From d03cd1d2f87350febf461f28928d00ee6c3cbaa3 Mon Sep 17 00:00:00 2001
From: H4CK3R-01 <resiaknairolf@gmail.com>
Date: Mon, 14 Mar 2022 22:57:03 +0100
Subject: [PATCH] Check if token is empty or invalid, update postman

---
 docs/postman.json                        |  6 +++---
 webservice/api_blueprint_keyword.py      | 20 +++++++++++++-------
 webservice/api_blueprint_shares.py       | 20 +++++++++++++-------
 webservice/api_blueprint_transactions.py | 12 ++++++++----
 webservice/helper_functions.py           | 18 +++++++++++++++---
 5 files changed, 52 insertions(+), 24 deletions(-)

diff --git a/docs/postman.json b/docs/postman.json
index dae03e7..134841e 100644
--- a/docs/postman.json
+++ b/docs/postman.json
@@ -289,7 +289,7 @@
 			"name": "Transactions",
 			"item": [
 				{
-					"name": "/api/keywords",
+					"name": "/api/transactions",
 					"request": {
 						"method": "GET",
 						"header": [],
@@ -307,7 +307,7 @@
 					"response": []
 				},
 				{
-					"name": "/api/keyword",
+					"name": "/api/transaction",
 					"request": {
 						"method": "POST",
 						"header": [],
@@ -341,7 +341,7 @@
 		"bearer": [
 			{
 				"key": "token",
-				"value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6IlVzZXJuYW1lIiwiZXhwIjoxNjQ3MjgwMjkwfQ.SL_WpvJBA1XG_BVwD-zIS4-YnGvxbNqluy5fWjGp2DQ",
+				"value": "access_token",
 				"type": "string"
 			}
 		]
diff --git a/webservice/api_blueprint_keyword.py b/webservice/api_blueprint_keyword.py
index 5ba32fe..2b27a40 100644
--- a/webservice/api_blueprint_keyword.py
+++ b/webservice/api_blueprint_keyword.py
@@ -3,7 +3,7 @@ import os
 from flask import Blueprint, jsonify, request
 
 from db import db
-from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username
+from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username, return_401
 from models import Keyword
 
 keyword_blueprint = Blueprint('keyword', __name__, url_prefix='/api')
@@ -12,11 +12,13 @@ __location__ = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file
 
 @keyword_blueprint.route('/keyword', methods=['POST'])
 def add_keyword():
-    request_data = request.get_json()
-    key = request_data['keyword']
-
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
+
+    request_data = request.get_json()
+    key = request_data['keyword']
 
     check_keyword = db.session.query(Keyword).filter_by(keyword=key, user_id=get_user_id_from_username(username)).first()
     if check_keyword is None:
@@ -35,11 +37,13 @@ def add_keyword():
 
 @keyword_blueprint.route('/keyword', methods=['DELETE'])
 def remove_keyword():
-    request_data = request.get_json()
-    key = request_data['keyword']
-
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
+
+    request_data = request.get_json()
+    key = request_data['keyword']
 
     db.session.query(Keyword).filter_by(keyword=key, user_id=get_user_id_from_username(username)).delete()
     db.session.commit()
@@ -51,6 +55,8 @@ def remove_keyword():
 def get_keywords():
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
 
     return_keywords = []
     keywords = db.session.query(Keyword).filter_by(user_id=get_user_id_from_username(username)).all()
diff --git a/webservice/api_blueprint_shares.py b/webservice/api_blueprint_shares.py
index 728e137..cbde440 100644
--- a/webservice/api_blueprint_shares.py
+++ b/webservice/api_blueprint_shares.py
@@ -3,7 +3,7 @@ import os
 from flask import Blueprint, jsonify, request
 
 from db import db
-from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username
+from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username, return_401
 from models import Share
 
 shares_blueprint = Blueprint('share', __name__, url_prefix='/api')
@@ -12,11 +12,13 @@ __location__ = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file
 
 @shares_blueprint.route('/share', methods=['POST'])
 def add_symbol():
-    request_data = request.get_json()
-    symbol = request_data['symbol']
-
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
+
+    request_data = request.get_json()
+    symbol = request_data['symbol']
 
     check_share = db.session.query(Share).filter_by(symbol=symbol, user_id=get_user_id_from_username(username)).first()
     if check_share is None:
@@ -35,11 +37,13 @@ def add_symbol():
 
 @shares_blueprint.route('/share', methods=['DELETE'])
 def remove_symbol():
-    request_data = request.get_json()
-    symbol = request_data['symbol']
-
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
+
+    request_data = request.get_json()
+    symbol = request_data['symbol']
 
     db.session.query(Share).filter_by(symbol=symbol, user_id=get_user_id_from_username(username)).delete()
     db.session.commit()
@@ -51,6 +55,8 @@ def remove_symbol():
 def get_symbol():
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
 
     return_symbols = []
     symbols = db.session.query(Share).filter_by(user_id=get_user_id_from_username(username)).all()
diff --git a/webservice/api_blueprint_transactions.py b/webservice/api_blueprint_transactions.py
index e47b33e..ff01a09 100644
--- a/webservice/api_blueprint_transactions.py
+++ b/webservice/api_blueprint_transactions.py
@@ -4,7 +4,7 @@ import datetime
 from flask import Blueprint, jsonify, request
 
 from db import db
-from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username
+from helper_functions import get_username_from_token_data, extract_token_data, get_token, get_user_id_from_username, return_401
 from models import Transaction
 
 transaction_blueprint = Blueprint('transaction', __name__, url_prefix='/api')
@@ -13,15 +13,17 @@ __location__ = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file
 
 @transaction_blueprint.route('/transaction', methods=['POST'])
 def add_transaction():
+    # get username from jwt token
+    username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
+
     request_data = request.get_json()
     symbol = request_data['symbol']
     time = datetime.datetime.strptime(request_data['time'], '%Y-%m-%dT%H:%M:%S.%fZ')
     count = request_data['count']
     price = request_data['price']
 
-    # get username from jwt token
-    username = get_username_from_token_data(extract_token_data(get_token()))
-
     new_transcation = Transaction(
         user_id=get_user_id_from_username(username),
         symbol=symbol,
@@ -39,6 +41,8 @@ def add_transaction():
 def get_transaction():
     # get username from jwt token
     username = get_username_from_token_data(extract_token_data(get_token()))
+    if username is None:  # If token not provided or invalid -> return 401 code
+        return return_401()
 
     return_transactions = []
     transactions = db.session.query(Transaction).filter_by(user_id=get_user_id_from_username(username)).all()
diff --git a/webservice/helper_functions.py b/webservice/helper_functions.py
index 3fe846d..f081182 100644
--- a/webservice/helper_functions.py
+++ b/webservice/helper_functions.py
@@ -3,7 +3,7 @@ import os
 import uuid
 
 import jwt
-from flask import request
+from flask import request, jsonify
 
 from db import db
 from models import User
@@ -33,11 +33,23 @@ def extract_token_data(token):
             return jwt.decode(token, os.getenv('SECRET_KEY'), algorithms=["HS256"])
         except:
             return None
+    else:
+        return None
 
 
 def get_username_from_token_data(token_data):
-    return token_data['username']
+    if token_data is not None:
+        return token_data['username']
+    else:
+        return None
 
 
 def get_user_id_from_username(username):
-    return db.session.query(User).filter_by(username=username).first().user_id
+    if username is not None:
+        return db.session.query(User).filter_by(username=username).first().user_id
+    else:
+        return None
+
+
+def return_401():
+    return jsonify({"status": 401, "text": "Authorization token not provided or not valid"})