def test_admins_unlock(self, loggedin_client): test_admin = Admins().from_json({ 'username': '******', 'password': '******', 'name': 'Test Admin' }) test_admin.failed_attempts = 5 test_admin.last_failed_date = datetime.utcnow() test_admin.unlock_date = datetime.utcnow() + timedelta(minutes=30) db.session.add(test_admin) db.session.commit() new_test_admin = Admins.query.filter_by(username='******').one() rv = loggedin_client.put("/api/v1/admins/unlock/{0}".format(new_test_admin.id), follow_redirects=True) assert rv.status_code == 200
def test_admins_twofactor_verify_secret_fail(self, loggedin_client): test_admin = Admins().from_json({ 'username': '******', 'password': '******', 'name': 'Test Admin' }) db.session.add(test_admin) db.session.commit() api_url = "/api/v1/admins/{0}/twofactor/verify".format(test_admin.id) rv = loggedin_client.post(api_url, data=json.dumps({"code": 123456})) try: json.loads(rv.data.decode('utf-8')) except json.decoder.JSONDecodeError: assert False, "Not json" assert rv.status_code == 400 assert "2 Factor Secret" in rv.data.decode('utf-8')
def new_admin(): """ Creates a new admin user in Admins, and returns HTTP 201 on success """ admin = Admins().from_json(request.get_json(force=True)) db.session.add(admin) try: db.session.commit() json_logger( 'audit', current_user.username, 'The administrator "{0}" was created successfully'.format( admin.username)) except ValidationError as e: raise e except Exception as e: db.session.rollback() json_logger( 'error', current_user.username, 'The following error occurred in new_admin: {0}'.format(str(e))) raise GenericError('The admininstrator could not be created') finally: db.session.close() return {}, 201
def test_admins_twofactor_verify_valid(self, loggedin_client): test_admin = Admins().from_json({ 'username': '******', 'password': '******', 'name': 'Test Admin' }) test_admin.generate_otp_secret() test_admin.otp_active = 1 db.session.add(test_admin) db.session.commit() secret = test_admin.otp_secret token = onetimepass.get_totp(secret) assert test_admin.verify_totp(token) api_url = "/api/v1/admins/{0}/twofactor/verify".format(test_admin.id) rv = loggedin_client.post(api_url, data=json.dumps({"code": token})) try: json.loads(rv.data.decode('utf-8')) except json.decoder.JSONDecodeError: assert False, "Not json" assert rv.status_code == 200