def setUp(self):
"""Test setup; is called before every unit test"""
from api.app import app
self.client = TestClient(app)
# Create a document in the database for the test user.
UsersDb.save_new_user(user_id=TEST_USER_ID, user=TEST_USER_STORED)
AnamnesisDb.set_anamnesis(TEST_USER_ID, TEST_USER_ANAMNESIS)
RecordsDb.set_record(TEST_USER_ID, TEST_USER_RECORD_1)
RecordsDb.set_record(TEST_USER_ID, TEST_USER_RECORD_2)
def setUp(self):
"""Test setup; is called before every unit test"""
from api.app import app
self.client = TestClient(app)
# Create a document in the database for the test user.
UsersDb.save_new_user(user_id=generate_uuid(),
user=UserStored(
username=TEST_USER_NAME,
password=hash_pw(TEST_USER_PW),
time_created=get_timestamp(),
usage_purpose=PURPOSE_PRIVATE_ID))
def test_validate_access_token(self):
user = TestAuthFunctions.generate_test_user()
user_id = functions.generate_uuid()
payload = {
'iss': 'https://coronalog.de/auth',
'sub': user_id,
'iat': functions.get_timestamp(),
'exp': functions.get_timestamp( functions.AUTH_CONFIG['access_token']['lifetime'] ),
'username': user.username,
'roles': ['user']
}
UsersDb.save_new_user(user_id, user)
token = jwt.encode(payload, functions.AUTH_CONFIG['access_token']['secret'], algorithm=functions.AUTH_CONFIG['access_token']['sign_alg'])
dec_user_id, dec_user = functions.validate_access_token(token, 'user')
assert dec_user.username == user.username
assert dec_user.password == user.password
assert dec_user.time_created == user.time_created
assert dec_user.usage_purpose == user.usage_purpose
assert dec_user_id == user_id
def test_authenticate_user_by_cookies(self):
test_user_stored = TestAuthFunctions.generate_test_user()
test_user_id = functions.generate_uuid()
UsersDb.save_new_user(
user_id=test_user_id,
user=test_user_stored
)
#generate token
token = functions.generate_access_token(test_user_id, test_user_stored)
header, payload, signature = token.decode().split('.')
cookies = {
functions.AUTH_CONFIG['access_token']['body_cookie_key']: '.'.join((header, payload)),
functions.AUTH_CONFIG['access_token']['signature_cookie_key']: signature
}
val_user_id, val_user = functions.authenticate_user_by_cookies(cookies)
assert val_user.username == test_user_stored.username
assert val_user.password == test_user_stored.password
assert val_user.usage_purpose == test_user_stored.usage_purpose
assert val_user.time_created == test_user_stored.time_created
assert val_user_id == test_user_id
def do_signup_logic(response: Response, username: str, password: str,
usage_purpose: str) -> UserLoginBody:
# check if valid usage_purpose was submitted
all_purps: Sequence = UsagePurposesDb.get_all()
valid_purpose = False
for purp_ref in all_purps:
if purp_ref.value == usage_purpose:
valid_purpose = True
break
if not valid_purpose:
raise errors.InvalidUsagePurposeException(
f'Usage purpose id {usage_purpose} is invalid')
# check if user already exists
user_exists, _ = UsersDb.username_exists(username)
if user_exists:
raise errors.UserAlreadyExistsException(
f'Bad request: {username} already exists.')
# create new user
new_user: UserStored = UserStored(username=username,
password=auth.hash_pw(password),
time_created=auth.get_timestamp(),
usage_purpose=usage_purpose)
user_id = auth.generate_uuid()
# create access token
generate_and_set_access_token(response, user_id, new_user)
# save newly created user only if all steps up until now were successful
UsersDb.save_new_user(user_id, new_user)
return UserLoginBody(
username=username,
expires_in=auth.AUTH_CONFIG['access_token']['lifetime'])
def validate_access_token(access_token: str,
user_role: str = 'user') -> Tuple[str, UserStored]:
payload = jwt.decode(access_token,
AUTH_CONFIG['access_token']['secret'],
algorithms=AUTH_CONFIG['access_token']['sign_alg'])
if user_role not in payload['roles']:
raise errors.UnverifiedRoleException(
'Required role not contained in jwt')
user_id: str = payload['sub']
try:
user: UserStored = UsersDb.get_user_by_id(user_id)
return user_id, user
except LookupError:
raise errors.UserNotExistsException(
f'User with id {user_id} does not exist')
def do_signin_logic(response: Response, username: str,
password: str) -> UserLoginBody:
# check if user exists
user_id, user = UsersDb.get_user_by_username(username)
# check password
if not auth.verify_pw(password, user.password):
raise errors.InvalidPasswordException(
'The entered password is invalid.')
# issue token
generate_and_set_access_token(response, user_id, user)
return UserLoginBody(
username=username,
expires_in=auth.AUTH_CONFIG['access_token']['lifetime'])
def tearDown(self):
"""Test teardown; is called after every unit test"""
UsersDb.remove_user_by_username(TEST_USER_NAME)