From d138bb2e327393b9b535fac4c123b53988c4987d Mon Sep 17 00:00:00 2001 From: k22036 <131113333+k22036@users.noreply.github.com> Date: Sat, 14 Sep 2024 13:19:33 +0900 Subject: [PATCH 1/4] =?UTF-8?q?add:=20=E8=87=AA=E8=BA=AB=E3=81=AE=E3=83=87?= =?UTF-8?q?=E3=83=90=E3=82=A4=E3=82=B9=E3=82=92=E8=AD=98=E5=88=A5=E3=81=99?= =?UTF-8?q?=E3=82=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/src/StreetPass/routes.py | 3 +++ server/tests/test_streetpass.py | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/server/src/StreetPass/routes.py b/server/src/StreetPass/routes.py index 137c16c..821b577 100644 --- a/server/src/StreetPass/routes.py +++ b/server/src/StreetPass/routes.py @@ -33,6 +33,9 @@ def received_beacon(): if not sent_user: return jsonify({'error': 'Invalid private_key'}), 400 + if received_user['uid'] == sent_user['uid']: + return jsonify({'pass': 'own'}), 200 + threshold = datetime.datetime.now() - datetime.timedelta(seconds=30) pre_passes.delete_many({'created_at': {'$lt': threshold}}) threshold = datetime.datetime.now() - datetime.timedelta(seconds=60) diff --git a/server/tests/test_streetpass.py b/server/tests/test_streetpass.py index 0556601..c94376f 100644 --- a/server/tests/test_streetpass.py +++ b/server/tests/test_streetpass.py @@ -233,6 +233,18 @@ def test_received_beacon_disable_success(baseurl): assert res.json()['pass'] == 'false' +def test_received_beacon_own_success(baseurl): + global private_key1 + url = baseurl+'/streetpass/received_beacon' + res = requests.post(url, json={ + 'received_major': major1, + 'received_minor': minor1, + 'private_key': private_key1 + }) + assert res.status_code == 200 + assert res.json()['pass'] == 'own' + + def test_done(): global token1, device_uid1, email1 global token2, device_uid2, email2 From 2c64c1782d896b77ba3b1a065ee746852981380b Mon Sep 17 00:00:00 2001 From: k22036 <131113333+k22036@users.noreply.github.com> Date: Sat, 14 Sep 2024 13:26:04 +0900 Subject: [PATCH 2/4] =?UTF-8?q?fix:=20auth=5Fcheck=E3=81=A7=E7=84=A1?= =?UTF-8?q?=E5=8A=B9=E3=81=AA=E3=83=88=E3=83=BC=E3=82=AF=E3=83=B3=E3=81=AB?= =?UTF-8?q?=E5=AF=BE=E3=81=99=E3=82=8B=E3=83=AC=E3=82=B9=E3=83=9D=E3=83=B3?= =?UTF-8?q?=E3=82=B9=E3=82=B3=E3=83=BC=E3=83=89=E3=82=92401=E3=81=AB?= =?UTF-8?q?=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/src/Pairing/routes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/Pairing/routes.py b/server/src/Pairing/routes.py index 16b9984..c9cfd96 100644 --- a/server/src/Pairing/routes.py +++ b/server/src/Pairing/routes.py @@ -86,7 +86,7 @@ def auth_check(): user = users.find_one({'token': token}) if not user: - return jsonify({'error': 'Invalid token'}), 400 + return jsonify({'error': 'Invalid token'}), 401 new_token = create_access_token(identity=user['token']) users.update_one({'token': token}, {'$set': {'token': new_token}}) From aaf02262f85b817327d258ffbbd526583c3cafb6 Mon Sep 17 00:00:00 2001 From: k22036 <131113333+k22036@users.noreply.github.com> Date: Sat, 14 Sep 2024 13:31:22 +0900 Subject: [PATCH 3/4] =?UTF-8?q?change:=20auth=5Fcheck=E3=81=A7=E6=9C=AA?= =?UTF-8?q?=E8=AA=8D=E8=A8=BC=E3=81=AE=E5=A0=B4=E5=90=88=EF=BC=8C401?= =?UTF-8?q?=E3=82=92=E8=BF=94=E3=81=99=E3=82=88=E3=81=86=E3=81=AB=E5=A4=89?= =?UTF-8?q?=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/tests/test_pairing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/tests/test_pairing.py b/server/tests/test_pairing.py index 6bdcc36..70bd2a3 100644 --- a/server/tests/test_pairing.py +++ b/server/tests/test_pairing.py @@ -184,7 +184,7 @@ def test_auth_check_invalid_token(baseurl): res = requests.post(url, json={ 'token': 'invalidToken' }) - assert res.status_code == 400 + assert res.status_code == 401 assert res.json()['error'] == 'Invalid token' From 99c7383db67889a1e38a78cb5b28f2b06133083f Mon Sep 17 00:00:00 2001 From: k22036 <131113333+k22036@users.noreply.github.com> Date: Sun, 15 Sep 2024 11:43:26 +0900 Subject: [PATCH 4/4] =?UTF-8?q?change:=20=E3=81=99=E3=82=8C=E9=81=95?= =?UTF-8?q?=E3=81=84=E3=81=AE=E8=AA=8D=E8=A8=BC=E6=83=85=E5=A0=B1=E3=81=A8?= =?UTF-8?q?=E3=81=97=E3=81=A6token=E3=82=92=E5=88=A9=E7=94=A8=E3=81=99?= =?UTF-8?q?=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/src/StreetPass/routes.py | 11 +++++----- server/tests/test_streetpass.py | 38 ++++++++++++++------------------- 2 files changed, 22 insertions(+), 27 deletions(-) diff --git a/server/src/StreetPass/routes.py b/server/src/StreetPass/routes.py index 821b577..9c83f1f 100644 --- a/server/src/StreetPass/routes.py +++ b/server/src/StreetPass/routes.py @@ -7,6 +7,7 @@ # MongoDBに接続 db = DB() +users = db.users pairings = db.pairings pre_passes = db.pre_passes now_passes = db.now_passes @@ -21,17 +22,17 @@ def received_beacon(): received_minor = request.json['received_minor'] if not received_minor: return jsonify({'error': 'Missing received_minor'}), 400 - private_key = request.json['private_key'] - if not private_key: - return jsonify({'error': 'Missing private_key'}), 400 + token = request.json['token'] + if not token: + return jsonify({'error': 'Missing token'}), 400 received_user = pairings.find_one( {'major': received_major, 'minor': received_minor}) if not received_user: return jsonify({'error': 'Invalid received_major_minor'}), 400 - sent_user = pairings.find_one({'private_key': private_key}) + sent_user = users.find_one({'token': token}) if not sent_user: - return jsonify({'error': 'Invalid private_key'}), 400 + return jsonify({'error': 'Invalid token'}), 400 if received_user['uid'] == sent_user['uid']: return jsonify({'pass': 'own'}), 200 diff --git a/server/tests/test_streetpass.py b/server/tests/test_streetpass.py index c94376f..22e8c22 100644 --- a/server/tests/test_streetpass.py +++ b/server/tests/test_streetpass.py @@ -120,47 +120,44 @@ def test_pairing_success(baseurl): def test_received_beacon_missing_received_major(baseurl): - global private_key1 url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': '', 'received_minor': minor1, - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 400 assert res.json()['error'] == 'Missing received_major' def test_received_beacon_missing_received_minor(baseurl): - global private_key1 url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major1, 'received_minor': '', - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 400 assert res.json()['error'] == 'Missing received_minor' -def test_received_beacon_missing_private_key(baseurl): +def test_received_beacon_missing_token(baseurl): url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major1, 'received_minor': minor1, - 'private_key': '' + 'token': '' }) assert res.status_code == 400 - assert res.json()['error'] == 'Missing private_key' + assert res.json()['error'] == 'Missing token' def test_received_beacon_invalid_received_major_minor(baseurl): - global private_key1 url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major1, 'received_minor': 'invalidMinor', - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 400 assert res.json()['error'] == 'Invalid received_major_minor' @@ -168,47 +165,45 @@ def test_received_beacon_invalid_received_major_minor(baseurl): res = requests.post(url, json={ 'received_major': 'invalidMajor', 'received_minor': minor1, - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 400 assert res.json()['error'] == 'Invalid received_major_minor' -def test_received_beacon_invalid_private_key(baseurl): +def test_received_beacon_invalid_token(baseurl): url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major1, 'received_minor': minor1, - 'private_key': 'invalidPrivateKey' + 'token': 'invalidToken' }) assert res.status_code == 400 - assert res.json()['error'] == 'Invalid private_key' + assert res.json()['error'] == 'Invalid token' def test_received_beacon_enable_success(baseurl): - global private_key1 url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major2, 'received_minor': minor2, - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 200 assert res.json()['pass'] == 'false' - global private_key2 res = requests.post(url, json={ 'received_major': major1, 'received_minor': minor1, - 'private_key': private_key2 + 'token': token2 }) assert res.status_code == 200 assert res.json()['pass'] == 'true' def test_received_beacon_disable_success(baseurl): - global token1, private_key1 - global token2, private_key2 + global token1 + global token2 client = MongoClient('localhost', 27017) db = client['db'] users = db['users'] @@ -227,19 +222,18 @@ def test_received_beacon_disable_success(baseurl): res = requests.post(url, json={ 'received_major': major2, 'received_minor': minor2, - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 200 assert res.json()['pass'] == 'false' def test_received_beacon_own_success(baseurl): - global private_key1 url = baseurl+'/streetpass/received_beacon' res = requests.post(url, json={ 'received_major': major1, 'received_minor': minor1, - 'private_key': private_key1 + 'token': token1 }) assert res.status_code == 200 assert res.json()['pass'] == 'own'