def test_token_is_successfully_blacklisted(self):
self.assertTrue(self.user.save())
user = User.query.filter_by(email=self.user.email).first()
self.assertIsNotNone(user)
self.assertEqual(user.email, self.user.email)
token = user.generate_token(user.id) # generating the token
self.assertIsInstance(token, bytes)
# add the token to the BlacklistToken
blacklist = BlacklistToken(str(token))
blacklist.save()
self.assertTrue(blacklist.is_blacklisted(str(token)))
def logout():
"""store the access_token in blacklist when a user logs out"""
auth_header = request.headers.get('Authorization')
access_token = auth_header.split(" ")[1]
#check is the token is valid
res = User.decode_auth_token(access_token)
if isinstance(res,
int) and not BlacklistToken.is_blacklisted(access_token):
#the token is still valid and not in blasklist
blasklisted_token = BlacklistToken(access_token)
db.session.add(blasklisted_token)
db.session.commit()
return jsonify(
{"message":
"logout succees. Thank you for using Bright Events"}), 200
return jsonify({"message": "you are already logged out"}), 401
def before_request():
"""get the user bafore every request"""
if request.endpoint and 'auth' not in request.url:
auth_header = request.headers.get('Authorization')
g.user = None
if auth_header:
access_token = auth_header.split(" ")[1]
if access_token:
#try decoding the token and get the user_id
res = User.decode_auth_token(access_token)
if isinstance(res, int) and not BlacklistToken.is_blacklisted(
access_token):
#check if no error in string format was returned
#find the user with the id on the token
user = User.query.filter_by(id=res).first()
g.user = user
return
return jsonify(
{"message": "Please register or login to continue"}), 401
return jsonify({"message": "acess token is missing"}), 401
return jsonify({"message": "Authorization header is missing"}), 401
