# Pre-requisites

Initialize notebook environment:

In [131]:
import os
import sys

sys.path.append('..')

Import all neccessary libraries.

In [100]:
import requests
from mypass import crypto

## Crypto library

Lets go through the registration process in theory.

In [101]:
pw = 'password'

salt = crypto.gen_salt()
master_token = crypto.initpw(nbytes=256)
secret_token = crypto.encryptsecret(master_token, pw, salt)
# secret_token = crypto.gen_master_token(pw, salt)
hashed_pw = crypto.hashpw(pw, salt)

print(f'Salt:          {salt[:100]}')
print(f'Secret token:  {secret_token[:100]}...')
print(f'Hashed pw:     {hashed_pw[:100]}...')

token = crypto.decryptsecret(secret_token, pw, salt)

# assert master_token == token, 'Master tokens should be identical.'
print(f'Token:         {token[:100]}...')
print(f'Token:         {master_token[:100]}...')

Salt:          rC4ShPAkMrAn6MXRCEWjE0zWSIak4okJsBTBWWT4fDQ
Secret token:  gAAAAABk6zvJLqHblHKWLMsI0eFITu8TOOrDXtg5woda4dXcQpCz614qu0XKmmCWwtJU87eu09btZ4KLN_i5ujzWMax62jfqk1gj...
Hashed pw:     fp2E94z4P4DV6hWWRi56CT3UszzXv2d273RrDLEPJWTjB8_Yk_biBvwVWIXPhWNeX2GzhaCdtqvyg93Tv39gAg==...
Token:         Uyp5jKp8iQOWruyWuJcLCfqW0FSj88IvTE5_2WnyPWqahgB8h6ve-yN6ooMIlRargf1EWzzbFBceqDKnjrFN95Ks1ySxAqKPAi_L...
Token:         Uyp5jKp8iQOWruyWuJcLCfqW0FSj88IvTE5_2WnyPWqahgB8h6ve-yN6ooMIlRargf1EWzzbFBceqDKnjrFN95Ks1ySxAqKPAi_L...


# API usage

Set url and proxy for registration request.

In [102]:
url = 'http://localhost/api/auth/registration'
proxies = {'http': 'http://localhost:5757', 'https': 'http://localhost:5757'}

In [103]:
resp = requests.post(url=url, proxies=proxies, json={'username': 'mypass-user', 'password': 'mp-passWorD'})

if resp.status_code == 201:
    print('Successful registration!')
    resp_obj = resp.json()
    print(resp_obj)
else:
    print('Failed registration!')
    print(resp.json())

Successful registration!
{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6dHJ1ZSwiaWF0IjoxNjkzMTM3ODY5LCJqdGkiOiI2ZTk4ZjJiZC1kNjIwLTRiZDYtYTA4NS0wNzI3NjM1OTIwYmMiLCJ0eXBlIjoiYWNjZXNzIiwic3ViIjp7InVpZCI6MSwidXNlcm5hbWUiOiJteXBhc3MtdXNlciIsInBhc3N3b3JkIjoibXAtcGFzc1dvckQiLCJ0b2tlbiI6IkdqUXlTS3Y3VzRIODExTDQ3Mmpjb2pyUUxla1NrcWxCRUdaa3JkRFVVQUp6ZVlRX2laVFA4NWU4MHRLQW1zN0dqVVdLMjRHcVh5UTBxX2JEV2k5akR3In0sIm5iZiI6MTY5MzEzNzg2OSwiZXhwIjoxNjkzMTM4NDY5fQ.POyCkpAEpwLaKPYXhL7Rnu0uwiDU_LL_dX7vN6WfccI', 'refresh_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY5MzEzNzg2OSwianRpIjoiZjg2NjNjNDEtMTk4My00M2I2LThmNDItNTI5OWFlOGI5MGJlIiwidHlwZSI6InJlZnJlc2giLCJzdWIiOnsidWlkIjoxLCJ1c2VybmFtZSI6Im15cGFzcy11c2VyIiwicGFzc3dvcmQiOiJtcC1wYXNzV29yRCIsInRva2VuIjoiR2pReVNLdjdXNEg4MTFMNDcyamNvanJRTGVrU2txbEJFR1prcmREVVVBSnplWVFfaVpUUDg1ZTgwdEtBbXM3R2pVV0syNEdxWHlRMHFfYkRXaTlqRHcifSwibmJmIjoxNjkzMTM3ODY5LCJleHAiOjE2OTU3Mjk4Njl9.pcC3QQRmrKUsusiFztQhp39-FVTscpYyehuZwK2TzLQ

Registration will log you in at the same time, as well as save a new user in the database side.

Next, we save all the jwt we just got from the registration request.

In [104]:
access_token = resp_obj['access_token']
refresh_token = resp_obj['refresh_token']

We can create an authorization class that does the work for us:

In [105]:
from requests.auth import AuthBase


class BearerAuth(AuthBase):
    def __init__(self, token: str):
        self.token = token

    def __call__(self, r):
        r.headers['authorization'] = f'Bearer {self.token}'
        return r

In [106]:
auth = BearerAuth(token=access_token)

or simply create a header object which we can pass along as well, with any given request.

In [107]:
headers = {'authorization': f'Bearer {access_token}'}

Let's try to login, with the registered user!
You can also experiment with different, or unauthorized logins.

In [108]:
url = 'http://localhost/api/auth/login'
resp = requests.post(url=url, proxies=proxies, json={'username': 'mypass-user', 'password': 'mp-passWorD'})

if resp.status_code == 201:
    print('Successful login!')
    resp_obj = resp.json()
    access_token = resp_obj['access_token']
    refresh_token = resp_obj['refresh_token']
    auth = BearerAuth(token=access_token)
    headers = {'authorization': f'Bearer {access_token}'}
    print(resp_obj)
else:
    print('Failed login!')
    print(resp.json())

Successful login!
{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6dHJ1ZSwiaWF0IjoxNjkzMTM3ODcxLCJqdGkiOiIyODllM2Y0NC0yM2RiLTRlY2EtODY1MC1lODFiMzYwODJhNzgiLCJ0eXBlIjoiYWNjZXNzIiwic3ViIjp7InVpZCI6MSwidXNlcm5hbWUiOiJteXBhc3MtdXNlciIsInBhc3N3b3JkIjoibXAtcGFzc1dvckQiLCJ0b2tlbiI6IkdqUXlTS3Y3VzRIODExTDQ3Mmpjb2pyUUxla1NrcWxCRUdaa3JkRFVVQUp6ZVlRX2laVFA4NWU4MHRLQW1zN0dqVVdLMjRHcVh5UTBxX2JEV2k5akR3In0sIm5iZiI6MTY5MzEzNzg3MSwiZXhwIjoxNjkzMTM4NDcxfQ.EXfVnieilMks-fzf_m6vXLHb0alwl9vyhefHYnq_PWA', 'refresh_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY5MzEzNzg3MSwianRpIjoiNTBhZDAzMzAtZDEyNy00ZmI4LThmODgtNGQzZTk3YzA3MTlmIiwidHlwZSI6InJlZnJlc2giLCJzdWIiOnsidWlkIjoxLCJ1c2VybmFtZSI6Im15cGFzcy11c2VyIiwicGFzc3dvcmQiOiJtcC1wYXNzV29yRCIsInRva2VuIjoiR2pReVNLdjdXNEg4MTFMNDcyamNvanJRTGVrU2txbEJFR1prcmREVVVBSnplWVFfaVpUUDg1ZTgwdEtBbXM3R2pVV0syNEdxWHlRMHFfYkRXaTlqRHcifSwibmJmIjoxNjkzMTM3ODcxLCJleHAiOjE2OTU3Mjk4NzF9.QKk3AKaAcAMCIcjMl5vH8Aob82eAOq1M6A7oMfVEvs4'}


## Requesting non-fresh access tokens

We will attempt to request a new ***non-fresh** access token* using our previous *refresh token*.

In [126]:
url = 'http://localhost/api/auth/refresh'
resp = requests.post(url=url, proxies=proxies, auth=BearerAuth(token=refresh_token))

if resp.status_code == 201:
    print('Successfully acquired non-fresh access token!')
    resp_obj = resp.json()
    access_token = resp_obj['access_token']
    auth = BearerAuth(token=access_token)
    headers = {'authorization': f'Bearer {access_token}'}
    print(resp_obj)
else:
    print('Failed to get new access token!')
    print(resp.json())

Successfully acquired non-fresh access token!
{'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmcmVzaCI6ZmFsc2UsImlhdCI6MTY5MzE0MTI1NywianRpIjoiYWQyNWU4NmMtNzYzMC00MzAyLTgzYjMtNjYxMmViOTVjNzUyIiwidHlwZSI6ImFjY2VzcyIsInN1YiI6eyJ1aWQiOjEsInVzZXJuYW1lIjoibXlwYXNzLXVzZXIiLCJwYXNzd29yZCI6Im1wLXBhc3NXb3JEIiwidG9rZW4iOiJHalF5U0t2N1c0SDgxMUw0NzJqY29qclFMZWtTa3FsQkVHWmtyZERVVUFKemVZUV9pWlRQODVlODB0S0FtczdHalVXSzI0R3FYeVEwcV9iRFdpOWpEdyJ9LCJuYmYiOjE2OTMxNDEyNTcsImV4cCI6MTY5MzE0MTg1N30.CESzGyCSQw1qG3KaagS2PfBxeSljilVbN6s0n3KacGY'}


## Creating vault entry

Lets create a vault entry! First, we set the url, then we will be making the actual request.

In [110]:
url = 'http://localhost/api/db/vault/add'
resp = requests.post(
    url=url,
    proxies=proxies,
    json={
        'username': 'aragorn',
        'password': 'l$1swoĐf75s#d9',
        'website': 'https://favsite.com',
        'title': 'fav',
        'notes': 'Hush!'
    },
    auth=BearerAuth(token=access_token))

if resp.status_code == 200:
    print('Successful entry creation!')
    resp_obj = resp.json()
    print(resp_obj)
else:
    print('Failed entry creation!')
    print(resp.json())

Successful entry creation!
{'id': 1}


## Reading from db

Lets query our read endpoints!

The following endpoint will read records from our database.

In [130]:
url = 'http://localhost/api/db/vault/select'
resp = requests.post(
    url=url,
    proxies=proxies,
    auth=BearerAuth(token=access_token))

if resp.status_code == 200:
    print('Entries read:')
    resp_obj = resp.json()
    if isinstance(resp_obj, list):
        print('\n'.join(str(o) for o in resp_obj))
    else:
        print(resp_obj)
else:
    print('Failed reading entries!')
    print(resp.json())

Entries read:
{'id': 1, 'username': 'aragorn', 'password': 'l$1swoĐf75s#d9', 'title': 'fav', 'website': 'https://favsite.com', 'folder': None, 'notes': 'Hush!', 'tags': [], 'parentid': None}
