forked from kompetenzinventar/ki-backend
implement auth
This commit is contained in:
parent
5113f6995e
commit
78c539c30a
@ -1,3 +1,5 @@
|
||||
---
|
||||
peter:
|
||||
password: geheim
|
||||
klaus:
|
||||
password: jutta
|
||||
|
@ -81,4 +81,9 @@ def seed(dev: bool):
|
||||
peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
|
||||
db.session.add(peter_fr)
|
||||
|
||||
logging.info("seeding klaus :D")
|
||||
|
||||
klaus = User(auth_id="klaus")
|
||||
db.session.add(klaus)
|
||||
|
||||
db.session.commit()
|
||||
|
@ -124,10 +124,14 @@ def get_user_profile(user_id):
|
||||
@app.route("/users/<user_id>/profile", methods=["POST"])
|
||||
@token_auth
|
||||
def update_profile(user_id):
|
||||
if g.user.id != int(user_id):
|
||||
return make_response({}, 403)
|
||||
|
||||
return update_profile_handler(int(user_id))
|
||||
|
||||
|
||||
@app.route("/skills")
|
||||
@token_auth
|
||||
def get_skills():
|
||||
return handle_completion_request(Skill, "skills")
|
||||
|
||||
@ -139,6 +143,7 @@ def get_skill_icon(skill_id):
|
||||
|
||||
|
||||
@app.route("/languages")
|
||||
@token_auth
|
||||
def get_languages():
|
||||
return handle_completion_request(Language, "languages")
|
||||
|
||||
|
35
ki/test/ApiTest.py
Normal file
35
ki/test/ApiTest.py
Normal file
@ -0,0 +1,35 @@
|
||||
from alembic import command
|
||||
import json
|
||||
import unittest
|
||||
|
||||
from app import app, db, migrate
|
||||
from ki.actions import seed
|
||||
|
||||
|
||||
class ApiTest(unittest.TestCase):
|
||||
maxDiff = None
|
||||
|
||||
def setUp(self):
|
||||
app.debug = True
|
||||
app.config["TESTING"] = True
|
||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
self.client = app.test_client()
|
||||
|
||||
with app.app_context():
|
||||
config = migrate.get_config()
|
||||
command.upgrade(config, "head")
|
||||
|
||||
seed(True)
|
||||
|
||||
def tearDown(self):
|
||||
db.drop_all()
|
||||
db.engine.dispose()
|
||||
|
||||
def login(self, username, password):
|
||||
login_data = {"username": username, "password": password}
|
||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||
|
||||
self.assertEqual(login_response.status_code, 200)
|
||||
self.assertIn("token", login_response.json)
|
||||
|
||||
return login_response.json
|
@ -1,42 +1,25 @@
|
||||
from alembic import command
|
||||
import json
|
||||
|
||||
import unittest
|
||||
|
||||
from app import app, db, migrate
|
||||
from ki.actions import seed
|
||||
from ki.test.ApiTest import ApiTest
|
||||
|
||||
|
||||
class TestLoginEndpoint(unittest.TestCase):
|
||||
def setUp(self):
|
||||
app.debug = True
|
||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
self.client = app.test_client()
|
||||
|
||||
with app.app_context():
|
||||
config = migrate.get_config()
|
||||
command.upgrade(config, "head")
|
||||
|
||||
seed(True)
|
||||
|
||||
def tearDown(self):
|
||||
db.drop_all()
|
||||
db.engine.dispose()
|
||||
|
||||
class TestLoginEndpoint(ApiTest):
|
||||
def test_login(self):
|
||||
response1_data = self.login()
|
||||
response2_data = self.login()
|
||||
response1_data = self.login("peter", "geheim")
|
||||
response2_data = self.login("peter", "geheim")
|
||||
self.assertNotEqual(response1_data["token"], response2_data["token"])
|
||||
|
||||
def login(self):
|
||||
response = self.client.post("/users/login",
|
||||
data=json.dumps({
|
||||
"username": "peter",
|
||||
"password": "geheim"
|
||||
}),
|
||||
content_type="application/json")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertIn("token", response.json)
|
||||
return response.json
|
||||
def test_login_wrong_credentails(self):
|
||||
login_data = {"username": "peter", "password": "123456"}
|
||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||
self.assertEqual(login_response.status_code, 403)
|
||||
|
||||
def test_login_unknown_user(self):
|
||||
login_data = {"username": "karl", "password": "123456"}
|
||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||
self.assertEqual(login_response.status_code, 403)
|
||||
|
||||
|
||||
if __name__ == "main":
|
||||
|
@ -1,38 +1,31 @@
|
||||
from alembic import command
|
||||
import unittest
|
||||
import json
|
||||
|
||||
from app import app, db, migrate
|
||||
from ki.actions import seed
|
||||
from app import app
|
||||
from ki.models import User
|
||||
from ki.test.ApiTest import ApiTest
|
||||
|
||||
|
||||
class TestProfileEndpoint(unittest.TestCase):
|
||||
class TestProfileEndpoint(ApiTest):
|
||||
maxDiff = None
|
||||
|
||||
def setUp(self):
|
||||
app.debug = True
|
||||
app.config["TESTING"] = True
|
||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
self.client = app.test_client()
|
||||
|
||||
with app.app_context():
|
||||
config = migrate.get_config()
|
||||
command.upgrade(config, "head")
|
||||
|
||||
seed(True)
|
||||
|
||||
def tearDown(self):
|
||||
db.drop_all()
|
||||
db.engine.dispose()
|
||||
|
||||
def test_update_profile(self):
|
||||
login_data = {"username": "peter", "password": "geheim"}
|
||||
def test_update_profile_unauthorised(self):
|
||||
login_data = {"username": "klaus", "password": "jutta"}
|
||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||
|
||||
self.assertEqual(login_response.status_code, 200)
|
||||
self.assertIn("token", login_response.json)
|
||||
|
||||
response = self.client.post("/users/1/profile",
|
||||
data=json.dumps({}),
|
||||
content_type="application/json",
|
||||
headers={"Authorization": "Bearer " + login_response.json["token"]})
|
||||
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
def test_update_profile(self):
|
||||
token = self.login("peter", "geheim")["token"]
|
||||
|
||||
data = {
|
||||
"pronouns": "Monsieur",
|
||||
"volunteerwork": "ja",
|
||||
@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase):
|
||||
response = self.client.post("/users/1/profile",
|
||||
data=json.dumps(data),
|
||||
content_type="application/json",
|
||||
headers={"Authorization": "Bearer " + login_response.json["token"]})
|
||||
headers={"Authorization": "Bearer " + token})
|
||||
|
||||
self.assertEqual(response.status_code, 200)
|
||||
with app.app_context():
|
||||
|
@ -1,26 +1,9 @@
|
||||
from alembic import command
|
||||
import unittest
|
||||
|
||||
from app import app, db, migrate
|
||||
from ki.actions import seed
|
||||
from ki.test.ApiTest import ApiTest
|
||||
|
||||
|
||||
class TestSkillsEndpoint(unittest.TestCase):
|
||||
def setUp(self):
|
||||
app.debug = True
|
||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
self.client = app.test_client()
|
||||
|
||||
with app.app_context():
|
||||
config = migrate.get_config()
|
||||
command.upgrade(config, "head")
|
||||
|
||||
seed(True)
|
||||
|
||||
def tearDown(self):
|
||||
db.drop_all()
|
||||
db.engine.dispose()
|
||||
|
||||
class TestSkillsEndpoint(ApiTest):
|
||||
def test_skills_options(self):
|
||||
response = self.client.options("/skills")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase):
|
||||
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
|
||||
|
||||
def test_get_skills1(self):
|
||||
response = self.client.get("/skills?search=p")
|
||||
token = self.login("peter", "geheim")["token"]
|
||||
|
||||
response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user