Merge pull request 'Authorisierung' (#22) from feature-auth into main
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Reviewed-on: #22
This commit is contained in:
commit
fa8e30b299
@ -1,3 +1,5 @@
|
|||||||
---
|
---
|
||||||
peter:
|
peter:
|
||||||
password: geheim
|
password: geheim
|
||||||
|
klaus:
|
||||||
|
password: jutta
|
||||||
|
@ -81,4 +81,9 @@ def seed(dev: bool):
|
|||||||
peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
|
peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
|
||||||
db.session.add(peter_fr)
|
db.session.add(peter_fr)
|
||||||
|
|
||||||
|
logging.info("seeding klaus :D")
|
||||||
|
|
||||||
|
klaus = User(auth_id="klaus")
|
||||||
|
db.session.add(klaus)
|
||||||
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
|
@ -124,10 +124,14 @@ def get_user_profile(user_id):
|
|||||||
@app.route("/users/<user_id>/profile", methods=["POST"])
|
@app.route("/users/<user_id>/profile", methods=["POST"])
|
||||||
@token_auth
|
@token_auth
|
||||||
def update_profile(user_id):
|
def update_profile(user_id):
|
||||||
|
if g.user.id != int(user_id):
|
||||||
|
return make_response({}, 403)
|
||||||
|
|
||||||
return update_profile_handler(int(user_id))
|
return update_profile_handler(int(user_id))
|
||||||
|
|
||||||
|
|
||||||
@app.route("/skills")
|
@app.route("/skills")
|
||||||
|
@token_auth
|
||||||
def get_skills():
|
def get_skills():
|
||||||
return handle_completion_request(Skill, "skills")
|
return handle_completion_request(Skill, "skills")
|
||||||
|
|
||||||
@ -139,6 +143,7 @@ def get_skill_icon(skill_id):
|
|||||||
|
|
||||||
|
|
||||||
@app.route("/languages")
|
@app.route("/languages")
|
||||||
|
@token_auth
|
||||||
def get_languages():
|
def get_languages():
|
||||||
return handle_completion_request(Language, "languages")
|
return handle_completion_request(Language, "languages")
|
||||||
|
|
||||||
|
35
ki/test/ApiTest.py
Normal file
35
ki/test/ApiTest.py
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
from alembic import command
|
||||||
|
import json
|
||||||
|
import unittest
|
||||||
|
|
||||||
|
from app import app, db, migrate
|
||||||
|
from ki.actions import seed
|
||||||
|
|
||||||
|
|
||||||
|
class ApiTest(unittest.TestCase):
|
||||||
|
maxDiff = None
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
app.debug = True
|
||||||
|
app.config["TESTING"] = True
|
||||||
|
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||||
|
self.client = app.test_client()
|
||||||
|
|
||||||
|
with app.app_context():
|
||||||
|
config = migrate.get_config()
|
||||||
|
command.upgrade(config, "head")
|
||||||
|
|
||||||
|
seed(True)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
db.drop_all()
|
||||||
|
db.engine.dispose()
|
||||||
|
|
||||||
|
def login(self, username, password):
|
||||||
|
login_data = {"username": username, "password": password}
|
||||||
|
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||||
|
|
||||||
|
self.assertEqual(login_response.status_code, 200)
|
||||||
|
self.assertIn("token", login_response.json)
|
||||||
|
|
||||||
|
return login_response.json
|
@ -1,42 +1,25 @@
|
|||||||
from alembic import command
|
|
||||||
import json
|
import json
|
||||||
|
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from app import app, db, migrate
|
from ki.test.ApiTest import ApiTest
|
||||||
from ki.actions import seed
|
|
||||||
|
|
||||||
|
|
||||||
class TestLoginEndpoint(unittest.TestCase):
|
class TestLoginEndpoint(ApiTest):
|
||||||
def setUp(self):
|
|
||||||
app.debug = True
|
|
||||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
|
||||||
self.client = app.test_client()
|
|
||||||
|
|
||||||
with app.app_context():
|
|
||||||
config = migrate.get_config()
|
|
||||||
command.upgrade(config, "head")
|
|
||||||
|
|
||||||
seed(True)
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
db.drop_all()
|
|
||||||
db.engine.dispose()
|
|
||||||
|
|
||||||
def test_login(self):
|
def test_login(self):
|
||||||
response1_data = self.login()
|
response1_data = self.login("peter", "geheim")
|
||||||
response2_data = self.login()
|
response2_data = self.login("peter", "geheim")
|
||||||
self.assertNotEqual(response1_data["token"], response2_data["token"])
|
self.assertNotEqual(response1_data["token"], response2_data["token"])
|
||||||
|
|
||||||
def login(self):
|
def test_login_wrong_credentails(self):
|
||||||
response = self.client.post("/users/login",
|
login_data = {"username": "peter", "password": "123456"}
|
||||||
data=json.dumps({
|
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||||
"username": "peter",
|
self.assertEqual(login_response.status_code, 403)
|
||||||
"password": "geheim"
|
|
||||||
}),
|
def test_login_unknown_user(self):
|
||||||
content_type="application/json")
|
login_data = {"username": "karl", "password": "123456"}
|
||||||
self.assertEqual(response.status_code, 200)
|
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||||
self.assertIn("token", response.json)
|
self.assertEqual(login_response.status_code, 403)
|
||||||
return response.json
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "main":
|
if __name__ == "main":
|
||||||
|
@ -1,38 +1,31 @@
|
|||||||
from alembic import command
|
|
||||||
import unittest
|
import unittest
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from app import app, db, migrate
|
from app import app
|
||||||
from ki.actions import seed
|
|
||||||
from ki.models import User
|
from ki.models import User
|
||||||
|
from ki.test.ApiTest import ApiTest
|
||||||
|
|
||||||
|
|
||||||
class TestProfileEndpoint(unittest.TestCase):
|
class TestProfileEndpoint(ApiTest):
|
||||||
maxDiff = None
|
maxDiff = None
|
||||||
|
|
||||||
def setUp(self):
|
def test_update_profile_unauthorised(self):
|
||||||
app.debug = True
|
login_data = {"username": "klaus", "password": "jutta"}
|
||||||
app.config["TESTING"] = True
|
|
||||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
|
||||||
self.client = app.test_client()
|
|
||||||
|
|
||||||
with app.app_context():
|
|
||||||
config = migrate.get_config()
|
|
||||||
command.upgrade(config, "head")
|
|
||||||
|
|
||||||
seed(True)
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
db.drop_all()
|
|
||||||
db.engine.dispose()
|
|
||||||
|
|
||||||
def test_update_profile(self):
|
|
||||||
login_data = {"username": "peter", "password": "geheim"}
|
|
||||||
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
|
||||||
|
|
||||||
self.assertEqual(login_response.status_code, 200)
|
self.assertEqual(login_response.status_code, 200)
|
||||||
self.assertIn("token", login_response.json)
|
self.assertIn("token", login_response.json)
|
||||||
|
|
||||||
|
response = self.client.post("/users/1/profile",
|
||||||
|
data=json.dumps({}),
|
||||||
|
content_type="application/json",
|
||||||
|
headers={"Authorization": "Bearer " + login_response.json["token"]})
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
def test_update_profile(self):
|
||||||
|
token = self.login("peter", "geheim")["token"]
|
||||||
|
|
||||||
data = {
|
data = {
|
||||||
"pronouns": "Monsieur",
|
"pronouns": "Monsieur",
|
||||||
"volunteerwork": "ja",
|
"volunteerwork": "ja",
|
||||||
@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase):
|
|||||||
response = self.client.post("/users/1/profile",
|
response = self.client.post("/users/1/profile",
|
||||||
data=json.dumps(data),
|
data=json.dumps(data),
|
||||||
content_type="application/json",
|
content_type="application/json",
|
||||||
headers={"Authorization": "Bearer " + login_response.json["token"]})
|
headers={"Authorization": "Bearer " + token})
|
||||||
|
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
|
@ -1,26 +1,9 @@
|
|||||||
from alembic import command
|
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from app import app, db, migrate
|
from ki.test.ApiTest import ApiTest
|
||||||
from ki.actions import seed
|
|
||||||
|
|
||||||
|
|
||||||
class TestSkillsEndpoint(unittest.TestCase):
|
class TestSkillsEndpoint(ApiTest):
|
||||||
def setUp(self):
|
|
||||||
app.debug = True
|
|
||||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
|
||||||
self.client = app.test_client()
|
|
||||||
|
|
||||||
with app.app_context():
|
|
||||||
config = migrate.get_config()
|
|
||||||
command.upgrade(config, "head")
|
|
||||||
|
|
||||||
seed(True)
|
|
||||||
|
|
||||||
def tearDown(self):
|
|
||||||
db.drop_all()
|
|
||||||
db.engine.dispose()
|
|
||||||
|
|
||||||
def test_skills_options(self):
|
def test_skills_options(self):
|
||||||
response = self.client.options("/skills")
|
response = self.client.options("/skills")
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase):
|
|||||||
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
|
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
|
||||||
|
|
||||||
def test_get_skills1(self):
|
def test_get_skills1(self):
|
||||||
response = self.client.get("/skills?search=p")
|
token = self.login("peter", "geheim")["token"]
|
||||||
|
|
||||||
|
response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user