def test_auth_uniquifier(app): # If add fs_token_uniquifier to user model - change password shouldn't invalidate # auth tokens. from sqlalchemy import Column, String from flask_sqlalchemy import SQLAlchemy from flask_security.models import fsqla_v2 as fsqla from flask_security import Security, SQLAlchemyUserDatastore app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" db = SQLAlchemy(app) fsqla.FsModels.set_db_info(db) class Role(db.Model, fsqla.FsRoleMixin): pass class User(db.Model, fsqla.FsUserMixin): fs_token_uniquifier = Column(String(64), unique=True, nullable=False) with app.app_context(): db.create_all() ds = SQLAlchemyUserDatastore(db, User, Role) app.security = Security(app, datastore=ds) with app.app_context(): ds.create_user( email="*****@*****.**", password=hash_password("password"), ) ds.commit() client = app.test_client() # standard login with auth token response = json_authenticate(client) token = response.json["response"]["user"]["authentication_token"] headers = {"Authentication-Token": token} # make sure can access restricted page response = client.get("/token", headers=headers) assert b"Token Authentication" in response.data # change password response = client.post( "/change", data={ "password": "******", "new_password": "******", "new_password_confirm": "new strong password", }, follow_redirects=True, ) assert response.status_code == 200 # authtoken should still be valid response = client.get("/token", headers=headers) assert response.status_code == 200
def test_change_token_uniquifier(app): # make sure that existing token no longer works once we change the token uniquifier from sqlalchemy import Column, String from flask_sqlalchemy import SQLAlchemy from flask_security.models import fsqla_v2 as fsqla from flask_security import Security, SQLAlchemyUserDatastore app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" db = SQLAlchemy(app) fsqla.FsModels.set_db_info(db) class Role(db.Model, fsqla.FsRoleMixin): pass class User(db.Model, fsqla.FsUserMixin): fs_token_uniquifier = Column(String(64), unique=True, nullable=False) with app.app_context(): db.create_all() ds = SQLAlchemyUserDatastore(db, User, Role) app.security = Security(app, datastore=ds) with app.app_context(): ds.create_user( email="*****@*****.**", password=hash_password("password"), ) ds.commit() client_nc = app.test_client(use_cookies=False) response = json_authenticate(client_nc) token = response.json["response"]["user"]["authentication_token"] verify_token(client_nc, token) # now change uniquifier with app.test_request_context("/"): user = app.security.datastore.find_user(email="*****@*****.**") app.security.datastore.reset_user_access(user) app.security.datastore.commit() verify_token(client_nc, token, status=401) # get new token and verify it works response = json_authenticate(client_nc) token = response.json["response"]["user"]["authentication_token"] verify_token(client_nc, token)
def test_null_token_uniquifier(app): # If existing record has a null fs_token_uniquifier, should be set on first use. from sqlalchemy import Column, String from flask_sqlalchemy import SQLAlchemy from flask_security.models import fsqla_v2 as fsqla from flask_security import Security, SQLAlchemyUserDatastore app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" db = SQLAlchemy(app) fsqla.FsModels.set_db_info(db) class Role(db.Model, fsqla.FsRoleMixin): pass class User(db.Model, fsqla.FsUserMixin): fs_token_uniquifier = Column(String(64), unique=True, nullable=True) with app.app_context(): db.create_all() ds = SQLAlchemyUserDatastore(db, User, Role) app.security = Security(app, datastore=ds) with app.app_context(): ds.create_user( email="*****@*****.**", password=hash_password("password"), ) ds.commit() # manually null out fs_token_uniquifier user = ds.find_user(email="*****@*****.**") user.fs_token_uniquifier = None ds.put(user) ds.commit() client_nc = app.test_client(use_cookies=False) response = json_authenticate(client_nc) token = response.json["response"]["user"]["authentication_token"] verify_token(client_nc, token)