def test_get_by_id(self):
"""Get user by ID."""
user = User(username='******', email='*****@*****.**')
user.save()
retrieved = User.get_by_id(user.id)
assert retrieved == user
def verify(username_or_token=None, password=None):
from authenticate.api.user.models import User
from authenticate.api.applications.models import Application
from authenticate.api.user.models import User
"""Checks if the request is coming from an application that is IP Whitelisted."""
if request.headers.get('X-Application-Name', None):
application = Application.query.filter_by(
name=request.headers.get('X-Application-Name')).first()
if application and request.headers.get(
'X-Forwarded-For',
request.remote_addr) in application.white_listed_ips:
g.user = User(app_user=True)
return True
# check if token has been invalidated
invalid_token = InvalidToken.query.filter_by(
token=username_or_token).first()
if invalid_token:
return False
# first try to authenticate by token
user = User.verify_auth_token(username_or_token)
if not user:
# try to authenticate with username/password
user = User.query.filter_by(username=username_or_token).first()
# Deleted users shouldn't authenticate
if user and user.is_deleted:
return False
# Exception for posting to the users endpoint for initial user creation
if request.endpoint == 'userapi' and request.method == 'POST':
g.user = user
return True
if not user or not user.check_password(password):
return False
g.user = user
g.token = username_or_token
return True
def initial_setup(username, password, email):
if not username and password and email:
raise ValueError('Username, password, and email are required')
scope = Scope.create(name='Root')
user = User.create(username=username, email=email)
user.set_password(password)
db.session.commit()
user_scope_mapping = UserScopeMapping.create(role='ADMIN',
scope_id=scope.id)
user.user_scope_mappings.append(user_scope_mapping)
db.session.commit()
print('Root user and root scope setup successfully')
def post(self, user_id=None):
data = request.values
if data.get('id', user_id):
# mobile number is not required so only validate it if it was sent in the request
if data.get('mobile_number', None):
try:
int(data.get('mobile_number', None))
except:
return {
'message': 'Invalid phone number',
'is_successful': False
}
try:
phone_number = phonenumbers.parse(data.get('mobile_number', None),
Config.DEFAULT_PHONE_REGION)
phone_number = phonenumbers.format_number(phone_number,
phonenumbers.PhoneNumberFormat.E164)
except Exception as e:
return {
'message': str(e),
'is_successful': False
}
if data.get('email', None):
try:
validate_email(data.get('email', None))
except Exception as e:
return {
'message': 'Email address not valid',
'is_successful': False
}
if not hasattr(g, 'user') or not g.user or not g.user.can.modify.user_id(data.get('id', user_id)):
return abort(401)
user_name_check = User.query.filter(
(User.username == data.get('username', None)) &
(User.id != data.get('id', user_id))
).first()
email_check = User.query.filter(
(User.email == data.get('email', None)) &
(User.id != data.get('id', user_id))
).first()
if user_name_check:
return {
'message': 'Username already in use',
'is_successful': False
}
if email_check:
return {
'message': 'Email already in use',
'is_successful': False
}
user = User.query.filter_by(id=data.get('id', user_id)).first()
if not user:
return {
'message': 'User not found',
'is_successful': False
}
user.first_name = data.get('first_name', user.first_name)
user.username = data.get('username', user.username)
user.email = data.get('email', user.email)
user.mobile_number = data.get('mobile_number', user.mobile_number)
user.last_name = data.get('last_name', user.last_name)
if data.get('password', None):
user.set_password(data.get('password'))
db.session.commit()
return {
'message': 'User updated successfully.',
'is_successful': True
}
user_name_check = User.query.filter_by(username=data.get('username', None)).first()
email_check = User.query.filter_by(email=data.get('email', None)).first()
if user_name_check:
return {
'message': 'Username already in use',
'is_successful': False
}
if email_check:
return {
'message': 'Email already in use',
'is_successful': False
}
if data.get('mobile_number') and data.get('username') and \
data.get('email') and data.get('first_name') and \
data.get('last_name') and data.get('password'):
pass
else:
return {
'message': 'All fields are required',
'is_successful': False
}
if data.get('mobile_number', None):
try:
int(data.get('mobile_number', None))
except:
return {
'message': 'Invalid phone number',
'is_successful': False
}
try:
phone_number = phonenumbers.parse(data.get('mobile_number', None),
Config.DEFAULT_PHONE_REGION)
phone_number = phonenumbers.format_number(phone_number,
phonenumbers.PhoneNumberFormat.E164)
except Exception as e:
return {
'message': str(e),
'is_successful': False
}
else:
phone_number = None
if not validate_email(data.get('email', None)):
return {
'message': 'Email address not valid',
'is_successful': False
}
user = User().create(first_name=data.get('first_name', None),
username=data.get('username', None),
mobile_number=phone_number,
email=data.get('email', None),
last_name=data.get('last_name', None))
if data.get('password', None):
user.set_password(data.get('password', None))
db.session.commit()
# Generate email verification token
token = user.generate_auth_token()
email_body = 'Please use the following token to verify your email: {}' \
.format(api.url_for(PublicAuthApi, action='verify-email',
token=token, _external=True))
send_email('*****@*****.**', 'Please Verify Your Email', user.email, email_body)
return {
'message': 'User added successfully.',
'user_id': user.id,
'is_successful': True
}
def test_check_password(self):
"""Check password."""
user = User.create(username='******', email='*****@*****.**',
password='******')
assert user.check_password('foobarbaz123') is True
assert user.check_password('barfoobaz') is False
def test_password_is_nullable(self):
"""Test null password."""
user = User(username='******', email='*****@*****.**')
user.save()
assert user.password is None
def test_created_at_defaults_to_datetime(self):
"""Test creation date."""
user = User(username='******', email='*****@*****.**')
user.save()
assert bool(user.created_on)
assert isinstance(user.created_on, dt.datetime)