vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Start validating login in CNR

Browse source 
Fixes https://www.pivotaltracker.com/story/show/142342305
This commit is contained in:
Joseph Schorr 2017-03-23 15:07:46 -04:00
parent 20306ef0f6
commit c9a5ce6701
2 changed files with 42 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
endpoints/appr/registry.py
View file

@ -11,6 +11,7 @@ from cnr.exception import (CnrException, InvalidUsage, InvalidParams, InvalidRel
PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound) PackageAlreadyExists, PackageNotFound, PackageReleaseNotFound)
from flask import request, jsonify from flask import request, jsonify
from app import authentication
from auth.process import process_auth from auth.process import process_auth
from auth.auth_context import get_authenticated_user from auth.auth_context import get_authenticated_user
from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission from auth.permissions import CreateRepositoryPermission, ModifyRepositoryPermission
@ -50,13 +51,17 @@ def version():
@appr_bp.route("/api/v1/users/login", methods=['POST']) @appr_bp.route("/api/v1/users/login", methods=['POST'])
@anon_allowed @anon_allowed
def login(): def login():
""" values = request.get_json(force=True, silent=True) or {}
Todo: username = values.get('user', {}).get('username')
* Implement better login protocol password = values.get('user', {}).get('password')
""" if not username or not password:
values = request.get_json(force=True, silent=True) raise InvalidUsage('Missing username or password')
return jsonify({'token': "basic " + b64encode("%s:%s" % (values['user']['username'],
values['user']['password']))}) user, err = authentication.verify_credentials(username, password)
if err is not None:
raise UnauthorizedAccess(err)
return jsonify({'token': "basic " + b64encode("%s:%s" % (user.username, password))})
# @TODO: Redirect to S3 url # @TODO: Redirect to S3 url

30
endpoints/appr/test/test_registry.py Normal file
View file

@ -0,0 +1,30 @@
import json
import pytest
from flask import url_for
from data import model
from endpoints.test.fixtures import app, appconfig, database_uri, init_db_path, sqlitedb_file
from endpoints.appr.registry import appr_bp
def test_invalid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'foo', 'password': 'bar'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 401
def test_valid_login(app, client):
app.register_blueprint(appr_bp, url_prefix='/cnr')
url = url_for('appr.login')
headers = {'Content-Type': 'application/json'}
data = {'user': {'username': 'devtable', 'password': 'password'}}
rv = client.open(url, method='POST', data=json.dumps(data), headers=headers)
assert rv.status_code == 200