Exemplo n.º 1
0
def login_user(event, _):
    """
    Login a user
    :param event: event
    :return: 200 and a login cookie if successful, 401 otherwise
    """

    # Parse the paramteres
    params = parse_qs(event["body"])

    # Make sure that the request contains all needed data
    if "identifier" in params and "password" in params:
        # Try to login the user
        user = User()
        username = user.login_user(params["identifier"][0],
                                   params["password"][0])

        if username:
            cookie_content = f"user={username}"
            cookie_content_signed = sign_cookie(cookie_content)

            expiration_date = datetime.now() + timedelta(days=30)
            cookie = f"{cookie_content_signed};SameSite=Strict;Path=/;Expires={get_cookie_date(expiration_date)};HttpOnly"

            return create_response(
                200,
                "POST",
                username,
                {
                    "Access-Control-Allow-Credentials": "true",
                    "Set-Cookie": cookie
                },
            )

    return create_response(401, "POST")
Exemplo n.º 2
0
    def test_login_user(self, _):
        user = User()
        # Test correct identifier and password
        self.assertEqual("user_1", user.login_user("user_1", "test"))
        self.assertEqual("user_1", user.login_user("*****@*****.**", "test"))

        # Test wrong identifier or password
        self.assertFalse(user.login_user("user_1", "wrong_password"))
        self.assertFalse(user.login_user("user_1", "test2"))
        self.assertFalse(user.login_user("user_3", "test3"))
        self.assertFalse(user.login_user("*****@*****.**", "test3"))

        # Test last active password
        self.assertEqual("1111",
                         user.get_user_by_username("user_2")["last_active"])
        user.login_user("user_2", "test2")
        self.assertEqual("9999",
                         user.get_user_by_username("user_2")["last_active"])