def test_login():
from pykern import pkunit
from pykern.pkdebug import pkdp
from pykern.pkunit import pkeq, pkok, pkre, pkexcept
from sirepo import auth
import flask
import sirepo.auth.guest
import sirepo.cookie
import sirepo.http_request
r = auth.api_authState()
pkre('LoggedIn": false.*Registration": false', r.data)
delattr(flask.g, 'sirepo_cookie')
auth.process_request()
with pkunit.pkexcept('SRException.*routeName=login'):
auth.logged_in_user()
with pkexcept('SRException.*routeName=login'):
auth.require_user()
sirepo.cookie.set_sentinel()
# copying examples for new user takes time
with pkunit.pkexcept('SRException.*routeName=None'):
r = auth.login(sirepo.auth.guest, sim_type='myapp')
r = auth.api_authState()
pkre('LoggedIn": true.*Registration": false', r.data)
u = auth.logged_in_user()
pkok(u, 'user should exist')
# guests do not require completeRegistration
auth.require_user()
def test_login():
from pykern import pkunit, pkcompat
from pykern.pkunit import pkeq, pkok, pkre, pkfail, pkexcept
from sirepo import auth
import flask
import sirepo.auth.guest
import sirepo.cookie
import sirepo.http_request
import sirepo.util
r = auth.api_authState()
pkre('LoggedIn": false.*Registration": false', pkcompat.from_bytes(r.data))
delattr(flask.g, 'sirepo_cookie')
auth.process_request()
with pkunit.pkexcept('SRException.*routeName=login'):
auth.logged_in_user()
with pkexcept('SRException.*routeName=login'):
auth.require_user()
sirepo.cookie.set_sentinel()
# copying examples for new user takes time
try:
r = auth.login(sirepo.auth.guest, sim_type='myapp')
pkfail('expecting sirepo.util.Response')
except sirepo.util.Response as e:
r = e.sr_args.response
pkre(r'LoggedIn":\s*true.*Registration":\s*false',
pkcompat.from_bytes(r.data))
u = auth.logged_in_user()
pkok(u, 'user should exist')
# guests do not require completeRegistration
auth.require_user()
def is_login_expired(res=None):
"""If expiry is configured, check timestamp
Args:
res (hash): If a hash and return is True, will contain (uid, expiry, and now).
Returns:
bool: true if login is expired
"""
if not cfg.expiry_days:
return False
n = int(srtime.utc_now_as_float())
t = int(cookie.unchecked_get_value(_COOKIE_EXPIRY_TIMESTAMP, 0))
if n <= t:
# cached timestamp less than expiry
return False
# db expiry at most one day from now so we can change expiry_days
# and (in any event) ensure expiry is checked once a day. This
# would also allow us to extend the expired period in the db.
u = auth.logged_in_user()
r = auth.user_registration(u)
t = r.created + cfg.expiry_days
n = srtime.utc_now()
if n > t:
if res is not None:
res.update(uid=u, expiry=t, now=n)
return True
# set expiry in cookie
t2 = n + _ONE_DAY
if t2 < t:
t = t2
t -= datetime.datetime.utcfromtimestamp(0)
cookie.set_value(_COOKIE_EXPIRY_TIMESTAMP, int(t.total_seconds()))
return False
def _user_dir():
"""User for the session
Returns:
str: unique id for user from flask session
"""
uid = auth.logged_in_user()
d = user_dir_name(uid)
if d.check():
return d
auth.user_dir_not_found(uid)
def test_login():
from pykern import pkunit
from pykern.pkdebug import pkdp
from pykern.pkunit import pkeq, pkok, pkre
from sirepo import auth
import flask
import sirepo.auth.guest
import sirepo.cookie
import sirepo.http_request
r = auth.api_authState()
pkre('LoggedIn": false.*Registration": false', r.data)
delattr(flask.g, 'sirepo_cookie')
auth.process_request()
with pkunit.pkexcept('Unauthorized'):
auth.logged_in_user()
r = auth.require_user()
pkeq(400, r.status_code, 'status should be BAD REQUEST')
pkre('"routeName": "login"', r.data)
sirepo.cookie.set_sentinel()
# copying examples for new user takes time
r = auth.login(sirepo.auth.guest)
pkeq(None, r, 'user created')
r = auth.api_authState()
pkre('LoggedIn": true.*Registration": true', r.data)
u = auth.logged_in_user()
pkok(u, 'user should exist')
r = auth.require_user()
pkeq(400, r.status_code, 'status should be BAD REQUEST')
pkre('"routeName": "completeRegistration"', r.data)
flask.request = 'abcdef'
def parse_json(*args, **kwargs):
return pkcollections.Dict(simulationType='myapp',
displayName='Joe Bob')
setattr(sirepo.http_request, 'parse_json', parse_json)
auth.api_authCompleteRegistration()
r = auth.api_authState()
pkre('Name": "Joe Bob".*In": true.*.*Registration": false', r.data)
def job_id(data):
"""A Job is a simulation and report name.
A jid is words and dashes.
Args:
data (dict): extract sid and report
Returns:
str: unique name
"""
return '{}-{}-{}'.format(
auth.logged_in_user(),
data.simulationId,
data.report,
)
def api_authEmailAuthorized(simulation_type, token):
"""Clicked by user in an email
Token must exist in db and not be expired.
"""
if http_request.is_spider():
sirepo.util.raise_forbidden('robots not allowed')
req = http_request.parse_params(type=simulation_type)
with auth_db.thread_lock:
u = AuthEmailUser.search_by(token=token)
if u and u.expires >= srtime.utc_now():
n = _verify_confirm(req.type, token,
auth.need_complete_registration(u))
u.query.filter(
(AuthEmailUser.user_name == u.unverified_email),
AuthEmailUser.unverified_email != u.unverified_email,
).delete()
u.user_name = u.unverified_email
u.token = None
u.expires = None
u.save()
auth.login(this_module, sim_type=req.type, model=u, display_name=n)
raise AssertionError('auth.login returned unexpectedly')
if not u:
pkdlog('login with invalid token={}', token)
else:
pkdlog(
'login with expired token={}, email={}',
token,
u.unverified_email,
)
# if user is already logged in via email, then continue to the app
if auth.user_if_logged_in(AUTH_METHOD):
pkdlog(
'user already logged in. ignoring invalid token: {}, user: {}',
token,
auth.logged_in_user(),
)
raise sirepo.util.Redirect(sirepo.uri.local_route(req.type))
auth.login_fail_redirect(req.type, this_module, 'email-token')