web/flask-home-vod
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Media-Token beside access token

Browse source 
Media-Token can be used only to access the content, but unable to modify user data
This commit is contained in:
Gergely Hegedus 2023-03-27 19:07:29 +03:00
parent 0a71a6c840
commit 1f06c40c4c
31 changed files with 516 additions and 762 deletions
Download patch file Download diff file Expand all files Collapse all files

13
server/flask/application/test/context.py
View file

@ -1,4 +1,5 @@
from backend.flask_project import create_app
from backend.data.data_models import Session
default_test_config = {
"DATABASE_PATH": "testdb",
@ -10,4 +11,14 @@ default_test_config = {
"MAX_OTP_LENGTH": 16,
"MAX_TOKEN_LENGTH": 200,
"KEY_LENGTH": 30,
}
}
def create_test_session(user_id, access_token = '', media_token = '', refresh_token = '', access_expires_at = 1, refresh_expires_at = 1):
return Session(
user_id = user_id,
access_token = access_token,
media_token = media_token,
refresh_token = refresh_token,
access_expires_at = access_expires_at,
refresh_expires_at = refresh_expires_at
)

245
server/flask/application/test/data/test_dao_session.py
View file

@ -28,50 +28,62 @@ class SessionDAOTest(unittest.TestCase):
db.close_db()
os.remove("testdb")
def test_empty_db_contains_no_token(self):
def test_empty_db_contains_no_session(self):
expected = None
token = "token"
with self.app.app_context():
actual = sut.get_user_for_token(token)
actual_by_access = sut.get_user_for_token('access')
actual_by_media = sut.get_user_for_media_token('media')
actual_by_refresh = sut.get_user_for_token('refresh')
self.assertEqual(expected, actual)
self.assertEqual(expected, actual_by_access)
self.assertEqual(expected, actual_by_media)
self.assertEqual(expected, actual_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_inserted_token_is_found(self, mock_time):
assert time.time() == 1000
expected = 13
token = "token"
access_token = "access"
refresh_token = "refresh"
media_token = "media"
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = media_token,
refresh_token = refresh_token,
access_expires_at = 2000,
refresh_expires_at = 4000
)
with self.app.app_context():
sut.insert_user_session(session)
actual = sut.get_user_for_token(token)
actual_by_access = sut.get_user_for_token(access_token)
actual_by_media = sut.get_user_for_media_token(media_token)
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
self.assertEqual(expected, actual)
self.assertEqual(expected, actual_by_access)
self.assertEqual(expected, actual_by_media)
self.assertEqual(expected, actual_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_same_token_results_in_not_found(self, mock_time):
def test_same_access_token_results_in_not_found(self, mock_time):
assert time.time() == 1000
expected = None
token = "token"
access_token = "token"
session1 = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = "media_token_1",
refresh_token = "refresh_token_1",
access_expires_at = 2000,
refresh_expires_at = 4000
)
session2 = Session(
user_id = 14,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = "media_token_2",
refresh_token = "refresh_token_2",
access_expires_at = 2000,
refresh_expires_at = 4000
)
@ -79,67 +91,147 @@ class SessionDAOTest(unittest.TestCase):
with self.app.app_context():
sut.insert_user_session(session1)
sut.insert_user_session(session2)
actual = sut.get_user_for_token(token)
actual = sut.get_user_for_token(access_token)
self.assertEqual(expected, actual)
@unittest.mock.patch('time.time', return_value=1000)
def test_same_access_media_token_results_in_not_found(self, mock_time):
assert time.time() == 1000
expected = None
media_token = "token"
session1 = Session(
user_id = 13,
access_token = "access_1",
media_token = media_token,
refresh_token = "refresh_token1",
access_expires_at = 2000,
refresh_expires_at = 4000
)
session2 = Session(
user_id = 14,
access_token = "access_2",
media_token = media_token,
refresh_token = "refresh_token2",
access_expires_at = 2000,
refresh_expires_at = 4000
)
with self.app.app_context():
sut.insert_user_session(session1)
sut.insert_user_session(session2)
actual = sut.get_user_for_media_token(media_token)
self.assertEqual(expected, actual)
@unittest.mock.patch('time.time', return_value=1000)
def test_same_access_refresh_token_results_in_not_found(self, mock_time):
assert time.time() == 1000
expected = None
refresh_token = "token"
session1 = Session(
user_id = 13,
access_token = "access1",
media_token = "media1",
refresh_token = refresh_token,
access_expires_at = 2000,
refresh_expires_at = 4000
)
session2 = Session(
user_id = 14,
access_token = "access2",
media_token = "media2",
refresh_token = refresh_token,
access_expires_at = 2000,
refresh_expires_at = 4000
)
with self.app.app_context():
sut.insert_user_session(session1)
sut.insert_user_session(session2)
actual = sut.get_user_for_refresh_token(refresh_token)
self.assertEqual(expected, actual)
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_isnt_returned(self, mock_time):
def test_expired_access_token_isnt_returned_but_refresh_is(self, mock_time):
assert time.time() == 1000
expected = None
token = "token"
access_token = "access"
media_token = "media"
refresh_token = "refresh"
expected_refresh_user_id = 13
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = media_token,
refresh_token = refresh_token,
access_expires_at = 500,
refresh_expires_at = 2000
)
with self.app.app_context():
sut.insert_user_session(session)
actual = sut.get_user_for_token(token)
actual_by_access = sut.get_user_for_token(access_token)
actual_by_media = sut.get_user_for_media_token(media_token)
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
self.assertEqual(expected, actual)
self.assertEqual(expected, actual_by_access)
self.assertEqual(expected, actual_by_media)
self.assertEqual(expected_refresh_user_id, actual_by_refresh) # but by refresh it is
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_refresh_token_isnt_returned(self, mock_time):
assert time.time() == 1000
expected = None
token = "token"
access_token = "access"
media_token = "media"
refresh_token = "refresh"
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = media_token,
refresh_token = refresh_token,
access_expires_at = 2500,
refresh_expires_at = 500
)
with self.app.app_context():
sut.insert_user_session(session)
actual = sut.get_user_for_token(token)
actual_by_access = sut.get_user_for_token(access_token)
actual_by_media = sut.get_user_for_media_token(media_token)
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
self.assertEqual(expected, actual)
self.assertEqual(expected, actual_by_access)
self.assertEqual(expected, actual_by_media)
self.assertEqual(expected, actual_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_deleted_session_isnt_returned(self, mock_time):
assert time.time() == 1000
expected = None
token = "token"
access_token = "access"
media_token = "media"
refresh_token = "refresh"
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = access_token,
media_token = media_token,
refresh_token = refresh_token,
access_expires_at = 1500,
refresh_expires_at = 5000
)
with self.app.app_context():
sut.insert_user_session(session = session)
sut.delete_user_session(access_token = token)
actual = sut.get_user_for_token(access_token = token)
sut.delete_user_session(access_token = access_token)
actual_by_access = sut.get_user_for_token(access_token)
actual_by_media = sut.get_user_for_media_token(media_token)
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
self.assertEqual(expected, actual)
self.assertEqual(expected, actual_by_access)
self.assertEqual(expected, actual_by_media)
self.assertEqual(expected, actual_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_deleted_all_user_session_isnt_returned(self, mock_time):
@ -148,6 +240,7 @@ class SessionDAOTest(unittest.TestCase):
session1 = Session(
user_id = 13,
access_token = "token1",
media_token = "media_token1",
refresh_token = "refresh_token1",
access_expires_at = 1500,
refresh_expires_at = 5000
@ -155,6 +248,7 @@ class SessionDAOTest(unittest.TestCase):
session2 = Session(
user_id = 13,
access_token = "token2",
media_token = "media_token2",
refresh_token = "refresh_token2",
access_expires_at = 1500,
refresh_expires_at = 5000
@ -162,6 +256,7 @@ class SessionDAOTest(unittest.TestCase):
session_of_different_user = Session(
user_id = 14,
access_token = "token3",
media_token = "media_token3",
refresh_token = "refresh_token3",
access_expires_at = 1500,
refresh_expires_at = 5000
@ -172,30 +267,42 @@ class SessionDAOTest(unittest.TestCase):
sut.insert_user_session(session = session2)
sut.insert_user_session(session = session_of_different_user)
sut.delete_all_user_session_by_user_id(user_id=13)
actual1 = sut.get_user_for_token(access_token = session1.access_token)
actual2 = sut.get_user_for_token(access_token = session2.access_token)
actual_of_different_user = sut.get_user_for_token(access_token = session_of_different_user.access_token)
actual1_by_access = sut.get_user_for_token(access_token = session1.access_token)
actual2_by_access = sut.get_user_for_token(access_token = session2.access_token)
actual1_by_media = sut.get_user_for_media_token(media_token = session1.media_token)
actual2_by_media = sut.get_user_for_media_token(media_token = session2.media_token)
actual1_by_refresh = sut.get_user_for_refresh_token(refresh_token = session1.refresh_token)
actual2_by_refresh = sut.get_user_for_refresh_token(refresh_token = session2.refresh_token)
actual_of_different_user_by_access = sut.get_user_for_token(session_of_different_user.access_token)
actual_of_different_user_by_media = sut.get_user_for_media_token(session_of_different_user.media_token)
actual_of_different_user_by_refresh = sut.get_user_for_refresh_token(session_of_different_user.refresh_token)
self.assertEqual(expected, actual1)
self.assertEqual(expected, actual2)
self.assertEqual(session_of_different_user.user_id, actual_of_different_user)
self.assertEqual(expected, actual1_by_access)
self.assertEqual(expected, actual2_by_access)
self.assertEqual(expected, actual1_by_media)
self.assertEqual(expected, actual2_by_media)
self.assertEqual(expected, actual1_by_refresh)
self.assertEqual(expected, actual2_by_refresh)
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_access)
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_media)
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_after_new_single_session_old_session_is_not_returned(self, mock_time):
assert time.time() == 1000
token = "token"
new_token = "new_token"
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = 'token',
media_token = "media",
refresh_token = "refresh",
access_expires_at = 1500,
refresh_expires_at = 5000
)
new_session = session = Session(
new_session = Session(
user_id = 13,
access_token = new_token,
refresh_token = "refresh_token",
access_token = 'new_token',
media_token = "new_media",
refresh_token = "new_refresh",
access_expires_at = 1500,
refresh_expires_at = 5000
)
@ -205,28 +312,36 @@ class SessionDAOTest(unittest.TestCase):
with self.app.app_context():
sut.insert_user_session(session = session)
sut.create_new_single_session(session = new_session)
actual_old = sut.get_user_for_token(access_token = token)
actual_new = sut.get_user_for_token(access_token = new_token)
actual_old_by_access = sut.get_user_for_token(session.access_token)
actual_old_by_media = sut.get_user_for_media_token(session.media_token)
actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token)
actual_new_by_access = sut.get_user_for_token(new_session.access_token)
actual_new_by_media = sut.get_user_for_media_token(new_session.media_token)
actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token)
self.assertEqual(expected_old, actual_old)
self.assertEqual(expected_new, actual_new)
self.assertEqual(expected_old, actual_old_by_access)
self.assertEqual(expected_old, actual_old_by_media)
self.assertEqual(expected_old, actual_old_by_refresh)
self.assertEqual(expected_new, actual_new_by_access)
self.assertEqual(expected_new, actual_new_by_media)
self.assertEqual(expected_new, actual_new_by_refresh)
@unittest.mock.patch('time.time', return_value=1000)
def test_after_swap_refresh_session_old_session_is_not_returned(self, mock_time):
assert time.time() == 1000
token = "token"
new_token = "new_token"
session = Session(
user_id = 13,
access_token = token,
refresh_token = "refresh_token",
access_token = "token",
media_token = "media",
refresh_token = "refresh",
access_expires_at = 1500,
refresh_expires_at = 5000
)
new_session = session = Session(
new_session = Session(
user_id = 13,
access_token = new_token,
refresh_token = "refresh_token2",
access_token = "new_token",
media_token = "new_media",
refresh_token = "new_refresh",
access_expires_at = 1500,
refresh_expires_at = 5000
)
@ -236,11 +351,19 @@ class SessionDAOTest(unittest.TestCase):
with self.app.app_context():
sut.insert_user_session(session = session)
sut.swap_refresh_session(refresh_token = session.refresh_token, session = new_session)
actual_old = sut.get_user_for_token(access_token = token)
actual_new = sut.get_user_for_token(access_token = new_token)
actual_old_by_access = sut.get_user_for_token(session.access_token)
actual_old_by_media = sut.get_user_for_media_token(session.media_token)
actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token)
actual_new_by_access = sut.get_user_for_token(new_session.access_token)
actual_new_by_media = sut.get_user_for_media_token(new_session.media_token)
actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token)
self.assertEqual(expected_old, actual_old)
self.assertEqual(expected_new, actual_new)
self.assertEqual(expected_old, actual_old_by_access)
self.assertEqual(expected_old, actual_old_by_media)
self.assertEqual(expected_old, actual_old_by_refresh)
self.assertEqual(expected_new, actual_new_by_access)
self.assertEqual(expected_new, actual_new_by_media)
self.assertEqual(expected_new, actual_new_by_refresh)
if __name__ == '__main__':

65
server/flask/application/test/test_add_file_metadata.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -52,13 +52,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -68,22 +62,17 @@ class AddFileMetadataUnitTest(unittest.TestCase):
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_sending_non_saved_user_error_is_shown(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
expected = {'message':'Invalid Authorization!','code':442}
header = {'Authorization': 'token'}
response = self.client.post(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(400, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
@ -94,13 +83,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'File MetaData Saved!','code':203}
@ -120,13 +103,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Couldn\'t save metadata!','code':415}
@ -146,13 +123,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected_of_key_query = {'key': 'value'}
expected_of_key2_query = {'key2':'value2'}
@ -181,13 +152,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value1'}
@ -211,13 +176,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value'}

66
server/flask/application/test/test_add_file_metadata_of_user.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -52,13 +52,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -68,22 +62,17 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_sending_non_saved_user_error_is_shown(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
expected = {'message':'Invalid Authorization!','code':442}
header = {'Authorization': 'token'}
response = self.client.post(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(400, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
@ -94,13 +83,8 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'User\'s File MetaData Saved!','code':202}
@ -120,13 +104,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Couldn\'t save user\'s metadata!','code':414}
@ -146,13 +124,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value', 'key2':'value2'}
@ -173,13 +145,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value1', 'key2':'value2', 'key3': 'value3'}
@ -202,13 +168,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value', 'key2':'value2'}

86
server/flask/application/test/test_change_password.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -58,13 +58,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -76,13 +70,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -101,13 +89,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -126,13 +108,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -152,13 +128,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Password!','code':421}
@ -178,13 +148,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'New Password cannot be empty!','code':422}
@ -204,13 +168,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Password!','code':421}
@ -230,15 +188,9 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'}
correct_code = 585501 #for 1000 and base32secret3232
data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
@ -258,13 +210,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
@ -287,19 +233,13 @@ class PasswordChangeUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
response = self.client.post(self.url_path, data=change_pass_data, headers={'Authorization': 'token'})
session_response = json.loads(response.data.decode())
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'}
data = {'password':'pass2', 'new_password': 'pass3', 'otp': correct_code}
response = self.client.post(self.url_path, data=data, headers={'Authorization': session_response['access_token']})

74
server/flask/application/test/test_create_registration_token.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
@ -60,13 +60,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -79,13 +73,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -104,13 +92,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -129,13 +111,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -155,13 +131,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Not Authorized!','code':460}
@ -183,13 +153,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Registration Token given!','code':460}
@ -211,13 +175,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Registration Token given!','code':460}
@ -241,13 +199,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Registration token Saved!','code':205}
@ -270,13 +222,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
data = {'registration_token': '123456', 'otp': correct_code}

82
server/flask/application/test/test_create_reset_password_token.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
@ -60,13 +60,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -79,13 +73,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -104,13 +92,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -129,13 +111,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -155,13 +131,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Not Authorized!','code':460}
@ -183,13 +153,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Reset Password Token given!','code':459}
@ -211,13 +175,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Invalid Reset Password Token given!','code':459}
@ -239,13 +197,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'username_to_reset cannot be empty!','code':413}
@ -267,13 +219,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Reset Password token Saved!','code':208}
@ -295,13 +241,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
privileged = True
)
admin_id = self.insert_user(admin)
session = Session(
user_id=admin_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=admin_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
user = RegisteringUser(
name = 'alma',

50
server/flask/application/test/test_delete_registration_token.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
@ -64,13 +64,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -83,13 +77,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -108,13 +96,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -133,13 +115,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -159,13 +135,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Not Authorized!','code':460}
@ -187,13 +157,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
self.insert_registration_token('123456')
self.insert_registration_token('abcdef')

63
server/flask/application/test/test_delete_user.py
View file

@ -2,10 +2,9 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
from backend.data import dao_session
from backend.data.data_models import RegisteringUser
from backend.data.data_models import Session
@ -65,13 +64,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -84,13 +77,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -109,13 +96,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -134,13 +115,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Token!','code':431}
@ -160,13 +135,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'Not Authorized!','code':460}
@ -188,29 +157,23 @@ class DeleteTokenUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
guest1_user_id=self.insert_user(RegisteringUser(name = 'guest-1',password = '123',otp_secret = '',))
guest2_user_id=self.insert_user(RegisteringUser(name = 'guest-2',password = '123',otp_secret = '',))
guest1_session = Session(
guest1_session = create_test_session(
user_id=guest1_user_id,
access_token='a-1',
refresh_token='r-1',
access_expires_at=2000,
refresh_expires_at=3000
access_expires_at=1050,
refresh_expires_at=2000
)
guest2_session = Session(
guest2_session = create_test_session(
user_id=guest2_user_id,
access_token='a-2',
refresh_token='r-2',
access_expires_at=2000,
refresh_expires_at=3000
access_expires_at=1050,
refresh_expires_at=2000
)
self.insert_session(guest1_session)
self.insert_session(guest2_session)

57
server/flask/application/test/test_get_file_metadata.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_sending_non_saved_user_error_is_shown(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
expected = {'message':'Invalid Authorization!','code':442}
header = {'Authorization': 'token'}
response = self.client.get(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(400, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message': 'Invalid FileKey (file_key)!', 'code': 416}
@ -120,13 +103,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {}
@ -146,13 +123,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_with_metadata_id = self.insert_user(user_with_metadata)
usersession_with_metadata = Session(
user_id=user_with_metadata_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(usersession_with_metadata)
user = RegisteringUser(
@ -161,13 +132,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token2',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'key': 'value'}

49
server/flask/application/test/test_get_file_metadata_of_user.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_sending_non_saved_user_error_is_shown(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
expected = {'message':'Invalid Authorization!','code':442}
header = {'Authorization': 'token'}
response = self.client.get(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(400, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {}
@ -119,13 +102,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_with_metadata_id = self.insert_user(user_with_metadata)
usersession_with_metadata = Session(
user_id=user_with_metadata_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(usersession_with_metadata)
user = RegisteringUser(
@ -134,13 +111,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token2',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {}

34
server/flask/application/test/test_get_registration_tokens.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
@ -59,13 +59,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -78,13 +72,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -103,13 +91,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Not Authorized!','code':460}
@ -131,13 +113,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
user_id = self.insert_user(user)
self.inser_registration_token('token-abc-1')
self.inser_registration_token('token-abc-2')
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {
'registration_tokens':['token-abc-1','token-abc-2']

34
server/flask/application/test/test_get_users.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -54,13 +54,7 @@ class GetUsersUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -73,13 +67,7 @@ class GetUsersUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -98,13 +86,7 @@ class GetUsersUnitTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Not Authorized!','code':460}
@ -126,13 +108,7 @@ class GetUsersUnitTest(unittest.TestCase):
user_id = self.insert_user(user)
self.insert_user(RegisteringUser(name = 'guest-1',password = 'citrom',otp_secret = ''))
self.insert_user(RegisteringUser(name = 'guest-2',password = 'citrom',otp_secret = ''))
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {
'users':[

41
server/flask/application/test/test_is_user_priviliged.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
@ -52,13 +52,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -68,22 +62,17 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_sending_non_saved_user_error_is_shown(self):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
expected = {'message':'Invalid Authorization!','code':442}
header = {'Authorization': 'token'}
response = self.client.get(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(400, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
@ -95,13 +84,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'is_privileged': True}
@ -121,13 +104,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
privileged = False
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'is_privileged': False}

8
server/flask/application/test/test_logout.py
View file

@ -1,12 +1,10 @@
import os
import unittest
import unittest.mock
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
from backend.data.data_models import Session
from backend.data.data_models import RegisteringUser
class LogoutUnitTest(unittest.TestCase):
@ -50,10 +48,10 @@ class LogoutUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_given_valid_session_returns_and_session_is_invalidated_ok(self, mock_time):
session = Session(
session = create_test_session(
user_id=2,
access_token='access',
refresh_token='refresh',
refresh_token="refresh",
access_expires_at=1010,
refresh_expires_at=1020
)

74
server/flask/application/test/test_media_access.py Normal file
View file

@ -0,0 +1,74 @@
import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
from backend.data.data_models import Session
from backend.data.data_models import RegisteringUser
class TestMediaAccess(unittest.TestCase):
url_path = '/has_media_access'
app = create_app(default_test_config)
client = app.test_client()
def setUp(self):
with self.app.app_context():
db.init_db()
def tearDown(self):
with self.app.app_context():
db.close_db()
os.remove("testdb")
def insert_session(self, session: Session):
with self.app.app_context():
dao_session.insert_user_session(session)
def test_no_headers_returns_unauthorized(self):
expected = {'message':'Missing Authorization!','code':443}
response = self.client.get(self.url_path)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_not_saved_access_token_headers_returns_unauthorized(self):
expected = {'message':'Invalid Authorization!','code':444}
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
def test_expired_access_token_headers_returns_unauthorized(self):
session = create_test_session(user_id=2, media_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':444}
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
actual_response_json = json.loads(response.data.decode())
self.assertEqual(401, response.status_code)
self.assertEqual(expected, actual_response_json)
@unittest.mock.patch('time.time', return_value=1000)
def test_given_valid_token_returns_access_granted(self, mock_time):
session = create_test_session(user_id=2, media_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message': 'Access Granted', 'code': 220}
header = {'Media-Authorization': 'token'}
response = self.client.get(self.url_path, headers = header)
actual_response_json = json.loads(response.data.decode())
self.assertEqual(200, response.status_code)
self.assertEqual(expected, actual_response_json)
if __name__ == '__main__':
unittest.main(verbosity=2)

3
server/flask/application/test/test_otp_verification.py
View file

@ -6,7 +6,6 @@ from .context import create_app, default_test_config
from backend.data import db
from backend.data import dao_users
from backend.data import dao_session
from backend.data.data_models import Session
from backend.data.data_models import RegisteringUser
class OTP_VerificationUnitTest(unittest.TestCase):
@ -149,7 +148,7 @@ class OTP_VerificationUnitTest(unittest.TestCase):
)
user_id = self.insert_user(user)
correct_code = 585501 #for 1000 and base32secret3232
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'}
data = {'username': 'myname', 'password': 'mypass', 'otp': '{}'.format(correct_code)}
response = self.client.post(self.url_path, data=data)

53
server/flask/application/test/test_refresh_token.py
View file

@ -2,10 +2,9 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_session
from backend.data.data_models import RegisteringUser
from backend.data.data_models import Session
class RefreshTokenUnitTest(unittest.TestCase):
@ -52,19 +51,19 @@ class RefreshTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_if_token_is_exists_2_times_then_invalid(self, mock_time):
session1 = Session(
user_id = 1,
access_token = "a",
refresh_token = "token",
access_expires_at = 5000,
refresh_expires_at = 5000,
session1 = create_test_session(
user_id=1,
access_token='a',
refresh_token="token",
access_expires_at=5000,
refresh_expires_at=5000
)
session2 = Session(
user_id = 2,
access_token = "b",
refresh_token = "token",
access_expires_at = 6000,
refresh_expires_at = 6000,
session2 = create_test_session(
user_id=2,
access_token='b',
refresh_token="token",
access_expires_at=6000,
refresh_expires_at=6000
)
self.insert_session(session1)
self.insert_session(session2)
@ -78,12 +77,12 @@ class RefreshTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_refresh_token_then_invalid(self, mock_time):
session = Session(
user_id = 1,
access_token = "a",
refresh_token = "token",
access_expires_at = 6000,
refresh_expires_at = 900,
session = create_test_session(
user_id=1,
access_token='a',
refresh_token="token",
access_expires_at=6000,
refresh_expires_at=900
)
self.insert_session(session)
expected = {'message':'Invalid Refresh Token!','code':450}
@ -96,15 +95,15 @@ class RefreshTokenUnitTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_but_non_expires_refresh_token_then_new_is_returned(self, mock_time):
session = Session(
user_id = 1,
access_token = "a",
refresh_token = "token",
access_expires_at = 900,
refresh_expires_at = 6000,
session = create_test_session(
user_id=1,
access_token='a',
refresh_token="token",
access_expires_at=900,
refresh_expires_at=6000
)
self.insert_session(session)
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'}
response = self.client.post(self.url_path, data={'refresh_token': 'token'})
actual_response_json = json.loads(response.data.decode())

58
server/flask/application/test/test_reset_user_otp_verification.py
View file

@ -2,7 +2,7 @@ import os
import unittest
import unittest.mock
import json
from .context import create_app, default_test_config
from .context import create_app, default_test_config, create_test_session
from backend.data import db
from backend.data import dao_users
from backend.data import dao_registration_tokens
@ -59,13 +59,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=950,
refresh_expires_at=1050,
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':441}
@ -78,13 +72,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
@unittest.mock.patch('time.time', return_value=1000)
def test_sending_non_saved_user_error_is_shown(self, mock_time):
session = Session(
user_id=2,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'message':'Invalid Authorization!','code':442}
@ -103,13 +91,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
otp_secret = 'base32secret3232'
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
expected = {'code': 431, 'message': 'Invalid Token!'}
@ -129,13 +111,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
privileged = False
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'code': 460, 'message': 'Not Authorized!'}
@ -157,13 +133,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'code': 413, 'message': 'username_to_reset cannot be empty!'}
@ -185,13 +155,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
privileged = True
)
user_id = self.insert_user(user)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'message':'User cannot be found!','code':412}
@ -220,13 +184,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
was_otp_verified = True
)
self.insert_user(user_to_reset)
session = Session(
user_id=user_id,
access_token='token',
refresh_token='',
access_expires_at=1050,
refresh_expires_at=2000
)
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
self.insert_session(session)
correct_code = 585501 #for 1000 and base32secret3232
expected = {'code': 207, 'message': 'OTP Verification Reset!'}