def login(): try: data = get_request_data(request, ["email", "password"]) except (ValueError, TypeError) as e: return handle_error(message="Invalid parameters: %s" % str(e), logger=logger, status_code=422) db = DatabaseService() userType = db.authenticate_user( email=data["email"], password=data["password"], ) if not userType: return make_response("Error: invalid credentials", 401) token = jwt.encode( { "subject": data["email"], "userType": userType }, app.config["SECRET_KEY"], algorithm="HS256", ) return jsonify({"token": token})
def test_reset_password_updates_password(self): email = "*****@*****.**" token = "testtoken" password1 = "testpassword1" password2 = "testpassword2" db = DatabaseService() db.save_user(email=email, password=password1) db.save_reset_token(email=email, token=token) data = json.dumps({ "token": token, "password": password2, "passwordCheck": password2, }) self.app.post("/api/v1/reset-password", data=data) result = db.authenticate_user(email=email, password=password2) self.assertIsNotNone(result)
class TestDatabaseService(BaseTest): def setUp(self): super(TestDatabaseService, self).setUp() self.db = DatabaseService() def tearDown(self): super(TestDatabaseService, self).tearDown() def test_database_service_can_connect(self): self.assertIsNotNone(self.db) def test_database_service_can_save_user(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT COUNT(*) FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(1, results[0][0]) curr.close() def test_database_service_saves_user_with_correct_email(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(email, results[0][0]) curr.close() def test_database_service_saves_email_as_lowercase(self): email = '*****@*****.**' lowercaseEmail = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(lowercaseEmail, results[0][0]) curr.close() def test_database_service_saves_hashed_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertNotEqual(password, results[0][0]) curr.close() def test_database_services_saves_correct_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertTrue(check_password_hash(results[0][0], password)) curr.close() def test_database_service_saves_first_and_last_name(self): email = '*****@*****.**' password = '******' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, firstName=firstName, lastName=lastName, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(firstName, results[0][0]) self.assertEqual(lastName, results[0][1]) curr.close() def test_database_service_handles_default_values_for_first_and_last_name( self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(None, results[0][0]) self.assertEqual(None, results[0][1]) curr.close() def test_database_service_can_authorize_valid_user_credentials(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) result = self.db.authenticate_user(email=email, password=password) self.assertIsNotNone(result) def test_database_service_returns_user_type_after_authorizing(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) result = self.db.authenticate_user(email=email, password=password) self.assertEqual(userType, result) def test_database_service_handles_nonexistent_user(self): email = '*****@*****.**' password = '******' result = self.db.authenticate_user(email=email, password=password) self.assertEqual(result, None) def test_database_service_creates_user_with_correct_user_type(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) query = "SELECT user_type FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(userType, results[0][0]) curr.close() def test_database_service_can_return_user_data(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) user = self.db.get_user(email=email) self.assertIsNotNone(user) def test_database_service_returns_correct_user_data_on_get_user(self): email = '*****@*****.**' password = '******' userType = 'testtype' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, userType=userType, firstName=firstName, lastName=lastName, ) user = self.db.get_user(email=email) self.assertEqual(user['email'], email) self.assertEqual(user['firstName'], firstName) self.assertEqual(user['lastName'], lastName) self.assertEqual(user['userType'], userType) def test_database_service_can_save_reset_token(self): self.db.save_reset_token( email='*****@*****.**', token='thisisatesttoken', ) query = "SELECT * FROM reset_tokens" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() self.assertIsNotNone(results[0]) def test_database_service_can_validate_saved_reset_token(self): email = '*****@*****.**' token = 'testtoken' curr = self.conn.cursor() data = (email, token) query = "INSERT INTO reset_tokens (email, token) VALUES (%s, %s)" curr.execute(query, data) self.conn.commit() user_email = self.db.validate_reset_token(token=token) self.assertIsNotNone(user_email) def test_database_service_can_update_password(self): email = '*****@*****.**' password1 = 'testpass1' password2 = 'testpass2' self.db.save_user(email=email, password=password1) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() first_password = results[0][0] self.db.update_password(email=email, password=password2) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() second_password = results[0][0] self.assertNotEqual(first_password, second_password)