def validate_credentials(): try: auth_header = request.headers.get("Authorization") if not auth_header or "Bearer" not in auth_header: return "Bad authorization header", 403 auth_header_data = auth_header.split(" ") if not len(auth_header_data) == 2: return "Bad authorization header", 401 query = Query('authentication') _, token = auth_header_data decoded_data = jwt.decode(token, JWT_SECRET_KEY) username = decoded_data.get('username') password = decoded_data.get('password') user = query.select().where(username=username, password=password).get() if len(user) == 0: return "User was not found", 404 except Exception: return "Token is invalid", 403
def test_selecting_with_conditions_returns_nothing_because_of_incorrect_value(self): query = Query("authentication") records = query.select().where(username="******", password="******").get() self.assertIsInstance(records, list) self.assertListEqual(records, [])
def get(self, employee_id=None): if employee_id is None: query = Query("employees") employees = query.select().get() return json.dumps(employees) payment = Payment() payments = payment.get_employee_reports(employee_id) return json.dumps(payments)
def get_employee_reports(self, employee_id): query = Query("pays") payment_records = query.select().where(employee_id=employee_id).get() financial_year_payments = self.separate_payments_by_financial_year( payment_records) return [ self.compress_financial_year_records(year) for year in financial_year_payments ]
def test_selecting_with_multiple_conditions(self): query = Query("authentication") records = query.select().where(username="******", password="******", is_locked="Y").get() self.assertIsInstance(records, list) self.assertDictEqual(records[0], { "username": "******", "password": "******", "is_locked": "Y", "failed_attempts": "0" })
def test_selecting_with_conditions_username_only(self): query = Query("authentication") records = query.select().where(username="******").get() self.assertIsInstance(records, list) self.assertIsInstance(records[0], dict) self.assertDictEqual(records[0], { "username": "******", "password": "******", "is_locked": "N", "failed_attempts": "0" })
def test_select_method(self): query = Query("authentication") records = query.select() self.assertIsInstance(records, Query) records = records.results self.assertIsInstance(records, list) self.assertIsInstance(records[0], dict) self.assertDictEqual(records[0], { "username": "******", "password": "******", "is_locked": "N", "failed_attempts": "0" })
def post(self): try: login_payload = parser.parse_args() username = login_payload.get('username', None) password = login_payload.get('password', None) if username is None: return "No username was provided", 401 query = Query("authentication") user = query.select().where(username=username) user_data = user.get()[0] if user_data['is_locked'] == "Y": return "Account is locked", 403 if user_data['password'] != password: attempts = int(user_data['failed_attempts']) + 1 if attempts == 3: user.update(is_locked="Y", failed_attempts=str(attempts)) else: user.update(failed_attempts=str(attempts)) return "Incorrect username/password combination", 401 return json.dumps({ "token": get_jwt_token({ 'username': username, 'password': password }), "username": username }), 200 except Exception as error: return error, 500
def get_employee_payments(self, employee_id): query = Query("pays") payment_records = query.select().where(employee_id=employee_id).get() return payment_records
def test_get_method(self, query_mock): query = Query("authentication") query_mock.return_value = [] self.assertListEqual(query.select().get(), [])