def test_my_ranking_weekly(self):
from models import User, AuthToken, UserStats
from django.test import RequestFactory
from django.core.urlresolvers import reverse
from views import my_ranking_weekly
users = []
for i in range(10):
u = User()
u.email = '*****@*****.**' + str(i)
u.public_name = 'TEST' + str(i)
u.save()
users.append(u)
UserStats.record_stats(u, i * 100, datetime.date.today())
auth = AuthToken()
auth.token_string = AuthToken.gen_token_string('*****@*****.**')
auth.user = users[9]
auth.valid = True
auth.save()
factory = RequestFactory()
rq = factory.get(reverse('my_ranking_weekly'),
data={'token': auth.token_string})
response = my_ranking_weekly(rq)
data = json.loads(response.content)
self.assertEqual(data['status'], 'OK')
def test_update_profile(self):
from models import User, AuthToken
from django.test import RequestFactory
from django.core.urlresolvers import reverse
from views import update_profile
u = User()
u.email = '*****@*****.**'
u.public_name = 'TEST'
u.save()
auth = AuthToken()
auth.token_string = AuthToken.gen_token_string('*****@*****.**')
auth.user = u
auth.valid = True
auth.save()
factory = RequestFactory()
rq = factory.get(reverse('update_profile'),
data={
'token': auth.token_string,
'nickname': 'El Nicknamo'
})
response = update_profile(rq)
data = json.loads(response.content)
self.assertEqual(data['status'], 'OK')
u = User.objects.get(pk=u.pk)
self.assertEqual(u.public_name, 'El Nicknamo')
def post(self, action=None, **kwargs):
if action == 'get_auth_url':
auth_url, oauth_token, oauth_token_secret =\
User.get_auth_url()
# TODO: Use redis?
# app.db['auth_tokens'].insert({
# 'oauth_token': oauth_token,
# 'oauth_token_secret': oauth_token_secret,
# })
auth = AuthToken(oauth_token, oauth_token_secret)
auth.save()
logging.debug("User Auth: oauth token %s added", oauth_token)
return self._render({'auth_url': auth_url})
if action == 'authenticate':
parser = reqparse.RequestParser()
parser.add_argument('oauth_token', type=str)
parser.add_argument('oauth_verifier', type=str)
params = parser.parse_args()
oauth_token = params.get('oauth_token')
oauth_verifier = params.get('oauth_verifier')
logging.debug("User Auth: trying to authenticate with token %s",
oauth_token)
# TODO: Use redis?
auth = AuthToken.get_auth(oauth_token)
if not auth:
logging.error('User Auth: token %s not found', oauth_token)
return odesk_error_response(
500, 500, 'Wrong token: {0!s}'.format(oauth_token))
oauth_token_secret = auth.get('oauth_token_secret')
auth_token, user = User.authenticate(oauth_token,
oauth_token_secret,
oauth_verifier)
logging.debug('User Auth: Removing token %s', oauth_token)
AuthToken.delete(auth.get('oauth_token'))
return self._render({'auth_token': auth_token, 'user': user})
if action == 'get_user':
user = getattr(request, 'user', None)
if user:
return self._render({'user': user})
return odesk_error_response(401, 401, 'Unauthorized')
logging.error('User Auth: invalid action %s', action)
raise NotFound('Action not found')
def test_log_distance(self):
from models import User, AuthToken, Level, StairWell
from django.test import RequestFactory
from django.core.urlresolvers import reverse
from views import log_distance, distance, profile
u = User()
u.email = '*****@*****.**'
u.public_name = 'TEST'
u.save()
auth = AuthToken()
auth.token_string = AuthToken.gen_token_string('*****@*****.**')
auth.user = u
auth.valid = True
auth.save()
sw = StairWell(building='ASP', shaft='south')
sw.save()
level1 = Level(stairwell=sw, floorNumber=1)
level1.save()
level2 = Level(stairwell=sw, floorNumber=2)
level2.save()
factory = RequestFactory()
rq = factory.get(reverse('distance'),
data={
'qr_id_1': level1.pk,
'qr_id_2': level2.pk
})
response = distance(rq)
data = json.loads(response.content)
self.assertEqual(data['distance'], 18)
rq = factory.get(reverse('log_distance'),
data={
'token': auth.token_string,
'steps': 18
})
response = log_distance(rq)
data = json.loads(response.content)
self.assertEqual(data['status'], 'OK')
rq = factory.get(reverse('profile'), data={'token': auth.token_string})
response = profile(rq)
data = json.loads(response.content)
self.assertEqual(data['status'], 'OK')
def test_send_mail(self):
from models import AuthToken, User
from django.core import mail
u = User()
u.email = '*****@*****.**'
u.save()
auth = AuthToken()
auth.user = u
auth.token = AuthToken.gen_token_string('*****@*****.**')
auth.gen_validation_key()
auth.send_validation_mail(settings.PUBLIC_URL)
self.assertEqual(len(mail.outbox),
1,
msg='is settings.EMAILS_ENABLED set to True ?')
def test_token_validation(self):
from models import AuthToken, User
u = User()
u.email = 'rururur'
u.save()
auth = AuthToken()
auth.user = u
auth.token = AuthToken.gen_token_string(email='[email protected]')
auth.gen_validation_key()
self.assertIsNotNone(auth.validation_key)
self.assertFalse(auth.valid)
self.assertIs(True, auth.validate(auth.validation_key))
self.assertIs(True, auth.valid)
def on_post(self, req, resp):
"""
Handle POST requests.
"""
username = req.media.get('username')
password = req.media.get('password')
# Check if parameters not empty
if None in [username, password]:
raise falcon.HTTPBadRequest('Bad Request', 'Invalid Parameters')
user = self.db_conn.query(User).filter_by(username=username).first()
# If user does not exist
if user == None:
raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials')
# If password does not match
if not pbkdf2_sha256.verify(password, user.password):
raise falcon.HTTPUnauthorized('Unauthorized', 'Wrong Credentials')
# Get user bearer token
token = self.db_conn.query(AuthToken).filter_by(
user_id=user.user_id).first()
# Check if user does not have token
if token == None:
# Create user token (32 bits length)
cond = False
# Retry while token has not been inserted
while not cond:
token = AuthToken(user_id=user.user_id,
auth_type='bearer',
token=token_hex(16))
try:
self.db_conn.add(token)
self.db_conn.commit()
cond = True
except Exception:
pass
# If user has token but it has expired
elif token.expires_at < time():
# Create user token (32 bits length)
cond = False
while not cond:
token.token = token_hex(16)
token.expires_at = time() + AppConfig.TOKEN_LIFE
try:
self.db_conn.add(token)
self.db_conn.commit()
cond = True
except Exception:
pass
resp.media = {
'auth_type': token.auth_type,
'token': token.token,
'expires_on': token.expires_at
}
resp.status = falcon.HTTP_201
