def test_token_is_successfully_blacklisted(self): self.assertTrue(self.user.save()) user = User.query.filter_by(email=self.user.email).first() self.assertIsNotNone(user) self.assertEqual(user.email, self.user.email) token = user.generate_token(user.id) # generating the token self.assertIsInstance(token, bytes) # add the token to the BlacklistToken blacklist = BlacklistToken(str(token)) blacklist.save() self.assertTrue(blacklist.is_blacklisted(str(token)))
def logout(): """store the access_token in blacklist when a user logs out""" auth_header = request.headers.get('Authorization') access_token = auth_header.split(" ")[1] #check is the token is valid res = User.decode_auth_token(access_token) if isinstance(res, int) and not BlacklistToken.is_blacklisted(access_token): #the token is still valid and not in blasklist blasklisted_token = BlacklistToken(access_token) db.session.add(blasklisted_token) db.session.commit() return jsonify( {"message": "logout succees. Thank you for using Bright Events"}), 200 return jsonify({"message": "you are already logged out"}), 401
def before_request(): """get the user bafore every request""" if request.endpoint and 'auth' not in request.url: auth_header = request.headers.get('Authorization') g.user = None if auth_header: access_token = auth_header.split(" ")[1] if access_token: #try decoding the token and get the user_id res = User.decode_auth_token(access_token) if isinstance(res, int) and not BlacklistToken.is_blacklisted( access_token): #check if no error in string format was returned #find the user with the id on the token user = User.query.filter_by(id=res).first() g.user = user return return jsonify( {"message": "Please register or login to continue"}), 401 return jsonify({"message": "acess token is missing"}), 401 return jsonify({"message": "Authorization header is missing"}), 401