def test_verify_auth_token_invalid_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() with pytest.raises(BadSignature) as _: Users.verify_auth_token(app.secret_key, 'invalid_token')
def test_verify_auth_token_expired_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() user = Users.get_user_by_username(username) token = user.generate_auth_token(app.secret_key, expiration=1) time.sleep(2) with pytest.raises(SignatureExpired): Users.verify_auth_token(app.secret_key, token)
def test_verify_auth_token(self, testdir_class, test_utils): testdir_class.activate() username = test_utils.random_string(5) password = '******' Users.create_user(username, password) app = create_app() token = Users.get_user_by_username(username).generate_auth_token( app.secret_key) user = Users.verify_auth_token(app.secret_key, token) assert user.username == username
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: token = request.headers.get('token', None) if token: try: user = Users.verify_auth_token(current_app.secret_key, token) request.api_user = user except BadSignature: abort(401, 'Token did not match') except SignatureExpired: abort(401, 'Signature Expired') except Exception: abort(401, 'Unknown error') else: abort(400, 'Missing token') return func(*args, **kwargs)