def test_save_token(app): with app.app_context(): save_token('test_token') result = get_db().execute( "SELECT * FROM blacklist_tokens WHERE token LIKE '{}'".format( 'test_token')).fetchone() assert result is not None
def refresh_token(request): auth_token = request.cookies.get(header_name) or \ request.headers.get(header_name) if not auth_token: return { 'status': 'fail', 'message': 'Provide a valid auth token.' }, 401 resp = User.decode_auth_token(auth_token) if not resp: return {'status': 'fail', 'message': resp}, 401 user = find_user(resp) if not user: return {'status': 'fail', 'message': 'Invalid user'}, 401 old_auth_token = auth_token auth_token = user.encode_auth_token() if not auth_token: return { 'status': 'fail', 'message': 'Could not generate auth token' }, 500 # mark the old token as blacklisted save_token(token=old_auth_token) response = jsonify({ 'status': 'success', 'message': 'Successfully refreshed auth token.', header_name: auth_token.decode() }) response.set_cookie(header_name, auth_token.decode(), httponly=True) return response
def test_save_existing_token(app): with app.app_context(): save_token('test_token') save_token('test_token') result = get_db().execute( "SELECT count(*) FROM blacklist_tokens").fetchone() assert result[0] == 1
def logout_user(request): data = request.cookies.get(header_name) or \ request.headers.get(header_name) if data: resp = User.decode_auth_token(data) if isinstance(resp, str): # mark the token as blacklisted save_token(token=data) response = jsonify({ 'status': 'success', 'message': 'Successfully logged out.' }) response.set_cookie(header_name, '', httponly=True) return response response_object = {'status': 'fail', 'message': resp} return response_object, 401 response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return response_object, 403
def test_check_blacklist(app): with app.app_context(): save_token('test_token') assert check_blacklist('test_token') is True assert check_blacklist('no_token') is False