예제 #1
0
파일: token.py 프로젝트: infobyte/faraday 
 def get(self):
     """
     ---
     get:
       tags: ["Token"]
       description: Gets a new user token
       responses:
         200:
           description: Ok
     """
     user_id = flask_login.current_user.fs_uniquifier
     serializer = TimedJSONWebSignatureSerializer(
         app.config['SECRET_KEY'],
         salt="api_token",
         expires_in=int(faraday_server.api_token_expiration))
     hashed_data = hash_data(
         flask_login.current_user.password
     ) if flask_login.current_user.password else None
     user_ip = request.headers.get('X-Forwarded-For', request.remote_addr)
     requested_at = datetime.datetime.utcnow()
     audit_logger.info(
         f"User [{flask_login.current_user.username}] requested token from IP [{user_ip}] at [{requested_at}]"
     )
     return serializer.dumps({
         'user_id': user_id,
         "validation_check": hashed_data
     }).decode('utf-8')
예제 #2
0
def test_verify_hash(in_app_context):
    data = hash_data("hellö")
    assert verify_hash(data, "hellö") is True
    assert verify_hash(data, "hello") is False

    legacy_data = hashlib.md5(encode_string("hellö")).hexdigest()
    assert verify_hash(legacy_data, "hellö") is True
    assert verify_hash(legacy_data, "hello") is False
예제 #3
0
def test_verify_hash(in_app_context):
    data = hash_data(u'hellö')
    assert verify_hash(data, u'hellö') is True
    assert verify_hash(data, u'hello') is False

    legacy_data = hashlib.md5(encode_string(u'hellö')).hexdigest()
    assert verify_hash(legacy_data, u'hellö') is True
    assert verify_hash(legacy_data, u'hello') is False
예제 #4
0
def generate_change_email_confirmation_token(user, new_email):
    """Generates a unique confirmation token for the specified user.
    Based on generate_confirmation_token in Flask-Security.
    :param user: The user to work with
    :param new_email: The user's new email address
    """
    data = [str(user.id), hash_data(user.email), new_email]
    return _security.confirm_serializer.dumps(data)
예제 #5
0
파일: token.py 프로젝트: zxc135781/faraday 
 def get(self):
     user_id = g.user.id
     serializer = TimedJSONWebSignatureSerializer(
         app.config['SECRET_KEY'],
         salt="api_token",
         expires_in=faraday_server.api_token_expiration
     )
     hashed_data = hash_data(g.user.password) if g.user.password else None
     return serializer.dumps({'user_id': user_id, "validation_check": hashed_data}).decode('utf-8')
예제 #6
0
def test_hash_data(in_app_context):
    data = hash_data(b"hello")
    assert isinstance(data, str)
    data = hash_data("hellö")
    assert isinstance(data, str)
예제 #7
0
def test_legacy_hash(in_app_context, data):
    legacy_hash = hashlib.md5(encode_string(data)).hexdigest()
    new_hash = hash_data(data)
    assert legacy_hash == new_hash
예제 #8
0
def test_hash_data(in_app_context):
    data = hash_data(b'hello')
    assert isinstance(data, str)
    data = hash_data(u'hellö')
    assert isinstance(data, str)
예제 #9
0
def test_user_registration_and_login(live_server, env_browser):
    """E2E user registration and login test."""
    browser = env_browser
    # 1. Go to user registration page
    browser.get(flask.url_for('security.register', _external=True))
    e2e_assert_url(browser, 'security.register')

    # 2. Input user data
    signup_form = browser.find_element_by_name('register_user_form')
    input_email = signup_form.find_element_by_name('email')
    input_password = signup_form.find_element_by_name('password')
    # input w/ name "email"
    # input w/ name "password"
    user_email = '*****@*****.**'
    user_password = '******'
    input_email.send_keys(user_email)
    input_password.send_keys(user_password)

    # 3. submit form
    signup_form.submit()

    # ...and get a message saying to expect an email
    success_element = browser.find_element_by_css_selector('.alert-success')
    assert (success_element is not None)
    assert (success_element.text ==
            'Thank you. Confirmation instructions have been sent to {}.'.
            format(user_email))

    # 3.5: After registering we should not yet be logged in.
    e2e_assert(browser, not testutils.webdriver_authenticated(browser),
               'Should not be authenticated')

    # 4. go to login-form
    browser.get(flask.url_for('security.login', _external=True))
    e2e_assert_url(browser, 'security.login')

    login_form = browser.find_element_by_name('login_user_form')
    # 5. input registered info
    login_form.find_element_by_name('email').send_keys(user_email)
    login_form.find_element_by_name('password').send_keys(user_password)
    # 6. Submit!
    login_form.submit()

    # 7. We should not yet be able to log in as we haven't confirmed the email
    error_element = browser.find_element_by_css_selector('.alert-danger')
    assert (error_element is not None)
    assert ('Email requires confirmation.' in error_element.text)

    e2e_assert(browser, not testutils.webdriver_authenticated(browser),
               'Should not be authenticated')

    # 8. Check that the resend confirmation link works
    browser.get(flask.url_for('security.send_confirmation', _external=True))
    e2e_assert_url(browser, 'security.send_confirmation')
    email_confirm_form = browser.find_element_by_name('send_confirmation_form')
    # 8a. input registered info
    email_confirm_form.find_element_by_name('email').send_keys(user_email)
    # 8b. Submit!
    email_confirm_form.submit()

    info_element = browser.find_element_by_css_selector('.alert-info')
    assert (info_element is not None)
    assert ('Confirmation instructions have been sent to %s.' % user_email
            in info_element.text)

    # 9a Generate a confirmation token (this is how it's done in flask_security)
    data = ['2', utils.hash_data(user_email)]
    serializer = URLSafeTimedSerializer(secret_key="CHANGE_ME",
                                        salt="CHANGE_ME")
    token = serializer.dumps(data)

    # 9b Go to the confirmation URL with our token
    browser.get(
        flask.url_for('security.confirm_email', token=token, _external=True))

    # 9c Check that we're on the dashboard and we've got a success message
    e2e_assert_url(browser, 'hep_dashboard.dashboard')
    success_element = browser.find_element_by_css_selector('.alert-success')
    assert (success_element is not None)
    assert ('Thank you. Your email has been confirmed.'
            in success_element.text)

    # 9d We should now be logged in
    e2e_assert(browser, testutils.webdriver_authenticated(browser),
               'Should be authenticated')

    # 10. logout.
    browser.get(flask.url_for('security.logout', _external=True))
    e2e_assert(browser, not testutils.webdriver_authenticated(browser),
               'Should not be authenticated')

    # 11. go back to login-form
    browser.get(flask.url_for('security.login', _external=True))
    e2e_assert_url(browser, 'security.login')

    login_form = browser.find_element_by_name('login_user_form')
    # 11a. input registered info
    login_form.find_element_by_name('email').send_keys(user_email)
    login_form.find_element_by_name('password').send_keys(user_password)
    # 11b. Submit!
    # check if authenticated at `flask.url_for('security.change_password')`
    login_form.submit()

    e2e_assert(browser, testutils.webdriver_authenticated(browser))

    # 12. check we can access the change password screen
    browser.get(flask.url_for('security.change_password', _external=True))
    e2e_assert_url(browser, 'security.change_password')

    # 13. logout.
    browser.get(flask.url_for('security.logout', _external=True))
    e2e_assert(browser, not testutils.webdriver_authenticated(browser),
               'Should not be authenticated')
예제 #10
0
def test_hash_data(in_app_context):
    data = hash_data(b'hello')
    assert isinstance(data, string_types)
    data = hash_data(u'hellö')
    assert isinstance(data, string_types)
예제 #11
0
def test_legacy_hash(in_app_context, data):
    legacy_hash = hashlib.md5(encode_string(data)).hexdigest()
    new_hash = hash_data(data)
    assert legacy_hash == new_hash