Add Media-Token beside access token
Media-Token can be used only to access the content, but unable to modify user data
This commit is contained in:
parent
0a71a6c840
commit
1f06c40c4c
31 changed files with 516 additions and 762 deletions
|
|
@ -1,7 +1,6 @@
|
|||
from flask import request, jsonify
|
||||
from .require_decorators import get_cropped_username
|
||||
from .require_decorators import get_cropped_otp
|
||||
from .require_decorators import get_cropped_token
|
||||
from . import token_generator_util
|
||||
from .data import dao_registration_tokens
|
||||
from .data import dao_reset_password_tokens
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ from .data.data_models import DataError
|
|||
from .data.data_models import RegisteringUser
|
||||
from .data.data_models import User
|
||||
from .data.data_models import ResponseCode
|
||||
from .data.data_models import Session
|
||||
from math import trunc
|
||||
|
||||
def handle_register(username, password):
|
||||
one_time_password = get_cropped_otp(request.form.get('otp') or '')
|
||||
|
|
@ -42,12 +44,7 @@ def handle_otp_verification(user: User):
|
|||
dao_users.update_user_otp_verification(user.id, True)
|
||||
session = token_generator_util.generate_session(user.id)
|
||||
dao_session.insert_user_session(session)
|
||||
sessionResponse = jsonify({
|
||||
'access_token': session.access_token,
|
||||
'refresh_token': session.refresh_token,
|
||||
'expires_at': session.access_expires_at
|
||||
})
|
||||
return sessionResponse, 200
|
||||
return _jsonify_session(session), 200
|
||||
else:
|
||||
errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.INVALID_OTP})
|
||||
return errorResponse, 400
|
||||
|
|
@ -74,9 +71,12 @@ def handle_refresh_token():
|
|||
new_session = token_generator_util.generate_session(user_id)
|
||||
dao_session.swap_refresh_session(refresh_token = refresh_token, session = new_session)
|
||||
|
||||
sessionResponse = jsonify({
|
||||
'access_token': new_session.access_token,
|
||||
'refresh_token': new_session.refresh_token,
|
||||
'expires_at': new_session.access_expires_at
|
||||
return _jsonify_session(new_session), 200
|
||||
|
||||
def _jsonify_session(session: Session):
|
||||
return jsonify({
|
||||
'access_token': session.access_token,
|
||||
'media_token': session.media_token,
|
||||
'refresh_token': session.refresh_token,
|
||||
'expires_at': trunc(session.access_expires_at)
|
||||
})
|
||||
return sessionResponse, 200
|
||||
|
|
@ -20,13 +20,26 @@ def get_user_for_token(access_token: str):
|
|||
return rows[0][0]
|
||||
return None
|
||||
|
||||
_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, refresh_token, access_expires_at, refresh_expires_at)"\
|
||||
"VALUES(:user_id, :access_token, :refresh_token, :access_expires_at, :refresh_expires_at)"
|
||||
_GET_USER_FOR_MEDIA_TOKEN_SQL = "SELECT user_id FROM session where media_token = :token and access_expires_at >= :time"
|
||||
def get_user_for_media_token(media_token: str):
|
||||
db = get_db()
|
||||
_delete_expired_tokens(db)
|
||||
db_cursor = db.cursor()
|
||||
db_cursor.execute(_GET_USER_FOR_MEDIA_TOKEN_SQL, {"token": media_token, "time": time.time()})
|
||||
rows = db_cursor.fetchall()
|
||||
|
||||
if (len(rows) == 1):
|
||||
return rows[0][0]
|
||||
return None
|
||||
|
||||
_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at)"\
|
||||
"VALUES(:user_id, :access_token, :media_token, :refresh_token, :access_expires_at, :refresh_expires_at)"
|
||||
|
||||
def _session_insert(db_cursor, session: Session):
|
||||
params = {
|
||||
"user_id": session.user_id,
|
||||
"access_token": session.access_token,
|
||||
"media_token": session.media_token,
|
||||
"refresh_token": session.refresh_token,
|
||||
"access_expires_at": session.access_expires_at,
|
||||
"refresh_expires_at": session.refresh_expires_at,
|
||||
|
|
|
|||
|
|
@ -2,9 +2,10 @@ from enum import Enum
|
|||
from enum import IntEnum
|
||||
|
||||
class Session:
|
||||
def __init__(self, user_id, access_token, refresh_token, access_expires_at, refresh_expires_at):
|
||||
def __init__(self, user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at):
|
||||
self.user_id = user_id
|
||||
self.access_token = access_token
|
||||
self.media_token = media_token
|
||||
self.refresh_token = refresh_token
|
||||
self.access_expires_at = access_expires_at
|
||||
self.refresh_expires_at = refresh_expires_at
|
||||
|
|
@ -14,12 +15,13 @@ class Session:
|
|||
return False
|
||||
return self.user_id == other.user_id \
|
||||
and self.access_token == other.access_token \
|
||||
and self.media_token == other.media_token \
|
||||
and self.refresh_token == other.refresh_token \
|
||||
and self.access_expires_at == other.access_expires_at \
|
||||
and self.refresh_expires_at == other.refresh_expires_at \
|
||||
|
||||
def __str__(self):
|
||||
return 'Session(user_id={},access_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at)
|
||||
return 'Session(user_id={},access_token={},media_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.media_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at)
|
||||
|
||||
def __repr__(self):
|
||||
return self.__str__()
|
||||
|
|
@ -88,18 +90,25 @@ class ResponseCode(IntEnum):
|
|||
SUCCESS_RESET_OTP_VERIFICATION = 207
|
||||
SUCCESS_SAVED_RESET_PASSWORD_TOKEN = 208
|
||||
SUCCESS_DELETED_TOKEN = 209
|
||||
SUCCESS_MEDIA_ACCESS = 220
|
||||
|
||||
|
||||
EMPTY_USERNAME = 410
|
||||
ALREADY_TAKEN_USERNAME = 411
|
||||
NOT_FOUND_USER = 412
|
||||
INVALID_USERNAME_TO_EDIT = 413
|
||||
CANT_SAVE_USER_FILE_METADATA = 414
|
||||
CANT_SAVE_FILE_METADATA = 415
|
||||
INVALID_FILE_KEY = 416
|
||||
EMPTY_PASSWORD = 420
|
||||
INVALID_PASSWORD = 421
|
||||
INVALID_NEW_PASSWORD = 422
|
||||
UNKNOWN_REGISTRATION_TOKEN = 430
|
||||
INVALID_OTP = 431
|
||||
MISSING_AUTHORIZATION = 440
|
||||
INVALID_AUTHORIZATION = 441
|
||||
UNASSOCIATED_AUTHORIZATION = 442
|
||||
MISSING_MEDIA_AUTHORIZATION = 443
|
||||
INVALID_MEDIA_AUTHORIZATION = 444
|
||||
INVALID_REFRESH_TOKEN = 450
|
||||
INVALID_RESET_PASSWORD_TOKEN = 459
|
||||
INVALID_REGISTRATION_TOKEN = 460
|
||||
|
|
|
|||
13
server/flask/application/backend/data/migration.py
Normal file
13
server/flask/application/backend/data/migration.py
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
import sqlite3
|
||||
import sys
|
||||
|
||||
def migration_0_to_1(db_path: str):
|
||||
db = sqlite3.connect(db_path, detect_types=sqlite3.PARSE_DECLTYPES)
|
||||
db_cursor = db.cursor()
|
||||
db_cursor.execute("ALTER TABLE session ADD media_token TEXT NOT NULL;")
|
||||
db.commit()
|
||||
db.close()
|
||||
|
||||
if __name__ == "__main__":
|
||||
print(sys.argv[1])
|
||||
#migration_0_to_1(sys.argv[1])
|
||||
|
|
@ -27,6 +27,7 @@ CREATE TABLE reset_password_token (
|
|||
CREATE TABLE session (
|
||||
user_id INTEGER NOT NULL,
|
||||
access_token TEXT NOT NULL,
|
||||
media_token TEXT NOT NULL,
|
||||
refresh_token TEXT NOT NULL,
|
||||
access_expires_at INTEGER NOT NULL,
|
||||
refresh_expires_at INTEGER NOT NULL,
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ from .require_decorators import require_user_priviliged_after_session
|
|||
from . import auth_requests as auth_requests_handler
|
||||
from . import admin_requests as admin_requests_handler
|
||||
from . import user_action_requests as user_action_requests_handler
|
||||
from . import media_access_requests as media_access_requests_handler
|
||||
|
||||
# for chrome to accept the certificate run in console `endCommand(SecurityInterstitialCommandId.CMD_PROCEED)`
|
||||
# to restart = `uwsgi --ini home-vod-server.ini` like in Dockerimage
|
||||
|
|
@ -137,6 +138,12 @@ def create_app(test_config=None):
|
|||
return admin_requests_handler.handle_delete_registration_token(user = user)
|
||||
# endregion
|
||||
|
||||
# region media access
|
||||
@app.route("/has_media_access", methods=['GET'])
|
||||
def has_media_access():
|
||||
return media_access_requests_handler.handle_has_media_access()
|
||||
# endregion
|
||||
|
||||
return app
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
|||
16
server/flask/application/backend/media_access_requests.py
Normal file
16
server/flask/application/backend/media_access_requests.py
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
from flask import request, jsonify
|
||||
from .require_decorators import get_cropped_token
|
||||
from .data.data_models import ResponseCode
|
||||
from .data import dao_session
|
||||
from .data import dao_users
|
||||
|
||||
def handle_has_media_access():
|
||||
media_token = get_cropped_token(request.headers.get('Media-Authorization'))
|
||||
if (media_token is None):
|
||||
errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_MEDIA_AUTHORIZATION})
|
||||
return errorResponse, 401
|
||||
user_id = dao_session.get_user_for_media_token(media_token=media_token)
|
||||
if (user_id is None):
|
||||
errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_MEDIA_AUTHORIZATION})
|
||||
return errorResponse, 401
|
||||
return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200
|
||||
|
|
@ -4,6 +4,7 @@ from . import token_generator_util
|
|||
from .data import dao_users
|
||||
from .data.data_models import User
|
||||
from .data import dao_session
|
||||
from .data.data_models import ResponseCode
|
||||
|
||||
def get_cropped_username(username: str):
|
||||
max_length = current_app.config['MAX_USERNAME_LENGTH']
|
||||
|
|
@ -45,12 +46,12 @@ def require_username_and_password(request_processor):
|
|||
def do_require_username_and_password():
|
||||
username = request.form.get('username')
|
||||
if username is None:
|
||||
errorResponse = jsonify({'message':'Username cannot be empty!','code':410})
|
||||
errorResponse = jsonify({'message':'Username cannot be empty!','code':ResponseCode.EMPTY_USERNAME})
|
||||
return errorResponse, 400
|
||||
|
||||
password = request.form.get('password')
|
||||
if password is None:
|
||||
errorResponse = jsonify({'message':'Password cannot be empty!','code':420})
|
||||
errorResponse = jsonify({'message':'Password cannot be empty!','code':ResponseCode.EMPTY_PASSWORD})
|
||||
return errorResponse, 400
|
||||
return request_processor(get_cropped_username(username), get_cropped_password(password))
|
||||
return do_require_username_and_password
|
||||
|
|
@ -60,7 +61,7 @@ def require_user_exists_by_username_and_password(request_processor):
|
|||
def do_require_user(username, password):
|
||||
user = dao_users.get_user_by_name_and_password(user_name = username, password = password)
|
||||
if user is None:
|
||||
errorResponse = jsonify({'message':'User cannot be found!','code':412})
|
||||
errorResponse = jsonify({'message':'User cannot be found!','code':ResponseCode.NOT_FOUND_USER})
|
||||
return errorResponse, 400
|
||||
return request_processor(user)
|
||||
return do_require_user
|
||||
|
|
@ -70,17 +71,17 @@ def requires_session(request_processor):
|
|||
def do_require_session():
|
||||
access_token = get_cropped_token(request.headers.get('Authorization'))
|
||||
if (access_token is None):
|
||||
errorResponse = jsonify({'message':'Missing Authorization!','code':440})
|
||||
errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_AUTHORIZATION})
|
||||
return errorResponse, 401
|
||||
|
||||
user_id = dao_session.get_user_for_token(access_token)
|
||||
if (user_id is None):
|
||||
errorResponse = jsonify({'message':'Invalid Authorization!','code':441})
|
||||
errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_AUTHORIZATION})
|
||||
return errorResponse, 401
|
||||
|
||||
user = dao_users.get_user_by_id(user_id)
|
||||
if user is None:
|
||||
errorResponse = jsonify({'message':'Invalid Authorization!','code':442})
|
||||
errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.UNASSOCIATED_AUTHORIZATION})
|
||||
return errorResponse, 400
|
||||
return request_processor(user)
|
||||
return do_require_session
|
||||
|
|
@ -91,7 +92,7 @@ def require_otp_verification_after_session(request_processor):
|
|||
one_time_password = get_cropped_otp(request.form.get('otp') or '')
|
||||
is_otp_ok = token_generator_util.verify_otp(user.otp_secret, one_time_password)
|
||||
if not is_otp_ok:
|
||||
errorResponse = jsonify({'message':'Invalid Token!','code':431})
|
||||
errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.INVALID_OTP})
|
||||
return errorResponse, 400
|
||||
|
||||
return request_processor(user)
|
||||
|
|
@ -101,7 +102,7 @@ def require_user_priviliged_after_session(request_processor):
|
|||
@functools.wraps(request_processor)
|
||||
def do_require_user_priviliged(user: User):
|
||||
if not user.privileged:
|
||||
errorResponse = jsonify({'message':'Not Authorized!','code':460})
|
||||
errorResponse = jsonify({'message':'Not Authorized!','code':ResponseCode.INVALID_REGISTRATION_TOKEN})
|
||||
return errorResponse, 400
|
||||
return request_processor(user)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ def generate_session(user_id, byte_count = None, access_expires_in = None, refre
|
|||
return Session(
|
||||
user_id = user_id,
|
||||
access_token = token_urlsafe(byte_count),
|
||||
media_token = token_urlsafe(byte_count),
|
||||
refresh_token = token_urlsafe(byte_count),
|
||||
access_expires_at = access_expires_in + current_time,
|
||||
refresh_expires_at = refresh_expires_in + current_time,
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
from flask import request, jsonify
|
||||
import json
|
||||
from .require_decorators import get_cropped_password
|
||||
from .require_decorators import get_cropped_otp
|
||||
from .require_decorators import get_cropped_key
|
||||
|
|
@ -11,6 +10,7 @@ from .data import dao_file_metadata_of_user
|
|||
from .data import dao_file_metadata
|
||||
from .data.data_models import User
|
||||
from .data.data_models import ResponseCode
|
||||
from .auth_requests import _jsonify_session as jsonify_session
|
||||
|
||||
def handle_change_password(user: User):
|
||||
password = get_cropped_password(request.form.get('password'))
|
||||
|
|
@ -31,12 +31,7 @@ def handle_change_password(user: User):
|
|||
session = token_generator_util.generate_session(user.id)
|
||||
dao_users.update_user_password(user_id = user.id, new_password = new_password)
|
||||
dao_session.create_new_single_session(session = session)
|
||||
sessionResponse = jsonify({
|
||||
'access_token': session.access_token,
|
||||
'refresh_token': session.refresh_token,
|
||||
'expires_at': session.access_expires_at
|
||||
})
|
||||
return sessionResponse, 200
|
||||
return jsonify_session(session), 200
|
||||
|
||||
def handle_reset_password(username: str, password: str):
|
||||
reset_password_token = get_cropped_otp(request.form.get('reset_password_token'))
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ server {
|
|||
location /media {
|
||||
root /media-data/;
|
||||
autoindex on;
|
||||
auth_request /user/is_privileged;
|
||||
auth_request /has_media_access;
|
||||
limit_req zone=ip burst=12 delay=8;
|
||||
|
||||
# enable cache
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
from backend.flask_project import create_app
|
||||
from backend.data.data_models import Session
|
||||
|
||||
default_test_config = {
|
||||
"DATABASE_PATH": "testdb",
|
||||
|
|
@ -11,3 +12,13 @@ default_test_config = {
|
|||
"MAX_TOKEN_LENGTH": 200,
|
||||
"KEY_LENGTH": 30,
|
||||
}
|
||||
|
||||
def create_test_session(user_id, access_token = '', media_token = '', refresh_token = '', access_expires_at = 1, refresh_expires_at = 1):
|
||||
return Session(
|
||||
user_id = user_id,
|
||||
access_token = access_token,
|
||||
media_token = media_token,
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = access_expires_at,
|
||||
refresh_expires_at = refresh_expires_at
|
||||
)
|
||||
|
|
@ -28,50 +28,62 @@ class SessionDAOTest(unittest.TestCase):
|
|||
db.close_db()
|
||||
os.remove("testdb")
|
||||
|
||||
def test_empty_db_contains_no_token(self):
|
||||
def test_empty_db_contains_no_session(self):
|
||||
expected = None
|
||||
token = "token"
|
||||
|
||||
with self.app.app_context():
|
||||
actual = sut.get_user_for_token(token)
|
||||
actual_by_access = sut.get_user_for_token('access')
|
||||
actual_by_media = sut.get_user_for_media_token('media')
|
||||
actual_by_refresh = sut.get_user_for_token('refresh')
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
self.assertEqual(expected, actual_by_access)
|
||||
self.assertEqual(expected, actual_by_media)
|
||||
self.assertEqual(expected, actual_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_inserted_token_is_found(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = 13
|
||||
token = "token"
|
||||
access_token = "access"
|
||||
refresh_token = "refresh"
|
||||
media_token = "media"
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = media_token,
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session)
|
||||
actual = sut.get_user_for_token(token)
|
||||
actual_by_access = sut.get_user_for_token(access_token)
|
||||
actual_by_media = sut.get_user_for_media_token(media_token)
|
||||
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
self.assertEqual(expected, actual_by_access)
|
||||
self.assertEqual(expected, actual_by_media)
|
||||
self.assertEqual(expected, actual_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_same_token_results_in_not_found(self, mock_time):
|
||||
def test_same_access_token_results_in_not_found(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
token = "token"
|
||||
access_token = "token"
|
||||
session1 = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = "media_token_1",
|
||||
refresh_token = "refresh_token_1",
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
session2 = Session(
|
||||
user_id = 14,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = "media_token_2",
|
||||
refresh_token = "refresh_token_2",
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
|
|
@ -79,67 +91,147 @@ class SessionDAOTest(unittest.TestCase):
|
|||
with self.app.app_context():
|
||||
sut.insert_user_session(session1)
|
||||
sut.insert_user_session(session2)
|
||||
actual = sut.get_user_for_token(token)
|
||||
actual = sut.get_user_for_token(access_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_isnt_returned(self, mock_time):
|
||||
def test_same_access_media_token_results_in_not_found(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
token = "token"
|
||||
media_token = "token"
|
||||
session1 = Session(
|
||||
user_id = 13,
|
||||
access_token = "access_1",
|
||||
media_token = media_token,
|
||||
refresh_token = "refresh_token1",
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
session2 = Session(
|
||||
user_id = 14,
|
||||
access_token = "access_2",
|
||||
media_token = media_token,
|
||||
refresh_token = "refresh_token2",
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session1)
|
||||
sut.insert_user_session(session2)
|
||||
actual = sut.get_user_for_media_token(media_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_same_access_refresh_token_results_in_not_found(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
refresh_token = "token"
|
||||
session1 = Session(
|
||||
user_id = 13,
|
||||
access_token = "access1",
|
||||
media_token = "media1",
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
session2 = Session(
|
||||
user_id = 14,
|
||||
access_token = "access2",
|
||||
media_token = "media2",
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 2000,
|
||||
refresh_expires_at = 4000
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session1)
|
||||
sut.insert_user_session(session2)
|
||||
actual = sut.get_user_for_refresh_token(refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_isnt_returned_but_refresh_is(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
access_token = "access"
|
||||
media_token = "media"
|
||||
refresh_token = "refresh"
|
||||
expected_refresh_user_id = 13
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = media_token,
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 500,
|
||||
refresh_expires_at = 2000
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session)
|
||||
actual = sut.get_user_for_token(token)
|
||||
actual_by_access = sut.get_user_for_token(access_token)
|
||||
actual_by_media = sut.get_user_for_media_token(media_token)
|
||||
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
self.assertEqual(expected, actual_by_access)
|
||||
self.assertEqual(expected, actual_by_media)
|
||||
self.assertEqual(expected_refresh_user_id, actual_by_refresh) # but by refresh it is
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_refresh_token_isnt_returned(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
token = "token"
|
||||
access_token = "access"
|
||||
media_token = "media"
|
||||
refresh_token = "refresh"
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = media_token,
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 2500,
|
||||
refresh_expires_at = 500
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session)
|
||||
actual = sut.get_user_for_token(token)
|
||||
actual_by_access = sut.get_user_for_token(access_token)
|
||||
actual_by_media = sut.get_user_for_media_token(media_token)
|
||||
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
self.assertEqual(expected, actual_by_access)
|
||||
self.assertEqual(expected, actual_by_media)
|
||||
self.assertEqual(expected, actual_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_deleted_session_isnt_returned(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
expected = None
|
||||
token = "token"
|
||||
access_token = "access"
|
||||
media_token = "media"
|
||||
refresh_token = "refresh"
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = access_token,
|
||||
media_token = media_token,
|
||||
refresh_token = refresh_token,
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
)
|
||||
|
||||
with self.app.app_context():
|
||||
sut.insert_user_session(session = session)
|
||||
sut.delete_user_session(access_token = token)
|
||||
actual = sut.get_user_for_token(access_token = token)
|
||||
sut.delete_user_session(access_token = access_token)
|
||||
actual_by_access = sut.get_user_for_token(access_token)
|
||||
actual_by_media = sut.get_user_for_media_token(media_token)
|
||||
actual_by_refresh = sut.get_user_for_refresh_token(refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual)
|
||||
self.assertEqual(expected, actual_by_access)
|
||||
self.assertEqual(expected, actual_by_media)
|
||||
self.assertEqual(expected, actual_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_deleted_all_user_session_isnt_returned(self, mock_time):
|
||||
|
|
@ -148,6 +240,7 @@ class SessionDAOTest(unittest.TestCase):
|
|||
session1 = Session(
|
||||
user_id = 13,
|
||||
access_token = "token1",
|
||||
media_token = "media_token1",
|
||||
refresh_token = "refresh_token1",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
|
|
@ -155,6 +248,7 @@ class SessionDAOTest(unittest.TestCase):
|
|||
session2 = Session(
|
||||
user_id = 13,
|
||||
access_token = "token2",
|
||||
media_token = "media_token2",
|
||||
refresh_token = "refresh_token2",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
|
|
@ -162,6 +256,7 @@ class SessionDAOTest(unittest.TestCase):
|
|||
session_of_different_user = Session(
|
||||
user_id = 14,
|
||||
access_token = "token3",
|
||||
media_token = "media_token3",
|
||||
refresh_token = "refresh_token3",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
|
|
@ -172,30 +267,42 @@ class SessionDAOTest(unittest.TestCase):
|
|||
sut.insert_user_session(session = session2)
|
||||
sut.insert_user_session(session = session_of_different_user)
|
||||
sut.delete_all_user_session_by_user_id(user_id=13)
|
||||
actual1 = sut.get_user_for_token(access_token = session1.access_token)
|
||||
actual2 = sut.get_user_for_token(access_token = session2.access_token)
|
||||
actual_of_different_user = sut.get_user_for_token(access_token = session_of_different_user.access_token)
|
||||
actual1_by_access = sut.get_user_for_token(access_token = session1.access_token)
|
||||
actual2_by_access = sut.get_user_for_token(access_token = session2.access_token)
|
||||
actual1_by_media = sut.get_user_for_media_token(media_token = session1.media_token)
|
||||
actual2_by_media = sut.get_user_for_media_token(media_token = session2.media_token)
|
||||
actual1_by_refresh = sut.get_user_for_refresh_token(refresh_token = session1.refresh_token)
|
||||
actual2_by_refresh = sut.get_user_for_refresh_token(refresh_token = session2.refresh_token)
|
||||
actual_of_different_user_by_access = sut.get_user_for_token(session_of_different_user.access_token)
|
||||
actual_of_different_user_by_media = sut.get_user_for_media_token(session_of_different_user.media_token)
|
||||
actual_of_different_user_by_refresh = sut.get_user_for_refresh_token(session_of_different_user.refresh_token)
|
||||
|
||||
self.assertEqual(expected, actual1)
|
||||
self.assertEqual(expected, actual2)
|
||||
self.assertEqual(session_of_different_user.user_id, actual_of_different_user)
|
||||
self.assertEqual(expected, actual1_by_access)
|
||||
self.assertEqual(expected, actual2_by_access)
|
||||
self.assertEqual(expected, actual1_by_media)
|
||||
self.assertEqual(expected, actual2_by_media)
|
||||
self.assertEqual(expected, actual1_by_refresh)
|
||||
self.assertEqual(expected, actual2_by_refresh)
|
||||
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_access)
|
||||
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_media)
|
||||
self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_after_new_single_session_old_session_is_not_returned(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
token = "token"
|
||||
new_token = "new_token"
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = 'token',
|
||||
media_token = "media",
|
||||
refresh_token = "refresh",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
)
|
||||
new_session = session = Session(
|
||||
new_session = Session(
|
||||
user_id = 13,
|
||||
access_token = new_token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = 'new_token',
|
||||
media_token = "new_media",
|
||||
refresh_token = "new_refresh",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
)
|
||||
|
|
@ -205,28 +312,36 @@ class SessionDAOTest(unittest.TestCase):
|
|||
with self.app.app_context():
|
||||
sut.insert_user_session(session = session)
|
||||
sut.create_new_single_session(session = new_session)
|
||||
actual_old = sut.get_user_for_token(access_token = token)
|
||||
actual_new = sut.get_user_for_token(access_token = new_token)
|
||||
actual_old_by_access = sut.get_user_for_token(session.access_token)
|
||||
actual_old_by_media = sut.get_user_for_media_token(session.media_token)
|
||||
actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token)
|
||||
actual_new_by_access = sut.get_user_for_token(new_session.access_token)
|
||||
actual_new_by_media = sut.get_user_for_media_token(new_session.media_token)
|
||||
actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token)
|
||||
|
||||
self.assertEqual(expected_old, actual_old)
|
||||
self.assertEqual(expected_new, actual_new)
|
||||
self.assertEqual(expected_old, actual_old_by_access)
|
||||
self.assertEqual(expected_old, actual_old_by_media)
|
||||
self.assertEqual(expected_old, actual_old_by_refresh)
|
||||
self.assertEqual(expected_new, actual_new_by_access)
|
||||
self.assertEqual(expected_new, actual_new_by_media)
|
||||
self.assertEqual(expected_new, actual_new_by_refresh)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_after_swap_refresh_session_old_session_is_not_returned(self, mock_time):
|
||||
assert time.time() == 1000
|
||||
token = "token"
|
||||
new_token = "new_token"
|
||||
session = Session(
|
||||
user_id = 13,
|
||||
access_token = token,
|
||||
refresh_token = "refresh_token",
|
||||
access_token = "token",
|
||||
media_token = "media",
|
||||
refresh_token = "refresh",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
)
|
||||
new_session = session = Session(
|
||||
new_session = Session(
|
||||
user_id = 13,
|
||||
access_token = new_token,
|
||||
refresh_token = "refresh_token2",
|
||||
access_token = "new_token",
|
||||
media_token = "new_media",
|
||||
refresh_token = "new_refresh",
|
||||
access_expires_at = 1500,
|
||||
refresh_expires_at = 5000
|
||||
)
|
||||
|
|
@ -236,11 +351,19 @@ class SessionDAOTest(unittest.TestCase):
|
|||
with self.app.app_context():
|
||||
sut.insert_user_session(session = session)
|
||||
sut.swap_refresh_session(refresh_token = session.refresh_token, session = new_session)
|
||||
actual_old = sut.get_user_for_token(access_token = token)
|
||||
actual_new = sut.get_user_for_token(access_token = new_token)
|
||||
actual_old_by_access = sut.get_user_for_token(session.access_token)
|
||||
actual_old_by_media = sut.get_user_for_media_token(session.media_token)
|
||||
actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token)
|
||||
actual_new_by_access = sut.get_user_for_token(new_session.access_token)
|
||||
actual_new_by_media = sut.get_user_for_media_token(new_session.media_token)
|
||||
actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token)
|
||||
|
||||
self.assertEqual(expected_old, actual_old)
|
||||
self.assertEqual(expected_new, actual_new)
|
||||
self.assertEqual(expected_old, actual_old_by_access)
|
||||
self.assertEqual(expected_old, actual_old_by_media)
|
||||
self.assertEqual(expected_old, actual_old_by_refresh)
|
||||
self.assertEqual(expected_new, actual_new_by_access)
|
||||
self.assertEqual(expected_new, actual_new_by_media)
|
||||
self.assertEqual(expected_new, actual_new_by_refresh)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -52,13 +52,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -68,22 +62,17 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_sending_non_saved_user_error_is_shown(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
header = {'Authorization': 'token'}
|
||||
response = self.client.post(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(400, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
|
|
@ -94,13 +83,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'File MetaData Saved!','code':203}
|
||||
|
||||
|
|
@ -120,13 +103,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Couldn\'t save metadata!','code':415}
|
||||
|
||||
|
|
@ -146,13 +123,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected_of_key_query = {'key': 'value'}
|
||||
expected_of_key2_query = {'key2':'value2'}
|
||||
|
|
@ -181,13 +152,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value1'}
|
||||
|
||||
|
|
@ -211,13 +176,7 @@ class AddFileMetadataUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value'}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -52,13 +52,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -68,22 +62,17 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_sending_non_saved_user_error_is_shown(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
header = {'Authorization': 'token'}
|
||||
response = self.client.post(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(400, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
|
|
@ -94,13 +83,8 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
|
||||
self.insert_session(session)
|
||||
expected = {'message':'User\'s File MetaData Saved!','code':202}
|
||||
|
||||
|
|
@ -120,13 +104,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Couldn\'t save user\'s metadata!','code':414}
|
||||
|
||||
|
|
@ -146,13 +124,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value', 'key2':'value2'}
|
||||
|
||||
|
|
@ -173,13 +145,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value1', 'key2':'value2', 'key3': 'value3'}
|
||||
|
||||
|
|
@ -202,13 +168,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value', 'key2':'value2'}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -58,13 +58,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -76,13 +70,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -101,13 +89,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -126,13 +108,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -152,13 +128,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Password!','code':421}
|
||||
|
|
@ -178,13 +148,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'New Password cannot be empty!','code':422}
|
||||
|
|
@ -204,13 +168,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Password!','code':421}
|
||||
|
|
@ -230,15 +188,9 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
|
||||
expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'}
|
||||
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
|
||||
|
|
@ -258,13 +210,7 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
|
||||
|
|
@ -287,19 +233,13 @@ class PasswordChangeUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code}
|
||||
response = self.client.post(self.url_path, data=change_pass_data, headers={'Authorization': 'token'})
|
||||
session_response = json.loads(response.data.decode())
|
||||
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
|
||||
expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'}
|
||||
|
||||
data = {'password':'pass2', 'new_password': 'pass3', 'otp': correct_code}
|
||||
response = self.client.post(self.url_path, data=data, headers={'Authorization': session_response['access_token']})
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
|
|
@ -60,13 +60,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -79,13 +73,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -104,13 +92,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -129,13 +111,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -155,13 +131,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
|
@ -183,13 +153,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Registration Token given!','code':460}
|
||||
|
|
@ -211,13 +175,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Registration Token given!','code':460}
|
||||
|
|
@ -241,13 +199,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Registration token Saved!','code':205}
|
||||
|
|
@ -270,13 +222,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
data = {'registration_token': '123456', 'otp': correct_code}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
|
|
@ -60,13 +60,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -79,13 +73,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -104,13 +92,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -129,13 +111,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -155,13 +131,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
|
@ -183,13 +153,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Reset Password Token given!','code':459}
|
||||
|
|
@ -211,13 +175,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Invalid Reset Password Token given!','code':459}
|
||||
|
|
@ -239,13 +197,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'username_to_reset cannot be empty!','code':413}
|
||||
|
|
@ -267,13 +219,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Reset Password token Saved!','code':208}
|
||||
|
|
@ -295,13 +241,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
admin_id = self.insert_user(admin)
|
||||
session = Session(
|
||||
user_id=admin_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=admin_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
user = RegisteringUser(
|
||||
name = 'alma',
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
|
|
@ -64,13 +64,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -83,13 +77,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -108,13 +96,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -133,13 +115,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -159,13 +135,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
|
@ -187,13 +157,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
self.insert_registration_token('123456')
|
||||
self.insert_registration_token('abcdef')
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
from backend.data import dao_session
|
||||
from backend.data.data_models import RegisteringUser
|
||||
from backend.data.data_models import Session
|
||||
|
|
@ -65,13 +64,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -84,13 +77,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -109,13 +96,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -134,13 +115,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Token!','code':431}
|
||||
|
||||
|
|
@ -160,13 +135,7 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
|
@ -188,29 +157,23 @@ class DeleteTokenUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
guest1_user_id=self.insert_user(RegisteringUser(name = 'guest-1',password = '123',otp_secret = '',))
|
||||
guest2_user_id=self.insert_user(RegisteringUser(name = 'guest-2',password = '123',otp_secret = '',))
|
||||
guest1_session = Session(
|
||||
guest1_session = create_test_session(
|
||||
user_id=guest1_user_id,
|
||||
access_token='a-1',
|
||||
refresh_token='r-1',
|
||||
access_expires_at=2000,
|
||||
refresh_expires_at=3000
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
guest2_session = Session(
|
||||
guest2_session = create_test_session(
|
||||
user_id=guest2_user_id,
|
||||
access_token='a-2',
|
||||
refresh_token='r-2',
|
||||
access_expires_at=2000,
|
||||
refresh_expires_at=3000
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
self.insert_session(guest1_session)
|
||||
self.insert_session(guest2_session)
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_sending_non_saved_user_error_is_shown(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
header = {'Authorization': 'token'}
|
||||
response = self.client.get(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(400, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
|
|
@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message': 'Invalid FileKey (file_key)!', 'code': 416}
|
||||
|
||||
|
|
@ -120,13 +103,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {}
|
||||
|
||||
|
|
@ -146,13 +123,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_with_metadata_id = self.insert_user(user_with_metadata)
|
||||
usersession_with_metadata = Session(
|
||||
user_id=user_with_metadata_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(usersession_with_metadata)
|
||||
|
||||
user = RegisteringUser(
|
||||
|
|
@ -161,13 +132,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token2',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'key': 'value'}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_sending_non_saved_user_error_is_shown(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
header = {'Authorization': 'token'}
|
||||
response = self.client.get(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(400, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
|
|
@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {}
|
||||
|
||||
|
|
@ -119,13 +102,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_with_metadata_id = self.insert_user(user_with_metadata)
|
||||
usersession_with_metadata = Session(
|
||||
user_id=user_with_metadata_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(usersession_with_metadata)
|
||||
|
||||
user = RegisteringUser(
|
||||
|
|
@ -134,13 +111,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token2',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
|
|
@ -59,13 +59,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -78,13 +72,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -103,13 +91,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
||||
|
|
@ -131,13 +113,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase):
|
|||
user_id = self.insert_user(user)
|
||||
self.inser_registration_token('token-abc-1')
|
||||
self.inser_registration_token('token-abc-2')
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {
|
||||
'registration_tokens':['token-abc-1','token-abc-2']
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -54,13 +54,7 @@ class GetUsersUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -73,13 +67,7 @@ class GetUsersUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -98,13 +86,7 @@ class GetUsersUnitTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Not Authorized!','code':460}
|
||||
|
||||
|
|
@ -126,13 +108,7 @@ class GetUsersUnitTest(unittest.TestCase):
|
|||
user_id = self.insert_user(user)
|
||||
self.insert_user(RegisteringUser(name = 'guest-1',password = 'citrom',otp_secret = ''))
|
||||
self.insert_user(RegisteringUser(name = 'guest-2',password = 'citrom',otp_secret = ''))
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {
|
||||
'users':[
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
|
|
@ -52,13 +52,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
|
|||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -68,22 +62,17 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
|
|||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_sending_non_saved_user_error_is_shown(self):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
header = {'Authorization': 'token'}
|
||||
response = self.client.get(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(400, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
|
|
@ -95,13 +84,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'is_privileged': True}
|
||||
|
||||
|
|
@ -121,13 +104,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase):
|
|||
privileged = False
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'is_privileged': False}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,12 +1,10 @@
|
|||
import os
|
||||
import unittest
|
||||
import unittest.mock
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
from backend.data.data_models import Session
|
||||
from backend.data.data_models import RegisteringUser
|
||||
|
||||
class LogoutUnitTest(unittest.TestCase):
|
||||
|
||||
|
|
@ -50,10 +48,10 @@ class LogoutUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_given_valid_session_returns_and_session_is_invalidated_ok(self, mock_time):
|
||||
session = Session(
|
||||
session = create_test_session(
|
||||
user_id=2,
|
||||
access_token='access',
|
||||
refresh_token='refresh',
|
||||
refresh_token="refresh",
|
||||
access_expires_at=1010,
|
||||
refresh_expires_at=1020
|
||||
)
|
||||
|
|
|
|||
74
server/flask/application/test/test_media_access.py
Normal file
74
server/flask/application/test/test_media_access.py
Normal file
|
|
@ -0,0 +1,74 @@
|
|||
import os
|
||||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
from backend.data.data_models import Session
|
||||
from backend.data.data_models import RegisteringUser
|
||||
|
||||
class TestMediaAccess(unittest.TestCase):
|
||||
|
||||
url_path = '/has_media_access'
|
||||
app = create_app(default_test_config)
|
||||
client = app.test_client()
|
||||
|
||||
def setUp(self):
|
||||
with self.app.app_context():
|
||||
db.init_db()
|
||||
|
||||
def tearDown(self):
|
||||
with self.app.app_context():
|
||||
db.close_db()
|
||||
os.remove("testdb")
|
||||
|
||||
def insert_session(self, session: Session):
|
||||
with self.app.app_context():
|
||||
dao_session.insert_user_session(session)
|
||||
|
||||
def test_no_headers_returns_unauthorized(self):
|
||||
expected = {'message':'Missing Authorization!','code':443}
|
||||
|
||||
response = self.client.get(self.url_path)
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_not_saved_access_token_headers_returns_unauthorized(self):
|
||||
expected = {'message':'Invalid Authorization!','code':444}
|
||||
|
||||
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
def test_expired_access_token_headers_returns_unauthorized(self):
|
||||
session = create_test_session(user_id=2, media_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':444}
|
||||
|
||||
response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'})
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
|
||||
self.assertEqual(401, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_given_valid_token_returns_access_granted(self, mock_time):
|
||||
session = create_test_session(user_id=2, media_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message': 'Access Granted', 'code': 220}
|
||||
|
||||
header = {'Media-Authorization': 'token'}
|
||||
response = self.client.get(self.url_path, headers = header)
|
||||
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
self.assertEqual(200, response.status_code)
|
||||
self.assertEqual(expected, actual_response_json)
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main(verbosity=2)
|
||||
|
|
@ -6,7 +6,6 @@ from .context import create_app, default_test_config
|
|||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_session
|
||||
from backend.data.data_models import Session
|
||||
from backend.data.data_models import RegisteringUser
|
||||
|
||||
class OTP_VerificationUnitTest(unittest.TestCase):
|
||||
|
|
@ -149,7 +148,7 @@ class OTP_VerificationUnitTest(unittest.TestCase):
|
|||
)
|
||||
user_id = self.insert_user(user)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
|
||||
expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'}
|
||||
|
||||
data = {'username': 'myname', 'password': 'mypass', 'otp': '{}'.format(correct_code)}
|
||||
response = self.client.post(self.url_path, data=data)
|
||||
|
|
|
|||
|
|
@ -2,10 +2,9 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_session
|
||||
from backend.data.data_models import RegisteringUser
|
||||
from backend.data.data_models import Session
|
||||
|
||||
class RefreshTokenUnitTest(unittest.TestCase):
|
||||
|
|
@ -52,19 +51,19 @@ class RefreshTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_if_token_is_exists_2_times_then_invalid(self, mock_time):
|
||||
session1 = Session(
|
||||
user_id = 1,
|
||||
access_token = "a",
|
||||
refresh_token = "token",
|
||||
access_expires_at = 5000,
|
||||
refresh_expires_at = 5000,
|
||||
session1 = create_test_session(
|
||||
user_id=1,
|
||||
access_token='a',
|
||||
refresh_token="token",
|
||||
access_expires_at=5000,
|
||||
refresh_expires_at=5000
|
||||
)
|
||||
session2 = Session(
|
||||
user_id = 2,
|
||||
access_token = "b",
|
||||
refresh_token = "token",
|
||||
access_expires_at = 6000,
|
||||
refresh_expires_at = 6000,
|
||||
session2 = create_test_session(
|
||||
user_id=2,
|
||||
access_token='b',
|
||||
refresh_token="token",
|
||||
access_expires_at=6000,
|
||||
refresh_expires_at=6000
|
||||
)
|
||||
self.insert_session(session1)
|
||||
self.insert_session(session2)
|
||||
|
|
@ -78,12 +77,12 @@ class RefreshTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_refresh_token_then_invalid(self, mock_time):
|
||||
session = Session(
|
||||
user_id = 1,
|
||||
access_token = "a",
|
||||
refresh_token = "token",
|
||||
access_expires_at = 6000,
|
||||
refresh_expires_at = 900,
|
||||
session = create_test_session(
|
||||
user_id=1,
|
||||
access_token='a',
|
||||
refresh_token="token",
|
||||
access_expires_at=6000,
|
||||
refresh_expires_at=900
|
||||
)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Refresh Token!','code':450}
|
||||
|
|
@ -96,15 +95,15 @@ class RefreshTokenUnitTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_but_non_expires_refresh_token_then_new_is_returned(self, mock_time):
|
||||
session = Session(
|
||||
user_id = 1,
|
||||
access_token = "a",
|
||||
refresh_token = "token",
|
||||
access_expires_at = 900,
|
||||
refresh_expires_at = 6000,
|
||||
session = create_test_session(
|
||||
user_id=1,
|
||||
access_token='a',
|
||||
refresh_token="token",
|
||||
access_expires_at=900,
|
||||
refresh_expires_at=6000
|
||||
)
|
||||
self.insert_session(session)
|
||||
expected_keys = {'access_token', 'refresh_token', 'expires_at'}
|
||||
expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'}
|
||||
|
||||
response = self.client.post(self.url_path, data={'refresh_token': 'token'})
|
||||
actual_response_json = json.loads(response.data.decode())
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import os
|
|||
import unittest
|
||||
import unittest.mock
|
||||
import json
|
||||
from .context import create_app, default_test_config
|
||||
from .context import create_app, default_test_config, create_test_session
|
||||
from backend.data import db
|
||||
from backend.data import dao_users
|
||||
from backend.data import dao_registration_tokens
|
||||
|
|
@ -59,13 +59,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_expired_access_token_headers_returns_unauthorized(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=950,
|
||||
refresh_expires_at=1050,
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':441}
|
||||
|
||||
|
|
@ -78,13 +72,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
|
||||
@unittest.mock.patch('time.time', return_value=1000)
|
||||
def test_sending_non_saved_user_error_is_shown(self, mock_time):
|
||||
session = Session(
|
||||
user_id=2,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'message':'Invalid Authorization!','code':442}
|
||||
|
||||
|
|
@ -103,13 +91,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
otp_secret = 'base32secret3232'
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
expected = {'code': 431, 'message': 'Invalid Token!'}
|
||||
|
||||
|
|
@ -129,13 +111,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
privileged = False
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'code': 460, 'message': 'Not Authorized!'}
|
||||
|
|
@ -157,13 +133,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'code': 413, 'message': 'username_to_reset cannot be empty!'}
|
||||
|
|
@ -185,13 +155,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
privileged = True
|
||||
)
|
||||
user_id = self.insert_user(user)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'message':'User cannot be found!','code':412}
|
||||
|
|
@ -220,13 +184,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase):
|
|||
was_otp_verified = True
|
||||
)
|
||||
self.insert_user(user_to_reset)
|
||||
session = Session(
|
||||
user_id=user_id,
|
||||
access_token='token',
|
||||
refresh_token='',
|
||||
access_expires_at=1050,
|
||||
refresh_expires_at=2000
|
||||
)
|
||||
session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000)
|
||||
self.insert_session(session)
|
||||
correct_code = 585501 #for 1000 and base32secret3232
|
||||
expected = {'code': 207, 'message': 'OTP Verification Reset!'}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue