Exemplo n.º 1
0
 def test_encode_auth_token(self):
     user = User(
         email='*****@*****.**',
         password='******',
         name='joe'
     )
     db.session.add(user)
     db.session.commit()
     auth_token = user.encode_auth_token(user.id)
     self.assertIsInstance(auth_token, bytes)
Exemplo n.º 2
0
 def setUp(self):
     super(TestUserResource, self).setUp()
     user = User(email='*****@*****.**',
                 password='******',
                 name='joe',
                 joined_on=date(2017, 1, 1))
     db.session.add(user)
     db.session.commit()
     self.user = user
     self.token = user.encode_auth_token(user.id).decode()
Exemplo n.º 3
0
 def setUp(self):
     super(TestEntryResource, self).setUp()
     user = User(email='*****@*****.**', password='******', name='joe')
     user2 = User(email='*****@*****.**', password='******', name='moe')
     db.session.add(user)
     db.session.add(user2)
     db.session.commit()
     self.user = user
     self.user2 = user2
     self.auth_token = user.encode_auth_token(user.id).decode()
Exemplo n.º 4
0
 def test_auth_token_data(self):
     user = User(
         email='*****@*****.**',
         password='******',
         name='joe',
         joined_on=date(2017, 1, 1)
     )
     db.session.add(user)
     db.session.commit()
     auth_token = user.encode_auth_token(user.id)
     self.assertIsInstance(auth_token, bytes)
     data = jwt.decode(auth_token, 'test_secret_key')
     self.assertEqual(data['id'], user.id)
     self.assertEqual(data['email'], user.email)
     self.assertNotIn('password', data)
     self.assertEqual(data['joined_on'], '2017-01-01')
     self.assertEqual(data['name'], 'joe')
Exemplo n.º 5
0
    def test_logout_blacklist_token(self):
        ''' Test that logging out blacklists current token '''
        user = User(email='*****@*****.**', password='******', name='joe')
        db.session.add(user)
        db.session.commit()
        auth_token = user.encode_auth_token(user.id).decode()

        response = self.client.post(
            '/logout', headers={'Authorization': 'Bearer ' + auth_token})
        data = json.loads(response.data.decode())
        self.assertEqual(data['status'], 'success')
        self.assertEqual(data['message'], 'Successfully logged out')
        self.assertEqual(response.content_type, 'application/json')
        self.assertEqual(response.status_code, 200)

        blacklist = BlacklistToken.query.filter_by(token=auth_token).first()
        self.assertTrue(blacklist is not None)
Exemplo n.º 6
0
    def test_expired_token_rejection(self):
        ''' Test that using an expired token gives correct error '''
        with freeze_time(datetime.utcnow()) as frozen_datetime:
            user = User(email='*****@*****.**', password='******', name='joe')
            db.session.add(user)
            db.session.commit()
            auth_token = user.encode_auth_token(user.id).decode()

            # Jump time to just after token has expired
            td = timedelta(days=1, seconds=1)
            frozen_datetime.move_to(datetime.utcnow() + td)

            response = self.client.get(
                '/user', headers={'Authorization': 'Bearer ' + auth_token})
            data = json.loads(response.data.decode())
            self.assertEqual(data['status'], 'error')
            self.assertEqual(data['error'],
                             'Signature expired. Please log in again.')
            self.assertEqual(response.content_type, 'application/json')
            self.assertEqual(response.status_code, 401)
Exemplo n.º 7
0
    def test_blacklist_token_rejection(self):
        ''' Test that blacklisted auth tokens are rejected '''

        # Create user / auth_token
        user = User(email='*****@*****.**', password='******', name='joe')
        db.session.add(user)
        db.session.commit()
        auth_token = user.encode_auth_token(user.id).decode()

        # Blacklist auth_token
        blacklist_token = BlacklistToken(token=auth_token)
        db.session.add(blacklist_token)
        db.session.commit()

        # Check to make sure that the blacklisted token cannot be used
        response = self.client.get(
            '/user', headers={'Authorization': 'Bearer ' + auth_token})
        data = json.loads(response.data.decode())
        self.assertEqual(data['status'], 'error')
        self.assertEqual(data['error'],
                         'Token blacklisted. Please log in again.')
        self.assertEqual(response.content_type, 'application/json')
        self.assertEqual(response.status_code, 401)