def test_auth_decorated_link_good_token_wrong_authority(client):
user1 = default_config()
user2 = User(name='second user', password='******', roles=['user'])
user2.save()
headers = Headers()
headers.set('Authorization', 'Bearer {}'.format(user2.auth_token))
post_data = json.dumps({'current_password': '******', 'new_password': '******'})
rsp = client.post('/users/{}/change_password'.format(user1.id), data=post_data, headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data))
assert rsp.status_code == 403, 'should be ok'
def test_auth_basic_with_expired_token(client):
user = default_config()
headers = Headers()
User.set_validity(1)
user.update(roles=['user', 'admin'])
headers.add('Authorization', 'Bearer {}'.format(user.auth_token))
time.sleep(2)
rsp = client.get('/users/{}'.format(user.id), headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data))
assert rsp.status_code == 403, 'should be forbidden'
assert rsp.json.get('message') == 'Signature has expired'
def test_unix_time_marshaller():
user = create_and_save_a_user('test user', 'test password',
'test description')
user.last_login = datetime.now()
user.finalise_and_validate()
print('\n\n')
user_json = user.dumps(pretty_print=True)
print(user_json)
assert isinstance(User.to_dict(user).get('last_login'), float)
reloaded_user = User.loads(user_json)
print((str(reloaded_user)))
assert isinstance(reloaded_user.last_login, datetime)
def setup_function(function):
""" executed before each method call
"""
print('\n\nSETUP ==> ')
global flask_app
global kernel
flask_app = Flask(__name__)
flask_app.config['SECRET_KEY'] = 'S0m3S3cr3tC0nt3nt!'
flask_app.testing = True
kernel = AppKernelEngine('test_app', app=flask_app, cfg_dir='{}/../'.format(current_file_path()), development=True)
kernel.enable_security()
User.delete_all()
def setup_function(function):
""" executed before each method call
"""
print('\n\nSETUP ==> ')
User.delete_all()
def create_basic_user():
u = User().update(name='some_user', password='******')
u.save()
return u
