async def login(
login: models.UserInLogin = Body(...), db: AsyncIOMotorClient = Depends(db_get)
):
db_user = await get_user(db, {"email": login.email})
if not db_user:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED, detail="User with email does not exist"
)
print(login.password)
print(db_user.hashed_password)
if not verify_password(db_user.salt + login.password, db_user.hashed_password):
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED, detail="Invalid password"
)
token = get_token({"email": db_user.email, "username": db_user.username})
db_user.refresh_token = get_token({"email": db_user.email}, is_refresh=True)
# Put the refresh token into the database
result = await db[DATABASE_NAME].users.update_one(
{"email": db_user.email}, {"$set": db_user.dict()}
)
if not result.acknowledged:
raise HTTPException(
status_code=HTTP_500_INTERNAL_SERVER_ERROR,
detail="Failed to update database",
)
return models.User(**db_user.dict(), token=token)
async def refresh(db: AsyncIOMotorClient, user: models.User) -> models.User:
# TODO Should we also try and find the user by username
db_user = await get_user(db, {"email": user.email})
if not db_user:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED, detail="User does not exist"
)
# Check that the refresh token matches with what is on the database
if not db_user.refresh_token == user.refresh_token:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED, detail="Authorization token is invalid"
)
# Check that the refresh token is not expired
_, expiry, now = load_token(user.refresh_token, is_jwt=True, is_refresh=True)
if expiry:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED,
detail=f"Could not authenticate, refresh token expired on: {expiry}, current time is: {now}",
)
# Generate a new token and return it
token = get_token({"email": db_user.email, "username": db_user.username})
return models.User(**db_user.dict(), token=token)
def test_get_token(requests_mock):
requests_mock.post(MOCK_TOKEN_ENDPOINT, json=FAKE_TOKEN, status_code=200) # mock endpoint response
payload = {}
headers = {}
result = auth.get_token(MOCK_TOKEN_ENDPOINT, payload, headers)
assert isinstance(result, requests.models.Response)
assert result.json() == FAKE_TOKEN
def test_token_authentication_with_headers(self):
token = Token("user123")
with app.test_request_context("/", headers={"Authentication": token.token}):
return_value = authenticated_function()
self.assertTrue(return_value)
found_token = get_token()
self.assertEqual(token.token, found_token)
user_unid = get_user_unid(found_token)
self.assertEqual("user123", user_unid)
def post(self):
token = get_token()
found_token = Token.get_token(token)
if found_token:
found_token.expire_token()
return {'status': 'true'}
else:
return {'status': 'false', 'message': 'Could not find token'}
def register_url():
access_token = auth.get_token()
api_url = "http://sandbox.safaricom.co.ke/mpesa/c2b/v1/registerurl"
headers = {"Authorization": "Bearer %s" % access_token}
req = {
"ShortCode": "600388",
"ResponseType": " ",
"ConfirmationURL": config.confirmation_url,
"ValidationURL": config.validate_url
}
response = requests.post(api_url, json=req, headers=headers)
print(response.text)
return "Registered Url"
def home():
access_token = auth.get_token()
print(access_token)
return "Data is here"
def test_get_auth_token_no_headers(self):
with app.test_request_context("/"):
self.assertEqual(None, get_token())
def test_get_auth_token_with_headers(self):
with app.test_request_context("/", headers={"Authentication": "foo"}):
self.assertEqual("foo", get_token())
