From 1f06c40c4c065f1533756cd736b8ae3b9d462b3b Mon Sep 17 00:00:00 2001 From: Gergely Hegedus Date: Mon, 27 Mar 2023 19:07:29 +0300 Subject: [PATCH] Add Media-Token beside access token Media-Token can be used only to access the content, but unable to modify user data --- .../application/backend/admin_requests.py | 1 - .../application/backend/auth_requests.py | 24 +- .../application/backend/data/dao_session.py | 17 +- .../application/backend/data/data_models.py | 15 +- .../application/backend/data/migration.py | 13 + .../flask/application/backend/data/schema.sql | 1 + .../application/backend/flask_project.py | 7 + .../backend/media_access_requests.py | 16 ++ .../application/backend/require_decorators.py | 17 +- .../backend/token_generator_util.py | 1 + .../backend/user_action_requests.py | 9 +- server/flask/application/nginx-proxy-config | 2 +- server/flask/application/test/context.py | 13 +- .../application/test/data/test_dao_session.py | 245 +++++++++++++----- .../test/test_add_file_metadata.py | 65 +---- .../test/test_add_file_metadata_of_user.py | 66 +---- .../application/test/test_change_password.py | 86 +----- .../test/test_create_registration_token.py | 74 +----- .../test/test_create_reset_password_token.py | 82 +----- .../test/test_delete_registration_token.py | 50 +--- .../application/test/test_delete_user.py | 63 +---- .../test/test_get_file_metadata.py | 57 +--- .../test/test_get_file_metadata_of_user.py | 49 +--- .../test/test_get_registration_tokens.py | 34 +-- .../flask/application/test/test_get_users.py | 34 +-- .../test/test_is_user_priviliged.py | 41 +-- server/flask/application/test/test_logout.py | 8 +- .../application/test/test_media_access.py | 74 ++++++ .../application/test/test_otp_verification.py | 3 +- .../application/test/test_refresh_token.py | 53 ++-- .../test/test_reset_user_otp_verification.py | 58 +---- 31 files changed, 516 insertions(+), 762 deletions(-) create mode 100644 server/flask/application/backend/data/migration.py create mode 100644 server/flask/application/backend/media_access_requests.py create mode 100644 server/flask/application/test/test_media_access.py diff --git a/server/flask/application/backend/admin_requests.py b/server/flask/application/backend/admin_requests.py index 66747a8..6b01771 100644 --- a/server/flask/application/backend/admin_requests.py +++ b/server/flask/application/backend/admin_requests.py @@ -1,7 +1,6 @@ from flask import request, jsonify from .require_decorators import get_cropped_username from .require_decorators import get_cropped_otp -from .require_decorators import get_cropped_token from . import token_generator_util from .data import dao_registration_tokens from .data import dao_reset_password_tokens diff --git a/server/flask/application/backend/auth_requests.py b/server/flask/application/backend/auth_requests.py index 940f592..7d46ec0 100644 --- a/server/flask/application/backend/auth_requests.py +++ b/server/flask/application/backend/auth_requests.py @@ -9,6 +9,8 @@ from .data.data_models import DataError from .data.data_models import RegisteringUser from .data.data_models import User from .data.data_models import ResponseCode +from .data.data_models import Session +from math import trunc def handle_register(username, password): one_time_password = get_cropped_otp(request.form.get('otp') or '') @@ -42,12 +44,7 @@ def handle_otp_verification(user: User): dao_users.update_user_otp_verification(user.id, True) session = token_generator_util.generate_session(user.id) dao_session.insert_user_session(session) - sessionResponse = jsonify({ - 'access_token': session.access_token, - 'refresh_token': session.refresh_token, - 'expires_at': session.access_expires_at - }) - return sessionResponse, 200 + return _jsonify_session(session), 200 else: errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.INVALID_OTP}) return errorResponse, 400 @@ -74,9 +71,12 @@ def handle_refresh_token(): new_session = token_generator_util.generate_session(user_id) dao_session.swap_refresh_session(refresh_token = refresh_token, session = new_session) - sessionResponse = jsonify({ - 'access_token': new_session.access_token, - 'refresh_token': new_session.refresh_token, - 'expires_at': new_session.access_expires_at - }) - return sessionResponse, 200 \ No newline at end of file + return _jsonify_session(new_session), 200 + +def _jsonify_session(session: Session): + return jsonify({ + 'access_token': session.access_token, + 'media_token': session.media_token, + 'refresh_token': session.refresh_token, + 'expires_at': trunc(session.access_expires_at) + }) \ No newline at end of file diff --git a/server/flask/application/backend/data/dao_session.py b/server/flask/application/backend/data/dao_session.py index 1e6d648..12f22e7 100644 --- a/server/flask/application/backend/data/dao_session.py +++ b/server/flask/application/backend/data/dao_session.py @@ -20,13 +20,26 @@ def get_user_for_token(access_token: str): return rows[0][0] return None -_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, refresh_token, access_expires_at, refresh_expires_at)"\ -"VALUES(:user_id, :access_token, :refresh_token, :access_expires_at, :refresh_expires_at)" +_GET_USER_FOR_MEDIA_TOKEN_SQL = "SELECT user_id FROM session where media_token = :token and access_expires_at >= :time" +def get_user_for_media_token(media_token: str): + db = get_db() + _delete_expired_tokens(db) + db_cursor = db.cursor() + db_cursor.execute(_GET_USER_FOR_MEDIA_TOKEN_SQL, {"token": media_token, "time": time.time()}) + rows = db_cursor.fetchall() + + if (len(rows) == 1): + return rows[0][0] + return None + +_INSER_SESSION_SQL = "INSERT INTO session(user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at)"\ +"VALUES(:user_id, :access_token, :media_token, :refresh_token, :access_expires_at, :refresh_expires_at)" def _session_insert(db_cursor, session: Session): params = { "user_id": session.user_id, "access_token": session.access_token, + "media_token": session.media_token, "refresh_token": session.refresh_token, "access_expires_at": session.access_expires_at, "refresh_expires_at": session.refresh_expires_at, diff --git a/server/flask/application/backend/data/data_models.py b/server/flask/application/backend/data/data_models.py index 5391632..8a864e4 100644 --- a/server/flask/application/backend/data/data_models.py +++ b/server/flask/application/backend/data/data_models.py @@ -2,9 +2,10 @@ from enum import Enum from enum import IntEnum class Session: - def __init__(self, user_id, access_token, refresh_token, access_expires_at, refresh_expires_at): + def __init__(self, user_id, access_token, media_token, refresh_token, access_expires_at, refresh_expires_at): self.user_id = user_id self.access_token = access_token + self.media_token = media_token self.refresh_token = refresh_token self.access_expires_at = access_expires_at self.refresh_expires_at = refresh_expires_at @@ -14,12 +15,13 @@ class Session: return False return self.user_id == other.user_id \ and self.access_token == other.access_token \ + and self.media_token == other.media_token \ and self.refresh_token == other.refresh_token \ and self.access_expires_at == other.access_expires_at \ and self.refresh_expires_at == other.refresh_expires_at \ def __str__(self): - return 'Session(user_id={},access_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at) + return 'Session(user_id={},access_token={},media_token={},refresh_token={},access_expires_at={},refresh_expires_at={})'.format(self.user_id, self.access_token, self.media_token, self.refresh_token, self.access_expires_at, self.refresh_expires_at) def __repr__(self): return self.__str__() @@ -88,18 +90,25 @@ class ResponseCode(IntEnum): SUCCESS_RESET_OTP_VERIFICATION = 207 SUCCESS_SAVED_RESET_PASSWORD_TOKEN = 208 SUCCESS_DELETED_TOKEN = 209 + SUCCESS_MEDIA_ACCESS = 220 - + EMPTY_USERNAME = 410 ALREADY_TAKEN_USERNAME = 411 NOT_FOUND_USER = 412 INVALID_USERNAME_TO_EDIT = 413 CANT_SAVE_USER_FILE_METADATA = 414 CANT_SAVE_FILE_METADATA = 415 INVALID_FILE_KEY = 416 + EMPTY_PASSWORD = 420 INVALID_PASSWORD = 421 INVALID_NEW_PASSWORD = 422 UNKNOWN_REGISTRATION_TOKEN = 430 INVALID_OTP = 431 + MISSING_AUTHORIZATION = 440 + INVALID_AUTHORIZATION = 441 + UNASSOCIATED_AUTHORIZATION = 442 + MISSING_MEDIA_AUTHORIZATION = 443 + INVALID_MEDIA_AUTHORIZATION = 444 INVALID_REFRESH_TOKEN = 450 INVALID_RESET_PASSWORD_TOKEN = 459 INVALID_REGISTRATION_TOKEN = 460 diff --git a/server/flask/application/backend/data/migration.py b/server/flask/application/backend/data/migration.py new file mode 100644 index 0000000..7a8c79c --- /dev/null +++ b/server/flask/application/backend/data/migration.py @@ -0,0 +1,13 @@ +import sqlite3 +import sys + +def migration_0_to_1(db_path: str): + db = sqlite3.connect(db_path, detect_types=sqlite3.PARSE_DECLTYPES) + db_cursor = db.cursor() + db_cursor.execute("ALTER TABLE session ADD media_token TEXT NOT NULL;") + db.commit() + db.close() + +if __name__ == "__main__": + print(sys.argv[1]) + #migration_0_to_1(sys.argv[1]) \ No newline at end of file diff --git a/server/flask/application/backend/data/schema.sql b/server/flask/application/backend/data/schema.sql index f79bbc7..def0517 100644 --- a/server/flask/application/backend/data/schema.sql +++ b/server/flask/application/backend/data/schema.sql @@ -27,6 +27,7 @@ CREATE TABLE reset_password_token ( CREATE TABLE session ( user_id INTEGER NOT NULL, access_token TEXT NOT NULL, + media_token TEXT NOT NULL, refresh_token TEXT NOT NULL, access_expires_at INTEGER NOT NULL, refresh_expires_at INTEGER NOT NULL, diff --git a/server/flask/application/backend/flask_project.py b/server/flask/application/backend/flask_project.py index c1bff39..55a5109 100644 --- a/server/flask/application/backend/flask_project.py +++ b/server/flask/application/backend/flask_project.py @@ -12,6 +12,7 @@ from .require_decorators import require_user_priviliged_after_session from . import auth_requests as auth_requests_handler from . import admin_requests as admin_requests_handler from . import user_action_requests as user_action_requests_handler +from . import media_access_requests as media_access_requests_handler # for chrome to accept the certificate run in console `endCommand(SecurityInterstitialCommandId.CMD_PROCEED)` # to restart = `uwsgi --ini home-vod-server.ini` like in Dockerimage @@ -137,6 +138,12 @@ def create_app(test_config=None): return admin_requests_handler.handle_delete_registration_token(user = user) # endregion +# region media access + @app.route("/has_media_access", methods=['GET']) + def has_media_access(): + return media_access_requests_handler.handle_has_media_access() +# endregion + return app if __name__ == "__main__": diff --git a/server/flask/application/backend/media_access_requests.py b/server/flask/application/backend/media_access_requests.py new file mode 100644 index 0000000..f334911 --- /dev/null +++ b/server/flask/application/backend/media_access_requests.py @@ -0,0 +1,16 @@ +from flask import request, jsonify +from .require_decorators import get_cropped_token +from .data.data_models import ResponseCode +from .data import dao_session +from .data import dao_users + +def handle_has_media_access(): + media_token = get_cropped_token(request.headers.get('Media-Authorization')) + if (media_token is None): + errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_MEDIA_AUTHORIZATION}) + return errorResponse, 401 + user_id = dao_session.get_user_for_media_token(media_token=media_token) + if (user_id is None): + errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_MEDIA_AUTHORIZATION}) + return errorResponse, 401 + return jsonify({'message':'Access Granted','code': ResponseCode.SUCCESS_MEDIA_ACCESS}), 200 \ No newline at end of file diff --git a/server/flask/application/backend/require_decorators.py b/server/flask/application/backend/require_decorators.py index ed9c6ae..b335c33 100644 --- a/server/flask/application/backend/require_decorators.py +++ b/server/flask/application/backend/require_decorators.py @@ -4,6 +4,7 @@ from . import token_generator_util from .data import dao_users from .data.data_models import User from .data import dao_session +from .data.data_models import ResponseCode def get_cropped_username(username: str): max_length = current_app.config['MAX_USERNAME_LENGTH'] @@ -45,12 +46,12 @@ def require_username_and_password(request_processor): def do_require_username_and_password(): username = request.form.get('username') if username is None: - errorResponse = jsonify({'message':'Username cannot be empty!','code':410}) + errorResponse = jsonify({'message':'Username cannot be empty!','code':ResponseCode.EMPTY_USERNAME}) return errorResponse, 400 password = request.form.get('password') if password is None: - errorResponse = jsonify({'message':'Password cannot be empty!','code':420}) + errorResponse = jsonify({'message':'Password cannot be empty!','code':ResponseCode.EMPTY_PASSWORD}) return errorResponse, 400 return request_processor(get_cropped_username(username), get_cropped_password(password)) return do_require_username_and_password @@ -60,7 +61,7 @@ def require_user_exists_by_username_and_password(request_processor): def do_require_user(username, password): user = dao_users.get_user_by_name_and_password(user_name = username, password = password) if user is None: - errorResponse = jsonify({'message':'User cannot be found!','code':412}) + errorResponse = jsonify({'message':'User cannot be found!','code':ResponseCode.NOT_FOUND_USER}) return errorResponse, 400 return request_processor(user) return do_require_user @@ -70,17 +71,17 @@ def requires_session(request_processor): def do_require_session(): access_token = get_cropped_token(request.headers.get('Authorization')) if (access_token is None): - errorResponse = jsonify({'message':'Missing Authorization!','code':440}) + errorResponse = jsonify({'message':'Missing Authorization!','code':ResponseCode.MISSING_AUTHORIZATION}) return errorResponse, 401 user_id = dao_session.get_user_for_token(access_token) if (user_id is None): - errorResponse = jsonify({'message':'Invalid Authorization!','code':441}) + errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.INVALID_AUTHORIZATION}) return errorResponse, 401 user = dao_users.get_user_by_id(user_id) if user is None: - errorResponse = jsonify({'message':'Invalid Authorization!','code':442}) + errorResponse = jsonify({'message':'Invalid Authorization!','code':ResponseCode.UNASSOCIATED_AUTHORIZATION}) return errorResponse, 400 return request_processor(user) return do_require_session @@ -91,7 +92,7 @@ def require_otp_verification_after_session(request_processor): one_time_password = get_cropped_otp(request.form.get('otp') or '') is_otp_ok = token_generator_util.verify_otp(user.otp_secret, one_time_password) if not is_otp_ok: - errorResponse = jsonify({'message':'Invalid Token!','code':431}) + errorResponse = jsonify({'message':'Invalid Token!','code':ResponseCode.INVALID_OTP}) return errorResponse, 400 return request_processor(user) @@ -101,7 +102,7 @@ def require_user_priviliged_after_session(request_processor): @functools.wraps(request_processor) def do_require_user_priviliged(user: User): if not user.privileged: - errorResponse = jsonify({'message':'Not Authorized!','code':460}) + errorResponse = jsonify({'message':'Not Authorized!','code':ResponseCode.INVALID_REGISTRATION_TOKEN}) return errorResponse, 400 return request_processor(user) diff --git a/server/flask/application/backend/token_generator_util.py b/server/flask/application/backend/token_generator_util.py index 38310b2..4e68bd8 100644 --- a/server/flask/application/backend/token_generator_util.py +++ b/server/flask/application/backend/token_generator_util.py @@ -24,6 +24,7 @@ def generate_session(user_id, byte_count = None, access_expires_in = None, refre return Session( user_id = user_id, access_token = token_urlsafe(byte_count), + media_token = token_urlsafe(byte_count), refresh_token = token_urlsafe(byte_count), access_expires_at = access_expires_in + current_time, refresh_expires_at = refresh_expires_in + current_time, diff --git a/server/flask/application/backend/user_action_requests.py b/server/flask/application/backend/user_action_requests.py index 7680676..cac6324 100644 --- a/server/flask/application/backend/user_action_requests.py +++ b/server/flask/application/backend/user_action_requests.py @@ -1,5 +1,4 @@ from flask import request, jsonify -import json from .require_decorators import get_cropped_password from .require_decorators import get_cropped_otp from .require_decorators import get_cropped_key @@ -11,6 +10,7 @@ from .data import dao_file_metadata_of_user from .data import dao_file_metadata from .data.data_models import User from .data.data_models import ResponseCode +from .auth_requests import _jsonify_session as jsonify_session def handle_change_password(user: User): password = get_cropped_password(request.form.get('password')) @@ -31,12 +31,7 @@ def handle_change_password(user: User): session = token_generator_util.generate_session(user.id) dao_users.update_user_password(user_id = user.id, new_password = new_password) dao_session.create_new_single_session(session = session) - sessionResponse = jsonify({ - 'access_token': session.access_token, - 'refresh_token': session.refresh_token, - 'expires_at': session.access_expires_at - }) - return sessionResponse, 200 + return jsonify_session(session), 200 def handle_reset_password(username: str, password: str): reset_password_token = get_cropped_otp(request.form.get('reset_password_token')) diff --git a/server/flask/application/nginx-proxy-config b/server/flask/application/nginx-proxy-config index 9b15d91..49ca730 100644 --- a/server/flask/application/nginx-proxy-config +++ b/server/flask/application/nginx-proxy-config @@ -26,7 +26,7 @@ server { location /media { root /media-data/; autoindex on; - auth_request /user/is_privileged; + auth_request /has_media_access; limit_req zone=ip burst=12 delay=8; # enable cache diff --git a/server/flask/application/test/context.py b/server/flask/application/test/context.py index 355ea1f..a4b058b 100644 --- a/server/flask/application/test/context.py +++ b/server/flask/application/test/context.py @@ -1,4 +1,5 @@ from backend.flask_project import create_app +from backend.data.data_models import Session default_test_config = { "DATABASE_PATH": "testdb", @@ -10,4 +11,14 @@ default_test_config = { "MAX_OTP_LENGTH": 16, "MAX_TOKEN_LENGTH": 200, "KEY_LENGTH": 30, -} \ No newline at end of file +} + +def create_test_session(user_id, access_token = '', media_token = '', refresh_token = '', access_expires_at = 1, refresh_expires_at = 1): + return Session( + user_id = user_id, + access_token = access_token, + media_token = media_token, + refresh_token = refresh_token, + access_expires_at = access_expires_at, + refresh_expires_at = refresh_expires_at + ) \ No newline at end of file diff --git a/server/flask/application/test/data/test_dao_session.py b/server/flask/application/test/data/test_dao_session.py index 982b29b..ee2389c 100644 --- a/server/flask/application/test/data/test_dao_session.py +++ b/server/flask/application/test/data/test_dao_session.py @@ -28,50 +28,62 @@ class SessionDAOTest(unittest.TestCase): db.close_db() os.remove("testdb") - def test_empty_db_contains_no_token(self): + def test_empty_db_contains_no_session(self): expected = None - token = "token" with self.app.app_context(): - actual = sut.get_user_for_token(token) + actual_by_access = sut.get_user_for_token('access') + actual_by_media = sut.get_user_for_media_token('media') + actual_by_refresh = sut.get_user_for_token('refresh') - self.assertEqual(expected, actual) + self.assertEqual(expected, actual_by_access) + self.assertEqual(expected, actual_by_media) + self.assertEqual(expected, actual_by_refresh) @unittest.mock.patch('time.time', return_value=1000) def test_inserted_token_is_found(self, mock_time): assert time.time() == 1000 expected = 13 - token = "token" + access_token = "access" + refresh_token = "refresh" + media_token = "media" session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = media_token, + refresh_token = refresh_token, access_expires_at = 2000, refresh_expires_at = 4000 ) with self.app.app_context(): sut.insert_user_session(session) - actual = sut.get_user_for_token(token) + actual_by_access = sut.get_user_for_token(access_token) + actual_by_media = sut.get_user_for_media_token(media_token) + actual_by_refresh = sut.get_user_for_refresh_token(refresh_token) - self.assertEqual(expected, actual) + self.assertEqual(expected, actual_by_access) + self.assertEqual(expected, actual_by_media) + self.assertEqual(expected, actual_by_refresh) @unittest.mock.patch('time.time', return_value=1000) - def test_same_token_results_in_not_found(self, mock_time): + def test_same_access_token_results_in_not_found(self, mock_time): assert time.time() == 1000 expected = None - token = "token" + access_token = "token" session1 = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = "media_token_1", + refresh_token = "refresh_token_1", access_expires_at = 2000, refresh_expires_at = 4000 ) session2 = Session( user_id = 14, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = "media_token_2", + refresh_token = "refresh_token_2", access_expires_at = 2000, refresh_expires_at = 4000 ) @@ -79,67 +91,147 @@ class SessionDAOTest(unittest.TestCase): with self.app.app_context(): sut.insert_user_session(session1) sut.insert_user_session(session2) - actual = sut.get_user_for_token(token) + actual = sut.get_user_for_token(access_token) + + self.assertEqual(expected, actual) + + @unittest.mock.patch('time.time', return_value=1000) + def test_same_access_media_token_results_in_not_found(self, mock_time): + assert time.time() == 1000 + expected = None + media_token = "token" + session1 = Session( + user_id = 13, + access_token = "access_1", + media_token = media_token, + refresh_token = "refresh_token1", + access_expires_at = 2000, + refresh_expires_at = 4000 + ) + session2 = Session( + user_id = 14, + access_token = "access_2", + media_token = media_token, + refresh_token = "refresh_token2", + access_expires_at = 2000, + refresh_expires_at = 4000 + ) + + with self.app.app_context(): + sut.insert_user_session(session1) + sut.insert_user_session(session2) + actual = sut.get_user_for_media_token(media_token) + + self.assertEqual(expected, actual) + + @unittest.mock.patch('time.time', return_value=1000) + def test_same_access_refresh_token_results_in_not_found(self, mock_time): + assert time.time() == 1000 + expected = None + refresh_token = "token" + session1 = Session( + user_id = 13, + access_token = "access1", + media_token = "media1", + refresh_token = refresh_token, + access_expires_at = 2000, + refresh_expires_at = 4000 + ) + session2 = Session( + user_id = 14, + access_token = "access2", + media_token = "media2", + refresh_token = refresh_token, + access_expires_at = 2000, + refresh_expires_at = 4000 + ) + + with self.app.app_context(): + sut.insert_user_session(session1) + sut.insert_user_session(session2) + actual = sut.get_user_for_refresh_token(refresh_token) self.assertEqual(expected, actual) @unittest.mock.patch('time.time', return_value=1000) - def test_expired_access_token_isnt_returned(self, mock_time): + def test_expired_access_token_isnt_returned_but_refresh_is(self, mock_time): assert time.time() == 1000 expected = None - token = "token" + access_token = "access" + media_token = "media" + refresh_token = "refresh" + expected_refresh_user_id = 13 session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = media_token, + refresh_token = refresh_token, access_expires_at = 500, refresh_expires_at = 2000 ) with self.app.app_context(): sut.insert_user_session(session) - actual = sut.get_user_for_token(token) + actual_by_access = sut.get_user_for_token(access_token) + actual_by_media = sut.get_user_for_media_token(media_token) + actual_by_refresh = sut.get_user_for_refresh_token(refresh_token) - self.assertEqual(expected, actual) + self.assertEqual(expected, actual_by_access) + self.assertEqual(expected, actual_by_media) + self.assertEqual(expected_refresh_user_id, actual_by_refresh) # but by refresh it is @unittest.mock.patch('time.time', return_value=1000) def test_expired_refresh_token_isnt_returned(self, mock_time): assert time.time() == 1000 expected = None - token = "token" + access_token = "access" + media_token = "media" + refresh_token = "refresh" session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = media_token, + refresh_token = refresh_token, access_expires_at = 2500, refresh_expires_at = 500 ) with self.app.app_context(): sut.insert_user_session(session) - actual = sut.get_user_for_token(token) + actual_by_access = sut.get_user_for_token(access_token) + actual_by_media = sut.get_user_for_media_token(media_token) + actual_by_refresh = sut.get_user_for_refresh_token(refresh_token) - self.assertEqual(expected, actual) + self.assertEqual(expected, actual_by_access) + self.assertEqual(expected, actual_by_media) + self.assertEqual(expected, actual_by_refresh) @unittest.mock.patch('time.time', return_value=1000) def test_deleted_session_isnt_returned(self, mock_time): assert time.time() == 1000 expected = None - token = "token" + access_token = "access" + media_token = "media" + refresh_token = "refresh" session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = access_token, + media_token = media_token, + refresh_token = refresh_token, access_expires_at = 1500, refresh_expires_at = 5000 ) with self.app.app_context(): sut.insert_user_session(session = session) - sut.delete_user_session(access_token = token) - actual = sut.get_user_for_token(access_token = token) + sut.delete_user_session(access_token = access_token) + actual_by_access = sut.get_user_for_token(access_token) + actual_by_media = sut.get_user_for_media_token(media_token) + actual_by_refresh = sut.get_user_for_refresh_token(refresh_token) - self.assertEqual(expected, actual) + self.assertEqual(expected, actual_by_access) + self.assertEqual(expected, actual_by_media) + self.assertEqual(expected, actual_by_refresh) @unittest.mock.patch('time.time', return_value=1000) def test_deleted_all_user_session_isnt_returned(self, mock_time): @@ -148,6 +240,7 @@ class SessionDAOTest(unittest.TestCase): session1 = Session( user_id = 13, access_token = "token1", + media_token = "media_token1", refresh_token = "refresh_token1", access_expires_at = 1500, refresh_expires_at = 5000 @@ -155,6 +248,7 @@ class SessionDAOTest(unittest.TestCase): session2 = Session( user_id = 13, access_token = "token2", + media_token = "media_token2", refresh_token = "refresh_token2", access_expires_at = 1500, refresh_expires_at = 5000 @@ -162,6 +256,7 @@ class SessionDAOTest(unittest.TestCase): session_of_different_user = Session( user_id = 14, access_token = "token3", + media_token = "media_token3", refresh_token = "refresh_token3", access_expires_at = 1500, refresh_expires_at = 5000 @@ -172,30 +267,42 @@ class SessionDAOTest(unittest.TestCase): sut.insert_user_session(session = session2) sut.insert_user_session(session = session_of_different_user) sut.delete_all_user_session_by_user_id(user_id=13) - actual1 = sut.get_user_for_token(access_token = session1.access_token) - actual2 = sut.get_user_for_token(access_token = session2.access_token) - actual_of_different_user = sut.get_user_for_token(access_token = session_of_different_user.access_token) + actual1_by_access = sut.get_user_for_token(access_token = session1.access_token) + actual2_by_access = sut.get_user_for_token(access_token = session2.access_token) + actual1_by_media = sut.get_user_for_media_token(media_token = session1.media_token) + actual2_by_media = sut.get_user_for_media_token(media_token = session2.media_token) + actual1_by_refresh = sut.get_user_for_refresh_token(refresh_token = session1.refresh_token) + actual2_by_refresh = sut.get_user_for_refresh_token(refresh_token = session2.refresh_token) + actual_of_different_user_by_access = sut.get_user_for_token(session_of_different_user.access_token) + actual_of_different_user_by_media = sut.get_user_for_media_token(session_of_different_user.media_token) + actual_of_different_user_by_refresh = sut.get_user_for_refresh_token(session_of_different_user.refresh_token) - self.assertEqual(expected, actual1) - self.assertEqual(expected, actual2) - self.assertEqual(session_of_different_user.user_id, actual_of_different_user) + self.assertEqual(expected, actual1_by_access) + self.assertEqual(expected, actual2_by_access) + self.assertEqual(expected, actual1_by_media) + self.assertEqual(expected, actual2_by_media) + self.assertEqual(expected, actual1_by_refresh) + self.assertEqual(expected, actual2_by_refresh) + self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_access) + self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_media) + self.assertEqual(session_of_different_user.user_id, actual_of_different_user_by_refresh) @unittest.mock.patch('time.time', return_value=1000) def test_after_new_single_session_old_session_is_not_returned(self, mock_time): assert time.time() == 1000 - token = "token" - new_token = "new_token" session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = 'token', + media_token = "media", + refresh_token = "refresh", access_expires_at = 1500, refresh_expires_at = 5000 ) - new_session = session = Session( + new_session = Session( user_id = 13, - access_token = new_token, - refresh_token = "refresh_token", + access_token = 'new_token', + media_token = "new_media", + refresh_token = "new_refresh", access_expires_at = 1500, refresh_expires_at = 5000 ) @@ -205,28 +312,36 @@ class SessionDAOTest(unittest.TestCase): with self.app.app_context(): sut.insert_user_session(session = session) sut.create_new_single_session(session = new_session) - actual_old = sut.get_user_for_token(access_token = token) - actual_new = sut.get_user_for_token(access_token = new_token) + actual_old_by_access = sut.get_user_for_token(session.access_token) + actual_old_by_media = sut.get_user_for_media_token(session.media_token) + actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token) + actual_new_by_access = sut.get_user_for_token(new_session.access_token) + actual_new_by_media = sut.get_user_for_media_token(new_session.media_token) + actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token) - self.assertEqual(expected_old, actual_old) - self.assertEqual(expected_new, actual_new) + self.assertEqual(expected_old, actual_old_by_access) + self.assertEqual(expected_old, actual_old_by_media) + self.assertEqual(expected_old, actual_old_by_refresh) + self.assertEqual(expected_new, actual_new_by_access) + self.assertEqual(expected_new, actual_new_by_media) + self.assertEqual(expected_new, actual_new_by_refresh) @unittest.mock.patch('time.time', return_value=1000) def test_after_swap_refresh_session_old_session_is_not_returned(self, mock_time): assert time.time() == 1000 - token = "token" - new_token = "new_token" session = Session( user_id = 13, - access_token = token, - refresh_token = "refresh_token", + access_token = "token", + media_token = "media", + refresh_token = "refresh", access_expires_at = 1500, refresh_expires_at = 5000 ) - new_session = session = Session( + new_session = Session( user_id = 13, - access_token = new_token, - refresh_token = "refresh_token2", + access_token = "new_token", + media_token = "new_media", + refresh_token = "new_refresh", access_expires_at = 1500, refresh_expires_at = 5000 ) @@ -236,11 +351,19 @@ class SessionDAOTest(unittest.TestCase): with self.app.app_context(): sut.insert_user_session(session = session) sut.swap_refresh_session(refresh_token = session.refresh_token, session = new_session) - actual_old = sut.get_user_for_token(access_token = token) - actual_new = sut.get_user_for_token(access_token = new_token) + actual_old_by_access = sut.get_user_for_token(session.access_token) + actual_old_by_media = sut.get_user_for_media_token(session.media_token) + actual_old_by_refresh = sut.get_user_for_refresh_token(session.refresh_token) + actual_new_by_access = sut.get_user_for_token(new_session.access_token) + actual_new_by_media = sut.get_user_for_media_token(new_session.media_token) + actual_new_by_refresh = sut.get_user_for_refresh_token(new_session.refresh_token) - self.assertEqual(expected_old, actual_old) - self.assertEqual(expected_new, actual_new) + self.assertEqual(expected_old, actual_old_by_access) + self.assertEqual(expected_old, actual_old_by_media) + self.assertEqual(expected_old, actual_old_by_refresh) + self.assertEqual(expected_new, actual_new_by_access) + self.assertEqual(expected_new, actual_new_by_media) + self.assertEqual(expected_new, actual_new_by_refresh) if __name__ == '__main__': diff --git a/server/flask/application/test/test_add_file_metadata.py b/server/flask/application/test/test_add_file_metadata.py index 71c82b2..f715872 100644 --- a/server/flask/application/test/test_add_file_metadata.py +++ b/server/flask/application/test/test_add_file_metadata.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -52,13 +52,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): self.assertEqual(expected, actual_response_json) def test_expired_access_token_headers_returns_unauthorized(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -68,22 +62,17 @@ class AddFileMetadataUnitTest(unittest.TestCase): self.assertEqual(401, response.status_code) self.assertEqual(expected, actual_response_json) - def test_sending_non_saved_user_error_is_shown(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + @unittest.mock.patch('time.time', return_value=1000) + def test_sending_non_saved_user_error_is_shown(self, mock_time): + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected = {'message':'Invalid Authorization!','code':441} + expected = {'message':'Invalid Authorization!','code':442} header = {'Authorization': 'token'} response = self.client.post(self.url_path, headers = header) actual_response_json = json.loads(response.data.decode()) - self.assertEqual(401, response.status_code) + self.assertEqual(400, response.status_code) self.assertEqual(expected, actual_response_json) @unittest.mock.patch('time.time', return_value=1000) @@ -94,13 +83,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'File MetaData Saved!','code':203} @@ -120,13 +103,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Couldn\'t save metadata!','code':415} @@ -146,13 +123,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected_of_key_query = {'key': 'value'} expected_of_key2_query = {'key2':'value2'} @@ -181,13 +152,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value1'} @@ -211,13 +176,7 @@ class AddFileMetadataUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value'} diff --git a/server/flask/application/test/test_add_file_metadata_of_user.py b/server/flask/application/test/test_add_file_metadata_of_user.py index fa00722..43684e1 100644 --- a/server/flask/application/test/test_add_file_metadata_of_user.py +++ b/server/flask/application/test/test_add_file_metadata_of_user.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -52,13 +52,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(expected, actual_response_json) def test_expired_access_token_headers_returns_unauthorized(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -68,22 +62,17 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(401, response.status_code) self.assertEqual(expected, actual_response_json) - def test_sending_non_saved_user_error_is_shown(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + @unittest.mock.patch('time.time', return_value=1000) + def test_sending_non_saved_user_error_is_shown(self, mock_time): + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected = {'message':'Invalid Authorization!','code':441} + expected = {'message':'Invalid Authorization!','code':442} header = {'Authorization': 'token'} response = self.client.post(self.url_path, headers = header) actual_response_json = json.loads(response.data.decode()) - self.assertEqual(401, response.status_code) + self.assertEqual(400, response.status_code) self.assertEqual(expected, actual_response_json) @unittest.mock.patch('time.time', return_value=1000) @@ -94,13 +83,8 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) + self.insert_session(session) expected = {'message':'User\'s File MetaData Saved!','code':202} @@ -120,13 +104,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Couldn\'t save user\'s metadata!','code':414} @@ -146,13 +124,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value', 'key2':'value2'} @@ -173,13 +145,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value1', 'key2':'value2', 'key3': 'value3'} @@ -202,13 +168,7 @@ class AddFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value', 'key2':'value2'} diff --git a/server/flask/application/test/test_change_password.py b/server/flask/application/test/test_change_password.py index 465bf22..b655311 100644 --- a/server/flask/application/test/test_change_password.py +++ b/server/flask/application/test/test_change_password.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -58,13 +58,7 @@ class PasswordChangeUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -76,13 +70,7 @@ class PasswordChangeUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -101,13 +89,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -126,13 +108,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -152,13 +128,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Password!','code':421} @@ -178,13 +148,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'New Password cannot be empty!','code':422} @@ -204,13 +168,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Password!','code':421} @@ -230,15 +188,9 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected_keys = {'access_token', 'refresh_token', 'expires_at'} + expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'} correct_code = 585501 #for 1000 and base32secret3232 data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code} @@ -258,13 +210,7 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code} @@ -287,19 +233,13 @@ class PasswordChangeUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 change_pass_data = {'password':'pass', 'new_password': 'pass2', 'otp': correct_code} response = self.client.post(self.url_path, data=change_pass_data, headers={'Authorization': 'token'}) session_response = json.loads(response.data.decode()) - expected_keys = {'access_token', 'refresh_token', 'expires_at'} + expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'} data = {'password':'pass2', 'new_password': 'pass3', 'otp': correct_code} response = self.client.post(self.url_path, data=data, headers={'Authorization': session_response['access_token']}) diff --git a/server/flask/application/test/test_create_registration_token.py b/server/flask/application/test/test_create_registration_token.py index da6e922..88f0027 100644 --- a/server/flask/application/test/test_create_registration_token.py +++ b/server/flask/application/test/test_create_registration_token.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_registration_tokens @@ -60,13 +60,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -79,13 +73,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -104,13 +92,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -129,13 +111,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -155,13 +131,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Not Authorized!','code':460} @@ -183,13 +153,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Registration Token given!','code':460} @@ -211,13 +175,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Registration Token given!','code':460} @@ -241,13 +199,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Registration token Saved!','code':205} @@ -270,13 +222,7 @@ class CreateRegistrationTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 data = {'registration_token': '123456', 'otp': correct_code} diff --git a/server/flask/application/test/test_create_reset_password_token.py b/server/flask/application/test/test_create_reset_password_token.py index e67ce4d..a444e43 100644 --- a/server/flask/application/test/test_create_reset_password_token.py +++ b/server/flask/application/test/test_create_reset_password_token.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_registration_tokens @@ -60,13 +60,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -79,13 +73,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -104,13 +92,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -129,13 +111,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -155,13 +131,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Not Authorized!','code':460} @@ -183,13 +153,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Reset Password Token given!','code':459} @@ -211,13 +175,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Invalid Reset Password Token given!','code':459} @@ -239,13 +197,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'username_to_reset cannot be empty!','code':413} @@ -267,13 +219,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Reset Password token Saved!','code':208} @@ -295,13 +241,7 @@ class CreateResetPasswordTokenTest(unittest.TestCase): privileged = True ) admin_id = self.insert_user(admin) - session = Session( - user_id=admin_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=admin_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) user = RegisteringUser( name = 'alma', diff --git a/server/flask/application/test/test_delete_registration_token.py b/server/flask/application/test/test_delete_registration_token.py index 064fed8..edcee0d 100644 --- a/server/flask/application/test/test_delete_registration_token.py +++ b/server/flask/application/test/test_delete_registration_token.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_registration_tokens @@ -64,13 +64,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -83,13 +77,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -108,13 +96,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -133,13 +115,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -159,13 +135,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Not Authorized!','code':460} @@ -187,13 +157,7 @@ class DeleteRegistrationTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) self.insert_registration_token('123456') self.insert_registration_token('abcdef') diff --git a/server/flask/application/test/test_delete_user.py b/server/flask/application/test/test_delete_user.py index f4a6ce5..a02b405 100644 --- a/server/flask/application/test/test_delete_user.py +++ b/server/flask/application/test/test_delete_user.py @@ -2,10 +2,9 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users -from backend.data import dao_registration_tokens from backend.data import dao_session from backend.data.data_models import RegisteringUser from backend.data.data_models import Session @@ -65,13 +64,7 @@ class DeleteTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -84,13 +77,7 @@ class DeleteTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -109,13 +96,7 @@ class DeleteTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -134,13 +115,7 @@ class DeleteTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Token!','code':431} @@ -160,13 +135,7 @@ class DeleteTokenUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'Not Authorized!','code':460} @@ -188,29 +157,23 @@ class DeleteTokenUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) guest1_user_id=self.insert_user(RegisteringUser(name = 'guest-1',password = '123',otp_secret = '',)) guest2_user_id=self.insert_user(RegisteringUser(name = 'guest-2',password = '123',otp_secret = '',)) - guest1_session = Session( + guest1_session = create_test_session( user_id=guest1_user_id, access_token='a-1', refresh_token='r-1', - access_expires_at=2000, - refresh_expires_at=3000 + access_expires_at=1050, + refresh_expires_at=2000 ) - guest2_session = Session( + guest2_session = create_test_session( user_id=guest2_user_id, access_token='a-2', refresh_token='r-2', - access_expires_at=2000, - refresh_expires_at=3000 + access_expires_at=1050, + refresh_expires_at=2000 ) self.insert_session(guest1_session) self.insert_session(guest2_session) diff --git a/server/flask/application/test/test_get_file_metadata.py b/server/flask/application/test/test_get_file_metadata.py index d74385a..92bfaf1 100644 --- a/server/flask/application/test/test_get_file_metadata.py +++ b/server/flask/application/test/test_get_file_metadata.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(expected, actual_response_json) def test_expired_access_token_headers_returns_unauthorized(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(401, response.status_code) self.assertEqual(expected, actual_response_json) - def test_sending_non_saved_user_error_is_shown(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + @unittest.mock.patch('time.time', return_value=1000) + def test_sending_non_saved_user_error_is_shown(self, mock_time): + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected = {'message':'Invalid Authorization!','code':441} + expected = {'message':'Invalid Authorization!','code':442} header = {'Authorization': 'token'} response = self.client.get(self.url_path, headers = header) actual_response_json = json.loads(response.data.decode()) - self.assertEqual(401, response.status_code) + self.assertEqual(400, response.status_code) self.assertEqual(expected, actual_response_json) @unittest.mock.patch('time.time', return_value=1000) @@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message': 'Invalid FileKey (file_key)!', 'code': 416} @@ -120,13 +103,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {} @@ -146,13 +123,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_with_metadata_id = self.insert_user(user_with_metadata) - usersession_with_metadata = Session( - user_id=user_with_metadata_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(usersession_with_metadata) user = RegisteringUser( @@ -161,13 +132,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token2', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'key': 'value'} diff --git a/server/flask/application/test/test_get_file_metadata_of_user.py b/server/flask/application/test/test_get_file_metadata_of_user.py index d38afeb..dd26271 100644 --- a/server/flask/application/test/test_get_file_metadata_of_user.py +++ b/server/flask/application/test/test_get_file_metadata_of_user.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -52,13 +52,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(expected, actual_response_json) def test_expired_access_token_headers_returns_unauthorized(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -68,22 +62,17 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): self.assertEqual(401, response.status_code) self.assertEqual(expected, actual_response_json) - def test_sending_non_saved_user_error_is_shown(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + @unittest.mock.patch('time.time', return_value=1000) + def test_sending_non_saved_user_error_is_shown(self, mock_time): + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected = {'message':'Invalid Authorization!','code':441} + expected = {'message':'Invalid Authorization!','code':442} header = {'Authorization': 'token'} response = self.client.get(self.url_path, headers = header) actual_response_json = json.loads(response.data.decode()) - self.assertEqual(401, response.status_code) + self.assertEqual(400, response.status_code) self.assertEqual(expected, actual_response_json) @unittest.mock.patch('time.time', return_value=1000) @@ -94,13 +83,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {} @@ -119,13 +102,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_with_metadata_id = self.insert_user(user_with_metadata) - usersession_with_metadata = Session( - user_id=user_with_metadata_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + usersession_with_metadata = create_test_session(user_id=user_with_metadata_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(usersession_with_metadata) user = RegisteringUser( @@ -134,13 +111,7 @@ class GetFileMetadataOfUserUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token2', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token2', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {} diff --git a/server/flask/application/test/test_get_registration_tokens.py b/server/flask/application/test/test_get_registration_tokens.py index d61a7ff..54b8ae5 100644 --- a/server/flask/application/test/test_get_registration_tokens.py +++ b/server/flask/application/test/test_get_registration_tokens.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_registration_tokens @@ -59,13 +59,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -78,13 +72,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -103,13 +91,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Not Authorized!','code':460} @@ -131,13 +113,7 @@ class GetRegistrationTokensUnitTest(unittest.TestCase): user_id = self.insert_user(user) self.inser_registration_token('token-abc-1') self.inser_registration_token('token-abc-2') - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = { 'registration_tokens':['token-abc-1','token-abc-2'] diff --git a/server/flask/application/test/test_get_users.py b/server/flask/application/test/test_get_users.py index 51ac202..5281e24 100644 --- a/server/flask/application/test/test_get_users.py +++ b/server/flask/application/test/test_get_users.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -54,13 +54,7 @@ class GetUsersUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -73,13 +67,7 @@ class GetUsersUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -98,13 +86,7 @@ class GetUsersUnitTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Not Authorized!','code':460} @@ -126,13 +108,7 @@ class GetUsersUnitTest(unittest.TestCase): user_id = self.insert_user(user) self.insert_user(RegisteringUser(name = 'guest-1',password = 'citrom',otp_secret = '')) self.insert_user(RegisteringUser(name = 'guest-2',password = 'citrom',otp_secret = '')) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = { 'users':[ diff --git a/server/flask/application/test/test_is_user_priviliged.py b/server/flask/application/test/test_is_user_priviliged.py index 3dd3c94..bab0a0e 100644 --- a/server/flask/application/test/test_is_user_priviliged.py +++ b/server/flask/application/test/test_is_user_priviliged.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_session @@ -52,13 +52,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase): self.assertEqual(expected, actual_response_json) def test_expired_access_token_headers_returns_unauthorized(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -68,22 +62,17 @@ class IsUserPriviligedcUnitTest(unittest.TestCase): self.assertEqual(401, response.status_code) self.assertEqual(expected, actual_response_json) - def test_sending_non_saved_user_error_is_shown(self): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + @unittest.mock.patch('time.time', return_value=1000) + def test_sending_non_saved_user_error_is_shown(self, mock_time): + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) - expected = {'message':'Invalid Authorization!','code':441} + expected = {'message':'Invalid Authorization!','code':442} header = {'Authorization': 'token'} response = self.client.get(self.url_path, headers = header) actual_response_json = json.loads(response.data.decode()) - self.assertEqual(401, response.status_code) + self.assertEqual(400, response.status_code) self.assertEqual(expected, actual_response_json) @unittest.mock.patch('time.time', return_value=1000) @@ -95,13 +84,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'is_privileged': True} @@ -121,13 +104,7 @@ class IsUserPriviligedcUnitTest(unittest.TestCase): privileged = False ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'is_privileged': False} diff --git a/server/flask/application/test/test_logout.py b/server/flask/application/test/test_logout.py index c7b09b3..0483e81 100644 --- a/server/flask/application/test/test_logout.py +++ b/server/flask/application/test/test_logout.py @@ -1,12 +1,10 @@ import os import unittest import unittest.mock -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db -from backend.data import dao_users from backend.data import dao_session from backend.data.data_models import Session -from backend.data.data_models import RegisteringUser class LogoutUnitTest(unittest.TestCase): @@ -50,10 +48,10 @@ class LogoutUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_given_valid_session_returns_and_session_is_invalidated_ok(self, mock_time): - session = Session( + session = create_test_session( user_id=2, access_token='access', - refresh_token='refresh', + refresh_token="refresh", access_expires_at=1010, refresh_expires_at=1020 ) diff --git a/server/flask/application/test/test_media_access.py b/server/flask/application/test/test_media_access.py new file mode 100644 index 0000000..98b83ef --- /dev/null +++ b/server/flask/application/test/test_media_access.py @@ -0,0 +1,74 @@ +import os +import unittest +import unittest.mock +import json +from .context import create_app, default_test_config, create_test_session +from backend.data import db +from backend.data import dao_users +from backend.data import dao_session +from backend.data.data_models import Session +from backend.data.data_models import RegisteringUser + +class TestMediaAccess(unittest.TestCase): + + url_path = '/has_media_access' + app = create_app(default_test_config) + client = app.test_client() + + def setUp(self): + with self.app.app_context(): + db.init_db() + + def tearDown(self): + with self.app.app_context(): + db.close_db() + os.remove("testdb") + + def insert_session(self, session: Session): + with self.app.app_context(): + dao_session.insert_user_session(session) + + def test_no_headers_returns_unauthorized(self): + expected = {'message':'Missing Authorization!','code':443} + + response = self.client.get(self.url_path) + actual_response_json = json.loads(response.data.decode()) + + self.assertEqual(401, response.status_code) + self.assertEqual(expected, actual_response_json) + + def test_not_saved_access_token_headers_returns_unauthorized(self): + expected = {'message':'Invalid Authorization!','code':444} + + response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'}) + actual_response_json = json.loads(response.data.decode()) + + self.assertEqual(401, response.status_code) + self.assertEqual(expected, actual_response_json) + + def test_expired_access_token_headers_returns_unauthorized(self): + session = create_test_session(user_id=2, media_token='token', access_expires_at=1, refresh_expires_at=2000) + self.insert_session(session) + expected = {'message':'Invalid Authorization!','code':444} + + response = self.client.get(self.url_path, headers={'Media-Authorization': 'token'}) + actual_response_json = json.loads(response.data.decode()) + + self.assertEqual(401, response.status_code) + self.assertEqual(expected, actual_response_json) + + @unittest.mock.patch('time.time', return_value=1000) + def test_given_valid_token_returns_access_granted(self, mock_time): + session = create_test_session(user_id=2, media_token='token', access_expires_at=1050, refresh_expires_at=2000) + self.insert_session(session) + expected = {'message': 'Access Granted', 'code': 220} + + header = {'Media-Authorization': 'token'} + response = self.client.get(self.url_path, headers = header) + + actual_response_json = json.loads(response.data.decode()) + self.assertEqual(200, response.status_code) + self.assertEqual(expected, actual_response_json) + +if __name__ == '__main__': + unittest.main(verbosity=2) \ No newline at end of file diff --git a/server/flask/application/test/test_otp_verification.py b/server/flask/application/test/test_otp_verification.py index 4bc582f..963bd23 100644 --- a/server/flask/application/test/test_otp_verification.py +++ b/server/flask/application/test/test_otp_verification.py @@ -6,7 +6,6 @@ from .context import create_app, default_test_config from backend.data import db from backend.data import dao_users from backend.data import dao_session -from backend.data.data_models import Session from backend.data.data_models import RegisteringUser class OTP_VerificationUnitTest(unittest.TestCase): @@ -149,7 +148,7 @@ class OTP_VerificationUnitTest(unittest.TestCase): ) user_id = self.insert_user(user) correct_code = 585501 #for 1000 and base32secret3232 - expected_keys = {'access_token', 'refresh_token', 'expires_at'} + expected_keys = {'access_token', 'media_token', 'refresh_token', 'expires_at'} data = {'username': 'myname', 'password': 'mypass', 'otp': '{}'.format(correct_code)} response = self.client.post(self.url_path, data=data) diff --git a/server/flask/application/test/test_refresh_token.py b/server/flask/application/test/test_refresh_token.py index 3800fa6..6319f0d 100644 --- a/server/flask/application/test/test_refresh_token.py +++ b/server/flask/application/test/test_refresh_token.py @@ -2,10 +2,9 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_session -from backend.data.data_models import RegisteringUser from backend.data.data_models import Session class RefreshTokenUnitTest(unittest.TestCase): @@ -52,19 +51,19 @@ class RefreshTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_if_token_is_exists_2_times_then_invalid(self, mock_time): - session1 = Session( - user_id = 1, - access_token = "a", - refresh_token = "token", - access_expires_at = 5000, - refresh_expires_at = 5000, + session1 = create_test_session( + user_id=1, + access_token='a', + refresh_token="token", + access_expires_at=5000, + refresh_expires_at=5000 ) - session2 = Session( - user_id = 2, - access_token = "b", - refresh_token = "token", - access_expires_at = 6000, - refresh_expires_at = 6000, + session2 = create_test_session( + user_id=2, + access_token='b', + refresh_token="token", + access_expires_at=6000, + refresh_expires_at=6000 ) self.insert_session(session1) self.insert_session(session2) @@ -78,12 +77,12 @@ class RefreshTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_refresh_token_then_invalid(self, mock_time): - session = Session( - user_id = 1, - access_token = "a", - refresh_token = "token", - access_expires_at = 6000, - refresh_expires_at = 900, + session = create_test_session( + user_id=1, + access_token='a', + refresh_token="token", + access_expires_at=6000, + refresh_expires_at=900 ) self.insert_session(session) expected = {'message':'Invalid Refresh Token!','code':450} @@ -96,15 +95,15 @@ class RefreshTokenUnitTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_but_non_expires_refresh_token_then_new_is_returned(self, mock_time): - session = Session( - user_id = 1, - access_token = "a", - refresh_token = "token", - access_expires_at = 900, - refresh_expires_at = 6000, + session = create_test_session( + user_id=1, + access_token='a', + refresh_token="token", + access_expires_at=900, + refresh_expires_at=6000 ) self.insert_session(session) - expected_keys = {'access_token', 'refresh_token', 'expires_at'} + expected_keys = {'access_token', 'refresh_token', 'media_token', 'expires_at'} response = self.client.post(self.url_path, data={'refresh_token': 'token'}) actual_response_json = json.loads(response.data.decode()) diff --git a/server/flask/application/test/test_reset_user_otp_verification.py b/server/flask/application/test/test_reset_user_otp_verification.py index 5a81235..58877e6 100644 --- a/server/flask/application/test/test_reset_user_otp_verification.py +++ b/server/flask/application/test/test_reset_user_otp_verification.py @@ -2,7 +2,7 @@ import os import unittest import unittest.mock import json -from .context import create_app, default_test_config +from .context import create_app, default_test_config, create_test_session from backend.data import db from backend.data import dao_users from backend.data import dao_registration_tokens @@ -59,13 +59,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_expired_access_token_headers_returns_unauthorized(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=950, - refresh_expires_at=1050, - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':441} @@ -78,13 +72,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): @unittest.mock.patch('time.time', return_value=1000) def test_sending_non_saved_user_error_is_shown(self, mock_time): - session = Session( - user_id=2, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=2, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'message':'Invalid Authorization!','code':442} @@ -103,13 +91,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): otp_secret = 'base32secret3232' ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) expected = {'code': 431, 'message': 'Invalid Token!'} @@ -129,13 +111,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): privileged = False ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'code': 460, 'message': 'Not Authorized!'} @@ -157,13 +133,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'code': 413, 'message': 'username_to_reset cannot be empty!'} @@ -185,13 +155,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): privileged = True ) user_id = self.insert_user(user) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'message':'User cannot be found!','code':412} @@ -220,13 +184,7 @@ class ResetUserOTPVerificationTest(unittest.TestCase): was_otp_verified = True ) self.insert_user(user_to_reset) - session = Session( - user_id=user_id, - access_token='token', - refresh_token='', - access_expires_at=1050, - refresh_expires_at=2000 - ) + session = create_test_session(user_id=user_id, access_token='token', access_expires_at=1050, refresh_expires_at=2000) self.insert_session(session) correct_code = 585501 #for 1000 and base32secret3232 expected = {'code': 207, 'message': 'OTP Verification Reset!'}