def change_account(acc_id):
account_ids = [acc.id for acc in request.user.accounts]
try:
user_info = jwt_generate_user_info(request.user, request.user.accounts[account_ids.index(acc_id)])
jwt_token = jwt_auth.jwt_encode_callback(user_info)
return _generate_repsonse(user_info, jwt_token.decode("utf8"))
except ValueError:
pass
return make_response(json.dumps({"msg": "Not associated with account"}), 401)
def test_return_200_if_jwt_token_valid(self):
test_client = application.test_client()
with application.app_context():
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(self.user, self.account_dev))
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(200, r.status_code)
def test_jwt_return_401_if_when_account_does_not_exist(self):
test_client = application.test_client()
with application.app_context():
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(self.user, Account(id=1024)))
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(401, r.status_code)
self.assertEqual("Account does not exist",
json.loads(r.data)['msg'])
def test_jwt_populate_request_user_if_token_is_valid(self):
with application.app_context(), application.test_client(
) as test_client:
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(self.user, self.account_infra))
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(200, r.status_code)
self.assertEqual("*****@*****.**", request.user.tx_email)
self.assertEqual(5, request.user.current_account.id)
def test_jwt_return_401_if_user_has_no_associated_account(self):
test_client = application.test_client()
with application.app_context():
jwt_token = jwt_auth.jwt_encode_callback({
"email": "*****@*****.**",
"account_id": 2
})
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(401, r.status_code)
self.assertEqual("No associated account",
json.loads(r.data)['msg'])
def test_jwt_return_401_if_user_is_not_linked_to_account(self):
"""
If user tries to access account without being associated to this account
"""
test_client = application.test_client()
with application.app_context():
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(self.user, self.account_with_no_user))
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(401, r.status_code)
self.assertEqual("Permission Denied to access this account",
json.loads(r.data)['msg'])
def test_jwt_populate_default_account_if_request_account_is_empty(self):
"""
Como quem gera o token JWT é o server e ele *sempre* coloca account_id (Um user sem nennhuma account associada não se loga), esse request nunca vai acontecer.
Não acontece pois é impossivel gerar um JWT válido sem ter a SECRET_KEY que só o server tem.
"""
test_client = application.test_client()
with application.app_context():
jwt_token = jwt_auth.jwt_encode_callback(
{"email": "*****@*****.**"})
auth_header = {
"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))
}
r = test_client.get("/v2/apps", headers=auth_header)
self.assertEqual(200, r.status_code)
self.assertEqual(3, r.user.current_account)
def test_jwt_auth_with_token_from_session_if_headers_not_present(self):
"""
Se não encontrarmos o token JWT no header, olhamos na flask session procurando por ele.
"""
test_client = application.test_client()
with application.app_context(), \
patch.object(routes, "check_authentication_successful",
return_value={"email": self.user.tx_email}):
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(self.user, self.account_dev))
with test_client.session_transaction() as flask_session:
flask_session['jwt'] = jwt_token
response = test_client.get("/v2/apps")
self.assertEqual(200, response.status_code)
def authorized(resp):
access_token = resp and resp.get('access_token')
authentication_ok = check_authentication_successful(access_token)
if not authentication_ok:
return render_template("login-failed.html",
reason="Invalid OAuth2 code")
user = _get_user_by_email(authentication_ok["email"])
if not user:
return render_template("login-failed.html", reason="User not found")
if not user.accounts:
return render_template("login-failed.html",
reason="No associated accounts")
data = {}
data["jwt"]: bytes = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(user, user.accounts[0]))
session["jwt"] = data["jwt"] = data["jwt"].decode('utf-8')
return redirect("{}?jwt={}".format(conf.REDIRECT_AFTER_LOGIN, data["jwt"]))
def make_auth_header(self, user, account) -> Dict[str, str]:
jwt_token = jwt_auth.jwt_encode_callback(
jwt_generate_user_info(user, account))
return {"Authorization": "JWT {}".format(jwt_token.decode('utf-8'))}
def generate_jwt_token_for_user(self, user, account):
return jwt_auth.jwt_encode_callback(
jwt_generate_user_info(user, account))