token auth

author: lonkaars <l.leblansch@gmail.com> 2021-01-14 22:02:28 +0100
committer: lonkaars <l.leblansch@gmail.com> 2021-01-14 22:02:28 +0100
commit: 80e8b8c1e1ed6833a2f21d57bbb6bab76589bdb0 (patch)
tree: cf07ec759059b416995c97f24d34379c7ff2cb5e /api
parent: bf986adcf3f619860d18bda9e0c96e93ab97b260 (diff)
6 files changed, 63 insertions, 17 deletions
diff --git a/api/auth/login.py b/api/auth/login.py
index cc40ae3..b01e057 100644
--- a/api/auth/login.py
+++ b/api/auth/login.py
@@ -1,10 +1,7 @@
 from flask import Blueprint, request
-from main import cursor, connection
-from randid import new_uuid
+from main import cursor
 import auth.token as token
 import passwords
-import time
-import json
 
 login = Blueprint('login', __name__)
 
diff --git a/api/auth/login_token.py b/api/auth/login_token.py
new file mode 100644
index 0000000..3085292
--- /dev/null
+++ b/api/auth/login_token.py
@@ -0,0 +1,21 @@
+from flask import Blueprint, request
+from main import cursor
+from auth.token import validate_token
+
+token = Blueprint('token', __name__)
+
+@token.route('/token', methods = ['POST'])
+def index():
+    data = request.get_json()
+
+    user_id = data.get("user_id") or ""
+    auth_token = data.get("token") or ""
+
+    if not user_id or \
+       not auth_token:
+           return "", 400
+    
+    if not cursor.execute("select user_id from users where user_id = ?", [user_id]).fetchone():
+        return "", 401
+
+    return "", 200 if validate_token(user_id, auth_token) else 401
diff --git a/api/auth/signup.py b/api/auth/signup.py
index fee879d..cca76b8 100644
--- a/api/auth/signup.py
+++ b/api/auth/signup.py
@@ -4,7 +4,6 @@ from randid import new_uuid
 import auth.token as token
 import passwords
 import time
-import json
 
 signup = Blueprint('signup', __name__)
 
diff --git a/api/auth/token.py b/api/auth/token.py
index 529af32..a03d685 100644
--- a/api/auth/token.py
+++ b/api/auth/token.py
@@ -7,7 +7,7 @@ import time
 def valid_tokens(user_id):
     return json.loads(cursor.execute("select valid_tokens from users where user_id = ?", [user_id]).fetchone()[0])
 
-def validateToken(user_id, token):
+def validate_token(user_id, token):
     tokens = valid_tokens(user_id)
     return hashlib.sha256(str(token).encode()).hexdigest() in [ t["token"] for t in tokens if t["expirationDate"] > int( time.time() * 1000 ) ]
 
diff --git a/api/main.py b/api/main.py
index ce53f19..f5907cc 100644
--- a/api/main.py
+++ b/api/main.py
@@ -13,9 +13,11 @@ from status import status
 from user.info import info
 from auth.signup import signup
 from auth.login import login
+from auth.login_token import token
 
 app.register_blueprint(status, url_prefix='/api')
 app.register_blueprint(info, url_prefix='/api/user')
 app.register_blueprint(signup, url_prefix='/api/auth')
 app.register_blueprint(login, url_prefix='/api/auth')
+app.register_blueprint(token, url_prefix='/api/auth')
 
diff --git a/api/tests.sh b/api/tests.sh
index 2c73156..6608611 100755
--- a/api/tests.sh
+++ b/api/tests.sh
@@ -1,24 +1,51 @@
 #!/bin/sh
 
+username="test_$RANDOM"
+email="$username@example.com"
+password=$(echo $RANDOM | base64)
+
 signup () {
 	curl -X POST \
 		-H "Content-Type: application/json" \
-		-d '{
-		"username": "gert",
-		"email": "gert@example.com",
-		"password": "password123"
-		}' \
+		-d "{
+		\"username\": \"$username\",
+		\"email\": \"$email\",
+		\"password\": \"$password\"
+		}" \
 		localhost:5000/api/auth/signup
 }
 
-login () {
+login_username () {
+	curl -X POST \
+		-H "Content-Type: application/json" \
+		-d "{
+		\"email\": \"$username\",
+		\"password\": \"$password\"
+		}" \
+		localhost:5000/api/auth/login
+}
+
+login_email () {
 	curl -X POST \
 		-H "Content-Type: application/json" \
-		-d '{
-		"email": "gert@example.com",
-		"password": "password123"
-		}' \
+		-d "{
+		\"email\": \"$email\",
+		\"password\": \"$password\"
+		}" \
 		localhost:5000/api/auth/login
 }
 
-login
+# login_token () {
+# 	curl -X POST \
+# 		-H "Content-Type: application/json" \
+# 		-d "{
+# 		\"user_id\": \"2dc82ac3-e3c1-4a0e-b024-c6224107ff59\",
+# 		\"token\": \"beda7848ac601d80ac88bfc629d13ed6dc27dabd29a3e1db5b2a93839bd6dd3c79e25ea939d13789fdec74edafa18b4040d39729c282f28f82f366d44b5455cd8e3c28b59da2c397ff4e637a99c3ccbea4af00828ab7094b5285b8f900e31e833b5e55994e68e3de7e7fbeb02adc74231f63173e84f7e22aef97f9c7bfd920a1\"
+# 		}" \
+# 		localhost:5000/api/auth/token
+# }
+
+signup
+login_email
+login_username
+
author	lonkaars <l.leblansch@gmail.com>	2021-01-14 22:02:28 +0100
committer	lonkaars <l.leblansch@gmail.com>	2021-01-14 22:02:28 +0100
commit	80e8b8c1e1ed6833a2f21d57bbb6bab76589bdb0 (patch)
tree	cf07ec759059b416995c97f24d34379c7ff2cb5e /api
parent	bf986adcf3f619860d18bda9e0c96e93ab97b260 (diff)