def test_login_happy_path(client, db_session): name = generate_username() password = generate_password() user = User(name, password, db_session=db_session) user_id = user.id reply = client.post('/login', json={ 'username': name, 'password': password }) assert reply.status_code == 200 assert list(reply.json.keys()) == ['token'] token = reply.json['token'] assert re.match('^[a-f0-9]{64}$', token) assert UserToken.get_user_id_with_token(token, db_session) == user_id # same prefix, but different suffix invalid_token = token[:32] + str(uuid.uuid4()).replace('-', '') assert UserToken.get_user_id_with_token(invalid_token, db_session) is None # same suffix, but different prefix invalid_token = str(uuid.uuid4()).replace('-', '') + token[-32:] assert UserToken.get_user_id_with_token(invalid_token, db_session) is None
def wrapper(*args, **kwargs): token = request.headers.get('X-Session') user_id = UserToken.get_user_id_with_token(token, db_session) if user_id: return handler(user_id, *args, **kwargs) return error_reply('Invalid token', 401)