: return make_response(unauth_json, 401) return make_response(unauth_json, 401)
def decorated_function(*args, **kwargs): response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } auth_header = request.headers.get('Authorization') if not auth_header: return response_object, 403 auth_token = auth_header.split(' ')[1] resp = User.decode_auth_token(auth_token) if isinstance(resp, str): response_object['message'] = resp return response_object, 401 user = User.query.filter_by(id=resp).first() if not user: return response_object, 401 return f(resp, *args, **kwargs)
def decorated_function(self, *args, **kwargs): auth_header = request.headers.get("Authorization") if not auth_header: api.abort(401, "No auth token provided", status="fail") try: auth_token = auth_header.split(" ")[1] except IndexError: api.abort(401, "Invalid token", status="fail") resp = User.decode_auth_token(auth_token) if isinstance(resp, str): api.abort(401, resp, status="fail") user = User.query.filter_by(id=resp).first() if not user or not user.active: api.abort(401, "Invalid token", status="fail") return f(self, resp, auth_token, *args, **kwargs)
def check_login_status(): response_object = {'status': 'fail', 'message': 'Invalid token.'} auth_header = request.headers.get('Authorization') if not auth_header: return jsonify(response_object), 403 auth_token = auth_header.split(' ')[1] resp = User.decode_auth_token(auth_token) if isinstance(resp, str): response_object['message'] = resp return jsonify(response_object), 401 user = User.query.filter_by(id=resp).first() if not user: return jsonify(response_object), 401 response_object['status'] = 'success' response_object['message'] = 'Valid token.' response_object['username'] = user.username return jsonify(response_object), 200
def test_decode_auth_token(self): user = add_user(username='******', password='******') auth_token = user.encode_auth_token() decoded_token = User.decode_auth_token(auth_token) self.assertEqual(decoded_token, user.id)
def test_decode_auth_token(test_app, test_db, add_user): user = add_user() token = user.encode_auth_token(user.id) user_id = User.decode_auth_token(token) assert user.id == user_id