def test_auth(self):
DatabaseManager.reset()
account = Account(name=u'Test Account 3',
email='*****@*****.**').add()
some_passwd = 'abcdefg'
account.set_passwd(some_passwd)
DatabaseManager.commit()
account_ = Account.get_by(id=account.id, single=True)
self.assertNotEquals(account_.passwd, some_passwd)
self.assertEquals(account_.verify_passwd(some_passwd), True)
self.assertEquals(account_.verify_passwd('should be wrong'), False)
token = account_.auth_token
account_t = Account.from_auth_token(token)
self.assertEquals(account_.id, account_t.id)
fake_token = jwt.encode({
'iss': 'compose.ai',
'sub': account_.id,
'jti': str(uuid.uuid4()),
'iat': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=14)
}, 'im fake secret')
with self.assertRaises(RuntimeError):
Account.from_auth_token(fake_token)
outdated_token = jwt.encode({
'iss': 'compose.ai',
'sub': account_.id,
'jti': str(uuid.uuid4()),
'iat': datetime.datetime.utcnow() - datetime.timedelta(days=30),
'exp': datetime.datetime.utcnow() - datetime.timedelta(days=15)
}, config.JWT_SECRET)
with self.assertRaises(RuntimeError):
Account.from_auth_token(outdated_token)
def decorated(*args, **kwargs):
if Key.X_COMPOSEAI_AUTH not in request.headers:
raise AppError(HTTPStatus.STATUS_CLIENT_ERROR,
CustomError.ERR_UNAUTHENTICATED,
'Not loggined')
auth_header = request.headers[Key.X_COMPOSEAI_AUTH]
parts = auth_header.split()
if parts[0] != 'Bearer':
raise AppError(HTTPStatus.STATUS_CLIENT_ERROR,
CustomError.ERR_UNAUTHENTICATED,
'Invalid auth token')
try:
token = parts[1]
g.account = Account.from_auth_token(token)
except RuntimeError:
raise AppError(HTTPStatus.STATUS_CLIENT_ERROR,
CustomError.ERR_UNAUTHENTICATED,
'The token %s is invalid' % token)
return func(*args, **kwargs)