implement auth

2021-06-27 14:25:44 +02:00 · 2021-06-27 14:25:44 +02:00 · 78c539c30a
commit 78c539c30a
parent 5113f6995e
7 changed files with 82 additions and 74 deletions
--- a/data/auth.yml
+++ b/data/auth.yml
@ -1,3 +1,5 @@
 ---
 peter:
  password: geheim
+klaus:
+  password: jutta
--- a/ki/actions/seed.py
+++ b/ki/actions/seed.py
@ -81,4 +81,9 @@ def seed(dev: bool):
        peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
        db.session.add(peter_fr)

+        logging.info("seeding klaus :D")
+
+        klaus = User(auth_id="klaus")
+        db.session.add(klaus)
+
    db.session.commit()
--- a/ki/routes.py
+++ b/ki/routes.py
@ -124,10 +124,14 @@ def get_user_profile(user_id):
@app.route("/users/<user_id>/profile", methods=["POST"])
@token_auth
 def update_profile(user_id):
+    if g.user.id != int(user_id):
+        return make_response({}, 403)
+
    return update_profile_handler(int(user_id))


@app.route("/skills")
+@token_auth
 def get_skills():
    return handle_completion_request(Skill, "skills")

@ -139,6 +143,7 @@ def get_skill_icon(skill_id):


@app.route("/languages")
+@token_auth
 def get_languages():
    return handle_completion_request(Language, "languages")

--- a/ki/test/ApiTest.py
+++ b/ki/test/ApiTest.py
@ -0,0 +1,35 @@
+from alembic import command
+import json
+import unittest
+
+from app import app, db, migrate
+from ki.actions import seed
+
+
+class ApiTest(unittest.TestCase):
+    maxDiff = None
+
+    def setUp(self):
+        app.debug = True
+        app.config["TESTING"] = True
+        app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
+        self.client = app.test_client()
+
+        with app.app_context():
+            config = migrate.get_config()
+            command.upgrade(config, "head")
+
+        seed(True)
+
+    def tearDown(self):
+        db.drop_all()
+        db.engine.dispose()
+
+    def login(self, username, password):
+        login_data = {"username": username, "password": password}
+        login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
+
+        self.assertEqual(login_response.status_code, 200)
+        self.assertIn("token", login_response.json)
+
+        return login_response.json
--- a/ki/test/test_login_endpoint.py
+++ b/ki/test/test_login_endpoint.py
@ -1,42 +1,25 @@
-from alembic import command
 import json
+
 import unittest

-from app import app, db, migrate
-from ki.actions import seed
+from ki.test.ApiTest import ApiTest


-class TestLoginEndpoint(unittest.TestCase):
-    def setUp(self):
-        app.debug = True
-        app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
-        self.client = app.test_client()
-
-        with app.app_context():
-            config = migrate.get_config()
-            command.upgrade(config, "head")
-
-        seed(True)
-
-    def tearDown(self):
-        db.drop_all()
-        db.engine.dispose()
-
+class TestLoginEndpoint(ApiTest):
    def test_login(self):
-        response1_data = self.login()
-        response2_data = self.login()
+        response1_data = self.login("peter", "geheim")
+        response2_data = self.login("peter", "geheim")
        self.assertNotEqual(response1_data["token"], response2_data["token"])

-    def login(self):
-        response = self.client.post("/users/login",
-                                    data=json.dumps({
-                                        "username": "peter",
-                                        "password": "geheim"
-                                    }),
-                                    content_type="application/json")
-        self.assertEqual(response.status_code, 200)
-        self.assertIn("token", response.json)
-        return response.json
+    def test_login_wrong_credentails(self):
+        login_data = {"username": "peter", "password": "123456"}
+        login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
+        self.assertEqual(login_response.status_code, 403)
+
+    def test_login_unknown_user(self):
+        login_data = {"username": "karl", "password": "123456"}
+        login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
+        self.assertEqual(login_response.status_code, 403)


 if __name__ == "main":
--- a/ki/test/test_profile_endpoint.py
+++ b/ki/test/test_profile_endpoint.py
@ -1,38 +1,31 @@
-from alembic import command
 import unittest
 import json

-from app import app, db, migrate
-from ki.actions import seed
+from app import app
 from ki.models import User
+from ki.test.ApiTest import ApiTest


-class TestProfileEndpoint(unittest.TestCase):
+class TestProfileEndpoint(ApiTest):
    maxDiff = None

-    def setUp(self):
-        app.debug = True
-        app.config["TESTING"] = True
-        app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
-        self.client = app.test_client()
-
-        with app.app_context():
-            config = migrate.get_config()
-            command.upgrade(config, "head")
-
-        seed(True)
-
-    def tearDown(self):
-        db.drop_all()
-        db.engine.dispose()
-
-    def test_update_profile(self):
-        login_data = {"username": "peter", "password": "geheim"}
+    def test_update_profile_unauthorised(self):
+        login_data = {"username": "klaus", "password": "jutta"}
        login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")

        self.assertEqual(login_response.status_code, 200)
        self.assertIn("token", login_response.json)

+        response = self.client.post("/users/1/profile",
+                                    data=json.dumps({}),
+                                    content_type="application/json",
+                                    headers={"Authorization": "Bearer " + login_response.json["token"]})
+
+        self.assertEqual(response.status_code, 403)
+
+    def test_update_profile(self):
+        token = self.login("peter", "geheim")["token"]
+
        data = {
            "pronouns": "Monsieur",
            "volunteerwork": "ja",
@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase):
        response = self.client.post("/users/1/profile",
                                    data=json.dumps(data),
                                    content_type="application/json",
-                                    headers={"Authorization": "Bearer " + login_response.json["token"]})
+                                    headers={"Authorization": "Bearer " + token})

        self.assertEqual(response.status_code, 200)
        with app.app_context():
--- a/ki/test/test_skills_endpoint.py
+++ b/ki/test/test_skills_endpoint.py
@ -1,26 +1,9 @@
-from alembic import command
 import unittest

-from app import app, db, migrate
-from ki.actions import seed
+from ki.test.ApiTest import ApiTest


-class TestSkillsEndpoint(unittest.TestCase):
-    def setUp(self):
-        app.debug = True
-        app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
-        self.client = app.test_client()
-
-        with app.app_context():
-            config = migrate.get_config()
-            command.upgrade(config, "head")
-
-        seed(True)
-
-    def tearDown(self):
-        db.drop_all()
-        db.engine.dispose()
-
+class TestSkillsEndpoint(ApiTest):
    def test_skills_options(self):
        response = self.client.options("/skills")
        self.assertEqual(response.status_code, 200)
@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase):
        self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")

    def test_get_skills1(self):
-        response = self.client.get("/skills?search=p")
+        token = self.login("peter", "geheim")["token"]
+
+        response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            {