def test_authentication_fail():
crypto = Crypto()
salt = crypto.generateRandomSalt()
wrongPassword = crypto.encrypt(salt, 'wrong')
user = models.User.User(username='******',
salt=salt,
password=wrongPassword)
authUser = userRep.authentication(user)
assert authUser.username == ""
def authentication(self, user=User()):
"""
(User) -> (User)
"""
session = self.session_factory()
userDB = session.query(UserDB).filter_by(
username=user.username).first()
crypto = Crypto()
decriptedTest = crypto.decrypt(userDB.salt, userDB.password)
decriptedUser = crypto.decrypt(userDB.salt, user.password)
if (decriptedTest == decriptedUser):
return User(userDB.id, userDB.idType, userDB.email,
userDB.username, userDB.password, userDB.salt,
userDB.dateInsertion, userDB.dateUpdate)
else:
return User()
def post(self):
"""
Method used to insert user in database
receives in body request a user model
action should be anything
"""
user = request.json
user = namedtuple("User", user.keys())(*user.values())
user = models.User.User(id=None,
idType=user.idType,
email=user.email,
username=user.username,
password=user.password,
salt=user.salt,
dateInsertion=user.dateInsertion,
dateUpdate=user.dateUpdate)
repository = UserRepository(FLASK_APP.config["DBUSER"],
FLASK_APP.config["DBPASS"],
FLASK_APP.config["DBHOST"],
FLASK_APP.config["DBPORT"],
FLASK_APP.config["DBNAME"])
try:
user.id = None
if not user.email or not user.username or not user.password or not user.salt:
raise Exception('User fields not defined')
crypto = Crypto()
user.salt = crypto.generateRandomSalt()
user.password = crypto.encrypt(user.salt, user.password)
user = repository.create(user)
Logger.Logger.create(FLASK_APP.config["ELASTICURL"], 'Informative',
'User sucessfuly created', 'post()',
str(user.__dict__), FLASK_APP.config["TYPE"])
return self.okResponse(response=user,
message="User sucessfuly created.",
status=201), 200
except Exception as err:
Logger.Logger.create(FLASK_APP.config["ELASTICURL"],
'Error', 'Internal server Error', 'post()',
str(err), FLASK_APP.config["TYPE"])
return self.okResponse(response=err,
message="Internal server error " + str(err),
status=500)
def test_wrong_auth(generic_user=generic_user):
crypto = Crypto()
generic_user.salt = crypto.generateRandomSalt()
generic_user.password = crypto.encrypt(generic_user.salt, 'test')
data = {'salt': generic_user.salt}
creds = base64.b64encode(bytes("wrong:" + generic_user.password,
'utf-8')).decode('utf-8')
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Basic %s' % creds
}
resp = client.post('/api/gyresources/token/',
headers=headers,
data=str(json.dumps(data)),
follow_redirects=True)
resp = json.loads(resp.get_data(as_text=True))
assert resp['status_code'] == 401
def authentication(self, user=User()):
"""
(User) -> (User)
"""
session = self.session_factory()
userDB = session.query(UserDB).filter_by(
username=user.username).first()
crypto = Crypto()
decriptedTest = crypto.decrypt(userDB.salt, userDB.password)
# decriptedUser = crypto.decrypt(user.salt, user.password)
print('decripted: %s' % decriptedTest)
print('test: %s' % user.password)
if (decriptedTest == user.password):
return User(userDB.id, userDB.idType, userDB.email,
userDB.username, userDB.password, userDB.salt,
userDB.dateInsertion, userDB.dateUpdate,
[Analysis(id=x.id) for x in userDB.analysis])
else:
return User()
def test_update(generic_user=generic_user, token=token):
data = generic_user.__dict__
data['action'] = 'search'
resp = client.get('/api/gyresources/users',
content_type='application/json',
headers={
'Accept': 'application/json',
'Content-Type': 'application/json',
'dataType': 'json'
},
query_string=data,
follow_redirects=True)
pagedResponse = json.loads(resp.get_data(as_text=True))
user = object()
for response in pagedResponse['response']:
user = namedtuple("User", response.keys())(*response.values())
crypto = Crypto()
user = models.User.User(id=user.id,
idType=user.idType,
email=user.email,
username=user.username,
password='******',
salt=crypto.generateRandomSalt(),
dateInsertion=user.dateInsertion,
dateUpdate=user.dateUpdate)
user.password = crypto.encrypt(user.salt, user.password)
user.username = '******'
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer %s' % token['token']
}
resp = client.put('/api/gyresources/users/',
data=str(json.dumps(user.__dict__)),
headers=headers)
assert resp.status_code == 200
user = json.loads(resp.get_data(as_text=True))
user = namedtuple("User", user.keys())(*user.values())
assert "username2" in user.response['username']
from UserRepository import UserRepository
import models.User
from tools.Cryptography import Crypto
userRep = UserRepository('capivara', 'test', '127.0.0.1', '5432', 'green_eyes')
crypto = Crypto()
salt = crypto.generateRandomSalt()
ciphredPassword = crypto.encrypt(salt, 'test')
def test_insert():
user = models.User.User(0, 0, '*****@*****.**', 'tester', ciphredPassword,
salt, '12/12/12', '')
assert userRep.create(user).username == 'tester'
def test_search():
users = userRep.search(user=models.User.User(username='******'))
print('return {0} lines'.format(len(users)))
assert 'tester' in users['content'][0].username
def test_authentication():
user = models.User.User(username='******', password='******')
authUser = userRep.authentication(user)
assert authUser.username == user.username
def test_authentication_fail():
crypto = Crypto()
salt = crypto.generateRandomSalt()