-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtestSimpleAuthService.py
More file actions
117 lines (88 loc) · 3.95 KB
/
testSimpleAuthService.py
File metadata and controls
117 lines (88 loc) · 3.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import settings
import jwt
import pyotp
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
import json
import time
import db
from simpleAuthService import app
encoded_token = ""
# reset totpActivated
db1 = db.Db()
query = "UPDATE tblUser SET totpActivated = FALSE WHERE userID = %s"
result = db1.execute(query, (1,))
db1.commit()
del db1
def decodeJWT(encoded_token):
public_key = serialization.load_pem_public_key(settings.PUBLIC_KEY, backend=default_backend())
decoded_token = jwt.decode(encoded_token, public_key, algorithms=["RS256"])
return decoded_token
#first factor authentification
def test_login1_json_sucess():
data = {
"username": "testUser",
"password": "testPwd"
}
response = app.test_client().post('/auth/user/login1', json=data)
assert response.status_code == 200
encoded_token = json.loads(response.data.decode('utf-8')).get("token")
decoded_token = decodeJWT(encoded_token=encoded_token)
roleIDs = decoded_token.get("roleIDs")
assert roleIDs == [1, 2]
def test_login1_json_fail():
data = {
"username": "testUser",
"password": "testWrongPwd"
}
response = app.test_client().post('/auth/user/login1', json=data)
assert response.status_code == 403
token = json.loads(response.data.decode('utf-8')).get("token")
assert token == '-1'
def test_login1_form_success():
data = "username=testUser&password=testPwd"
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
response = app.test_client().post('/auth/user/login1', data=data, headers=headers)
assert response.status_code == 200
totpActivated = json.loads(response.data.decode('utf-8')).get("totpActivated")
uri = json.loads(response.data.decode('utf-8')).get("uri")
assert totpActivated == 0 # false
# Debug mode activ: key not generated randomly -> uri const.
assert uri == "otpauth://totp/SimpleAuthService:testUser?secret=CautionDebugModeTrueKeyIsNotGood&issuer=SimpleAuthService"
global encoded_token
encoded_token = json.loads(response.data.decode('utf-8')).get("token")
decoded_token = decodeJWT(encoded_token=encoded_token)
userId = decoded_token.get("userId")
roleIDs = decoded_token.get("roleIDs")
assert userId == 1
assert roleIDs == [1, 2]
# second factor authentication
def test_login2_form_success():
global encoded_token
totp = pyotp.TOTP('CautionDebugModeTrueKeyIsNotGood')
data = "totpCode=" + totp.now() # => i.e '492039'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
client = app.test_client()
client.set_cookie("localhost", "token", encoded_token)
response = client.post('/auth/user/login2', data=data, headers=headers)
assert response.status_code == 200
encoded_token = json.loads(response.data.decode('utf-8')).get("token")
decoded_token = decodeJWT(encoded_token=encoded_token)
roleIDs = decoded_token.get("roleIDs")
assert roleIDs == [1, 2]
def test_logout():
response = app.test_client().delete('/auth/user/' + encoded_token)
assert response.status_code == 200
token = json.loads(response.data.decode('utf-8')).get("token")
assert token == '-1'
def test_cleanUp_blocked_token_list():
response = app.test_client().delete('/auth/cleanUp')
assert response.status_code == 200
cleanedUp = json.loads(response.data.decode('utf-8')).get("cleanedUp")
assert cleanedUp == 0 # direct clean up of blocked jwts -> nothing has to be done
def test_cleanUp_blocked_token_list2():
time.sleep(settings.EXPIRY_TIME_SECONDS)
response = app.test_client().delete('/auth/cleanUp')
assert response.status_code == 200
cleanedUp = json.loads(response.data.decode('utf-8')).get("cleanedUp")
assert cleanedUp == 1 # settings.EXPIRY_TIME_SECONDS later blocked jwt can be removed from the blocked list