def test_logout_mismatched_tokens(self): response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) headers = {'Authorization': 'Bearer {}'.format(key['access_token'])} add_user(username='******', password='******') from server.database import db db.session.commit() response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = key['refresh_token'] response = self.app.post('/api/auth/logout', headers=headers, content_type="application/json", data=json.dumps(dict(refresh_token=token))) self.assertEqual(response.status_code, BAD_REQUEST) self.assertEqual(len(BlacklistedToken.query.all()), 0)
def run(session, parameters): """ Args: parameters=[username, password] """ username = parameters[0] password = parameters[1] r = database.get_user_by_name(username) if r: # 用户名已存在 session.send(GeneralMessage.REG_FAIL, 0) else: database.add_user(username, md5(password)) session.send(GeneralMessage.REG_OK, {})
def create_user(): from server.context import running_context from server.database import add_user, User, ResourcePermission, Role, initialize_resource_roles_from_database running_context.db.create_all() if not User.query.all(): admin_role = running_context.Role( name='admin', description='administrator', resources=server.database.default_resources) running_context.db.session.add(admin_role) admin_user = add_user(username='******', password='******') admin_user.roles.append(admin_role) running_context.db.session.commit() if Role.query.all() or ResourcePermission.query.all(): initialize_resource_roles_from_database() apps = set(helpers.list_apps()) - set( [_app.name for _app in device_db.session.query(App).all()]) app.logger.debug('Found apps: {0}'.format(apps)) for app_name in apps: device_db.session.add(App(name=app_name, devices=[])) running_context.db.session.commit() device_db.session.commit() running_context.CaseSubscription.sync_to_subscriptions() app.logger.handlers = logging.getLogger('server').handlers
def setup_guest_user(self): user = add_user('guest', 'guest') role = Role('guest', resources=['users']) server.database.resource_roles['users'].add('guest') db.session.add(user) user.roles.append(role) db.session.commit() return user
def test_login_updates_user(self): user = add_user(username='******', password='******') self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) self.assertEqual(user.login_count, 1) self.assertTrue(user.active)
def test_login_inactive_user(self): user = add_user(username='******', password='******') user.active = False response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) self.assertEqual(response.status_code, UNAUTHORIZED_ERROR)
def test_delete_current_user(self): user = add_user('test', 'test') user.set_roles({'admin'}) response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) access_token = key['access_token'] headers = {'Authorization': 'Bearer {}'.format(access_token)} self.delete_with_status_check('/api/users/{}'.format(user.id), headers=headers, status_code=UNAUTHORIZED_ERROR)
def add_user(): sha256 = hashlib.sha256(bytes(request.form.get('pass'), encoding='utf-8')).hexdigest() name = request.form.get('name') email = request.form.get('email') result = not DB.check_user(name) and not DB.check_email(email) if not (search('^.+@.+\..+$', email) and search('^[a-zA-Z0-9_]+$', name) and result): return make_response('Wrong data', 400) if request.files: file = request.files['file'] if file.mimetype in const.IMAGES: file_ext = const.IMAGES[file.mimetype] file.save("./server/static/avatar/{}{}".format(name, file_ext)) else: return make_response('Wrong data', 400) else: file_ext = None (activation_token, result) = DB.add_user(name, sha256, file_ext, email) if result: response = make_response('OK') result2 = DB.check_user(name, sha256) if result2: session = Session(name, result2.activated, result2.uid) self.sessions[session.get_id()] = session self.sessions_by_user_name[name] = session session['avatar'] = result2.file DB.add_session(session, result2.uid) session.add_cookie_to_resp(response) email_.send_email( "Для подтвеждения регистрации пожалуйста перейдите по ссылке " "http://{domain}/api/activate_account?token={token}".format( domain=(self.domain if self.domain is not None else self.ip), token=activation_token ), "Account activation", email) else: self.logger.write_msg("Something wrong with registration ({})".format(name)) response.headers["Content-type"] = "text/plain" return response else: return 'Error', 500
def test_logout_updates_user(self): user = add_user('testlogout', 'test') response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) access_token = key['access_token'] refresh_token = key['refresh_token'] headers = {'Authorization': 'Bearer {}'.format(access_token)} self.app.post('/api/auth/logout', headers=headers, content_type="application/json", data=json.dumps(dict(refresh_token=refresh_token))) self.assertEqual(user.login_count, 0)
def test_refresh_deactivated_user(self): user = add_user(username='******', password='******') from server.database import db db.session.commit() response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = key['refresh_token'] headers = {'Authorization': 'Bearer {}'.format(token)} user.active = False refresh = self.app.post('/api/auth/refresh', content_type="application/json", headers=headers) self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR)
def __func(): data = request.get_json() username = data['username'] if not running_context.User.query.filter_by(username=username).first(): user = add_user(username=username, password=data['password']) if 'roles' in data: user.set_roles(data['roles']) running_context.db.session.commit() current_app.logger.info('User added: {0}'.format(user.as_json())) return user.as_json(), OBJECT_CREATED else: current_app.logger.warning( 'Could not create user {0}. User already exists.'.format( username)) return { "error": "User {0} already exists.".format(username) }, OBJECT_EXISTS_ERROR
def test_refresh_with_blacklisted_token(self): user = add_user(username='******', password='******') from server.database import db db.session.commit() response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = key['refresh_token'] db.session.delete(user) db.session.commit() headers = {'Authorization': 'Bearer {}'.format(token)} self.app.post('/api/auth/refresh', content_type="application/json", headers=headers) refresh = self.app.post('/api/auth/refresh', content_type="application/json", headers=headers) self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR) response = json.loads(refresh.get_data(as_text=True)) self.assertDictEqual(response, {'error': 'Token is revoked'})
def test_refresh_invalid_user_blacklists_token(self): user = add_user(username='******', password='******') from server.database import db db.session.commit() response = self.app.post('/api/auth', content_type="application/json", data=json.dumps( dict(username='******', password='******'))) key = json.loads(response.get_data(as_text=True)) token = key['refresh_token'] db.session.delete(user) db.session.commit() headers = {'Authorization': 'Bearer {}'.format(token)} refresh = self.app.post('/api/auth/refresh', content_type="application/json", headers=headers) self.assertEqual(refresh.status_code, UNAUTHORIZED_ERROR) token = decode_token(token) from server.tokens import BlacklistedToken tokens = BlacklistedToken.query.filter_by(jti=token['jti']).all() self.assertEqual(len(tokens), 1)
def test_add_user_already_exists(self): user = User('username', 'password') db.session.add(user) db.session.commit() user = add_user('username', 'password') self.assertIsNone(user)
def test_add_user(self): user = add_user('username', 'password') self.assertIsNotNone(user) self.assertEqual(user.username, 'username') self.assertIsNotNone(User.query.filter_by(username='******').first())