Add an AppSpecificAuthToken data model for app-specific auth tokens. These will be used for the Docker CLI in place of username+password

auth/test/test_basic.py

@@ -3,7 +3,8 @@ import pytest
 from base64 import b64encode
 
 from auth.basic import validate_basic_auth
-from auth.credentials import ACCESS_TOKEN_USERNAME, OAUTH_TOKEN_USERNAME
+from auth.credentials import (ACCESS_TOKEN_USERNAME, OAUTH_TOKEN_USERNAME,
+                              APP_SPECIFIC_TOKEN_USERNAME)
 from auth.validateresult import AuthKind, ValidateResult
 from data import model
 
@@ -21,6 +22,8 @@ def _token(username, password):
   ('basic ', ValidateResult(AuthKind.basic, missing=True)),
   ('basic some token', ValidateResult(AuthKind.basic, missing=True)),
   ('basic sometoken', ValidateResult(AuthKind.basic, missing=True)),
+  (_token(APP_SPECIFIC_TOKEN_USERNAME, 'invalid'), ValidateResult(AuthKind.basic,
+                                                                  error_message='Invalid token')),
   (_token(ACCESS_TOKEN_USERNAME, 'invalid'), ValidateResult(AuthKind.basic,
                                                             error_message='Invalid access token')),
   (_token(OAUTH_TOKEN_USERNAME, 'invalid'),
@@ -64,3 +67,12 @@ def test_valid_oauth(app):
   token = _token(OAUTH_TOKEN_USERNAME, oauth_token.access_token)
   result = validate_basic_auth(token)
   assert result == ValidateResult(AuthKind.basic, oauthtoken=oauth_token)
+
+
+def test_valid_app_specific_token(app):
+  user = model.user.get_user('devtable')
+  app_specific_token = model.appspecifictoken.create_token(user, 'some token')
+  token = _token(APP_SPECIFIC_TOKEN_USERNAME, app_specific_token.token_code)
+  result = validate_basic_auth(token)
+  print result.tuple()
+  assert result == ValidateResult(AuthKind.basic, appspecifictoken=app_specific_token)