From 78c539c30a7625559c291bd268b620fcc44bbd03 Mon Sep 17 00:00:00 2001 From: Michael Weimann Date: Sun, 27 Jun 2021 14:25:44 +0200 Subject: [PATCH] implement auth --- data/auth.yml | 2 ++ ki/actions/seed.py | 5 ++++ ki/routes.py | 5 ++++ ki/test/ApiTest.py | 35 +++++++++++++++++++++++++ ki/test/test_login_endpoint.py | 45 ++++++++++---------------------- ki/test/test_profile_endpoint.py | 39 ++++++++++++--------------- ki/test/test_skills_endpoint.py | 25 ++++-------------- 7 files changed, 82 insertions(+), 74 deletions(-) create mode 100644 ki/test/ApiTest.py diff --git a/data/auth.yml b/data/auth.yml index d833e3f..fadf4a6 100644 --- a/data/auth.yml +++ b/data/auth.yml @@ -1,3 +1,5 @@ --- peter: password: geheim +klaus: + password: jutta diff --git a/ki/actions/seed.py b/ki/actions/seed.py index f9528a8..e889c89 100644 --- a/ki/actions/seed.py +++ b/ki/actions/seed.py @@ -81,4 +81,9 @@ def seed(dev: bool): peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3) db.session.add(peter_fr) + logging.info("seeding klaus :D") + + klaus = User(auth_id="klaus") + db.session.add(klaus) + db.session.commit() diff --git a/ki/routes.py b/ki/routes.py index 58c1513..f9e700d 100644 --- a/ki/routes.py +++ b/ki/routes.py @@ -124,10 +124,14 @@ def get_user_profile(user_id): @app.route("/users//profile", methods=["POST"]) @token_auth def update_profile(user_id): + if g.user.id != int(user_id): + return make_response({}, 403) + return update_profile_handler(int(user_id)) @app.route("/skills") +@token_auth def get_skills(): return handle_completion_request(Skill, "skills") @@ -139,6 +143,7 @@ def get_skill_icon(skill_id): @app.route("/languages") +@token_auth def get_languages(): return handle_completion_request(Language, "languages") diff --git a/ki/test/ApiTest.py b/ki/test/ApiTest.py new file mode 100644 index 0000000..1ab1253 --- /dev/null +++ b/ki/test/ApiTest.py @@ -0,0 +1,35 @@ +from alembic import command +import json +import unittest + +from app import app, db, migrate +from ki.actions import seed + + +class ApiTest(unittest.TestCase): + maxDiff = None + + def setUp(self): + app.debug = True + app.config["TESTING"] = True + app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" + self.client = app.test_client() + + with app.app_context(): + config = migrate.get_config() + command.upgrade(config, "head") + + seed(True) + + def tearDown(self): + db.drop_all() + db.engine.dispose() + + def login(self, username, password): + login_data = {"username": username, "password": password} + login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json") + + self.assertEqual(login_response.status_code, 200) + self.assertIn("token", login_response.json) + + return login_response.json diff --git a/ki/test/test_login_endpoint.py b/ki/test/test_login_endpoint.py index 314de11..ea58250 100644 --- a/ki/test/test_login_endpoint.py +++ b/ki/test/test_login_endpoint.py @@ -1,42 +1,25 @@ -from alembic import command import json + import unittest -from app import app, db, migrate -from ki.actions import seed +from ki.test.ApiTest import ApiTest -class TestLoginEndpoint(unittest.TestCase): - def setUp(self): - app.debug = True - app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" - self.client = app.test_client() - - with app.app_context(): - config = migrate.get_config() - command.upgrade(config, "head") - - seed(True) - - def tearDown(self): - db.drop_all() - db.engine.dispose() - +class TestLoginEndpoint(ApiTest): def test_login(self): - response1_data = self.login() - response2_data = self.login() + response1_data = self.login("peter", "geheim") + response2_data = self.login("peter", "geheim") self.assertNotEqual(response1_data["token"], response2_data["token"]) - def login(self): - response = self.client.post("/users/login", - data=json.dumps({ - "username": "peter", - "password": "geheim" - }), - content_type="application/json") - self.assertEqual(response.status_code, 200) - self.assertIn("token", response.json) - return response.json + def test_login_wrong_credentails(self): + login_data = {"username": "peter", "password": "123456"} + login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json") + self.assertEqual(login_response.status_code, 403) + + def test_login_unknown_user(self): + login_data = {"username": "karl", "password": "123456"} + login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json") + self.assertEqual(login_response.status_code, 403) if __name__ == "main": diff --git a/ki/test/test_profile_endpoint.py b/ki/test/test_profile_endpoint.py index f58fda7..0caa6c4 100644 --- a/ki/test/test_profile_endpoint.py +++ b/ki/test/test_profile_endpoint.py @@ -1,38 +1,31 @@ -from alembic import command import unittest import json -from app import app, db, migrate -from ki.actions import seed +from app import app from ki.models import User +from ki.test.ApiTest import ApiTest -class TestProfileEndpoint(unittest.TestCase): +class TestProfileEndpoint(ApiTest): maxDiff = None - def setUp(self): - app.debug = True - app.config["TESTING"] = True - app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" - self.client = app.test_client() - - with app.app_context(): - config = migrate.get_config() - command.upgrade(config, "head") - - seed(True) - - def tearDown(self): - db.drop_all() - db.engine.dispose() - - def test_update_profile(self): - login_data = {"username": "peter", "password": "geheim"} + def test_update_profile_unauthorised(self): + login_data = {"username": "klaus", "password": "jutta"} login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json") self.assertEqual(login_response.status_code, 200) self.assertIn("token", login_response.json) + response = self.client.post("/users/1/profile", + data=json.dumps({}), + content_type="application/json", + headers={"Authorization": "Bearer " + login_response.json["token"]}) + + self.assertEqual(response.status_code, 403) + + def test_update_profile(self): + token = self.login("peter", "geheim")["token"] + data = { "pronouns": "Monsieur", "volunteerwork": "ja", @@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase): response = self.client.post("/users/1/profile", data=json.dumps(data), content_type="application/json", - headers={"Authorization": "Bearer " + login_response.json["token"]}) + headers={"Authorization": "Bearer " + token}) self.assertEqual(response.status_code, 200) with app.app_context(): diff --git a/ki/test/test_skills_endpoint.py b/ki/test/test_skills_endpoint.py index 0d6fb7c..93fcc96 100644 --- a/ki/test/test_skills_endpoint.py +++ b/ki/test/test_skills_endpoint.py @@ -1,26 +1,9 @@ -from alembic import command import unittest -from app import app, db, migrate -from ki.actions import seed +from ki.test.ApiTest import ApiTest -class TestSkillsEndpoint(unittest.TestCase): - def setUp(self): - app.debug = True - app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" - self.client = app.test_client() - - with app.app_context(): - config = migrate.get_config() - command.upgrade(config, "head") - - seed(True) - - def tearDown(self): - db.drop_all() - db.engine.dispose() - +class TestSkillsEndpoint(ApiTest): def test_skills_options(self): response = self.client.options("/skills") self.assertEqual(response.status_code, 200) @@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase): self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*") def test_get_skills1(self): - response = self.client.get("/skills?search=p") + token = self.login("peter", "geheim")["token"] + + response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token}) self.assertEqual(response.status_code, 200) self.assertEqual( {