def test_login_happy_path(client, db_session):
name = generate_username()
password = generate_password()
user = User(name, password, db_session=db_session)
user_id = user.id
reply = client.post('/login',
json={
'username': name,
'password': password
})
assert reply.status_code == 200
assert list(reply.json.keys()) == ['token']
token = reply.json['token']
assert re.match('^[a-f0-9]{64}$', token)
assert UserToken.get_user_id_with_token(token, db_session) == user_id
# same prefix, but different suffix
invalid_token = token[:32] + str(uuid.uuid4()).replace('-', '')
assert UserToken.get_user_id_with_token(invalid_token, db_session) is None
# same suffix, but different prefix
invalid_token = str(uuid.uuid4()).replace('-', '') + token[-32:]
assert UserToken.get_user_id_with_token(invalid_token, db_session) is None
def wrapper(*args, **kwargs):
token = request.headers.get('X-Session')
user_id = UserToken.get_user_id_with_token(token, db_session)
if user_id:
return handler(user_id, *args, **kwargs)
return error_reply('Invalid token', 401)
