vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #2462 from coreos-inc/cnr-login

Browse source 
Start validating login in CNR
This commit is contained in:
josephschorr 2017-03-23 15:27:15 -04:00 committed by GitHub
commit 295b09a201
2 changed files with 42 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

19
endpoints/appr/registry.py
View file

@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel
PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound) PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
from flask import request, jsonify from flask import request, jsonify
from app import authentication
from auth.process import process_auth from auth.process import process_auth
from auth.auth_context import get_authenticated_user from auth.auth_context import get_authenticated_user
from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
@ -50,13 +51,17 @@ def version():
@appr_bp.route("/api/v1/users/login", methods=['POST']) @appr_bp.route("/api/v1/users/login", methods=['POST'])
@anon_allowed @anon_allowed
def login(): def login():
""" values = request.get_json(force=True, silent=True) or {}
Todo: username = values.get('user', {}).get('username')
* Implement better login protocol password = values.get('user', {}).get('password')
""" if not username or not password:
values = request.get_json(force=True, silent=True) raise InvalidUsage('Missing username or password')
return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'],
values['user']['password']))}) user, err = authentication.verify_credentials(username, password)
if err is not None:
raise UnauthorizedAccess(err)
return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))})
# @TODO: Redirect to S3 url # @TODO: Redirect to S3 url

30
endpoints/appr/test/test_registry.py Normal file
View file

@ -0,0 +1,30 @@
import json
import pytest
from flask import url_for
from data import model
from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
from endpoints.appr.registry import appr_bp
def test_invalid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'foo', 'password': 'bar'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 401
def test_valid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'devtable', 'password': 'password'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 200