Start validating login in CNR

Fixes https://www.pivotaltracker.com/story/show/142342305
This commit is contained in:
Joseph Schorr 2017-03-23 15:07:46 -04:00
parent 20306ef0f6
commit c9a5ce6701
2 changed files with 42 additions and 7 deletions

View file

@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel
PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
from flask import request, jsonify
from app import authentication
from auth.process import process_auth
from auth.auth_context import get_authenticated_user
from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
@ -50,13 +51,17 @@ def version():
@appr_bp.route("/api/v1/users/login", methods=['POST'])
@anon_allowed
def login():
"""
Todo:
* Implement better login protocol
"""
values = request.get_json(force=True, silent=True)
return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'],
values['user']['password']))})
values = request.get_json(force=True, silent=True) or {}
username = values.get('user', {}).get('username')
password = values.get('user', {}).get('password')
if not username or not password:
raise InvalidUsage('Missing username or password')
user, err = authentication.verify_credentials(username, password)
if err is not None:
raise UnauthorizedAccess(err)
return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))})
# @TODO: Redirect to S3 url

View file

@ -0,0 +1,30 @@
import json
import pytest
from flask import url_for
from data import model
from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
from endpoints.appr.registry import appr_bp
def test_invalid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'foo', 'password': 'bar'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 401
def test_valid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'devtable', 'password': 'password'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 200