def post(self): # get auth token auth_header = request.headers.get('Authorization') if (auth_header is not None) and (' ' in auth_header): auth_token = auth_header.split(" ")[1] else: auth_token = auth_header if auth_token: resp = User.decode_auth_token(auth_token) if isinstance(resp, str) and ('Signature expired' not in resp) and ('Token blacklisted' not in resp): # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) try: # insert the token blacklist_token.save() responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200 else: responseObject = {'status': 'fail', 'message': resp} return make_response(jsonify(responseObject)), 401 else: responseObject = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(responseObject)), 403
def post(self, user=None, token_response=None, **kwargs): # get auth token auth_token = get_auth_token(request) # mark the token as blacklisted try: blacklist_token = BlacklistToken(token=auth_token) blacklist_token.save() # insert the token responseObject = { 'status': 'success', 'message': 'Successfully logged out.' } return make_response(jsonify(responseObject)), 200 except Exception as e: responseObject = {'status': 'fail', 'message': e} return make_response(jsonify(responseObject)), 200
def test_valid_blacklisted_token_user(self): """ Test for user status with a blacklisted valid token """ with self.client: User.delete_one('joe') resp_register = register_user(self, 'joe', '*****@*****.**', '123456') # blacklist a valid token token = json.loads(resp_register.data.decode())['auth_token'] blacklist_token = BlacklistToken(token=token) blacklist_token.save() response = self.client.get('/auth/status', headers=dict(Authorization='Bearer ' + token)) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)
def test_valid_blacklisted_token_logout(self): """ Test for logout after a valid token gets blacklisted """ with self.client: # user registration User.delete_one('joe') resp_register = register_user(self, 'joe', '*****@*****.**', '123456') data_register = json.loads(resp_register.data.decode()) self.assertTrue(data_register['status'] == 'success') self.assertTrue( data_register['message'] == 'Successfully registered.') self.assertTrue(data_register['auth_token']) self.assertTrue(resp_register.content_type == 'application/json') self.assertEqual(resp_register.status_code, 201) # user login resp_login = login_user(self, 'joe', '123456') data_login = json.loads(resp_login.data.decode()) self.assertTrue(data_login['status'] == 'success') self.assertTrue(data_login['message'] == 'Successfully logged in.') self.assertTrue(data_login['auth_token']) self.assertTrue(resp_login.content_type == 'application/json') self.assertEqual(resp_login.status_code, 200) # blacklist a valid token blacklist_token = BlacklistToken( token=json.loads(resp_login.data.decode())['auth_token']) blacklist_token.save() # blacklisted valid token logout response = self.client.post( '/auth/logout', headers=dict( Authorization='Bearer ' + json.loads(resp_login.data.decode())['auth_token'])) data = json.loads(response.data.decode()) self.assertTrue(data['status'] == 'fail') self.assertTrue( data['message'] == 'Token blacklisted. Please log in again.') self.assertEqual(response.status_code, 401)