Start validating login in CNR
Fixes https://www.pivotaltracker.com/story/show/142342305
This commit is contained in:
parent
20306ef0f6
commit
c9a5ce6701
2 changed files with 42 additions and 7 deletions
|
@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel
|
|||
PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
|
||||
from flask import request, jsonify
|
||||
|
||||
from app import authentication
|
||||
from auth.process import process_auth
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
|
||||
|
@ -50,13 +51,17 @@ def version():
|
|||
@appr_bp.route("/api/v1/users/login", methods=['POST'])
|
||||
@anon_allowed
|
||||
def login():
|
||||
"""
|
||||
Todo:
|
||||
* Implement better login protocol
|
||||
"""
|
||||
values = request.get_json(force=True, silent=True)
|
||||
return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'],
|
||||
values['user']['password']))})
|
||||
values = request.get_json(force=True, silent=True) or {}
|
||||
username = values.get('user', {}).get('username')
|
||||
password = values.get('user', {}).get('password')
|
||||
if not username or not password:
|
||||
raise InvalidUsage('Missing username or password')
|
||||
|
||||
user, err = authentication.verify_credentials(username, password)
|
||||
if err is not None:
|
||||
raise UnauthorizedAccess(err)
|
||||
|
||||
return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))})
|
||||
|
||||
|
||||
# @TODO: Redirect to S3 url
|
||||
|
|
30
endpoints/appr/test/test_registry.py
Normal file
30
endpoints/appr/test/test_registry.py
Normal file
|
@ -0,0 +1,30 @@
|
|||
import json
|
||||
import pytest
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from data import model
|
||||
from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
|
||||
from endpoints.appr.registry import appr_bp
|
||||
|
||||
def test_invalid_login(app, client):
|
||||
app.register_blueprint(appr_bp, url_prefix='/cnr')
|
||||
|
||||
url = url_for('appr.login')
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
data = {'user': {'username': 'foo', 'password': 'bar'}}
|
||||
|
||||
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
|
||||
assert rv.status_code == 401
|
||||
|
||||
|
||||
def test_valid_login(app, client):
|
||||
app.register_blueprint(appr_bp, url_prefix='/cnr')
|
||||
|
||||
url = url_for('appr.login')
|
||||
headers = {'Content-Type': 'application/json'}
|
||||
data = {'user': {'username': 'devtable', 'password': 'password'}}
|
||||
|
||||
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
|
||||
assert rv.status_code == 200
|
||||
|
Reference in a new issue