def login():
req = request.get_json(force=True)
user = User.get(username=req['display_name'])
if not user:
return jsonify(success=False, err="INVAILD_USER")
if user.password == req['password']:
return jsonify(success=True,
user=user.describe(),
access_token=create_access_token(identity=user.id))
else:
return jsonify(success=False, err="INVAILD_PASSWORD")
def add_message():
current_id = get_jwt_identity()
user = User.get(id=current_id)
if not user:
return (err='INVALID_AUTHORIZATION'), 401
req = request.get_json()
now = datetime.datetime.now()
Notice(
title=req['title'],
region=req['region'],
price=req['price'],
user=user,
created_at=now
)
return jsonify(success=False)
def test_refresh_token():
app = App()
c = Client(app)
response = c.post(
"/login", json.dumps({"email": "*****@*****.**", "password": "******"})
)
headers = {"Authorization": response.headers["Authorization"]}
response = c.get("/refresh", headers=headers)
jwtauth_settings = app.settings.jwtauth.__dict__.copy()
identity_policy = JWTIdentityPolicy(**jwtauth_settings)
authtype, token = response.headers["Authorization"].split(" ", 1)
claims_set_decoded = identity_policy.decode_jwt(token)
assert identity_policy.get_userid(claims_set_decoded) == "*****@*****.**"
with db_session:
# set new nonce to invalid current tokens for this user
User[2].nonce = uuid4().hex
response = c.get("/refresh", headers=headers, status=403)
assert response.json == {"validationError": "Could not refresh your token"}
now = timegm(datetime.utcnow().utctimetuple())
with db_session:
nonce = User.get(email="*****@*****.**").nonce
claims_set = {
"sub": "*****@*****.**",
"uid": "/users/2",
"refresh_until": now - 3,
"nonce": nonce,
"exp": now + 3,
}
token = identity_policy.encode_jwt(claims_set)
headers = {"Authorization": "JWT " + token}
response = c.get("/refresh", headers=headers, status=403)
assert response.json == {"validationError": "Your session has expired"}
def register():
req = request.get_json()
if not exists(u.id for u in User if u.username == req['display_name']):
now = datetime.datetime.now()
User(username=req['display_name'],
gender=req['gender'],
avatar=req['avatar'],
age=req['age'],
user_id=now,
password=req['password'],
created_at=now)
user = User.get(username=req['display_name'])
return jsonify(
success=True,
user=user.describe(),
access_token=create_access_token(identity=user.describe()))
else:
return jsonify(success=False, err='INVAILD_USERNAME')
def refresh():
current_id = get_jwt_identity()
user = User.get(id=current_id)
if not user:
return jsonify(err='INVALID_AUTHORIZATION'), 401
return jsonify(user=user.describe()), 200
def test_add_user(smtp):
assert len(smtp.outbox) == 0
c = Client(App(), extra_environ=dict(REMOTE_ADDR="127.0.0.1"))
new_user_json = json.dumps(
{"nickname": "NewUser", "email": "*****@*****.**", "password": "******"}
)
response = c.post("/users", new_user_json, status=201)
with db_session:
assert User.exists(nickname="NewUser")
assert User.get(nickname="NewUser").register_ip == "127.0.0.1"
assert len(smtp.outbox) == 1
message = smtp.outbox[0]
assert message["subject"] == "Confirm Your Email Address"
assert message["To"] == "*****@*****.**"
response = c.post("/users", new_user_json, status=409)
assert response.json == {"validationError": "Email already exists"}
assert len(smtp.outbox) == 1
with db_session:
new_editor_json = json.dumps(
{
"nickname": "NewEditor",
"email": "*****@*****.**",
"password": "******",
"groups": ["Editor"],
}
)
c.post("/users", new_editor_json)
assert User.exists(nickname="NewEditor")
assert Group.get(name="Editor") in User.get(nickname="NewEditor").groups
assert User.get(nickname="NewEditor").email == "*****@*****.**"
assert len(smtp.outbox) == 2
message = smtp.outbox[1]
assert message["subject"] == "Confirm Your Email Address"
assert message["To"] == "*****@*****.**"
new_user_json = json.dumps(
{
"nickname": "NewUser",
"email": "*****@*****.**",
"password": "******",
}
)
response = c.post("/users", new_user_json, status=422)
assert response.json == {"email": ["Email could not be delivered"]}
new_user_json = json.dumps(
{"nickname": "NewUser", "email": "newuser@example", "password": "******"}
)
response = c.post("/users", new_user_json, status=422)
assert response.json == {"email": ["Not valid email"]}
new_user_json = json.dumps(
{
"nickname": 123,
"email": "*****@*****.**",
"password": "******",
}
)
response = c.post("/users", new_user_json, status=422)
assert response.json == {"nickname": ["must be of string type"]}
