def test_good_login_without_session_succeeds(self): token = AuthService.attempt_login('username', 'password') assert token == 'generated_token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 1 assert self.mock_create_session.call_count == 1
def test_bad_password_without_session_fails(self): self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_username_fails(self): self.mock_get_user.return_value = None token = AuthService.attempt_login('not_a_username', 'password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 0 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_good_login_with_session_succeeds(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) token = AuthService.attempt_login('username', 'password') assert token == 'token' assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 1 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def test_bad_password_with_session_fails(self): user = User( username='******', password='******', salt='salt', ) self.mock_get_session_by_user.return_value = Session( user=user, token='token', ) self.mock_hash_password.return_value = 'wrong_hashed_pass' token = AuthService.attempt_login('username', 'not_my_password') assert token is None assert self.mock_get_user.call_count == 1 assert self.mock_hash_password.call_count == 1 assert self.mock_get_session_by_user.call_count == 0 assert self.mock_gen_token.call_count == 0 assert self.mock_create_session.call_count == 0
def post(self): """ Handles client requests to authenticate with the system """ # validate the json request req_json = request.get_json(silent=True) err = validate(req_json, auth_schema) if err: res = jsonify(message=err) res.status_code = 400 return res # get the username and password and attempt to login username = req_json.get('username') password = req_json.get('password') res = AuthService.attempt_login(username, password) # if theres no user matching those credentials if res is None: res = jsonify(message=strings.API_BAD_CREDENTIALS) res.status_code = 401 return res # if it's valid, return a json object with their auth token else: return jsonify(token=res)