zecfoundation
/
zcash-grant-system
mirror of https://github.com/ZcashFoundation/zcash-grant-system.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Authenticate endpoints (#193) 

* Add auth to endpoints.
This commit is contained in:
William O'Beirne 2018-11-13 09:17:06 -05:00 committed by Daniel Ternyak
parent 22487b331b
commit a418f3d5b6
12 changed files with 302 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/.gitignore vendored
View File

@ -68,3 +68,5 @@ dump.rdb
# jetbrains
.idea/
# vscode
.vscode/

60
backend/grant/proposal/views.py
View File

@ -1,12 +1,13 @@
from datetime import datetime
from flask import Blueprint
from flask import Blueprint, g
from flask_yoloapi import endpoint, parameter
from sqlalchemy.exc import IntegrityError
from grant.comment.models import Comment, comment_schema
from grant.milestone.models import Milestone
from grant.user.models import User, SocialMedia, Avatar
from grant.utils.auth import requires_sm, requires_team_member_auth
from .models import Proposal, proposals_schema, proposal_schema, ProposalUpdate, proposal_update_schema, db
blueprint = Blueprint("proposal", __name__, url_prefix="/api/v1/proposals")
@ -39,28 +40,22 @@ def get_proposal_comments(proposal_id):
@blueprint.route("/<proposal_id>/comments", methods=["POST"])
@requires_sm
@endpoint.api(
parameter('userId', type=int, required=True),
parameter('content', type=str, required=True)
)
def post_proposal_comments(proposal_id, user_id, content):
proposal = Proposal.query.filter_by(id=proposal_id).first()
if proposal:
user = User.query.filter_by(id=user_id).first()
if user:
comment = Comment(
proposal_id=proposal_id,
user_id=user_id,
content=content
)
db.session.add(comment)
db.session.commit()
dumped_comment = comment_schema.dump(comment)
return dumped_comment, 201
else:
return {"message": "No user matching id"}, 404
comment = Comment(
proposal_id=proposal_id,
user_id=g.current_user.id,
content=content
)
db.session.add(comment)
db.session.commit()
dumped_comment = comment_schema.dump(comment)
return dumped_comment, 201
else:
return {"message": "No proposal matching id"}, 404
@ -73,8 +68,8 @@ def get_proposals(stage):
if stage:
proposals = (
Proposal.query.filter_by(stage=stage)
.order_by(Proposal.date_created.desc())
.all()
.order_by(Proposal.date_created.desc())
.all()
)
else:
proposals = Proposal.query.order_by(Proposal.date_created.desc()).all()
@ -83,6 +78,7 @@ def get_proposals(stage):
@blueprint.route("/", methods=["POST"])
@requires_sm
@endpoint.api(
parameter('crowdFundContractAddress', type=str, required=True),
parameter('content', type=str, required=True),
@ -92,7 +88,6 @@ def get_proposals(stage):
parameter('team', type=list, required=True)
)
def make_proposal(crowd_fund_contract_address, content, title, milestones, category, team):
from grant.user.models import User
existing_proposal = Proposal.query.filter_by(proposal_address=crowd_fund_contract_address).first()
if existing_proposal:
return {"message": "Oops! Something went wrong."}, 409
@ -187,24 +182,21 @@ def get_proposal_update(proposal_id, update_id):
return {"message": "No proposal matching id"}, 404
# TODO: Add authentication to endpoint
@blueprint.route("/<proposal_id>/updates", methods=["POST"])
@requires_team_member_auth
@requires_sm
@endpoint.api(
parameter('title', type=str, required=True),
parameter('content', type=str, required=True)
)
def post_proposal_update(proposal_id, title, content):
proposal = Proposal.query.filter_by(id=proposal_id).first()
if proposal:
update = ProposalUpdate(
proposal_id=proposal.id,
title=title,
content=content
)
db.session.add(update)
db.session.commit()
update = ProposalUpdate(
proposal_id=g.current_proposal.id,
title=title,
content=content
)
db.session.add(update)
db.session.commit()
dumped_update = proposal_update_schema.dump(update)
return dumped_update, 201
else:
return {"message": "No proposal matching id"}, 404
dumped_update = proposal_update_schema.dump(update)
return dumped_update, 201

18
backend/grant/user/models.py
View File

@ -1,3 +1,4 @@
from sqlalchemy import func
from grant.comment.models import Comment
from grant.email.models import EmailVerification
from grant.extensions import ma, db
@ -57,7 +58,7 @@ class User(db.Model):
self.title = title
@staticmethod
def create(email_address=None, account_address=None, display_name=None, title=None):
def create(email_address=None, account_address=None, display_name=None, title=None, _send_email=True):
user = User(
account_address=account_address,
email_address=email_address,
@ -72,21 +73,22 @@ class User(db.Model):
db.session.add(ev)
db.session.commit()
send_email(user.email_address, 'signup', {
'display_name': user.display_name,
'confirm_url': make_url(f'/email/verify?code={ev.code}')
})
if send_email:
send_email(user.email_address, 'signup', {
'display_name': user.display_name,
'confirm_url': make_url(f'/email/verify?code={ev.code}')
})
return user
@staticmethod
def get_by_email_or_account_address(email_address: str = None, account_address: str = None):
def get_by_identifier(email_address: str = None, account_address: str = None):
if not email_address and not account_address:
raise ValueError("Either email_address or account_address is required to get a user")
return User.query.filter(
(User.account_address == account_address) |
(User.email_address == email_address)
(func.lower(User.account_address) == func.lower(account_address)) |
(func.lower(User.email_address) == func.lower(email_address))
).first()
class UserSchema(ma.Schema):

69
backend/grant/user/views.py
View File

@ -1,10 +1,9 @@
from flask import Blueprint, g
from flask_yoloapi import endpoint, parameter
from .models import User, SocialMedia, Avatar, users_schema, user_schema, db
from grant.proposal.models import Proposal, proposal_team
from grant.utils.auth import requires_sm, verify_signed_auth, BadSignatureException
from grant.utils.auth import requires_sm, requires_same_user_auth, verify_signed_auth, BadSignatureException
from .models import User, SocialMedia, Avatar, users_schema, user_schema, db
blueprint = Blueprint('user', __name__, url_prefix='/api/v1/users')
@ -35,7 +34,7 @@ def get_me():
@blueprint.route("/<user_identity>", methods=["GET"])
@endpoint.api()
def get_user(user_identity):
user = User.get_by_email_or_account_address(email_address=user_identity, account_address=user_identity)
user = User.get_by_identifier(email_address=user_identity, account_address=user_identity)
if user:
result = user_schema.dump(user)
return result
@ -54,14 +53,14 @@ def get_user(user_identity):
parameter('rawTypedData', type=str, required=True)
)
def create_user(
account_address,
email_address,
display_name,
title,
signed_message,
raw_typed_data
account_address,
email_address,
display_name,
title,
signed_message,
raw_typed_data
):
existing_user = User.get_by_email_or_account_address(email_address=email_address, account_address=account_address)
existing_user = User.get_by_identifier(email_address=email_address, account_address=account_address)
if existing_user:
return {"message": "User with that address or email already exists"}, 409
@ -70,11 +69,11 @@ def create_user(
sig_address = verify_signed_auth(signed_message, raw_typed_data)
if sig_address.lower() != account_address.lower():
return {
"message": "Message signature address ({sig_address}) doesn't match account_address ({account_address})".format(
sig_address=sig_address,
account_address=account_address
)
}, 400
"message": "Message signature address ({sig_address}) doesn't match account_address ({account_address})".format(
sig_address=sig_address,
account_address=account_address
)
}, 400
except BadSignatureException:
return {"message": "Invalid message signature"}, 400
@ -88,6 +87,7 @@ def create_user(
result = user_schema.dump(user)
return result
@blueprint.route("/auth", methods=["POST"])
@endpoint.api(
parameter('accountAddress', type=str, required=True),
@ -95,7 +95,7 @@ def create_user(
parameter('rawTypedData', type=str, required=True)
)
def auth_user(account_address, signed_message, raw_typed_data):
existing_user = User.get_by_email_or_account_address(account_address=account_address)
existing_user = User.get_by_identifier(account_address=account_address)
if not existing_user:
return {"message": "No user exists with that address"}, 400
@ -103,27 +103,28 @@ def auth_user(account_address, signed_message, raw_typed_data):
sig_address = verify_signed_auth(signed_message, raw_typed_data)
if sig_address.lower() != account_address.lower():
return {
"message": "Message signature address ({sig_address}) doesn't match account_address ({account_address})".format(
sig_address=sig_address,
account_address=account_address
)
}, 400
"message": "Message signature address ({sig_address}) doesn't match account_address ({account_address})".format(
sig_address=sig_address,
account_address=account_address
)
}, 400
except BadSignatureException:
return {"message": "Invalid message signature"}, 400
return user_schema.dump(existing_user)
@blueprint.route("/<user_identity>", methods=["PUT"])
@requires_sm
@requires_same_user_auth
@endpoint.api(
parameter('displayName', type=str, required=False),
parameter('title', type=str, required=False),
parameter('socialMedias', type=list, required=False),
parameter('avatar', type=dict, required=False),
parameter('displayName', type=str, required=True),
parameter('title', type=str, required=True),
parameter('socialMedias', type=list, required=True),
parameter('avatar', type=dict, required=True)
)
def update_user(user_identity, display_name, title, social_medias, avatar):
user = User.get_by_email_or_account_address(email_address=user_identity, account_address=user_identity)
if not user:
return {"message": "User with that address or email not found"}, 404
user = g.current_user
if display_name is not None:
user.display_name = display_name
@ -132,11 +133,12 @@ def update_user(user_identity, display_name, title, social_medias, avatar):
user.title = title
if social_medias is not None:
sm_query = SocialMedia.query.filter_by(user_id=user.id)
sm_query.delete()
SocialMedia.query.filter_by(user_id=user.id).delete()
for social_media in social_medias:
sm = SocialMedia(social_media_link=social_media.get("link"), user_id=user.id)
db.session.add(sm)
else:
SocialMedia.query.filter_by(user_id=user.id).delete()
if avatar is not None:
Avatar.query.filter_by(user_id=user.id).delete()
@ -144,8 +146,9 @@ def update_user(user_identity, display_name, title, social_medias, avatar):
if avatar_link:
avatar_obj = Avatar(image_url=avatar_link, user_id=user.id)
db.session.add(avatar_obj)
else:
Avatar.query.filter_by(user_id=user.id).delete()
db.session.commit()
result = user_schema.dump(user)
return result

61
backend/grant/utils/auth.py
View File

@ -8,6 +8,7 @@ from itsdangerous import SignatureExpired, BadSignature
from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
from grant.settings import SECRET_KEY, AUTH_URL
from ..proposal.models import Proposal
from ..user.models import User
TWO_WEEKS = 1209600
@ -35,6 +36,7 @@ def verify_token(token):
class BadSignatureException(Exception):
pass
def verify_signed_auth(signature, typed_data):
loaded_typed_data = ast.literal_eval(typed_data)
url = AUTH_URL + "/message/recover"
@ -43,29 +45,13 @@ def verify_signed_auth(signature, typed_data):
response = requests.request("POST", url, data=payload, headers=headers)
json_response = response.json()
recovered_address = json_response.get('recoveredAddress')
if not recovered_address:
raise BadSignatureException("Authorization signature is invalid")
return recovered_address
def requires_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
token = request.headers.get('Authorization', None)
if token:
string_token = token.encode('ascii', 'ignore')
user = verify_token(string_token)
if user:
g.current_user = user
return f(*args, **kwargs)
return jsonify(message="Authentication is required to access this resource"), 401
return decorated
# Decorator that requires you to have EIP-712 message signature headers for auth
def requires_sm(f):
@wraps(f)
def decorated(*args, **kwargs):
@ -73,13 +59,12 @@ def requires_sm(f):
typed_data = request.headers.get('RawTypedData', None)
if typed_data and signature:
auth_address = None
try:
auth_address = verify_signed_auth(signature, typed_data)
except BadSignatureException:
return jsonify(message="Invalid auth message signature"), 401
user = User.get_by_email_or_account_address(account_address=auth_address)
user = User.get_by_identifier(account_address=auth_address)
if not user:
return jsonify(message="No user exists with address: {}".format(auth_address)), 401
@ -89,3 +74,41 @@ def requires_sm(f):
return jsonify(message="Authentication is required to access this resource"), 401
return decorated
# Decorator that requires you to be the user you're interacting with
def requires_same_user_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
user_identity = kwargs["user_identity"]
if not user_identity:
return jsonify(message="Decorator requires_same_user_auth requires path variable <user_identity>"), 500
user = User.get_by_identifier(account_address=user_identity, email_address=user_identity)
if user.id != g.current_user.id:
return jsonify(message="You are not authorized to modify this user"), 403
return f(*args, **kwargs)
return requires_sm(decorated)
# Decorator that requires you to be a team member of a proposal to access
def requires_team_member_auth(f):
@wraps(f)
def decorated(*args, **kwargs):
proposal_id = kwargs["proposal_id"]
if not proposal_id:
return jsonify(message="Decorator requires_team_member_auth requires path variable <proposal_id>"), 500
proposal = Proposal.query.filter_by(id=proposal_id).first()
if not proposal:
return jsonify(message="No proposal exists with id: {}".format(proposal_id)), 404
if not g.current_user in proposal.team:
return jsonify(message="You are not authorized to modify this proposal"), 403
g.current_proposal = proposal
return f(*args, **kwargs)
return requires_sm(decorated)

2
backend/requirements/prod.txt
View File

@ -55,4 +55,4 @@ flask-sendgrid==0.6
sendgrid==5.3.0
# input validation
flask-yolo2API
flask-yolo2API==0.2.4

31
backend/tests/config.py
View File

@ -1,6 +1,8 @@
from flask_testing import TestCase
from grant.app import create_app, db
from grant.app import create_app
from grant.user.models import User, SocialMedia, db, Avatar
from .test_data import test_user, message
class BaseTestConfig(TestCase):
@ -11,9 +13,36 @@ class BaseTestConfig(TestCase):
return app
def setUp(self):
db.drop_all()
self.app = self.create_app().test_client()
db.create_all()
def tearDown(self):
db.session.remove()
db.drop_all()
class BaseUserConfig(BaseTestConfig):
headers = {
"MsgSignature": message["sig"],
"RawTypedData": message["data"]
}
def setUp(self):
super(BaseUserConfig, self).setUp()
self.user = User.create(
account_address=test_user["accountAddress"],
email_address=test_user["emailAddress"],
display_name=test_user["displayName"],
title=test_user["title"],
_send_email=False
)
sm = SocialMedia(social_media_link=test_user['socialMedias'][0]['link'], user_id=self.user.id)
db.session.add(sm)
avatar = Avatar(image_url=test_user["avatar"]["link"], user_id=self.user.id)
db.session.add(avatar)
db.session.commit()
def remove_default_user(self):
User.query.filter_by(id=self.user.id).delete()
db.session.commit()

78
backend/tests/proposal/test_api.py
View File

@ -1,81 +1,43 @@
import json
import random
from grant.proposal.models import Proposal, CATEGORIES
from grant.user.models import User, SocialMedia
from ..config import BaseTestConfig
milestones = [
{
"title": "All the money straightaway",
"description": "cool stuff with it",
"date": "June 2019",
"payoutPercent": "100",
"immediatePayout": False
}
]
team = [
{
"accountAddress": "0x1",
"displayName": 'Groot',
"emailAddress": 'iam@groot.com',
"title": 'I am Groot!',
"avatar": {
"link": 'https://avatars2.githubusercontent.com/u/1393943?s=400&v=4'
},
"socialMedias": [
{
"link": 'https://github.com/groot'
}
]
}
]
proposal = {
"team": team,
"crowdFundContractAddress": "0x20000",
"content": "## My Proposal",
"title": "Give Me Money",
"milestones": milestones,
"category": random.choice(CATEGORIES)
}
from grant.proposal.models import Proposal
from grant.user.models import SocialMedia, Avatar
from ..config import BaseUserConfig
from ..test_data import test_proposal
class TestAPI(BaseTestConfig):
class TestAPI(BaseUserConfig):
def test_create_new_proposal(self):
self.assertIsNone(Proposal.query.filter_by(
proposal_address=proposal["crowdFundContractAddress"]
proposal_address=test_proposal["crowdFundContractAddress"]
).first())
resp = self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
headers=self.headers,
content_type='application/json'
)
self.assertEqual(resp.status_code, 201)
proposal_db = Proposal.query.filter_by(
proposal_address=proposal["crowdFundContractAddress"]
proposal_address=test_proposal["crowdFundContractAddress"]
).first()
self.assertEqual(proposal_db.title, proposal["title"])
# User
user_db = User.query.filter_by(email_address=team[0]["emailAddress"]).first()
self.assertEqual(user_db.display_name, team[0]["displayName"])
self.assertEqual(user_db.title, team[0]["title"])
self.assertEqual(user_db.account_address, team[0]["accountAddress"])
self.assertEqual(proposal_db.title, test_proposal["title"])
# SocialMedia
social_media_db = SocialMedia.query.filter_by(social_media_link=team[0]["socialMedias"][0]["link"]).first()
social_media_db = SocialMedia.query.filter_by(user_id=self.user.id).first()
self.assertTrue(social_media_db)
# Avatar
self.assertEqual(user_db.avatar.image_url, team[0]["avatar"]["link"])
avatar = Avatar.query.filter_by(user_id=self.user.id).first()
self.assertTrue(avatar)
def test_create_new_proposal_comment(self):
proposal_res = self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
headers=self.headers,
content_type='application/json'
)
proposal_json = proposal_res.json
@ -94,15 +56,17 @@ class TestAPI(BaseTestConfig):
self.assertTrue(comment_res.json)
def test_create_new_proposal_duplicate(self):
proposal_res = self.app.post(
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
headers=self.headers,
content_type='application/json'
)
proposal_res2 = self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
headers=self.headers,
content_type='application/json'
)

21
backend/tests/test_data.py
View File

@ -1,5 +1,6 @@
import json
import random
from grant.proposal.models import CATEGORIES
message = {
@ -43,7 +44,7 @@ message = {
}
}
user = {
test_user = {
"accountAddress": '0xcd2a3d9f938e13cd947ec05abc7fe734df8dd826',
"displayName": 'Groot',
"emailAddress": 'iam@groot.com',
@ -60,7 +61,7 @@ user = {
"rawTypedData": json.dumps(message["data"])
}
team = [user]
test_team = [test_user]
milestones = [
{
@ -72,11 +73,21 @@ milestones = [
}
]
proposal = {
"team": team,
test_proposal = {
"team": test_team,
"crowdFundContractAddress": "0x20000",
"content": "## My Proposal",
"title": "Give Me Money",
"milestones": milestones,
"category": random.choice(CATEGORIES)
}
}
milestones = [
{
"title": "All the money straightaway",
"description": "cool stuff with it",
"date": "June 2019",
"payoutPercent": "100",
"immediatePayout": False
}
]

8
backend/tests/user/test_required_sm_decorator.py
View File

@ -1,14 +1,14 @@
import json
from ..config import BaseTestConfig
from ..test_data import user, message
from ..test_data import test_user, message
class TestRequiredSignedMessageDecorator(BaseTestConfig):
def test_required_sm_aborts_without_data_and_sig_headers(self):
self.app.post(
"/api/v1/users/",
data=json.dumps(user),
data=json.dumps(test_user),
content_type='application/json'
)
@ -53,7 +53,7 @@ class TestRequiredSignedMessageDecorator(BaseTestConfig):
def test_required_sm_decorator_authorizes_when_recovered_address_matches_existing_user(self):
self.app.post(
"/api/v1/users/",
data=json.dumps(user),
data=json.dumps(test_user),
content_type='application/json'
)
@ -68,4 +68,4 @@ class TestRequiredSignedMessageDecorator(BaseTestConfig):
response_json = response.json
self.assert200(response)
self.assertEqual(response_json["displayName"], user["displayName"])
self.assertEqual(response_json["displayName"], test_user["displayName"])

208
backend/tests/user/test_user_api.py
View File

@ -1,84 +1,101 @@
import copy
import json
from grant.proposal.models import Proposal
from grant.user.models import User
from ..config import BaseTestConfig
from ..test_data import team, proposal
from animal_case import animalify
from mock import patch
from grant.proposal.models import Proposal
from grant.user.models import User, user_schema
from ..config import BaseUserConfig
from ..test_data import test_team, test_proposal, test_user
class TestAPI(BaseTestConfig):
def test_create_new_user_via_proposal_by_account_address(self):
proposal_by_account = copy.deepcopy(proposal)
del proposal_by_account["team"][0]["emailAddress"]
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal_by_account),
content_type='application/json'
)
class TestAPI(BaseUserConfig):
# TODO create second signed message default user
# @patch('grant.email.send.send_email')
# def test_create_new_user_via_proposal_by_account_address(self, mock_send_email):
# mock_send_email.return_value.ok = True
# self.remove_default_user()
# proposal_by_account = copy.deepcopy(test_proposal)
# del proposal_by_account["team"][0]["emailAddress"]
#
# resp = self.app.post(
# "/api/v1/proposals/",
# data=json.dumps(proposal_by_account),
# headers=self.headers,
# content_type='application/json'
# )
#
# self.assertEqual(resp, 201)
#
# # User
# user_db = User.query.filter_by(account_address=proposal_by_account["team"][0]["accountAddress"]).first()
# self.assertEqual(user_db.display_name, proposal_by_account["team"][0]["displayName"])
# self.assertEqual(user_db.title, proposal_by_account["team"][0]["title"])
# self.assertEqual(user_db.account_address, proposal_by_account["team"][0]["accountAddress"])
# User
user_db = User.query.filter_by(account_address=proposal_by_account["team"][0]["accountAddress"]).first()
self.assertEqual(user_db.display_name, proposal_by_account["team"][0]["displayName"])
self.assertEqual(user_db.title, proposal_by_account["team"][0]["title"])
self.assertEqual(user_db.account_address, proposal_by_account["team"][0]["accountAddress"])
def test_create_new_user_via_proposal_by_email(self):
proposal_by_email = copy.deepcopy(proposal)
del proposal_by_email["team"][0]["accountAddress"]
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal_by_email),
content_type='application/json'
)
# User
user_db = User.query.filter_by(email_address=proposal_by_email["team"][0]["emailAddress"]).first()
self.assertEqual(user_db.display_name, proposal_by_email["team"][0]["displayName"])
self.assertEqual(user_db.title, proposal_by_email["team"][0]["title"])
# TODO create second signed message default user
# def test_create_new_user_via_proposal_by_email(self):
# self.remove_default_user()
# proposal_by_email = copy.deepcopy(test_proposal)
# del proposal_by_email["team"][0]["accountAddress"]
#
# resp = self.app.post(
# "/api/v1/proposals/",
# data=json.dumps(proposal_by_email),
# headers=self.headers,
# content_type='application/json'
# )
#
# self.assertEqual(resp, 201)
#
# # User
# user_db = User.query.filter_by(email_address=proposal_by_email["team"][0]["emailAddress"]).first()
# self.assertEqual(user_db.display_name, proposal_by_email["team"][0]["displayName"])
# self.assertEqual(user_db.title, proposal_by_email["team"][0]["title"])
def test_associate_user_via_proposal_by_email(self):
proposal_by_email = copy.deepcopy(proposal)
proposal_by_email = copy.deepcopy(test_proposal)
del proposal_by_email["team"][0]["accountAddress"]
self.app.post(
resp = self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal_by_email),
headers=self.headers,
content_type='application/json'
)
self.assertEqual(resp.status_code, 201)
# User
user_db = User.query.filter_by(email_address=proposal_by_email["team"][0]["emailAddress"]).first()
self.assertEqual(user_db.display_name, proposal_by_email["team"][0]["displayName"])
self.assertEqual(user_db.title, proposal_by_email["team"][0]["title"])
proposal_db = Proposal.query.filter_by(
proposal_address=proposal["crowdFundContractAddress"]
proposal_address=test_proposal["crowdFundContractAddress"]
).first()
self.assertEqual(proposal_db.team[0].id, user_db.id)
def test_associate_user_via_proposal_by_email_when_user_already_exists(self):
proposal_by_email = copy.deepcopy(proposal)
del proposal_by_email["team"][0]["accountAddress"]
proposal_by_user_email = copy.deepcopy(test_proposal)
del proposal_by_user_email["team"][0]["accountAddress"]
self.app.post(
resp = self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal_by_email),
data=json.dumps(proposal_by_user_email),
headers=self.headers,
content_type='application/json'
)
self.assertEqual(resp.status_code, 201)
# User
user_db = User.query.filter_by(email_address=proposal_by_email["team"][0]["emailAddress"]).first()
self.assertEqual(user_db.display_name, proposal_by_email["team"][0]["displayName"])
self.assertEqual(user_db.title, proposal_by_email["team"][0]["title"])
self.assertEqual(self.user.display_name, proposal_by_user_email["team"][0]["displayName"])
self.assertEqual(self.user.title, proposal_by_user_email["team"][0]["title"])
proposal_db = Proposal.query.filter_by(
proposal_address=proposal["crowdFundContractAddress"]
proposal_address=test_proposal["crowdFundContractAddress"]
).first()
self.assertEqual(proposal_db.team[0].id, user_db.id)
self.assertEqual(proposal_db.team[0].id, self.user.id)
new_proposal_by_email = copy.deepcopy(proposal)
new_proposal_by_email = copy.deepcopy(test_proposal)
new_proposal_by_email["crowdFundContractAddress"] = "0x2222"
del new_proposal_by_email["team"][0]["accountAddress"]
@ -92,14 +109,14 @@ class TestAPI(BaseTestConfig):
self.assertEqual(user_db.display_name, new_proposal_by_email["team"][0]["displayName"])
self.assertEqual(user_db.title, new_proposal_by_email["team"][0]["title"])
proposal_db = Proposal.query.filter_by(
proposal_address=proposal["crowdFundContractAddress"]
proposal_address=test_proposal["crowdFundContractAddress"]
).first()
self.assertEqual(proposal_db.team[0].id, user_db.id)
def test_get_all_users(self):
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
content_type='application/json'
)
users_get_resp = self.app.get(
@ -107,18 +124,17 @@ class TestAPI(BaseTestConfig):
)
users_json = users_get_resp.json
print(users_json)
self.assertEqual(users_json[0]["displayName"], team[0]["displayName"])
self.assertEqual(users_json[0]["displayName"], test_team[0]["displayName"])
def test_get_user_associated_with_proposal(self):
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
content_type='application/json'
)
data = {
'proposalId': proposal["crowdFundContractAddress"]
'proposalId': test_proposal["crowdFundContractAddress"]
}
users_get_resp = self.app.get(
@ -127,25 +143,25 @@ class TestAPI(BaseTestConfig):
)
users_json = users_get_resp.json
self.assertEqual(users_json[0]["avatar"]["imageUrl"], team[0]["avatar"]["link"])
self.assertEqual(users_json[0]["socialMedias"][0]["socialMediaLink"], team[0]["socialMedias"][0]["link"])
self.assertEqual(users_json[0]["displayName"], team[0]["displayName"])
self.assertEqual(users_json[0]["avatar"]["imageUrl"], test_team[0]["avatar"]["link"])
self.assertEqual(users_json[0]["socialMedias"][0]["socialMediaLink"], test_team[0]["socialMedias"][0]["link"])
self.assertEqual(users_json[0]["displayName"], test_user["displayName"])
def test_get_single_user(self):
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
data=json.dumps(test_proposal),
content_type='application/json'
)
users_get_resp = self.app.get(
"/api/v1/users/{}".format(proposal["team"][0]["emailAddress"])
"/api/v1/users/{}".format(test_proposal["team"][0]["emailAddress"])
)
users_json = users_get_resp.json
self.assertEqual(users_json["avatar"]["imageUrl"], team[0]["avatar"]["link"])
self.assertEqual(users_json["socialMedias"][0]["socialMediaLink"], team[0]["socialMedias"][0]["link"])
self.assertEqual(users_json["displayName"], team[0]["displayName"])
self.assertEqual(users_json["avatar"]["imageUrl"], test_team[0]["avatar"]["link"])
self.assertEqual(users_json["socialMedias"][0]["socialMediaLink"], test_team[0]["socialMedias"][0]["link"])
self.assertEqual(users_json["displayName"], test_team[0]["displayName"])
@patch('grant.email.send.send_email')
def test_create_user(self, mock_send_email):
@ -153,15 +169,15 @@ class TestAPI(BaseTestConfig):
self.app.post(
"/api/v1/users/",
data=json.dumps(team[0]),
data=json.dumps(test_team[0]),
content_type='application/json'
)
# User
user_db = User.get_by_email_or_account_address(account_address=team[0]["accountAddress"])
self.assertEqual(user_db.display_name, team[0]["displayName"])
self.assertEqual(user_db.title, team[0]["title"])
self.assertEqual(user_db.account_address, team[0]["accountAddress"])
user_db = User.get_by_identifier(account_address=test_team[0]["accountAddress"])
self.assertEqual(user_db.display_name, test_team[0]["displayName"])
self.assertEqual(user_db.title, test_team[0]["title"])
self.assertEqual(user_db.account_address, test_team[0]["accountAddress"])
@patch('grant.email.send.send_email')
def test_create_user_duplicate_400(self, mock_send_email):
@ -170,64 +186,28 @@ class TestAPI(BaseTestConfig):
response = self.app.post(
"/api/v1/users/",
data=json.dumps(team[0]),
data=json.dumps(test_team[0]),
content_type='application/json'
)
self.assertEqual(response.status_code, 409)
def test_update_user_remove_social_and_avatar(self):
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
content_type='application/json'
)
updated_user = copy.deepcopy(team[0])
updated_user['displayName'] = 'Billy'
updated_user['title'] = 'Commander'
updated_user['socialMedias'] = []
updated_user['avatar'] = {}
updated_user = animalify(copy.deepcopy(user_schema.dump(self.user)))
updated_user["displayName"] = 'new display name'
updated_user["avatar"] = None
updated_user["socialMedias"] = None
user_update_resp = self.app.put(
"/api/v1/users/{}".format(proposal["team"][0]["accountAddress"]),
"/api/v1/users/{}".format(self.user.account_address),
data=json.dumps(updated_user),
headers=self.headers,
content_type='application/json'
)
self.assert200(user_update_resp)
users_json = user_update_resp.json
self.assertFalse(users_json["avatar"])
self.assertFalse(len(users_json["socialMedias"]))
self.assertEqual(users_json["displayName"], updated_user["displayName"])
self.assertEqual(users_json["title"], updated_user["title"])
def test_update_user(self):
self.app.post(
"/api/v1/proposals/",
data=json.dumps(proposal),
content_type='application/json'
)
updated_user = copy.deepcopy(team[0])
updated_user['displayName'] = 'Billy'
updated_user['title'] = 'Commander'
updated_user['socialMedias'] = [
{
"link": "https://github.com/billyman"
}
]
updated_user['avatar'] = {
"link": "https://x.io/avatar.png"
}
user_update_resp = self.app.put(
"/api/v1/users/{}".format(proposal["team"][0]["accountAddress"]),
data=json.dumps(updated_user),
content_type='application/json'
)
users_json = user_update_resp.json
self.assertEqual(users_json["avatar"]["imageUrl"], updated_user["avatar"]["link"])
self.assertEqual(users_json["socialMedias"][0]["socialMediaLink"], updated_user["socialMedias"][0]["link"])
self.assertEqual(users_json["displayName"], updated_user["displayName"])
self.assertEqual(users_json["title"], updated_user["title"])
user_json = user_update_resp.json
self.assertFalse(user_json["avatar"])
self.assertFalse(len(user_json["socialMedias"]))
self.assertEqual(user_json["displayName"], updated_user["displayName"])
self.assertEqual(user_json["title"], updated_user["title"])

20
frontend/client/store/configure.tsx
View File

@ -6,6 +6,7 @@ import { composeWithDevTools } from 'redux-devtools-extension';
import { persistStore, Persistor } from 'redux-persist';
import rootReducer, { AppState, combineInitialState } from './reducers';
import rootSaga from './sagas';
import axios from 'api/axios';
const sagaMiddleware = createSagaMiddleware();
@ -43,5 +44,24 @@ export function configureStore(initialState: Partial<AppState> = combineInitialS
}
}
// Any global listeners to the store go here
let prevState = store.getState();
store.subscribe(() => {
const state = store.getState();
// Setup the API with auth credentials whenever they change
const { authSignature } = state.auth;
if (authSignature !== prevState.auth.authSignature) {
axios.defaults.headers.common.MsgSignature = authSignature
? authSignature.signedMessage
: undefined;
axios.defaults.headers.common.RawTypedData = authSignature
? JSON.stringify(authSignature.rawTypedData)
: undefined;
}
prevState = state;
});
return { store, persistor };
}