diff --git a/endpoints/appr/registry.py b/endpoints/appr/registry.py index 00401813b..701c74ffd 100644 --- a/endpoints/appr/registry.py +++ b/endpoints/appr/registry.py @@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound) from flask import request, jsonify +from app import authentication from auth.process import process_auth from auth.auth_context import get_authenticated_user from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission @@ -50,13 +51,17 @@ def version(): @appr_bp.route("/api/v1/users/login", methods=['POST']) @anon_allowed def login(): - """ - Todo: - * Implement better login protocol - """ - values = request.get_json(force=True, silent=True) - return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'], - values['user']['password']))}) + values = request.get_json(force=True, silent=True) or {} + username = values.get('user', {}).get('username') + password = values.get('user', {}).get('password') + if not username or not password: + raise InvalidUsage('Missing username or password') + + user, err = authentication.verify_credentials(username, password) + if err is not None: + raise UnauthorizedAccess(err) + + return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))}) # @TODO: Redirect to S3 url diff --git a/endpoints/appr/test/test_registry.py b/endpoints/appr/test/test_registry.py new file mode 100644 index 000000000..50a5bdc64 --- /dev/null +++ b/endpoints/appr/test/test_registry.py @@ -0,0 +1,30 @@ +import json +import pytest + +from flask import url_for + +from data import model +from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file +from endpoints.appr.registry import appr_bp + +def test_invalid_login(app, client): + app.register_blueprint(appr_bp, url_prefix='/cnr') + + url = url_for('appr.login') + headers = {'Content-Type': 'application/json'} + data = {'user': {'username': 'foo', 'password': 'bar'}} + + rv = client.open(url, method='POST', data=json.dumps(data), headers=headers) + assert rv.status_code == 401 + + +def test_valid_login(app, client): + app.register_blueprint(appr_bp, url_prefix='/cnr') + + url = url_for('appr.login') + headers = {'Content-Type': 'application/json'} + data = {'user': {'username': 'devtable', 'password': 'password'}} + + rv = client.open(url, method='POST', data=json.dumps(data), headers=headers) + assert rv.status_code == 200 +