def login():
if 'token' in session:
return "Already logged in!"
req = request.get_json()
email = req['email']
password = req['password']
try:
token = log_in(email, password)['access_token']
payload = verify_decode_jwt(token)
id = payload["sub"][6:]
trader = Trader.query.get(id)
if not trader:
trader = Trader(id=id,
name="Test Account",
email=email,
cash=10000)
trader.insert()
session['token'] = token
stocks = Possession.query.filter(Possession.trader_id == id)
except:
abort(403)
message = f'''
Hello {trader.name}!
You have {trader.cash} dollars in your account.
'''
for stock in stocks:
message = message + f"You have {stock.position} shares of {stock.stock_code}.\n"
db.session.close()
return message
def login_as_producer():
code_auth = request.args.get('code')
token = get_access_token(code_auth)
user_id = get_user_id(token)
api_token = get_MGMT_API_ACCESS_TOKEN()
payload = verify_decode_jwt(token)
if 'permissions' not in payload:
abort(400)
permissions = payload.get('permissions')
if len(permissions) == 0:
url3 = f'https://{AUTH0_DOMAIN}/api/v2/users/{user_id}/roles'
headers = {
'content-type': 'application/json',
'authorization': 'Bearer ' + api_token,
'cache-control': 'no-cache'
}
data = '{ "roles": [ " rol_t2ets4eZtnaqf6Xo " ] }'
data = data.encode('ascii')
req3 = uri.Request(url3, data, headers)
try:
uri.urlopen(req3)
except uri.URLError as e:
print('URL Error: ', e.reason)
except uri.HTTPError as e:
print('HTTP Error code: ', e.code)
else:
session['role'] = 'producer'
return redirect(url_for('home'))
if 'delete:movie' in permissions:
session['role'] = 'producer'
elif 'delete:movie' not in permissions and 'delete:actor' \
in permissions:
session['role'] = 'director'
elif 'delete:actor' not in permissions:
session['role'] = 'Casting Assistant'
return redirect(url_for('home'))
def test_executive_producer_with_delete_movie_role(self):
res = self.client().delete('/movies/1', headers=self.headers)
header = self.headers
token_header = header['Authorization']
token = token_header.split(' ')[1]
payload = verify_decode_jwt(token)
permissions = payload['permissions']
if 'delete:movie' in permissions:
permission = True
self.assertEqual(permission, True)
def test_casting_director_with_delete_movie_role(self):
res = self.client().delete('/movies/1', headers=self.headers)
header = self.headers
token_header = header['Authorization']
token = token_header.split(' ')[1]
payload = verify_decode_jwt(token)
permissions = payload['permissions']
print(permissions)
if 'delete:movie' not in permissions:
no_permission = False
self.assertEqual(no_permission, False)
def callback_handling():
auth0.authorize_access_token()
session['access_token'] = auth0.token['access_token']
session['id_token'] = auth0.token['id_token']
session['permissions'] = \
auth.verify_decode_jwt(session['access_token'])['permissions']
session['authorized'] = True
resp = auth0.get('userinfo')
userinfo = resp.json()
session[constants.JWT_PAYLOAD] = userinfo
session[constants.PROFILE_KEY] = {
'user_id': userinfo['sub'],
'name': userinfo['name'],
'picture': userinfo['picture']
}
session['authorized'] = True
return redirect('/home')
def test_casting_assistant_with_psot_movie_role(self):
res = self.client().post('/movies',
headers=self.headers,
json=self.new_movie)
# data = json.loads(res.data)
header = self.headers
token_header = header['Authorization']
token = token_header.split(' ')[1]
payload = verify_decode_jwt(token)
permissions = payload['permissions']
print(permissions)
if 'post:movie' not in permissions:
no_permission = False
self.assertEqual(no_permission, False)
def test_decodeExpiredToken_thenAuthError(self):
with self.assertRaises(AuthError) as context:
auth.verify_decode_jwt(EXPIRED_TOKEN)
self.assertEqual(context.exception.error['code'], 'token_expired')
self.assertEqual(context.exception.error['description'], 'Token expired.')
self.assertEqual(context.exception.status_code, 401)
def test_decodeInvalidToken_thenAuthError(self):
with self.assertRaises(AuthError) as context:
auth.verify_decode_jwt('invalidtoken')
self.assertEqual(context.exception.error['code'], 'invalid_token')
self.assertEqual(context.exception.error['description'], 'Incorrect token provided.')
self.assertEqual(context.exception.status_code, 400)
def test_decodeValidToken_tokenPayloadReturned(self):
token = get_valid_token()
payload = auth.verify_decode_jwt(token)
self.assertIsNotNone(payload)
for k in ['iss', 'sub', 'aud', 'azp', 'gty', 'permissions']:
self.assertIn(k, payload)