def test_verify_auth_token_invalid_token(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
app = create_app()
with pytest.raises(BadSignature) as _:
Users.verify_auth_token(app.secret_key, 'invalid_token')
def test_verify_auth_token_expired_token(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
app = create_app()
user = Users.get_user_by_username(username)
token = user.generate_auth_token(app.secret_key, expiration=1)
time.sleep(2)
with pytest.raises(SignatureExpired):
Users.verify_auth_token(app.secret_key, token)
def test_verify_auth_token(self, testdir_class, test_utils):
testdir_class.activate()
username = test_utils.random_string(5)
password = '******'
Users.create_user(username, password)
app = create_app()
token = Users.get_user_by_username(username).generate_auth_token(
app.secret_key)
user = Users.verify_auth_token(app.secret_key, token)
assert user.username == username
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated:
token = request.headers.get('token', None)
if token:
try:
user = Users.verify_auth_token(current_app.secret_key, token)
request.api_user = user
except BadSignature:
abort(401, 'Token did not match')
except SignatureExpired:
abort(401, 'Signature Expired')
except Exception:
abort(401, 'Unknown error')
else:
abort(400, 'Missing token')
return func(*args, **kwargs)
