def post(self, request):
try:
_username = request._json_body['phoneNo']
_password = request._json_body['password']
except KeyError as e:
raise Response(str(e) + ' is required in request body.', 400)
_user = User.objects.get(phoneNo=_username)
if not _user:
raise Response('username or password seems incorrect.')
if not _user.check_password(_password):
locked_response = Response(
{
"error": {
"message": "Account Locked.",
"code": -1
},
"statusCode": 400,
},
400,
)
return locked_response
token, _ = MultiToken.create_token(_user)
response_data = {
'loggedInAlready': _,
'token': token.key,
}
return Response(response_data)
def test_other_users_tokens_are_not_affected(self):
second_user = create_test_user('tester2')
second_token, _ = MultiToken.create_token(second_user)
MultiToken.expire_token(self.token)
self.assertIsNotNone(TOKENS_CACHE.get(second_user.pk))
self.assertIsNotNone(
TOKENS_CACHE.get(parse_full_token(second_token.key)[1]))
def post(self, request):
body = request._json_body
u = User.objects.get(phoneNo=body['phoneNo'])
if str(u.otp) != str(body['otp']):
return Response({'error': 'otp not valid'}, 400)
u.status = 2
u.save()
token, _ = MultiToken.create_token(u)
return Response({'token': token.key})
def test_second_hash_is_saved_in_redis_alongside_the_first_one(self):
first_hash = TOKENS_CACHE.get(self.user.pk)[0]
second_token, first_device = MultiToken.create_token(self.user)
second_hash = TOKENS_CACHE.get(self.user.pk)[1]
self.assertEqual(len(TOKENS_CACHE.get(self.user.pk)), 2)
self.assertIn(first_hash, TOKENS_CACHE.get(self.user.pk))
self.assertIn(second_hash, TOKENS_CACHE.get(self.user.pk))
self.assertIsNotNone(TOKENS_CACHE.get(first_hash))
self.assertIsNotNone(TOKENS_CACHE.get(second_hash))
def test_other_users_tokens_are_not_affected(self):
second_user = create_test_user('tester2')
second_token, _ = MultiToken.create_token(second_user)
import time
time.sleep(1)
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertEqual(TOKENS_CACHE.ttl(self.user.pk), 1000)
self.assertNotEqual(TOKENS_CACHE.ttl(second_user.pk), 1000)
hash = TOKENS_CACHE.get(second_user.pk)[0]
self.assertNotEqual(hash, 1000)
def test_token_is_removed_from_redis_when_user_has_multiple_tokens(self):
second_token, first_device = MultiToken.create_token(self.user)
MultiToken.expire_token(self.token)
self.assertEqual(len(TOKENS_CACHE.get(self.user.pk)), 1)
_, hash = parse_full_token(self.token.key)
self.assertIsNone(TOKENS_CACHE.get(hash))
self.assertEqual(
TOKENS_CACHE.get(self.user.pk)[0],
parse_full_token(second_token.key)[1])
self.assertIsNotNone(
TOKENS_CACHE.get(parse_full_token(second_token.key)[1]))
def setUp(self):
TOKENS_CACHE.clear()
self.user = create_test_user()
self.token, self.first_device = MultiToken.create_token(self.user)
def test_second_token_for_user_is_flagged_correctly_as_not_the_first_device_getting_a_token(
self):
second_token, first_device = MultiToken.create_token(self.user)
self.assertFalse(first_device)