def get_profile():
auth_header = request.headers.get("Authorization")
if auth_header is None:
return make_response("Valid token required", 401)
try:
encoded = auth_header.split(" ")[1]
decoded = jwt.decode(
encoded,
app.config["SECRET_KEY"],
algorithms=["HS256"]
)
email = decoded["subject"]
except:
return make_response("Invalid token", 401)
db = DatabaseService()
user = db.get_user(email)
formattedUser = {
"email": user["email"],
"firstName": user["firstName"],
"lastName": user["lastName"],
"userType": user["userType"],
}
return jsonify(formattedUser)
def login():
try:
data = get_request_data(request, ["email", "password"])
except (ValueError, TypeError) as e:
return handle_error(message="Invalid parameters: %s" % str(e),
logger=logger,
status_code=422)
db = DatabaseService()
userType = db.authenticate_user(
email=data["email"],
password=data["password"],
)
if not userType:
return make_response("Error: invalid credentials", 401)
token = jwt.encode(
{
"subject": data["email"],
"userType": userType
},
app.config["SECRET_KEY"],
algorithm="HS256",
)
return jsonify({"token": token})
def reset_password():
try:
data = get_request_data(
request,
required_params=["token", "password", "passwordCheck"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
token = data["token"]
password = data["password"]
password_check = data["passwordCheck"]
if password != password_check:
return make_response("Passwords do not match", 422)
db = DatabaseService()
user_email = db.validate_reset_token(token=token)
if not user_email:
return make_response("Invalid token", 422)
db.update_password(email=user_email, password=password)
return make_response("OK", 200)
def create_user():
try:
data = get_request_data(
request,
required_params=["email", "password"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
email = data["email"]
password = data["password"]
firstName = data.get("firstName", None)
lastName = data.get("lastName", None)
userType = data.get("userType", None)
db = DatabaseService()
try:
db.save_user(
email=email,
password=password,
firstName=firstName,
lastName=lastName,
userType=userType,
)
except SQLIntegrityError:
return make_response("User %s already exists" % data["email"], 409)
return make_response("OK", 200)
def forgot_password():
try:
data = get_request_data(
request,
required_params=["email", "resetURL"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
token = uuid.uuid4().hex
mailgun_response = send_reset_link(
email=data["email"],
token=token,
url=data["resetURL"],
)
if mailgun_response.status_code != 200:
return make_response(
'''There was an error sending your reset link,
please email [email protected] with this error: %s''' %
mailgun_response.text, mailgun_response.status_code)
db = DatabaseService()
db.save_reset_token(
email=data["email"],
token=token,
)
return make_response("OK", 200)
def test_login_returns_401_with_invalid_credentials(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
db.save_user(email=email, password=password)
data = json.dumps({"email": email, "password": "******"})
result = self.app.post("/api/v1/login", data=data)
self.assertEqual(result.status_code, 401)
def test_login_handles_email_with_different_create_and_login_casing(self):
db = DatabaseService()
email = "*****@*****.**"
uppercaseEmail = "*****@*****.**"
password = "******"
db.save_user(email=email, password=password)
data = json.dumps({"email": uppercaseEmail, "password": password})
result = self.app.post("/api/v1/login", data=data)
self.assertEqual(result.status_code, 200)
def test_reset_password_returns_200(self):
email = "*****@*****.**"
token = "testtoken"
db = DatabaseService()
db.save_reset_token(email=email, token=token)
data = json.dumps({
"token": token,
"password": "******",
"passwordCheck": "testpass2",
})
result = self.app.post("/api/v1/reset-password", data=data)
self.assertEqual(result.status_code, 200)
def create_validation_token():
try:
data = get_request_data(
request,
required_params=["email"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
token = DatabaseService().create_validation_token(email=data["email"])
if token is None:
return make_response("Could not generate unique token", 500)
return jsonify({"token": token})
def test_get_profile_returns_200(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
firstName = "First"
lastName = "Last"
userType = "testtype"
db.save_user(
email=email,
password=password,
userType=userType,
firstName=firstName,
lastName=lastName,
)
result = self.get_request_with_token("/api/v1/profile/get")
self.assertEqual(200, result.status_code)
def test_reset_password_updates_password(self):
email = "*****@*****.**"
token = "testtoken"
password1 = "testpassword1"
password2 = "testpassword2"
db = DatabaseService()
db.save_user(email=email, password=password1)
db.save_reset_token(email=email, token=token)
data = json.dumps({
"token": token,
"password": password2,
"passwordCheck": password2,
})
self.app.post("/api/v1/reset-password", data=data)
result = db.authenticate_user(email=email, password=password2)
self.assertIsNotNone(result)
def test_user_can_login_with_new_password_after_reset_password(self):
email = "*****@*****.**"
token = "testtoken"
password1 = "testpassword1"
password2 = "testpassword2"
db = DatabaseService()
db.save_user(email=email, password=password1)
db.save_reset_token(email=email, token=token)
data = json.dumps({
"token": token,
"password": password2,
"passwordCheck": password2,
})
self.app.post("/api/v1/reset-password", data=data)
login_data = json.dumps({"email": email, "password": password2})
result = self.app.post("/api/v1/login", data=login_data)
self.assertEqual(result.status_code, 200)
def test_login_returns_jwt_token_for_valid_credentials(self):
email = "*****@*****.**"
password = "******"
db = DatabaseService()
api_config = APIConfig()
db.save_user(email=email, password=password)
data = json.dumps({
"email": "*****@*****.**",
"password": "******"
})
result = self.app.post("/api/v1/login", data=data)
try:
data = json.loads(result.data)
token = data["token"]
decoded = jwt.decode(token,
api_config.SECRET_KEY,
algorithms=["HS256"])
except:
decoded = None
self.assertIsNotNone(decoded)
def confirm_validation_token():
try:
data = get_request_data(
request,
required_params=["token"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
try:
email = DatabaseService().confirm_validation_token(data["token"])
if email is not None:
return jsonify({"email": email})
except TypeError:
logger.error("Could not get email for token %s" % data["token"])
return make_response("Invalid token", 401)
def test_get_profile_returns_user_data(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
firstName = "First"
lastName = "Last"
userType = "testtype"
db.save_user(
email=email,
password=password,
userType=userType,
firstName=firstName,
lastName=lastName,
)
result = self.get_request_with_token("/api/v1/profile/get")
data = json.loads(result.data)
self.assertEqual(data["email"], email)
self.assertEqual(data["userType"], userType)
self.assertEqual(data["firstName"], firstName)
self.assertEqual(data["lastName"], lastName)
def test_jwt_token_contains_subject_and_user_type(self):
email = "*****@*****.**"
password = "******"
db = DatabaseService()
api_config = APIConfig()
db.save_user(email=email, password=password)
data = json.dumps({
"email": "*****@*****.**",
"password": "******"
})
result = self.app.post("/api/v1/login", data=data)
try:
data = json.loads(result.data)
token = data["token"]
decoded = jwt.decode(token,
api_config.SECRET_KEY,
algorithms=["HS256"])
subject = decoded["subject"]
userType = decoded["userType"]
except:
decoded = None
self.assertIsNotNone(decoded)
def setUp(self):
super(TestDatabaseService, self).setUp()
self.db = DatabaseService()