mirror of
https://github.com/GSA/notifications-api.git
synced 2026-07-09 19:04:05 -04:00
51
app/dao/tokens_dao.py
Normal file
51
app/dao/tokens_dao.py
Normal file
@@ -0,0 +1,51 @@
|
||||
from flask import current_app
|
||||
from itsdangerous import URLSafeSerializer
|
||||
|
||||
from app import db
|
||||
from app.models import Token
|
||||
|
||||
|
||||
def save_model_token(token, update_dict={}):
|
||||
if update_dict:
|
||||
del update_dict['id']
|
||||
db.session.query(Token).filter_by(id=token.id).update(update_dict)
|
||||
else:
|
||||
token.token = _generate_token()
|
||||
db.session.add(token)
|
||||
db.session.commit()
|
||||
|
||||
|
||||
def get_model_tokens(service_id=None, raise_=True):
|
||||
"""
|
||||
:param raise_: when True query tokens using one() which will raise NoResultFound exception
|
||||
when False query tokens usong first() which will return None and not raise an exception.
|
||||
"""
|
||||
if service_id:
|
||||
# If expiry date is None the token is active
|
||||
if raise_:
|
||||
return Token.query.filter_by(service_id=service_id, expiry_date=None).one()
|
||||
else:
|
||||
return Token.query.filter_by(service_id=service_id, expiry_date=None).first()
|
||||
return Token.query.filter_by().all()
|
||||
|
||||
|
||||
def get_unsigned_token(service_id):
|
||||
"""
|
||||
There should only be one valid token for each service.
|
||||
This method can only be exposed to the Authentication of the api calls.
|
||||
"""
|
||||
token = Token.query.filter_by(service_id=service_id, expiry_date=None).one()
|
||||
return _get_token(token.token)
|
||||
|
||||
|
||||
def _generate_token(token=None):
|
||||
import uuid
|
||||
if not token:
|
||||
token = uuid.uuid4()
|
||||
serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
|
||||
return serializer.dumps(str(token), current_app.config.get('DANGEROUS_SALT'))
|
||||
|
||||
|
||||
def _get_token(token):
|
||||
serializer = URLSafeSerializer(current_app.config.get('SECRET_KEY'))
|
||||
return serializer.loads(token, salt=current_app.config.get('DANGEROUS_SALT'))
|
||||
@@ -61,6 +61,16 @@ class Service(db.Model):
|
||||
restricted = db.Column(db.Boolean, index=False, unique=False, nullable=False)
|
||||
|
||||
|
||||
class Token(db.Model):
|
||||
__tablename__ = 'tokens'
|
||||
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
token = db.Column(db.String(255), unique=True, nullable=False)
|
||||
service_id = db.Column(db.Integer, db.ForeignKey('services.id'), index=True, nullable=False)
|
||||
service = db.relationship('Service', backref=db.backref('tokens', lazy='dynamic'))
|
||||
expiry_date = db.Column(db.DateTime)
|
||||
|
||||
|
||||
TEMPLATE_TYPES = ['sms', 'email', 'letter']
|
||||
|
||||
|
||||
|
||||
@@ -19,7 +19,7 @@ class UserSchema(ma.ModelSchema):
|
||||
class ServiceSchema(ma.ModelSchema):
|
||||
class Meta:
|
||||
model = models.Service
|
||||
exclude = ("updated_at", "created_at", "templates")
|
||||
exclude = ("updated_at", "created_at", "tokens", "templates")
|
||||
|
||||
|
||||
class TemplateSchema(ma.ModelSchema):
|
||||
@@ -28,9 +28,17 @@ class TemplateSchema(ma.ModelSchema):
|
||||
exclude = ("updated_at", "created_at", "service_id")
|
||||
|
||||
|
||||
class TokenSchema(ma.ModelSchema):
|
||||
class Meta:
|
||||
model = models.Token
|
||||
exclude = ["service"]
|
||||
|
||||
|
||||
user_schema = UserSchema()
|
||||
users_schema = UserSchema(many=True)
|
||||
service_schema = ServiceSchema()
|
||||
services_schema = ServiceSchema(many=True)
|
||||
template_schema = TemplateSchema()
|
||||
templates_schema = TemplateSchema(many=True)
|
||||
token_schema = TokenSchema()
|
||||
tokens_schema = TokenSchema(many=True)
|
||||
|
||||
@@ -1,16 +1,20 @@
|
||||
from datetime import datetime
|
||||
|
||||
from flask import (jsonify, request)
|
||||
from sqlalchemy.exc import DataError
|
||||
from sqlalchemy.orm.exc import NoResultFound
|
||||
|
||||
from app import db
|
||||
from app.dao import DAOException
|
||||
from app.dao.services_dao import (
|
||||
save_model_service, get_model_services, delete_model_service)
|
||||
from app.dao.templates_dao import (
|
||||
save_model_template, get_model_templates)
|
||||
from app.dao.users_dao import get_model_users
|
||||
from app.dao import DAOException
|
||||
from .. import service
|
||||
from app import db
|
||||
save_model_template, get_model_templates, delete_model_template)
|
||||
from app.dao.tokens_dao import (save_model_token, get_model_tokens, get_unsigned_token)
|
||||
from app.models import Token
|
||||
from app.schemas import (
|
||||
services_schema, service_schema, template_schema, templates_schema)
|
||||
services_schema, service_schema, template_schema)
|
||||
from .. import service
|
||||
|
||||
|
||||
# TODO auth to be added.
|
||||
@@ -24,9 +28,10 @@ def create_service():
|
||||
# db.session.commit
|
||||
try:
|
||||
save_model_service(service)
|
||||
save_model_token(Token(service_id=service.id))
|
||||
except DAOException as e:
|
||||
return jsonify(result="error", message=str(e)), 400
|
||||
return jsonify(data=service_schema.dump(service).data), 201
|
||||
return jsonify(data=service_schema.dump(service).data, token=get_unsigned_token(service.id)), 201
|
||||
|
||||
|
||||
# TODO auth to be added
|
||||
@@ -72,6 +77,44 @@ def get_service(service_id=None):
|
||||
return jsonify(data=data)
|
||||
|
||||
|
||||
# TODO auth to be added
|
||||
@service.route('/<int:service_id>/token/renew', methods=['POST'])
|
||||
def renew_token(service_id=None):
|
||||
try:
|
||||
get_model_services(service_id=service_id)
|
||||
except DataError:
|
||||
return jsonify(result="error", message="Invalid service id"), 400
|
||||
except NoResultFound:
|
||||
return jsonify(result="error", message="Service not found"), 404
|
||||
|
||||
try:
|
||||
service_token = get_model_tokens(service_id=service_id, raise_=False)
|
||||
if service_token:
|
||||
# expire existing token
|
||||
save_model_token(service_token, update_dict={'id': service_token.id, 'expiry_date': datetime.now()})
|
||||
# create a new one
|
||||
save_model_token(Token(service_id=service_id))
|
||||
except DAOException as e:
|
||||
return jsonify(result='error', message=str(e)), 400
|
||||
unsigned_token = get_unsigned_token(service_id)
|
||||
return jsonify(data=unsigned_token), 201
|
||||
|
||||
|
||||
@service.route('/<int:service_id>/token/revoke', methods=['POST'])
|
||||
def revoke_token(service_id):
|
||||
try:
|
||||
get_model_services(service_id=service_id)
|
||||
except DataError:
|
||||
return jsonify(result="error", message="Invalid service id"), 400
|
||||
except NoResultFound:
|
||||
return jsonify(result="error", message="Service not found"), 404
|
||||
|
||||
service_token = get_model_tokens(service_id=service_id, raise_=False)
|
||||
if service_token:
|
||||
save_model_token(service_token, update_dict={'id': service_token.id, 'expiry_date': datetime.now()})
|
||||
return jsonify(), 202
|
||||
|
||||
|
||||
# TODO auth to be added.
|
||||
@service.route('/<int:service_id>/template/', methods=['POST'])
|
||||
def create_template(service_id):
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
|
||||
class Config(object):
|
||||
DEBUG = False
|
||||
NOTIFY_LOG_LEVEL = 'DEBUG'
|
||||
@@ -11,11 +10,15 @@ class Config(object):
|
||||
|
||||
class Development(Config):
|
||||
DEBUG = True
|
||||
SECRET_KEY = 'secret-key'
|
||||
DANGEROUS_SALT = 'dangerous-salt'
|
||||
|
||||
|
||||
class Test(Config):
|
||||
DEBUG = True
|
||||
SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/test_notification_api'
|
||||
SECRET_KEY = 'secret-key'
|
||||
DANGEROUS_SALT = 'dangerous-salt'
|
||||
|
||||
|
||||
class Live(Config):
|
||||
|
||||
36
migrations/versions/0003_create_tokens.py
Normal file
36
migrations/versions/0003_create_tokens.py
Normal file
@@ -0,0 +1,36 @@
|
||||
"""empty message
|
||||
|
||||
Revision ID: 0003_create_tokens
|
||||
Revises: 0001_initialise_data
|
||||
Create Date: 2016-01-13 17:07:49.061776
|
||||
|
||||
"""
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '0003_create_tokens'
|
||||
down_revision = '0002_add_templates'
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
|
||||
|
||||
def upgrade():
|
||||
### commands auto generated by Alembic - please adjust! ###
|
||||
op.create_table('tokens',
|
||||
sa.Column('id', sa.Integer(), nullable=False),
|
||||
sa.Column('token', sa.String(length=255), nullable=False),
|
||||
sa.Column('service_id', sa.Integer(), nullable=False),
|
||||
sa.Column('expiry_date', sa.DateTime(), nullable=True),
|
||||
sa.ForeignKeyConstraint(['service_id'], ['services.id'], ),
|
||||
sa.PrimaryKeyConstraint('id'),
|
||||
sa.UniqueConstraint('token')
|
||||
)
|
||||
op.create_index(op.f('ix_tokens_service_id'), 'tokens', ['service_id'], unique=False)
|
||||
### end Alembic commands ###
|
||||
|
||||
|
||||
def downgrade():
|
||||
### commands auto generated by Alembic - please adjust! ###
|
||||
op.drop_index(op.f('ix_tokens_service_id'), table_name='tokens')
|
||||
op.drop_table('tokens')
|
||||
### end Alembic commands ###
|
||||
@@ -9,6 +9,7 @@ PyJWT==1.4.0
|
||||
marshmallow==2.4.2
|
||||
marshmallow-sqlalchemy==0.8.0
|
||||
flask-marshmallow==0.6.2
|
||||
itsdangerous==0.24
|
||||
|
||||
git+https://github.com/alphagov/notifications-python-client.git@0.1.5#egg=notifications-python-client==0.1.5
|
||||
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
import pytest
|
||||
from app.models import (User, Service, Template)
|
||||
from app.dao.users_dao import (save_model_user, get_model_users)
|
||||
from app.models import (User, Service, Template, Token)
|
||||
from app.dao.users_dao import (save_model_user)
|
||||
from app.dao.services_dao import save_model_service
|
||||
from app.dao.templates_dao import save_model_template
|
||||
from app.dao.tokens_dao import save_model_token
|
||||
|
||||
|
||||
@pytest.fixture(scope='function')
|
||||
@@ -50,3 +51,16 @@ def sample_template(notify_db,
|
||||
template = Template(**data)
|
||||
save_model_template(template)
|
||||
return template
|
||||
|
||||
|
||||
@pytest.fixture(scope='function')
|
||||
def sample_token(notify_db,
|
||||
notify_db_session,
|
||||
service=None):
|
||||
import uuid
|
||||
if service is None:
|
||||
service = sample_service(notify_db, notify_db_session)
|
||||
data = {'service_id': service.id}
|
||||
token = Token(**data)
|
||||
save_model_token(token)
|
||||
return token
|
||||
|
||||
62
tests/app/dao/test_tokens_dao.py
Normal file
62
tests/app/dao/test_tokens_dao.py
Normal file
@@ -0,0 +1,62 @@
|
||||
import uuid
|
||||
from app.dao.tokens_dao import (save_model_token, get_model_tokens, get_unsigned_token, _generate_token, _get_token)
|
||||
from datetime import datetime
|
||||
from app.models import Token
|
||||
from pytest import fail
|
||||
from sqlalchemy.orm.exc import NoResultFound
|
||||
|
||||
|
||||
def test_token_is_signed_and_can_be_read_again(notify_api):
|
||||
import uuid
|
||||
with notify_api.test_request_context():
|
||||
token = str(uuid.uuid4())
|
||||
signed_token = _generate_token(token=token)
|
||||
assert token == _get_token(signed_token)
|
||||
assert signed_token != token
|
||||
|
||||
|
||||
def test_save_token_should_create_new_token(notify_api, notify_db, notify_db_session, sample_service):
|
||||
api_token = Token(**{'service_id': sample_service.id})
|
||||
save_model_token(api_token)
|
||||
|
||||
all_tokens = get_model_tokens()
|
||||
assert len(all_tokens) == 1
|
||||
assert all_tokens[0] == api_token
|
||||
|
||||
|
||||
def test_save_token_should_update_the_token(notify_api, notify_db, notify_db_session, sample_token):
|
||||
now = datetime.utcnow()
|
||||
saved_token = get_model_tokens(sample_token.service_id)
|
||||
save_model_token(saved_token, update_dict={'id': saved_token.id, 'expiry_date': now})
|
||||
all_tokens = get_model_tokens()
|
||||
assert len(all_tokens) == 1
|
||||
assert all_tokens[0].expiry_date == now
|
||||
assert all_tokens[0].token == saved_token.token
|
||||
assert all_tokens[0].id == saved_token.id
|
||||
assert all_tokens[0].service_id == saved_token.service_id
|
||||
|
||||
|
||||
def test_get_token_should_raise_exception_when_service_does_not_exist(notify_api, notify_db, notify_db_session,
|
||||
sample_service):
|
||||
try:
|
||||
get_model_tokens(sample_service.id)
|
||||
fail("Should have thrown a NoResultFound exception")
|
||||
except NoResultFound:
|
||||
pass
|
||||
|
||||
|
||||
def test_get_token_should_return_none_when_service_does_not_exist(notify_api, notify_db, notify_db_session,
|
||||
sample_service):
|
||||
assert get_model_tokens(service_id=sample_service.id, raise_=False) is None
|
||||
|
||||
|
||||
def test_should_return_token_for_service(notify_api, notify_db, notify_db_session, sample_token):
|
||||
token = get_model_tokens(sample_token.service_id)
|
||||
assert token == sample_token
|
||||
|
||||
|
||||
def test_should_return_unsigned_token_for_service_id(notify_api, notify_db, notify_db_session,
|
||||
sample_token):
|
||||
unsigned_token = get_unsigned_token(sample_token.service_id)
|
||||
assert sample_token.token != unsigned_token
|
||||
assert unsigned_token == _get_token(sample_token.token)
|
||||
@@ -1,9 +1,11 @@
|
||||
import json
|
||||
from app.models import (Service, User, Template)
|
||||
from app.dao.services_dao import save_model_service
|
||||
from tests.app.conftest import sample_user as create_sample_user
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from app.dao.services_dao import save_model_service
|
||||
from app.models import (Service, User, Token, Template)
|
||||
from tests.app.conftest import sample_user as create_sample_user
|
||||
|
||||
|
||||
def test_get_service_list(notify_api, notify_db, notify_db_session, sample_service):
|
||||
"""
|
||||
@@ -57,6 +59,7 @@ def test_post_service(notify_api, notify_db, notify_db_session, sample_user):
|
||||
json_resp = json.loads(resp.get_data(as_text=True))
|
||||
assert json_resp['data']['name'] == service.name
|
||||
assert json_resp['data']['limit'] == service.limit
|
||||
assert json_resp['token'] is not None
|
||||
|
||||
|
||||
def test_post_service_multiple_users(notify_api, notify_db, notify_db_session, sample_user):
|
||||
@@ -263,6 +266,79 @@ def test_delete_service_not_exists(notify_api, notify_db, notify_db_session, sam
|
||||
assert Service.query.count() == 1
|
||||
|
||||
|
||||
def test_renew_token_should_return_token_when_service_does_not_have_a_valid_token(notify_api, notify_db,
|
||||
notify_db_session, sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
response = client.post(url_for('service.renew_token', service_id=sample_service.id),
|
||||
headers=[('Content-Type', 'application/json')])
|
||||
assert response.status_code == 201
|
||||
assert response.get_data is not None
|
||||
saved_token = Token.query.first()
|
||||
assert saved_token.service_id == sample_service.id
|
||||
|
||||
|
||||
def test_renew_token_should_expire_the_old_token_and_create_a_new_token(notify_api, notify_db, notify_db_session,
|
||||
sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
response = client.post(url_for('service.renew_token', service_id=sample_service.id),
|
||||
headers=[('Content-Type', 'application/json')])
|
||||
assert response.status_code == 201
|
||||
assert len(Token.query.all()) == 1
|
||||
saved_token = Token.query.first()
|
||||
|
||||
response = client.post(url_for('service.renew_token', service_id=sample_service.id),
|
||||
headers=[('Content-Type', 'application/json')])
|
||||
assert response.status_code == 201
|
||||
all_tokens = Token.query.all()
|
||||
assert len(all_tokens) == 2
|
||||
for x in all_tokens:
|
||||
if x.id == saved_token.id:
|
||||
assert x.expiry_date is not None
|
||||
else:
|
||||
assert x.expiry_date is None
|
||||
assert x.token is not saved_token.token
|
||||
|
||||
|
||||
def test_create_token_should_return_error_when_service_does_not_exist(notify_api, notify_db, notify_db_session,
|
||||
sample_service):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
response = client.post(url_for('service.renew_token', service_id=123),
|
||||
headers=[('Content-Type', 'application/json')])
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_revoke_token_should_expire_token_for_service(notify_api, notify_db, notify_db_session, sample_token):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
assert len(Token.query.all()) == 1
|
||||
response = client.post(url_for('service.revoke_token', service_id=sample_token.service_id))
|
||||
assert response.status_code == 202
|
||||
all_tokens = Token.query.all()
|
||||
assert len(all_tokens) == 1
|
||||
assert all_tokens[0].expiry_date is not None
|
||||
|
||||
|
||||
def test_create_service_should_create_new_token_for_service(notify_api, notify_db, notify_db_session, sample_user):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
data = {
|
||||
'name': 'created service',
|
||||
'users': [sample_user.id],
|
||||
'limit': 1000,
|
||||
'restricted': False,
|
||||
'active': False}
|
||||
headers = [('Content-Type', 'application/json')]
|
||||
assert len(Token.query.all()) == 0
|
||||
resp = client.post(url_for('service.create_service'),
|
||||
data=json.dumps(data),
|
||||
headers=headers)
|
||||
assert resp.status_code == 201
|
||||
assert len(Token.query.all()) == 1
|
||||
|
||||
|
||||
def test_create_template(notify_api, notify_db, notify_db_session, sample_service):
|
||||
"""
|
||||
Tests POST endpoint '/<service_id>/template' a template can be created
|
||||
|
||||
Reference in New Issue
Block a user