def fido2_keys_user_validate(user_id): keys = list_fido2_keys(user_id) credentials = list(map(lambda k: pickle.loads(base64.b64decode(k.key)), keys)) data = request.get_json() cbor_data = cbor.decode(base64.b64decode(data["payload"])) credential_id = cbor_data['credentialId'] client_data = ClientData(cbor_data['clientDataJSON']) auth_data = AuthenticatorData(cbor_data['authenticatorData']) signature = cbor_data['signature'] Config.FIDO2_SERVER.authenticate_complete( get_fido2_session(user_id), credentials, credential_id, client_data, auth_data, signature ) user_to_verify = get_user_by_id(user_id=user_id) user_to_verify.current_session_id = str(uuid.uuid4()) user_to_verify.logged_in_at = datetime.utcnow() user_to_verify.failed_login_count = 0 save_model_user(user_to_verify) return jsonify({'status': 'OK'})
def verify_user_code(user_id): data = request.get_json() validate(data, post_verify_code_schema) user_to_verify = get_user_by_id(user_id=user_id) code = get_user_code(user_to_verify, data['code'], data['code_type']) if(verify_within_time(user_to_verify) >= 2): raise InvalidRequest("Code already sent", status_code=400) if user_to_verify.failed_login_count >= current_app.config.get('MAX_VERIFY_CODE_COUNT'): raise InvalidRequest("Code not found", status_code=404) if not code: increment_failed_login_count(user_to_verify) raise InvalidRequest("Code not found", status_code=404) if datetime.utcnow() > code.expiry_datetime: # sms and email increment_failed_login_count(user_to_verify) raise InvalidRequest("Code has expired", status_code=400) if code.code_used: increment_failed_login_count(user_to_verify) raise InvalidRequest("Code has already been used", status_code=400) user_to_verify.current_session_id = str(uuid.uuid4()) user_to_verify.logged_in_at = datetime.utcnow() user_to_verify.failed_login_count = 0 save_model_user(user_to_verify) use_user_code(code.id) return jsonify({}), 204
def create_user(): user_to_create, errors = user_schema.load(request.get_json()) req_json = request.get_json() if not req_json.get('password', None): errors.update({'password': ['Missing data for required field.']}) raise InvalidRequest(errors, status_code=400) save_model_user(user_to_create, pwd=req_json.get('password')) return jsonify(data=user_schema.dump(user_to_create).data), 201
def activate_user(user_id): user = get_user_by_id(user_id=user_id) if user.state == 'active': raise InvalidRequest('User already active', status_code=400) user.state = 'active' save_model_user(user) return jsonify(data=user.serialize()), 200
def test_add_existing_user_to_another_service_doesnot_change_old_permissions( notify_db_session, ): user = create_user() service_one = Service( name="service_one", email_from="service_one", message_limit=1000, restricted=False, created_by=user, ) dao_create_service(service_one, user) assert user.id == service_one.users[0].id test_user_permissions = Permission.query.filter_by(service=service_one, user=user).all() assert len(test_user_permissions) == 8 other_user = User( name="Other Test User", email_address="*****@*****.**", password="******", mobile_number="+447700900987", ) save_model_user(other_user) service_two = Service( name="service_two", email_from="service_two", message_limit=1000, restricted=False, created_by=other_user, ) dao_create_service(service_two, other_user) assert other_user.id == service_two.users[0].id other_user_permissions = Permission.query.filter_by(service=service_two, user=other_user).all() assert len(other_user_permissions) == 8 other_user_service_one_permissions = Permission.query.filter_by( service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 0 # adding the other_user to service_one should leave all other_user permissions on service_two intact permissions = [] for p in ["send_emails", "send_texts", "send_letters"]: permissions.append(Permission(permission=p)) dao_add_user_to_service(service_one, other_user, permissions=permissions) other_user_service_one_permissions = Permission.query.filter_by( service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 3 other_user_service_two_permissions = Permission.query.filter_by( service=service_two, user=other_user).all() assert len(other_user_service_two_permissions) == 8
def create_user(): user_to_create, errors = create_user_schema.load(request.get_json()) req_json = request.get_json() if not req_json.get('password', None): errors.update({'password': ['Missing data for required field.']}) raise InvalidRequest(errors, status_code=400) save_model_user(user_to_create, pwd=req_json.get('password')) result = user_to_create.serialize() return jsonify(data=result), 201
def test_create_user_fails_when_violates_sms_auth_requires_mobile_number_constraint( notify_db_session, test_email, test_name): data = { 'name': test_name, 'email_address': test_email, 'auth_type': 'sms_auth' } with pytest.raises(IntegrityError): user = User(**data) save_model_user(user)
def update_user(user_id): user_to_update = get_user_by_id(user_id=user_id) req_json = request.get_json() update_dct, errors = user_schema_load_json.load(req_json) pwd = req_json.get('password', None) # TODO password validation, it is already done on the admin app # but would be good to have the same validation here. if pwd is not None and not pwd: errors.update({'password': ['Invalid data for field']}) raise InvalidRequest(errors, status_code=400) save_model_user(user_to_update, update_dict=update_dct, pwd=pwd) return jsonify(data=user_schema.dump(user_to_update).data), 200
def test_create_user(notify_api, notify_db, notify_db_session): email = '*****@*****.**' data = { 'name': 'Test User', 'email_address': email, 'password': '******', 'mobile_number': '+447700900986' } user = User(**data) save_model_user(user) assert User.query.count() == 1 assert User.query.first().email_address == email assert User.query.first().id == user.id
def create_user(): user, errors = user_schema.load(request.get_json()) req_json = request.get_json() # TODO password policy, what is valid password if not req_json.get('password'): errors = {'password': ['Missing data for required field.']} return jsonify(result="error", message=errors), 400 if errors: return jsonify(result="error", message=errors), 400 user.password = req_json.get('password') save_model_user(user) return jsonify(data=user_schema.dump(user).data), 201
def create_user(mobile_number="+61412345678", email="*****@*****.**", state='active', id_=None): data = { 'id': id_ or uuid.uuid4(), 'name': 'Test User', 'email_address': email, 'password': '******', 'mobile_number': mobile_number, 'state': state } user = User.query.filter_by(email_address=email).first() if not user: user = User(**data) save_model_user(user) return user
def test_should_add_user_to_service(sample_user): service = Service( name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=sample_user ) dao_create_service(service, sample_user) assert sample_user in Service.query.first().users new_user = User( name="Test User", email_address="*****@*****.**", password="******", mobile_number="+447700900986", ) save_model_user(new_user) dao_add_user_to_service(service, new_user) assert new_user in Service.query.first().users
def test_create_user(notify_db_session, phone_number): email = '*****@*****.**' data = { 'name': 'Test User', 'email_address': email, 'password': '******', 'mobile_number': phone_number } user = User(**data) save_model_user(user) assert User.query.count() == 1 assert User.query.first().email_address == email assert User.query.first().id == user.id assert User.query.first().mobile_number == phone_number assert not user.platform_admin
def test_create_user(notify_db_session, phone_number): email = "*****@*****.**" data = { "name": "Test User", "email_address": email, "password": "******", "mobile_number": phone_number, } user = User(**data) save_model_user(user) assert User.query.count() == 1 assert User.query.first().email_address == email assert User.query.first().id == user.id assert User.query.first().mobile_number == phone_number assert not user.platform_admin
def sample_user(notify_db, notify_db_session, email="*****@*****.**"): data = { 'name': 'Test User', 'email_address': email, 'password': '******', 'mobile_number': '+447700900986', 'state': 'active' } usr = User.query.filter_by(email_address=email).first() if not usr: usr = User(**data) save_model_user(usr) return usr
def test_should_add_user_to_service(notify_db_session): user = create_user() service = Service(name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user) dao_create_service(service, user) assert user in Service.query.first().users new_user = User(name='Test User', email_address='*****@*****.**', password='******', mobile_number='+16502532222') save_model_user(new_user) dao_add_user_to_service(service, new_user) assert new_user in Service.query.first().users
def test_create_user(notify_db_session, phone_number, test_name, test_email): data = { 'name': test_name, 'email_address': test_email, 'password': '******', 'mobile_number': phone_number } user = User(**data) save_model_user(user) user_from_db = User.query.first() assert not user.platform_admin assert User.query.count() == 1 assert user_from_db.email_address == test_email assert user_from_db.id == user.id assert user_from_db.mobile_number == phone_number
def test_create_user_with_identity_provider(notify_db_session, test_name, test_email): identity_provider_user_id = 'test-user-id' data = { 'name': test_name, 'email_address': test_email, 'identity_provider_user_id': identity_provider_user_id } user = User(**data) save_model_user(user) user_from_db = User.query.first() assert not user.platform_admin assert user_from_db.email_address == test_email assert user_from_db.id == user.id assert user_from_db.identity_provider_user_id == identity_provider_user_id assert User.query.count() == 1
def update_user(user_id): try: user = get_model_users(user_id=user_id) except DataError: return jsonify(result="error", message="Invalid user id"), 400 except NoResultFound: return jsonify(result="error", message="User not found"), 404 if request.method == 'DELETE': status_code = 202 delete_model_user(user) else: # TODO removed some validation checking by using load # which will need to be done in another way status_code = 200 db.session.rollback() save_model_user(user, update_dict=request.get_json()) return jsonify(data=user_schema.dump(user).data), status_code
def test_create_user(notify_db_session, phone_number): email = '*****@*****.**' data = { 'name': 'Test User', 'email_address': email, 'password': '******', 'mobile_number': phone_number } user = User(**data) save_model_user(user, password='******', validated_email_access=True) assert User.query.count() == 1 user_query = User.query.first() assert user_query.email_address == email assert user_query.id == user.id assert user_query.mobile_number == phone_number assert user_query.email_access_validated_at == datetime.utcnow() assert not user_query.platform_admin
def create_user(mobile_number="+447700900986", email="*****@*****.**", state='active', id_=None, name="Test User"): data = { 'id': id_ or uuid.uuid4(), 'name': name, 'email_address': email, 'password': '******', 'mobile_number': mobile_number, 'state': state } user = User.query.filter_by(email_address=email).first() if not user: user = User(**data) save_model_user(user, validated_email_access=True) return user
def test_get_all_only_services_user_has_access_to(service_factory, sample_user): service_factory.get("service 1", sample_user, email_from="service.1") service_factory.get("service 2", sample_user, email_from="service.2") service_3 = service_factory.get("service 3", sample_user, email_from="service.3") new_user = User( name="Test User", email_address="*****@*****.**", password="******", mobile_number="+447700900986", ) save_model_user(new_user) dao_add_user_to_service(service_3, new_user) assert len(dao_fetch_all_services_by_user(sample_user.id)) == 3 assert dao_fetch_all_services_by_user(sample_user.id)[0].name == "service 1" assert dao_fetch_all_services_by_user(sample_user.id)[1].name == "service 2" assert dao_fetch_all_services_by_user(sample_user.id)[2].name == "service 3" assert len(dao_fetch_all_services_by_user(new_user.id)) == 1 assert dao_fetch_all_services_by_user(new_user.id)[0].name == "service 3"
def create_user(): # import pdb; pdb.set_trace() user_to_create, errors = create_user_schema.load(request.get_json()) req_json = request.get_json() password = req_json.get('password', None) if not password: errors.update({'password': ['Missing data for required field.']}) raise InvalidRequest(errors, status_code=400) else: response = pwnedpasswords.check(password) if response > 0: errors.update({'password': ['Password is not allowed.']}) raise InvalidRequest(errors, status_code=400) save_model_user(user_to_create, pwd=req_json.get('password')) result = user_to_create.serialize() return jsonify(data=result), 201
def create_user(): user_to_create, errors = create_user_schema.load(request.get_json()) req_json = request.get_json() identity_provider_user_id = req_json.get('identity_provider_user_id', None) password = req_json.get('password', None) if not password and not identity_provider_user_id: errors.update({'password': ['Missing data for required field.']}) raise InvalidRequest(errors, status_code=400) elif password: response = pwnedpasswords.check(password) if response > 0: errors.update({'password': ['Password is blacklisted.']}) raise InvalidRequest(errors, status_code=400) save_model_user(user_to_create, pwd=req_json.get('password')) result = user_to_create.serialize() return jsonify(data=result), 201
def test_get_all_user_services_only_returns_services_user_has_access_to(notify_db_session): user = create_user() create_service(service_name='service 1', user=user, email_from='service.1') create_service(service_name='service 2', user=user, email_from='service.2') service_3 = create_service(service_name='service 3', user=user, email_from='service.3') new_user = User( name='Test User', email_address='*****@*****.**', password='******', mobile_number='+447700900986' ) save_model_user(new_user, validated_email_access=True) dao_add_user_to_service(service_3, new_user) assert len(dao_fetch_all_services_by_user(user.id)) == 3 assert dao_fetch_all_services_by_user(user.id)[0].name == 'service 1' assert dao_fetch_all_services_by_user(user.id)[1].name == 'service 2' assert dao_fetch_all_services_by_user(user.id)[2].name == 'service 3' assert len(dao_fetch_all_services_by_user(new_user.id)) == 1 assert dao_fetch_all_services_by_user(new_user.id)[0].name == 'service 3'
def test_add_existing_user_to_another_service_doesnot_change_old_permissions(sample_user): service_one = Service( name="service_one", email_from="service_one", message_limit=1000, restricted=False, created_by=sample_user ) dao_create_service(service_one, sample_user) assert sample_user.id == service_one.users[0].id test_user_permissions = Permission.query.filter_by(service=service_one, user=sample_user).all() assert len(test_user_permissions) == 8 other_user = User( name="Other Test User", email_address="*****@*****.**", password="******", mobile_number="+447700900987", ) save_model_user(other_user) service_two = Service( name="service_two", email_from="service_two", message_limit=1000, restricted=False, created_by=other_user ) dao_create_service(service_two, other_user) assert other_user.id == service_two.users[0].id other_user_permissions = Permission.query.filter_by(service=service_two, user=other_user).all() assert len(other_user_permissions) == 8 other_user_service_one_permissions = Permission.query.filter_by(service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 0 # adding the other_user to service_one should leave all other_user permissions on service_two intact permissions = [] for p in ["send_emails", "send_texts", "send_letters"]: permissions.append(Permission(permission=p)) dao_add_user_to_service(service_one, other_user, permissions=permissions) other_user_service_one_permissions = Permission.query.filter_by(service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 3 other_user_service_two_permissions = Permission.query.filter_by(service=service_two, user=other_user).all() assert len(other_user_service_two_permissions) == 8
def test_should_remove_user_from_service(notify_db_session): user = create_user() service = Service( name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user, ) dao_create_service(service, user) new_user = User( name="Test User", email_address="*****@*****.**", password="******", mobile_number="+16502532222", ) save_model_user(new_user) dao_add_user_to_service(service, new_user) assert new_user in Service.query.first().users dao_remove_user_from_service(service, new_user) assert new_user not in Service.query.first().users
def verify_user_password(user_id): user_to_verify = get_user_by_id(user_id=user_id) txt_pwd = None try: txt_pwd = request.get_json()['password'] except KeyError: message = 'Required field missing data' errors = {'password': [message]} raise InvalidRequest(errors, status_code=400) if user_to_verify.check_password(txt_pwd): user_to_verify.logged_in_at = datetime.utcnow() save_model_user(user_to_verify) reset_failed_login_count(user_to_verify) return jsonify({}), 204 else: increment_failed_login_count(user_to_verify) message = 'Incorrect password' errors = {'password': [message]} raise InvalidRequest(errors, status_code=400)
def create_user( mobile_number="+16502532222", email="*****@*****.**", state="active", id_=None, name="Test User", blocked=False, ): data = { "id": id_ or uuid.uuid4(), "name": name, "email_address": email, "password": "******", "mobile_number": mobile_number, "state": state, "blocked": blocked, } user = User.query.filter_by(email_address=email).first() if not user: user = User(**data) save_model_user(user) return user
def create_user( mobile_number="+16502532222", email="*****@*****.**", state='active', id_=None, name="Test User", blocked=False, ): data = { 'id': id_ or uuid.uuid4(), 'name': name, 'email_address': email, 'password': '******', 'mobile_number': mobile_number, 'state': state, 'blocked': blocked } user = User.query.filter_by(email_address=email).first() if not user: user = User(**data) save_model_user(user) return user
def test_get_all_user_services_only_returns_services_user_has_access_to( notify_db_session, ): user = create_user() create_service(service_name="service 1", user=user, email_from="service.1") create_service(service_name="service 2", user=user, email_from="service.2") service_3 = create_service(service_name="service 3", user=user, email_from="service.3") new_user = User( name="Test User", email_address="*****@*****.**", password="******", mobile_number="+16502532222", ) save_model_user(new_user) dao_add_user_to_service(service_3, new_user) assert len(dao_fetch_all_services_by_user(user.id)) == 3 assert dao_fetch_all_services_by_user(user.id)[0].name == "service 1" assert dao_fetch_all_services_by_user(user.id)[1].name == "service 2" assert dao_fetch_all_services_by_user(user.id)[2].name == "service 3" assert len(dao_fetch_all_services_by_user(new_user.id)) == 1 assert dao_fetch_all_services_by_user(new_user.id)[0].name == "service 3"
def test_create_user_fails_when_violates_password_or_identity_provider_constraint( notify_db_session, test_email, test_name): data = {'name': test_name, 'email_address': test_email} with pytest.raises(IntegrityError): user = User(**data) save_model_user(user)