def before_request(): """Before the request we're doing some authentication. """ # if the client is sending data to the server, verify it is valid json if request.method in ['POST', 'PUT']: # check for the json content-type content_type = request.headers.get('Content-Type') if not content_type or content_type != 'application/json': return jsonify(message=strings.API_NOT_JSON_TYPE), 400 req_json = request.get_json(silent=True) if not req_json: return jsonify(message=strings.API_INVALID_JSON), 400 # if the client is trying to log in, don't enforce a token if request.path == AUTHENTICATION_ROUTE: return # possibly get the token from the request headers token = request.headers.get(TOKEN_HEADER_KEY) # if they didn't supply a request token if token is None: return jsonify(message=strings.API_MISSING_TOKEN), 401 # validate the token valid = AuthService.verify_token(token) if not valid: return jsonify(message=strings.API_BAD_TOKEN), 401
def before_request(): """Before the request we're doing some authentication. """ # if the client is sending data to the server, verify it is valid json if request.method in ['POST', 'PUT']: # check for the json content-type content_type = request.headers.get('Content-Type') if not content_type or content_type != 'application/json': return jsonify(message=strings.API_NOT_JSON_TYPE), 400 req_json = request.get_json(silent=True) if not req_json: return jsonify(message=strings.API_INVALID_JSON), 400 # if the client is trying to log in, don't enforce a token if request.path == AUTHENTICATION_ROUTE: return # possibly get the token from the request headers token = request.headers.get(TOKEN_HEADER_KEY) # if they didn't supply a request token if token is None: return jsonify(message=strings.API_MISSING_TOKEN), 401 # validate the token valid = AuthService.verify_token(token) if not valid: return jsonify(message=strings.API_BAD_TOKEN), 401
def test_good_login_without_session_succeeds(self): token = AuthService.attempt_login('username', 'password') assert token == 'generated_token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 1 assert self.mock_create_session.call_count == 1
def test_good_login_without_session_succeeds(self): token = AuthService.attempt_login('username', 'password') assert token == 'generated_token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 1 assert self.mock_create_session.call_count == 1
def test_bad_password_without_session_fails(self): self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_username_fails(self): self.mock_get_user.return_value = None token = AuthService.attempt_login('not_a_username', 'password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 0 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_password_without_session_fails(self): self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_username_fails(self): self.mock_get_user.return_value = None token = AuthService.attempt_login('not_a_username', 'password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 0 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_good_login_with_session_succeeds(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) token = AuthService.attempt_login('username', 'password') assert token == 'token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_good_login_with_session_succeeds(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) token = AuthService.attempt_login('username', 'password') assert token == 'token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def post(self): """ Handles client requests to authenticate with the system """ # validate the json request req_json = request.get_json(silent=True) err = validate(req_json, auth_schema) if err: res = jsonify(message=err) res.status_code = 400 return res # get the username and password and attempt to login username = req_json.get('username') password = req_json.get('password') res = AuthService.attempt_login(username, password) # if theres no user matching those credentials if res is None: res = jsonify(message=strings.API_BAD_CREDENTIALS) res.status_code = 401 return res # if it's valid, return a json object with their auth token else: return jsonify(token=res)
def post(self): """ Handles client requests to authenticate with the system """ # validate the json request req_json = request.get_json(silent=True) err = validate(req_json, auth_schema) if err: res = jsonify(message=err) res.status_code = 400 return res # get the username and password and attempt to login username = req_json.get('username') password = req_json.get('password') res = AuthService.attempt_login(username, password) # if theres no user matching those credentials if res is None: res = jsonify(message=strings.API_BAD_CREDENTIALS) res.status_code = 401 return res # if it's valid, return a json object with their auth token else: return jsonify(token=res)
def test_return_false_if_not_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('not_a_token') assert not is_valid assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('token') assert is_valid assert mock_get_session_by_token.call_count == 1
def test_return_false_if_not_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('not_a_token') assert not is_valid assert mock_get_session_by_token.call_count == 1
def test_return_true_if_valid_token(self, mock_get_session_by_token): is_valid = AuthService.verify_token('token') assert is_valid assert mock_get_session_by_token.call_count == 1