def test_my_ranking_weekly(self): from models import User, AuthToken, UserStats from django.test import RequestFactory from django.core.urlresolvers import reverse from views import my_ranking_weekly users = [] for i in range(10): u = User() u.email = '*****@*****.**' + str(i) u.public_name = 'TEST' + str(i) u.save() users.append(u) UserStats.record_stats(u, i * 100, datetime.date.today()) auth = AuthToken() auth.token_string = AuthToken.gen_token_string('*****@*****.**') auth.user = users[9] auth.valid = True auth.save() factory = RequestFactory() rq = factory.get(reverse('my_ranking_weekly'), data={'token': auth.token_string}) response = my_ranking_weekly(rq) data = json.loads(response.content) self.assertEqual(data['status'], 'OK')
def test_update_profile(self): from models import User, AuthToken from django.test import RequestFactory from django.core.urlresolvers import reverse from views import update_profile u = User() u.email = '*****@*****.**' u.public_name = 'TEST' u.save() auth = AuthToken() auth.token_string = AuthToken.gen_token_string('*****@*****.**') auth.user = u auth.valid = True auth.save() factory = RequestFactory() rq = factory.get(reverse('update_profile'), data={ 'token': auth.token_string, 'nickname': 'El Nicknamo' }) response = update_profile(rq) data = json.loads(response.content) self.assertEqual(data['status'], 'OK') u = User.objects.get(pk=u.pk) self.assertEqual(u.public_name, 'El Nicknamo')
def post(self, action=None, **kwargs): if action == 'get_auth_url': auth_url, oauth_token, oauth_token_secret =\ User.get_auth_url() # TODO: Use redis? # app.db['auth_tokens'].insert({ # 'oauth_token': oauth_token, # 'oauth_token_secret': oauth_token_secret, # }) auth = AuthToken(oauth_token, oauth_token_secret) auth.save() logging.debug("User Auth: oauth token %s added", oauth_token) return self._render({'auth_url': auth_url}) if action == 'authenticate': parser = reqparse.RequestParser() parser.add_argument('oauth_token', type=str) parser.add_argument('oauth_verifier', type=str) params = parser.parse_args() oauth_token = params.get('oauth_token') oauth_verifier = params.get('oauth_verifier') logging.debug("User Auth: trying to authenticate with token %s", oauth_token) # TODO: Use redis? auth = AuthToken.get_auth(oauth_token) if not auth: logging.error('User Auth: token %s not found', oauth_token) return odesk_error_response( 500, 500, 'Wrong token: {0!s}'.format(oauth_token)) oauth_token_secret = auth.get('oauth_token_secret') auth_token, user = User.authenticate(oauth_token, oauth_token_secret, oauth_verifier) logging.debug('User Auth: Removing token %s', oauth_token) AuthToken.delete(auth.get('oauth_token')) return self._render({'auth_token': auth_token, 'user': user}) if action == 'get_user': user = getattr(request, 'user', None) if user: return self._render({'user': user}) return odesk_error_response(401, 401, 'Unauthorized') logging.error('User Auth: invalid action %s', action) raise NotFound('Action not found')
def test_log_distance(self): from models import User, AuthToken, Level, StairWell from django.test import RequestFactory from django.core.urlresolvers import reverse from views import log_distance, distance, profile u = User() u.email = '*****@*****.**' u.public_name = 'TEST' u.save() auth = AuthToken() auth.token_string = AuthToken.gen_token_string('*****@*****.**') auth.user = u auth.valid = True auth.save() sw = StairWell(building='ASP', shaft='south') sw.save() level1 = Level(stairwell=sw, floorNumber=1) level1.save() level2 = Level(stairwell=sw, floorNumber=2) level2.save() factory = RequestFactory() rq = factory.get(reverse('distance'), data={ 'qr_id_1': level1.pk, 'qr_id_2': level2.pk }) response = distance(rq) data = json.loads(response.content) self.assertEqual(data['distance'], 18) rq = factory.get(reverse('log_distance'), data={ 'token': auth.token_string, 'steps': 18 }) response = log_distance(rq) data = json.loads(response.content) self.assertEqual(data['status'], 'OK') rq = factory.get(reverse('profile'), data={'token': auth.token_string}) response = profile(rq) data = json.loads(response.content) self.assertEqual(data['status'], 'OK')
def test_send_mail(self): from models import AuthToken, User from django.core import mail u = User() u.email = '*****@*****.**' u.save() auth = AuthToken() auth.user = u auth.token = AuthToken.gen_token_string('*****@*****.**') auth.gen_validation_key() auth.send_validation_mail(settings.PUBLIC_URL) self.assertEqual(len(mail.outbox), 1, msg='is settings.EMAILS_ENABLED set to True ?')
def test_token_validation(self): from models import AuthToken, User u = User() u.email = 'rururur' u.save() auth = AuthToken() auth.user = u auth.token = AuthToken.gen_token_string(email='[email protected]') auth.gen_validation_key() self.assertIsNotNone(auth.validation_key) self.assertFalse(auth.valid) self.assertIs(True, auth.validate(auth.validation_key)) self.assertIs(True, auth.valid)
def on_post(self, req, resp): """ Handle POST requests. """ username = req.media.get('username') password = req.media.get('password') # Check if parameters not empty if None in [username, password]: raise falcon.HTTPBadRequest('Bad Request', 'Invalid Parameters') user = self.db_conn.query(User).filter_by(username=username).first() # If user does not exist if user == None: raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials') # If password does not match if not pbkdf2_sha256.verify(password, user.password): raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials') # Get user bearer token token = self.db_conn.query(AuthToken).filter_by( user_id=user.user_id).first() # Check if user does not have token if token == None: # Create user token (32 bits length) cond = False # Retry while token has not been inserted while not cond: token = AuthToken(user_id=user.user_id, auth_type='bearer', token=token_hex(16)) try: self.db_conn.add(token) self.db_conn.commit() cond = True except Exception: pass # If user has token but it has expired elif token.expires_at < time(): # Create user token (32 bits length) cond = False while not cond: token.token = token_hex(16) token.expires_at = time() + AppConfig.TOKEN_LIFE try: self.db_conn.add(token) self.db_conn.commit() cond = True except Exception: pass resp.media = { 'auth_type': token.auth_type, 'token': token.token, 'expires_on': token.expires_at } resp.status = falcon.HTTP_201