def test_authenticate_using_token(self):
user = UserFactory.create()
exists, auth_user = User.authenticate(email=user.email, password=UserFactory.get_default_password())
expect(auth_user).not_to_be_null()
auth_user = User.authenticate_with_token(token=auth_user.token)
expect(auth_user).not_to_be_null()
def test_authenticate_with_invalid_pass_should_be_access_denied(self):
user = User(email="*****@*****.**", password="******")
user.save()
response = self.fetch_with_headers(self.reverse_url('auth_user'),
email="*****@*****.**",
password="******")
expect(response.code).to_equal(403)
def test_registering_duplicated_user(self):
email = "*****@*****.**"
password = "******"
user = User(email=email, password=password)
user.save()
response = self.fetch_with_headers(self.reverse_url('register_user'), email=email, password=password)
expect(response.code).to_equal(409)
expect(response.body).to_equal("User already registered.")
def test_authenticate_using_token(self):
user = UserFactory.create()
exists, auth_user = User.authenticate(
email=user.email, password=UserFactory.get_default_password())
expect(auth_user).not_to_be_null()
auth_user = User.authenticate_with_token(token=auth_user.token)
expect(auth_user).not_to_be_null()
def test_authenticating_with_wrong_pass_returns_none(self):
created_user = UserFactory.create()
exists, user = User.authenticate(email="*****@*****.**", password="******")
expect(exists).to_be_false()
expect(user).to_be_null()
exists, user = User.authenticate(email=created_user.email, password="******")
expect(exists).to_be_true()
expect(user).to_be_null()
def test_registering_duplicated_user(self):
email = "*****@*****.**"
password = "******"
user = User(email=email, password=password)
user.save()
response = self.fetch_with_headers(self.reverse_url('register_user'),
email=email,
password=password)
expect(response.code).to_equal(409)
expect(response.body).to_equal("User already registered.")
def test_authenticating_with_wrong_pass_returns_none(self):
created_user = UserFactory.create()
exists, user = User.authenticate(email="*****@*****.**",
password="******")
expect(exists).to_be_false()
expect(user).to_be_null()
exists, user = User.authenticate(email=created_user.email,
password="******")
expect(exists).to_be_true()
expect(user).to_be_null()
def test_authenticate_with_valid_user(self):
user = User(email="*****@*****.**", password="******")
user.save()
response = self.fetch_with_headers(self.reverse_url('auth_user'), email="*****@*****.**", password="******")
expect(response.code).to_equal(200)
expect(response.body).to_equal("OK")
user = User.objects.filter(email="*****@*****.**").first()
expect(response.headers).to_include('Token-Expiration')
# without nano seconds
expect(response.headers['Token-Expiration'][:19]).to_equal(user.token_expiration.isoformat()[:19])
expect(response.headers).to_include('Token')
expect(response.headers['Token']).to_equal(user.token)
def get(self):
email = self.request.headers.get("Email", None)
password = self.request.headers.get("Password", None)
if not email or not password:
self.set_status(400)
self.finish()
return
exists, user = User.authenticate(
email,
password,
expiration=self.application.config.TOKEN_EXPIRATION_IN_MINUTES)
if not exists:
self.set_status(404)
self.finish()
return
if user is None:
self.set_status(403)
self.finish()
return
self.set_status(200)
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.write("OK")
self.finish()
def get(self):
email = self.request.headers.get("Email", None)
password = self.request.headers.get("Password", None)
if not email or not password:
self.set_status(400)
self.finish()
return
exists, user = User.authenticate(email, password, expiration=self.application.config.TOKEN_EXPIRATION_IN_MINUTES)
if not exists:
self.set_status(404)
self.finish()
return
if user is None:
self.set_status(403)
self.finish()
return
self.set_status(200)
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.write("OK")
self.finish()
def test_authenticating(self):
user = UserFactory.create()
exists, auth_user = User.authenticate(email=user.email, password="******")
expect(exists).to_be_true()
expect(auth_user).not_to_be_null()
expect(auth_user.token).not_to_be_null()
expect(auth_user.token_expiration).not_to_be_null()
def test_authenticating(self):
user = UserFactory.create()
exists, auth_user = User.authenticate(email=user.email,
password="******")
expect(exists).to_be_true()
expect(auth_user).not_to_be_null()
expect(auth_user.token).not_to_be_null()
expect(auth_user.token_expiration).not_to_be_null()
def test_authenticate_with_valid_user(self):
user = User(email="*****@*****.**", password="******")
user.save()
response = self.fetch_with_headers(self.reverse_url('auth_user'),
email="*****@*****.**",
password="******")
expect(response.code).to_equal(200)
expect(response.body).to_equal("OK")
user = User.objects.filter(email="*****@*****.**").first()
expect(response.headers).to_include('Token-Expiration')
# without nano seconds
expect(response.headers['Token-Expiration'][:19]).to_equal(
user.token_expiration.isoformat()[:19])
expect(response.headers).to_include('Token')
expect(response.headers['Token']).to_equal(user.token)
def test_can_create_user(self):
user = UserFactory.create()
password = UserFactory.get_default_password()
password = hmac.new(six.b(str(user.salt)), six.b(password), hashlib.sha1).hexdigest()
retrieved = User.objects(id=user.id)
expect(retrieved.count()).to_equal(1)
expect(retrieved.first().password).to_equal(password)
expect(retrieved.first().email).to_equal(user.email)
expect(retrieved.first().token).to_equal(user.token)
def post(self):
old_pass = self.get_argument("old_pass")
new_pass = self.get_argument("new_pass")
if self.current_user.password != User.get_hash_for(self.current_user.salt, old_pass):
self.send_error(status_code=403)
else:
self.current_user.salt = None
self.current_user.password = new_pass
self.current_user.save()
self.finish()
def setUp(self):
self.clear_user_data()
self.target = "http://localhost:2368"
self.execute("target-set", self.target)
self.username = "******" % randint(1, 1000000)
self.password = "******"
self.user = User.create(email=self.username, password=self.password)
expect(self.user).not_to_be_null()
self.execute("login", self.username, password=self.password)
def test_can_create_user(self):
user = UserFactory.create()
password = UserFactory.get_default_password()
password = hmac.new(six.b(str(user.salt)), six.b(password),
hashlib.sha1).hexdigest()
retrieved = User.objects(id=user.id)
expect(retrieved.count()).to_equal(1)
expect(retrieved.first().password).to_equal(password)
expect(retrieved.first().email).to_equal(user.email)
expect(retrieved.first().token).to_equal(user.token)
def post(self):
old_pass = self.get_argument("old_pass")
new_pass = self.get_argument("new_pass")
if self.current_user.password != User.get_hash_for(
self.current_user.salt, old_pass):
self.send_error(status_code=403)
else:
self.current_user.salt = None
self.current_user.password = new_pass
self.current_user.save()
self.finish()
def test_change_user_password_fails_with_wrong_password(self):
old_pass = "******"
old_pass_hash = self.user.password
old_salt = self.user.salt
new_pass = "******"
kwargs = {"old_pass": old_pass, "new_pass": new_pass}
response = self.post("/user/change-pass/", **kwargs)
expect(response.code).to_equal(403)
the_user = User.objects.filter(token=self.user.token).first()
pass_hash = User.get_hash_for(the_user.salt, new_pass)
expect(str(the_user.salt)).to_equal(str(old_salt))
expect(the_user.password).to_equal(old_pass_hash)
def test_change_user_password_works_with_correct_password(self):
old_pass = "******"
old_salt = self.user.salt
new_pass = "******"
kwargs = {"old_pass": old_pass, "new_pass": new_pass}
response = self.post("/user/change-pass/", **kwargs)
expect(response.code).to_equal(200)
the_user = User.objects.filter(token=self.user.token).first()
new_hash = User.get_hash_for(the_user.salt, new_pass)
expect(the_user.password).to_equal(new_hash)
expect(old_salt).not_to_equal(the_user.salt)
expect(old_pass).not_to_equal(the_user.password)
def get(self):
email = self.request.headers.get("Email", None)
password = self.request.headers.get("Password", None)
if not email or not password:
self.set_status(400)
self.finish()
return
user = User.create(email, password)
if user is None:
self.set_status(409)
self.write("User already registered.")
self.finish()
return
exists, user = User.authenticate(email, password)
self.set_status(200)
self.write("OK")
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.finish()
def get(self):
email = self.request.headers.get("Email", None)
password = self.request.headers.get("Password", None)
if not email or not password:
self.set_status(400)
self.finish()
return
user = User.create(email, password)
if user is None:
self.set_status(409)
self.write("User already registered.")
self.finish()
return
exists, user = User.authenticate(email, password)
self.set_status(200)
self.write("OK")
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.finish()
def test_change_user_password_fails_with_wrong_password(self):
old_pass = "******"
old_pass_hash = self.user.password
old_salt = self.user.salt
new_pass = "******"
kwargs = {
"old_pass": old_pass,
"new_pass": new_pass
}
response = self.post("/user/change-pass/", **kwargs)
expect(response.code).to_equal(403)
the_user = User.objects.filter(token=self.user.token).first()
pass_hash = User.get_hash_for(the_user.salt, new_pass)
expect(str(the_user.salt)).to_equal(str(old_salt))
expect(the_user.password).to_equal(old_pass_hash)
def test_change_user_password_works_with_correct_password(self):
old_pass = "******"
old_salt = self.user.salt
new_pass = "******"
kwargs = {
"old_pass": old_pass,
"new_pass": new_pass
}
response = self.post("/user/change-pass/", **kwargs)
expect(response.code).to_equal(200)
the_user = User.objects.filter(token=self.user.token).first()
new_hash = User.get_hash_for(the_user.salt, new_pass)
expect(the_user.password).to_equal(new_hash)
expect(old_salt).not_to_equal(the_user.salt)
expect(old_pass).not_to_equal(the_user.password)
def get(self):
token = self.request.headers.get("Token", None)
if not token:
self.set_status(400)
self.finish()
return
user = User.authenticate_with_token(token, expiration=self.application.config.TOKEN_EXPIRATION_IN_MINUTES)
if user is None:
self.set_status(403)
self.finish()
return
self.set_status(200)
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.write("OK")
self.finish()
def get(self):
token = self.request.headers.get("Token", None)
if not token:
self.set_status(400)
self.finish()
return
user = User.authenticate_with_token(
token,
expiration=self.application.config.TOKEN_EXPIRATION_IN_MINUTES)
if user is None:
self.set_status(403)
self.finish()
return
self.set_status(200)
self.set_header("Token", user.token)
self.set_header("Token-Expiration", user.token_expiration.isoformat())
self.write("OK")
self.finish()
def test_authenticate_using_invalid_token(self):
auth_user = User.authenticate_with_token(token="12312412414124")
expect(auth_user).to_be_null()
def test_cant_create_user_with_same_email_twice(self):
user = UserFactory.create()
user = User.create(email=user.email, password="******")
expect(user).to_be_null()
def test_cant_create_user_with_same_email_twice(self):
user = UserFactory.create()
user = User.create(email=user.email, password="******")
expect(user).to_be_null()
def test_authenticate_using_invalid_token(self):
auth_user = User.authenticate_with_token(token="12312412414124")
expect(auth_user).to_be_null()
def test_authenticate_with_invalid_pass_should_be_access_denied(self):
user = User(email="*****@*****.**", password="******")
user.save()
response = self.fetch_with_headers(self.reverse_url('auth_user'), email="*****@*****.**", password="******")
expect(response.code).to_equal(403)