def test_user_password():
password = "******"
user = User(username="******")
user.password = password
assert user.verify(password) is True
user.hashed_password = None
assert user.verify(password) is False
with pytest.raises(RuntimeError) as exc_info:
assert not user.password
assert str(exc_info.value) == "Invalid access: get password not allowed"
def test_login_post(mocker, engine, session, app, client):
now_dt = datetime.utcnow()
mocker.patch("apitoolbox.tz.utcnow", return_value=now_dt)
user = User(username="******")
user.password = "******"
session.add(user)
session.commit()
user = session.merge(user)
endpoint = endpoints.LoginEndpoint(User, secret="s0secret")
@app.post("/login")
async def _post(username: str = fastapi.Form(None),
password: str = fastapi.Form(None)):
return await endpoint.on_post(session, username, password)
expiry = now_dt + timedelta(seconds=endpoint.token_expiry)
expected_data = {
**user.as_dict(),
"exp": expiry,
}
expected_token = jwt.encode(
expected_data, endpoint.secret,
algorithm=endpoint.jwt_algorithm).decode("utf-8")
res = client.post("/login",
data={
"username": "******",
"password": "******",
})
assert res.status_code == 303
assert res.headers.get("location") == "/"
assert res.cookies.items() == [("jwt", expected_token)]
assert res.json() == {
**expected_data, "exp": expiry.isoformat(),
"token": expected_token
}
def test_login_post_invalid_password(engine, session, app, client):
password = "******"
user = User(username="******")
user.password = password
session.add(user)
session.commit()
endpoint = endpoints.LoginEndpoint(User,
secret="s0secret",
template="<${error}")
@app.post("/login")
async def _post(username: str = fastapi.Form(None),
password: str = fastapi.Form(None)):
return await endpoint.on_post(session, username, password)
res = client.post("/login",
data={
"username": "******",
"password": password + "make_it_invalid",
})
assert res.status_code == 401
assert res.text == "<Login failed; Invalid userID or password"