kompetenzinventar/ki-backend
5
6
Fork 7
Code Issues Pull Requests 13 Packages Projects Releases 1 Activity

Authorisierung #22

Merged
weeman merged 1 commits from feature-auth into main 2021-06-28 18:12:30 +02:00
Conversation 0 Commits 1 Files Changed 7 +82 -74
7 changed files with 82 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/auth.yml
View File

@ -1,3 +1,5 @@
---
peter:
password: geheim
klaus:
password: jutta

5
ki/actions/seed.py
View File

@ -81,4 +81,9 @@ def seed(dev: bool):
peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3)
db.session.add(peter_fr)
logging.info("seeding klaus :D")
klaus = User(auth_id="klaus")
db.session.add(klaus)
db.session.commit()

5
ki/routes.py
View File

@ -124,10 +124,14 @@ def get_user_profile(user_id):
@app.route("/users/<user_id>/profile", methods=["POST"])
@token_auth
def update_profile(user_id):
if g.user.id != int(user_id):
return make_response({}, 403)
frlan commented 2021-06-27 14:46:01 +02:00
Review
Copy Link

Ist das nicht mehr ein Fall für einen 400er? Die Berechtigungen sind ja da, der Request war aber "falsch" grübel

Ist das nicht mehr ein Fall für einen 400er? Die Berechtigungen sind ja da, der Request war aber "falsch" *grübel*
weeman commented 2021-06-27 14:53:08 +02:00
Review
Copy Link

¯\_(ツ)_/¯ kann man sich drüber unterhalten.

Die Berechtigung wäre "Ich darf dieses Profil bearbeiten". Das ist hier mM nicht gegeben. 400 wäre für mich eher so die Daten waren Gulasch. Z.B. für spätere Validierungen.

¯\\\_(ツ)_/¯ kann man sich drüber unterhalten. Die Berechtigung wäre "Ich darf dieses Profil bearbeiten". Das ist hier mM nicht gegeben. 400 wäre für mich eher so die Daten waren Gulasch. Z.B. für spätere Validierungen.
return update_profile_handler(int(user_id))
@app.route("/skills")
@token_auth
def get_skills():
return handle_completion_request(Skill, "skills")
@ -139,6 +143,7 @@ def get_skill_icon(skill_id):
@app.route("/languages")
@token_auth
def get_languages():
return handle_completion_request(Language, "languages")

35
ki/test/ApiTest.py Normal file
View File

@ -0,0 +1,35 @@
from alembic import command
import json
import unittest
from app import app, db, migrate
from ki.actions import seed
class ApiTest(unittest.TestCase):
maxDiff = None
def setUp(self):
app.debug = True
app.config["TESTING"] = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
def login(self, username, password):
login_data = {"username": username, "password": password}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 200)
self.assertIn("token", login_response.json)
return login_response.json

45
ki/test/test_login_endpoint.py
View File

@ -1,42 +1,25 @@
from alembic import command
import json
import unittest
from app import app, db, migrate
from ki.actions import seed
from ki.test.ApiTest import ApiTest
class TestLoginEndpoint(unittest.TestCase):
def setUp(self):
app.debug = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
class TestLoginEndpoint(ApiTest):
def test_login(self):
response1_data = self.login()
response2_data = self.login()
response1_data = self.login("peter", "geheim")
response2_data = self.login("peter", "geheim")
self.assertNotEqual(response1_data["token"], response2_data["token"])
def login(self):
response = self.client.post("/users/login",
data=json.dumps({
"username": "peter",
"password": "geheim"
}),
content_type="application/json")
self.assertEqual(response.status_code, 200)
self.assertIn("token", response.json)
return response.json
def test_login_wrong_credentails(self):
login_data = {"username": "peter", "password": "123456"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 403)
def test_login_unknown_user(self):
login_data = {"username": "karl", "password": "123456"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 403)
if __name__ == "main":

39
ki/test/test_profile_endpoint.py
View File

@ -1,38 +1,31 @@
from alembic import command
import unittest
import json
from app import app, db, migrate
from ki.actions import seed
from app import app
from ki.models import User
from ki.test.ApiTest import ApiTest
class TestProfileEndpoint(unittest.TestCase):
class TestProfileEndpoint(ApiTest):
maxDiff = None
def setUp(self):
app.debug = True
app.config["TESTING"] = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
def test_update_profile(self):
login_data = {"username": "peter", "password": "geheim"}
def test_update_profile_unauthorised(self):
login_data = {"username": "klaus", "password": "jutta"}
login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")
self.assertEqual(login_response.status_code, 200)
self.assertIn("token", login_response.json)
response = self.client.post("/users/1/profile",
data=json.dumps({}),
content_type="application/json",
headers={"Authorization": "Bearer " + login_response.json["token"]})
self.assertEqual(response.status_code, 403)
def test_update_profile(self):
token = self.login("peter", "geheim")["token"]
data = {
"pronouns": "Monsieur",
"volunteerwork": "ja",
@ -90,7 +83,7 @@ class TestProfileEndpoint(unittest.TestCase):
response = self.client.post("/users/1/profile",
data=json.dumps(data),
content_type="application/json",
headers={"Authorization": "Bearer " + login_response.json["token"]})
headers={"Authorization": "Bearer " + token})
self.assertEqual(response.status_code, 200)
with app.app_context():

25
ki/test/test_skills_endpoint.py
View File

@ -1,26 +1,9 @@
from alembic import command
import unittest
from app import app, db, migrate
from ki.actions import seed
from ki.test.ApiTest import ApiTest
class TestSkillsEndpoint(unittest.TestCase):
def setUp(self):
app.debug = True
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
self.client = app.test_client()
with app.app_context():
config = migrate.get_config()
command.upgrade(config, "head")
seed(True)
def tearDown(self):
db.drop_all()
db.engine.dispose()
class TestSkillsEndpoint(ApiTest):
def test_skills_options(self):
response = self.client.options("/skills")
self.assertEqual(response.status_code, 200)
@ -28,7 +11,9 @@ class TestSkillsEndpoint(unittest.TestCase):
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
def test_get_skills1(self):
response = self.client.get("/skills?search=p")
token = self.login("peter", "geheim")["token"]
response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token})
self.assertEqual(response.status_code, 200)
self.assertEqual(
{