コード例 #1
0
ファイル: __init__.py プロジェクト: FacadeCrimson/Full-Stack
def login():
    if 'token' in session:
        return "Already logged in!"
    req = request.get_json()
    email = req['email']
    password = req['password']
    try:
        token = log_in(email, password)['access_token']
        payload = verify_decode_jwt(token)
        id = payload["sub"][6:]
        trader = Trader.query.get(id)
        if not trader:
            trader = Trader(id=id,
                            name="Test Account",
                            email=email,
                            cash=10000)
            trader.insert()
        session['token'] = token
        stocks = Possession.query.filter(Possession.trader_id == id)
    except:
        abort(403)
    message = f'''
    Hello {trader.name}!
    You have {trader.cash} dollars in your account.

    '''
    for stock in stocks:
        message = message + f"You have {stock.position} shares of {stock.stock_code}.\n"
    db.session.close()
    return message
コード例 #2
0
    def login_as_producer():

        code_auth = request.args.get('code')

        token = get_access_token(code_auth)

        user_id = get_user_id(token)

        api_token = get_MGMT_API_ACCESS_TOKEN()

        payload = verify_decode_jwt(token)

        if 'permissions' not in payload:
            abort(400)

        permissions = payload.get('permissions')

        if len(permissions) == 0:

            url3 = f'https://{AUTH0_DOMAIN}/api/v2/users/{user_id}/roles'

            headers = {
                'content-type': 'application/json',
                'authorization': 'Bearer ' + api_token,
                'cache-control': 'no-cache'
            }

            data = '{ "roles": [ " rol_t2ets4eZtnaqf6Xo " ] }'
            data = data.encode('ascii')
            req3 = uri.Request(url3, data, headers)

            try:

                uri.urlopen(req3)
            except uri.URLError as e:

                print('URL Error: ', e.reason)
            except uri.HTTPError as e:

                print('HTTP Error code: ', e.code)
            else:

                session['role'] = 'producer'
                return redirect(url_for('home'))

        if 'delete:movie' in permissions:
            session['role'] = 'producer'
        elif 'delete:movie' not in permissions and 'delete:actor' \
            in permissions:
            session['role'] = 'director'
        elif 'delete:actor' not in permissions:
            session['role'] = 'Casting Assistant'

        return redirect(url_for('home'))
コード例 #3
0
    def test_executive_producer_with_delete_movie_role(self):
        res = self.client().delete('/movies/1', headers=self.headers)

        header = self.headers
        token_header = header['Authorization']
        token = token_header.split(' ')[1]

        payload = verify_decode_jwt(token)
        permissions = payload['permissions']

        if 'delete:movie' in permissions:
            permission = True

            self.assertEqual(permission, True)
コード例 #4
0
    def test_casting_director_with_delete_movie_role(self):
        res = self.client().delete('/movies/1', headers=self.headers)

        header = self.headers
        token_header = header['Authorization']
        token = token_header.split(' ')[1]

        payload = verify_decode_jwt(token)
        permissions = payload['permissions']
        print(permissions)

        if 'delete:movie' not in permissions:
            no_permission = False

        self.assertEqual(no_permission, False)
コード例 #5
0
def callback_handling():
    auth0.authorize_access_token()
    session['access_token'] = auth0.token['access_token']
    session['id_token'] = auth0.token['id_token']
    session['permissions'] = \
        auth.verify_decode_jwt(session['access_token'])['permissions']
    session['authorized'] = True
    resp = auth0.get('userinfo')
    userinfo = resp.json()
    session[constants.JWT_PAYLOAD] = userinfo
    session[constants.PROFILE_KEY] = {
        'user_id': userinfo['sub'],
        'name': userinfo['name'],
        'picture': userinfo['picture']
    }
    session['authorized'] = True
    return redirect('/home')
コード例 #6
0
    def test_casting_assistant_with_psot_movie_role(self):
        res = self.client().post('/movies',
                                 headers=self.headers,
                                 json=self.new_movie)
        # data = json.loads(res.data)

        header = self.headers
        token_header = header['Authorization']
        token = token_header.split(' ')[1]

        payload = verify_decode_jwt(token)
        permissions = payload['permissions']
        print(permissions)

        if 'post:movie' not in permissions:
            no_permission = False

        self.assertEqual(no_permission, False)
コード例 #7
0
 def test_decodeExpiredToken_thenAuthError(self):
     with self.assertRaises(AuthError) as context:
         auth.verify_decode_jwt(EXPIRED_TOKEN)
     self.assertEqual(context.exception.error['code'], 'token_expired')
     self.assertEqual(context.exception.error['description'], 'Token expired.')
     self.assertEqual(context.exception.status_code, 401)
コード例 #8
0
 def test_decodeInvalidToken_thenAuthError(self):
     with self.assertRaises(AuthError) as context:
         auth.verify_decode_jwt('invalidtoken')
     self.assertEqual(context.exception.error['code'], 'invalid_token')
     self.assertEqual(context.exception.error['description'], 'Incorrect token provided.')
     self.assertEqual(context.exception.status_code, 400)
コード例 #9
0
 def test_decodeValidToken_tokenPayloadReturned(self):
     token = get_valid_token()
     payload = auth.verify_decode_jwt(token)
     self.assertIsNotNone(payload)
     for k in ['iss', 'sub', 'aud', 'azp', 'gty', 'permissions']:
         self.assertIn(k, payload)