def report_transaction_api():
""" store a given transaction in the database """
user_id, auth_token = extract_headers(request)
if user_id is None:
raise InvalidUsage('invalid payload')
if not user_exists(user_id):
raise InvalidUsage(
'report_transaction_api: user_id %s does not exist. aborting' %
user_id)
print('getting picture for user_id %s' % user_id)
# don't serve users with no phone number
if config.PHONE_VERIFICATION_REQUIRED and not is_user_phone_verified(
user_id):
print('blocking user %s from reporting transactions' % user_id)
return jsonify(status='denied'), status.HTTP_403_FORBIDDEN
transaction = request.get_json(silent=True)
transaction['user_id'] = user_id
if report_transaction(transaction):
return jsonify(status='ok')
else:
raise InvalidUsage('failed to add picture')
def test_update_token(self):
"""test update token scenarios"""
userid = uuid.uuid4()
# attempt to update a yet-unregistered user
resp = self.app.post('/user/update-token',
data=json.dumps({'token': 'sometoken'}),
headers={USER_ID_HEADER: str(userid)},
content_type='application/json')
self.assertEqual(resp.status_code, 400)
# register an android with a token
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(userid),
'os': 'android',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'token': 'fake_token',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
db.engine.execute(
"""update public.push_auth_token set auth_token='%s' where user_id='%s';"""
% (str(userid), str(userid)))
resp = self.app.post('/user/auth/ack',
data=json.dumps({'token': str(userid)}),
headers={USER_ID_HEADER: str(userid)},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
# update the token
resp = self.app.post('/user/update-token',
data=json.dumps({'token': 'newtoken'}),
headers={USER_ID_HEADER: str(userid)},
content_type='application/json')
print(json.loads(resp.data))
self.assertEqual(resp.status_code, 200)
print(models.list_all_users())
assert (models.user_exists(userid))
assert (not models.user_exists(uuid.uuid4()))
def user_tx_report_endpoint():
"""returns a summary of the user's txs data"""
limit_to_acl()
limit_to_password()
try:
payload = request.get_json(silent=True)
user_id = payload.get('user_id', None)
user_phone = payload.get('phone', None)
if (user_id is None
and user_phone is None) or (user_id is not None
and user_phone is not None):
print('user_tx_report_endpoint: userid %s, user_phone %s' %
(user_id, user_phone))
raise InvalidUsage('bad-request')
except Exception as e:
print(e)
raise InvalidUsage('bad-request')
try: # sanitize user_id:
if user_id:
UUID(user_id)
except Exception as e:
log.error('cant generate tx report for user_id: %s ' % user_id)
return jsonify(error='invalid_userid')
if user_id:
if not user_exists(user_id):
print(
'user_tx_report_endpoint: user_id %s does not exist. aborting'
% user_id)
return jsonify(erorr='no_such_user')
else:
return jsonify(report=[get_user_tx_report(user_id)])
else: # user_phone
user_ids = get_all_user_id_by_phone(
user_phone) # there may be a few users with this phone
if not user_ids:
print(
'user_tx_report_endpoint: user_phone %s does not exist. aborting'
% user_phone)
return jsonify(erorr='no_such_phone')
else:
return jsonify(
report=[get_user_tx_report(user_id) for user_id in user_ids])
def get_validation_nonce():
""" return nonce to the client """
import kinit_client_validation_module as validation_module
try:
user_id, auth_token = extract_headers(request)
if user_id is None:
print('get_nonce: user_id is None')
raise InvalidUsage('bad-request')
if not user_exists(user_id):
print('get_nonce: user_id %s does not exist. aborting' % user_id)
raise InvalidUsage('bad-request')
except Exception as e:
print('get_nonce: exception %s occurred' % e)
print(e)
raise InvalidUsage('bad-request')
return jsonify(
nonce=validation_module.get_validation_nonce(app.redis, user_id))
def test_register(self):
"""test registration scenarios"""
# android
long_device_model = 'fjslkfjogihojfskfdobnovkvmlsgjhsfs;lfks;lfks;lfks;lfs;dlfs;dlfs;flksd;fowifjwpfmpwgeogtbpwlvwrgmoerijghpewgvwpovm'
userid = str(uuid.uuid4())
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(userid),
'os': 'android',
'device_model': long_device_model,
'device_id': '234234',
'time_zone': '05:00',
'token': 'fake_token',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
users = models.list_all_users()
assert (users[userid]['onboarded'] == False)
assert (users[userid]['os'] == 'android')
assert (users[userid]['device_model'] == long_device_model[:40]
) # trimmed to fit
assert (users[userid]['device_id'] == '234234')
assert (users[userid]['time_zone'] == int('5'))
assert (users[userid]['push_token'] == 'fake_token')
assert (users[userid]['sid'] == 1)
assert (users[userid]['auth_token'] is not '' and not None)
# reuse device-id but not userid, should succeed
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(uuid.uuid4()),
'os': 'android',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'token': 'fake_token',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
# ios
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(uuid.uuid4()),
'os': 'iOS',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'token': 'fake_token',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
# no push token. should succeed.
userid = uuid.uuid4()
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(userid),
'os': 'iOS',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
# re-use userid - should succeed
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(userid),
'os': 'iOS',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 200)
print(json.loads(resp.data))
print(models.list_all_users())
assert (models.user_exists(userid))
assert (not models.user_exists(uuid.uuid4()))
# windows phone. should fail.
userid = uuid.uuid4()
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': str(userid),
'os': 'win',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 400)
assert (not models.user_exists(userid))
# invalid uuid. should fail
resp = self.app.post('/user/register',
data=json.dumps({
'user_id': 'invaliduuid',
'os': 'iOS',
'device_model': 'samsung8',
'device_id': '234234',
'time_zone': '05:00',
'app_ver': '1.0'
}),
headers={},
content_type='application/json')
self.assertEqual(resp.status_code, 400)
print(json.loads(resp.data))
models.print_auth_tokens()