def decorated_function(session, *args, **kws): if 'authToken' not in request.headers: abort(401) try: shortened_token = BlockstackAuth.short_jwt( request.headers['authToken'] ) # implicitly checks if its a token username = BlockstackAuth.get_username_from_token(shortened_token) user_inst: User = session.query(User).filter( User.usernameUser == username).one() # check if token matches "cached" token, if thats the case, we are done here... else: if shortened_token != user_inst.authToken: # verify token: if BlockstackAuth.verify_auth_response(shortened_token): # token is valid, save it to DB user_inst.authToken = shortened_token session.commit() else: # token invalid, abort abort(401) else: # token is valid pass except NoResultFound: # User needs to register abort(404) except (KeyError, ValueError, DecodeError): # jwt decode errors abort(401) else: tmp = func(user_inst, *args, **kws) session.commit() # if user_inst get's changed return tmp
def user_post(session): """ Handles POST for resource <base>/api/users . :return: "{'status': 'User registered'}", 200 """ username = request.headers.get('username', default=None) firstname = request.headers.get('firstname', default=None) lastname = request.headers.get('lastname', default=None) email = request.headers.get('email', default=None) auth_token = request.headers.get('authToken', default=None) if None in [username, firstname, lastname, email, auth_token]: return jsonify({'error': 'Missing parameter'}), 400 if "" in [username, firstname, lastname, email, auth_token]: return jsonify({'error': "Empty parameter"}), 400 if re.match("^[a-zA-ZäÄöÖüÜ ,.'-]+$", firstname) is None or re.match( "^[a-zA-ZäÄöÖüÜ ,.'-]+$", lastname) is None: return jsonify({ 'error': 'Firstname and/or lastname must contain only alphanumeric characters' }), 400 acc = WEB3.eth.account.create() try: shortened_token = BlockstackAuth.short_jwt(auth_token) username_token = BlockstackAuth.get_username_from_token( shortened_token) if username_token != username: return jsonify( {'error': 'username in token doesnt match username'}), 400 res = session.query(User).filter( User.usernameUser == username).one_or_none() if res is not None: return jsonify({'status': 'User is already registered'}), 400 user_inst = User(usernameUser=username, firstnameUser=firstname, lastnameUser=lastname, emailUser=email, authToken=shortened_token, publickeyUser=acc.address, privatekeyUser=acc.key) except (KeyError, ValueError, DecodeError): # jwt decode errors return jsonify({'status': 'Invalid JWT'}), 400 session.add(user_inst) session.commit() return jsonify({'status': 'User registered'}), 201
def test_auth_user_valid3(testclient): session = DB_SESSION() res = session.query(User).filter(User.idUser == 6).one() res.authToken = "" session.commit() headers = {"authToken": TOKEN_1} res = testclient.get('/test', headers=headers) assert res._status_code == 200 res = session.query(User).filter(User.idUser == 6).one() assert res.authToken == BlockstackAuth.short_jwt(TOKEN_1)
def test_verify_no_token2(): with pytest.raises(DecodeError): BlockstackAuth.verify_auth_response("test")
def test_verify_invalid6(): assert not BlockstackAuth.verify_auth_response(TOKEN_INVALID_ISS2)
def test_verify_valid3(): assert BlockstackAuth.verify_auth_response(TOKEN_3)
def test_shorten2(): assert len(BlockstackAuth.short_jwt(TOKEN_2)) < len(TOKEN_2)
def test_username2(): assert BlockstackAuth.get_username_from_token( TOKEN_2) == "sw2020testuser2.id.blockstack"