def test_lookup_user_token():
app = create_ctfd()
with app.app_context():
user = gen_user(app.db)
# Good Token
token = gen_token(app.db, user_id=user.id)
user = lookup_user_token(token.value)
assert user.id == token.user_id
# Expired Token
expiration = datetime.datetime.utcnow() + datetime.timedelta(days=-1)
token = gen_token(app.db, user_id=user.id, expiration=expiration)
try:
lookup_user_token(token.value)
except UserTokenExpiredException:
pass
except Exception as e:
raise e
# Nonexistant token
try:
lookup_user_token("wat")
except UserNotFoundException:
pass
except Exception as e:
raise e
destroy_ctfd(app)
def tokens():
token = request.headers.get("Authorization")
if token and request.content_type == "application/json":
try:
token_type, token = token.split(" ", 1)
user = lookup_user_token(token)
except UserNotFoundException:
abort(401)
except UserTokenExpiredException:
abort(401)
except Exception:
abort(401)
else:
login_user(user)
