diff --git a/code/auth-service/app.py b/code/auth-service/app.py
index 0a8130200e9a89fe4d65b37a0c7ee82cc9a58331..4e0731d6ac1380a630717ffab4064771be5e32a2 100644
--- a/code/auth-service/app.py
+++ b/code/auth-service/app.py
@@ -17,6 +17,8 @@ def login():
# get the username and password from the client application
username = request.form.get("user")
password = request.form.get("password")
+ if not username or not password:
+ return Response("Authentication unsuccessful. Username and password are required.", status=400, mimetype='application/json')
# the password in the database is "hashed" with a one-way hash
hash_object = hashlib.sha1(bytes(password, 'utf-8'))
@@ -25,9 +27,9 @@ def login():
# make a call to the model to authenticate
authentication = authModel.authenticate(username, hashed_password)
if authentication == False:
- return Response("Authentication unsuccessful. Wrong credentials.", status=401, mimetype='application/json')
+ return Response("Authentication unsuccessful. Wrong credentials.",status=401, mimetype='application/json')
else:
- response = Response("Authentication successful", status=200, mimetype='application/json')
+ response = Response("Authentication successful.", status=200, mimetype='application/json')
response.headers["UserID"] = username
response.headers["JWT"] = authentication["token"]
response.headers["IsAdmin"] = authentication["isAdmin"]
@@ -40,14 +42,15 @@ def verify():
# Extract and verify the JWT-token
token = ""
authorizationHeader = request.headers.get('authorization')
+ if authorizationHeader is None:
+ return Response("Verification unsuccessful. JWT token required.", status=400, mimetype='application/json')
print("AuthorizationHeader: "+authorizationHeader)
- if authorizationHeader is not None:
- token = authorizationHeader.replace("Bearer ", "")
+ token = authorizationHeader.replace("Bearer ", "")
verification = authModel.verify(token)
if not verification:
- return Response("Verification unsuccessful", status=401, mimetype='application/json')
+ return Response("Verification unsuccessful. Token could not be verified.", status=401, mimetype='application/json')
else:
- response = Response("Authentication successful", status=200, mimetype='application/json')
+ response = Response("Authentication successful.", status=200, mimetype='application/json')
response.headers["UserID"] = verification["username"]
response.headers["JWT"] = token
response.headers["IsAdmin"] = verification["isAdmin"]
@@ -56,14 +59,16 @@ def verify():
@app.route("/logout", methods=["GET", "POST"])
def logout():
- #token = request.form.get("token")
authorizationHeader = request.headers.get('authorization')
+ if not authorizationHeader:
+ return Response("Authentication unsuccessful. JWT token required.", status=400, mimetype='application/json')
+
token = authorizationHeader.replace("Bearer ", "")
status = authModel.blacklist(token)
if status:
- return Response("Logout successful", status=200, mimetype='application/json')
+ return Response("Logout successful.", status=200, mimetype='application/json')
else:
- return Response("Logout unsuccessful", status=409, mimetype='application/json')
+ return Response("Logout unsuccessful. JWT token could not be verified.", status=401, mimetype='application/json')
@app.route("/user", methods=["POST", "DELETE"])
@@ -74,9 +79,11 @@ def user():
# verify the token
token = ""
+
authorizationHeader = request.headers.get('authorization')
- if authorizationHeader is not None:
- token = authorizationHeader.replace("Bearer ", "")
+ if authorizationHeader is None:
+ return Response("Registration unsuccessful. Missing JWT token.", status=400, mimetype='application/json')
+ token = authorizationHeader.replace("Bearer ", "")
if authModel.verify(token):
if not authModel.isAdmin(token):
if authModel.admin_exists():
@@ -96,6 +103,9 @@ def user():
password = request.form.get("password")
roles = request.form.get("roles")
+ if not username or not password or not roles:
+ return Response("Registration unsuccessful. Missing input data.", status=400, mimetype='application/json')
+
# the password in the database is hashed with a one-way hash
hash_object = hashlib.sha1(bytes(password, 'utf-8'))
hashed_password = hash_object.hexdigest()
@@ -104,24 +114,28 @@ def user():
createResponse = authModel.create(username, hashed_password, is_admin, roles)
if createResponse:
- return Response("Registration successful", status=200, mimetype='application/json')
+ return Response("Registration successful.", status=200, mimetype='application/json')
else:
return Response("Registration unsuccessful. Please adjust your credentials.", status=409, mimetype='application/json')
elif request.method == 'DELETE':
username = request.form.get("user")
+ if not username:
+ return Response("Deletion unsuccessful. Missing user name.", status=400, mimetype='application/json')
+
# verify the token
token = ""
authorizationHeader = request.headers.get('authorization')
- if authorizationHeader is not None:
- token = authorizationHeader.replace("Bearer ", "")
+ if authorizationHeader is None:
+ return Response("Deletion unsuccessful. Missing JWT token.", status=400, mimetype='application/json')
+ token = authorizationHeader.replace("Bearer ", "")
decoded_token = authModel.verify(token)
if decoded_token:
if not decoded_token.get("isAdmin") and not decoded_token.get("username") == username:
- return Response("Deletion unsuccessful", status=403, mimetype='application/json')
+ return Response("Deletion unsuccessful. Not authorized.", status=403, mimetype='application/json')
else:
- return Response("Deletion unsuccessful", status=401, mimetype='application/json')
+ return Response("Deletion unsuccessful. Not authorized.", status=401, mimetype='application/json')
delete_success = authModel.delete(username)
@@ -129,11 +143,11 @@ def user():
# invalidate JWT token if user deleted his account
if decoded_token.get("username") == username:
authModel.blacklist(token)
- return Response("Deletion successful", status=200, mimetype='application/json')
+ return Response("Deletion successful.", status=200, mimetype='application/json')
else:
- return Response("Deletion unsuccessful", status=409, mimetype='application/json')
+ return Response("Deletion unsuccessful.", status=409, mimetype='application/json')
else:
- return Response("Deletion unsuccessful", status=409, mimetype='application/json')
+ return Response("[25] Deletion unsuccessful", status=400, mimetype='application/json')
@app.route("/blacklist/cleanup", methods=["POST"])
@@ -160,8 +174,9 @@ def listUser():
token = ""
authorizationHeader = request.headers.get('authorization')
- if authorizationHeader is not None:
- token = authorizationHeader.replace("Bearer ", "")
+ if authorizationHeader is None:
+ return Response("Listing unsuccessful. JWT token required.", status=400, mimetype='application/json')
+ token = authorizationHeader.replace("Bearer ", "")
if authModel.verify(token):
if not authModel.isAdmin(token):
return Response("Listing unsuccessful. Not authorized.", status=403, mimetype='application/json')
@@ -169,10 +184,14 @@ def listUser():
return Response("Listing unsuccessful. Not authorized.", status=401, mimetype='application/json')
roles = request.form.get("roles")
+
+ if roles is None or roles == "":
+ roles = "all"
+
createResponse = authModel.list_users(roles)
if createResponse != "":
- return Response("list: " + str(createResponse), status=200, mimetype='application/json')
+ return Response(str(createResponse), status=200, mimetype='application/json')
else:
return Response("Listing unsuccessful. Please adjust your credentials", status=409, mimetype='application/json')
diff --git a/code/auth-service/authModel.py b/code/auth-service/authModel.py
index 6ac127737eecc3e7326c8b8d6732844063f6924c..815eef2ca49f4de2214f338118a020605a228fb3 100644
--- a/code/auth-service/authModel.py
+++ b/code/auth-service/authModel.py
@@ -161,6 +161,16 @@ def delete(username):
try:
conn, cur = db_connect()
+ check = """
+ SELECT u.username
+ FROM users u
+ WHERE u.username = %s;
+ """
+ cur.execute(check, (username,))
+ rows = cur.fetchall()
+ if rows[0] == "":
+ return False
+ conn, cur = db_connect()
cur.execute("DELETE FROM users WHERE username LIKE %s", (username,))
conn.commit()
return True
@@ -253,7 +263,7 @@ def list_users(roles_str):
try:
conn, cur = db_connect()
user_list = ""
- if role != "null":
+ if role != "all":
query = """
SELECT u.username, r.role
FROM users u
@@ -262,7 +272,6 @@ def list_users(roles_str):
"""
cur.execute(query, (role,))
rows = cur.fetchall()
- user_list = rows
user_list = [(row[0], row[1]) for row in rows]
else:
query = """
@@ -272,8 +281,7 @@ def list_users(roles_str):
"""
cur.execute(query)
rows = cur.fetchall()
- user_list = str(rows) + " | Erfolg"
- user_list = [row[0] for row in rows]
+ user_list = [(row[0], row[1]) for row in rows]
return user_list
except (Exception, psycopg2.DatabaseError) as error:
app.logger.error(error)