def test_encode_auth_token(app): with app.app_context(): user = User('john', 'doe') auth_token = user.encode_auth_token() assert isinstance(auth_token, bytes)
def test_encode_auth_token_failure(app): with app.app_context(): user = User('john', 'doe') app.config['JWT_ACCESS_TOKEN_EXPIRES_DAYS'] = None with pytest.raises(MissingConfigError) as e: user.encode_auth_token() 'not set' in e
def find_user(username): db = get_db() db_user = db.execute('SELECT * FROM user WHERE username = ?', (username, )).fetchone() if db_user is None: current_app.logger.info('User %s not found', username) return None user = User(username=db_user['username']) user.password_hash = db_user['password'] current_app.logger.info('User %s found', username) return user
def refresh_token(request): auth_token = request.cookies.get(header_name) or \ request.headers.get(header_name) if not auth_token: return { 'status': 'fail', 'message': 'Provide a valid auth token.' }, 401 resp = User.decode_auth_token(auth_token) if not resp: return {'status': 'fail', 'message': resp}, 401 user = find_user(resp) if not user: return {'status': 'fail', 'message': 'Invalid user'}, 401 old_auth_token = auth_token auth_token = user.encode_auth_token() if not auth_token: return { 'status': 'fail', 'message': 'Could not generate auth token' }, 500 # mark the old token as blacklisted save_token(token=old_auth_token) response = jsonify({ 'status': 'success', 'message': 'Successfully refreshed auth token.', header_name: auth_token.decode() }) response.set_cookie(header_name, auth_token.decode(), httponly=True) return response
def create_user(username, password): db = get_db() user = User(username, password) try: db.execute('INSERT INTO user (username, password) VALUES (?, ?)', (user.username, user.password_hash)) db.commit() current_app.logger.info('Created user {}'.format(username)) except IntegrityError: current_app.logger.error('Error: Username already exists')
def get_logged_in_user(new_request): # get the auth token auth_token = new_request.cookies.get(header_name) or \ new_request.headers.get(header_name) if auth_token: resp = User.decode_auth_token(auth_token) user = find_user(resp) if user: response_object = { 'status': 'success', 'data': { 'user_id': user.username } } return response_object, 200 response_object = {'status': 'fail', 'message': resp} return response_object, 401 response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return response_object, 401
def logout_user(request): data = request.cookies.get(header_name) or \ request.headers.get(header_name) if data: resp = User.decode_auth_token(data) if isinstance(resp, str): # mark the token as blacklisted save_token(token=data) response = jsonify({ 'status': 'success', 'message': 'Successfully logged out.' }) response.set_cookie(header_name, '', httponly=True) return response response_object = {'status': 'fail', 'message': resp} return response_object, 401 response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return response_object, 403
def test_get_password(): user = User('john') with (pytest.raises(AttributeError)): print(user.password)
def test_print_user(): user = User('john', 'doe') assert 'john' in str(user) assert 'doe' not in str(user)
def test_check_password(): user = User('john', 'doe') assert user.check_password('doe')