Merge pull request 'Authorisierung' (#22) from feature-auth into main
Some checks reported errors
continuous-integration/drone/push Build encountered an error

Reviewed-on: #22
This commit is contained in:
weeman 2021-06-28 18:12:29 +02:00
commit fa8e30b299
7 changed files with 82 additions and 74 deletions

View File

@ -1,3 +1,5 @@
---
peter:
password: geheim
klaus:
password: jutta

View File

@ -81,4 +81,9 @@ def seed(dev: bool):
peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
db.session.add(peter_fr)
logging.info("seeding klaus :D")
klaus = User(auth_id="klaus")
db.session.add(klaus)
db.session.commit()

View File

@ -124,10 +124,14 @@ def get_user_profile(user_id):
@app.route("/users/<user_id>/profile", methods=["POST"])
@token_auth
def update_profile(user_id):
if g.user.id != int(user_id):
return make_response({}, 403)
return update_profile_handler(int(user_id))
@app.route("/skills")
@token_auth
def get_skills():
return handle_completion_request(Skill, "skills")
@ -139,6 +143,7 @@ def get_skill_icon(skill_id):
@app.route("/languages")
@token_auth
def get_languages():
return handle_completion_request(Language, "languages")

35
ki/test/ApiTest.py Normal file
View File

@ -0,0 +1,35 @@
from alembic import command
import json
import unittest
from app import app, db, migrate
from ki.actions import seed
class ApiTest(unittest.TestCase):
maxDiff = None
def setUp(self):
app.debug = True
app.config["TESTING"] = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
def login(self, username, password):
login_data = {"username": username, "password": password}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 200)
self.assertIn("token", login_response.json)
return login_response.json

View File

@ -1,42 +1,25 @@
from alembic import command
import json
import unittest
from app import app, db, migrate
from ki.actions import seed
from ki.test.ApiTest import ApiTest
class TestLoginEndpoint(unittest.TestCase):
def setUp(self):
app.debug = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
class TestLoginEndpoint(ApiTest):
def test_login(self):
response1_data = self.login()
response2_data = self.login()
response1_data = self.login("peter", "geheim")
response2_data = self.login("peter", "geheim")
self.assertNotEqual(response1_data["token"], response2_data["token"])
def login(self):
response = self.client.post("/users/login",
data=json.dumps({
"username": "peter",
"password": "geheim"
}),
content_type="application/json")
self.assertEqual(response.status_code, 200)
self.assertIn("token", response.json)
return response.json
def test_login_wrong_credentails(self):
login_data = {"username": "peter", "password": "123456"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 403)
def test_login_unknown_user(self):
login_data = {"username": "karl", "password": "123456"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 403)
if __name__ == "main":

View File

@ -1,38 +1,31 @@
from alembic import command
import unittest
import json
from app import app, db, migrate
from ki.actions import seed
from app import app
from ki.models import User
from ki.test.ApiTest import ApiTest
class TestProfileEndpoint(unittest.TestCase):
class TestProfileEndpoint(ApiTest):
maxDiff = None
def setUp(self):
app.debug = True
app.config["TESTING"] = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
def test_update_profile(self):
login_data = {"username": "peter", "password": "geheim"}
def test_update_profile_unauthorised(self):
login_data = {"username": "klaus", "password": "jutta"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 200)
self.assertIn("token", login_response.json)
response = self.client.post("/users/1/profile",
data=json.dumps({}),
content_type="application/json",
headers={"Authorization": "Bearer " + login_response.json["token"]})
self.assertEqual(response.status_code, 403)
def test_update_profile(self):
token = self.login("peter", "geheim")["token"]
data = {
"pronouns": "Monsieur",
"volunteerwork": "ja",
@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase):
response = self.client.post("/users/1/profile",
data=json.dumps(data),
content_type="application/json",
headers={"Authorization": "Bearer " + login_response.json["token"]})
headers={"Authorization": "Bearer " + token})
self.assertEqual(response.status_code, 200)
with app.app_context():

View File

@ -1,26 +1,9 @@
from alembic import command
import unittest
from app import app, db, migrate
from ki.actions import seed
from ki.test.ApiTest import ApiTest
class TestSkillsEndpoint(unittest.TestCase):
def setUp(self):
app.debug = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
class TestSkillsEndpoint(ApiTest):
def test_skills_options(self):
response = self.client.options("/skills")
self.assertEqual(response.status_code, 200)
@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase):
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
def test_get_skills1(self):
response = self.client.get("/skills?search=p")
token = self.login("peter", "geheim")["token"]
response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
self.assertEqual(response.status_code, 200)
self.assertEqual(
{