def test_login(): from pykern import pkunit from pykern.pkdebug import pkdp from pykern.pkunit import pkeq, pkok, pkre, pkexcept from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', r.data) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('SRException.*routeName=login'): auth.logged_in_user() with pkexcept('SRException.*routeName=login'): auth.require_user() sirepo.cookie.set_sentinel() # copying examples for new user takes time with pkunit.pkexcept('SRException.*routeName=None'): r = auth.login(sirepo.auth.guest, sim_type='myapp') r = auth.api_authState() pkre('LoggedIn": true.*Registration": false', r.data) u = auth.logged_in_user() pkok(u, 'user should exist') # guests do not require completeRegistration auth.require_user()
def test_login(): from pykern import pkunit, pkcompat from pykern.pkunit import pkeq, pkok, pkre, pkfail, pkexcept from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request import sirepo.util r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', pkcompat.from_bytes(r.data)) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('SRException.*routeName=login'): auth.logged_in_user() with pkexcept('SRException.*routeName=login'): auth.require_user() sirepo.cookie.set_sentinel() # copying examples for new user takes time try: r = auth.login(sirepo.auth.guest, sim_type='myapp') pkfail('expecting sirepo.util.Response') except sirepo.util.Response as e: r = e.sr_args.response pkre(r'LoggedIn":\s*true.*Registration":\s*false', pkcompat.from_bytes(r.data)) u = auth.logged_in_user() pkok(u, 'user should exist') # guests do not require completeRegistration auth.require_user()
def is_login_expired(res=None): """If expiry is configured, check timestamp Args: res (hash): If a hash and return is True, will contain (uid, expiry, and now). Returns: bool: true if login is expired """ if not cfg.expiry_days: return False n = int(srtime.utc_now_as_float()) t = int(cookie.unchecked_get_value(_COOKIE_EXPIRY_TIMESTAMP, 0)) if n <= t: # cached timestamp less than expiry return False # db expiry at most one day from now so we can change expiry_days # and (in any event) ensure expiry is checked once a day. This # would also allow us to extend the expired period in the db. u = auth.logged_in_user() r = auth.user_registration(u) t = r.created + cfg.expiry_days n = srtime.utc_now() if n > t: if res is not None: res.update(uid=u, expiry=t, now=n) return True # set expiry in cookie t2 = n + _ONE_DAY if t2 < t: t = t2 t -= datetime.datetime.utcfromtimestamp(0) cookie.set_value(_COOKIE_EXPIRY_TIMESTAMP, int(t.total_seconds())) return False
def _user_dir(): """User for the session Returns: str: unique id for user from flask session """ uid = auth.logged_in_user() d = user_dir_name(uid) if d.check(): return d auth.user_dir_not_found(uid)
def test_login(): from pykern import pkunit from pykern.pkdebug import pkdp from pykern.pkunit import pkeq, pkok, pkre from sirepo import auth import flask import sirepo.auth.guest import sirepo.cookie import sirepo.http_request r = auth.api_authState() pkre('LoggedIn": false.*Registration": false', r.data) delattr(flask.g, 'sirepo_cookie') auth.process_request() with pkunit.pkexcept('Unauthorized'): auth.logged_in_user() r = auth.require_user() pkeq(400, r.status_code, 'status should be BAD REQUEST') pkre('"routeName": "login"', r.data) sirepo.cookie.set_sentinel() # copying examples for new user takes time r = auth.login(sirepo.auth.guest) pkeq(None, r, 'user created') r = auth.api_authState() pkre('LoggedIn": true.*Registration": true', r.data) u = auth.logged_in_user() pkok(u, 'user should exist') r = auth.require_user() pkeq(400, r.status_code, 'status should be BAD REQUEST') pkre('"routeName": "completeRegistration"', r.data) flask.request = 'abcdef' def parse_json(*args, **kwargs): return pkcollections.Dict(simulationType='myapp', displayName='Joe Bob') setattr(sirepo.http_request, 'parse_json', parse_json) auth.api_authCompleteRegistration() r = auth.api_authState() pkre('Name": "Joe Bob".*In": true.*.*Registration": false', r.data)
def job_id(data): """A Job is a simulation and report name. A jid is words and dashes. Args: data (dict): extract sid and report Returns: str: unique name """ return '{}-{}-{}'.format( auth.logged_in_user(), data.simulationId, data.report, )
def api_authEmailAuthorized(simulation_type, token): """Clicked by user in an email Token must exist in db and not be expired. """ if http_request.is_spider(): sirepo.util.raise_forbidden('robots not allowed') req = http_request.parse_params(type=simulation_type) with auth_db.thread_lock: u = AuthEmailUser.search_by(token=token) if u and u.expires >= srtime.utc_now(): n = _verify_confirm(req.type, token, auth.need_complete_registration(u)) u.query.filter( (AuthEmailUser.user_name == u.unverified_email), AuthEmailUser.unverified_email != u.unverified_email, ).delete() u.user_name = u.unverified_email u.token = None u.expires = None u.save() auth.login(this_module, sim_type=req.type, model=u, display_name=n) raise AssertionError('auth.login returned unexpectedly') if not u: pkdlog('login with invalid token={}', token) else: pkdlog( 'login with expired token={}, email={}', token, u.unverified_email, ) # if user is already logged in via email, then continue to the app if auth.user_if_logged_in(AUTH_METHOD): pkdlog( 'user already logged in. ignoring invalid token: {}, user: {}', token, auth.logged_in_user(), ) raise sirepo.util.Redirect(sirepo.uri.local_route(req.type)) auth.login_fail_redirect(req.type, this_module, 'email-token')