Add support for encrypted client tokens via basic auth (for the docker CLI) and a feature flag to disable normal passwords

test/test_api_security.py

@@ -26,7 +26,8 @@ from endpoints.api.repoemail import RepositoryAuthorizedEmail
 from endpoints.api.repositorynotification import RepositoryNotification, RepositoryNotificationList
 from endpoints.api.user import (PrivateRepositories, ConvertToOrganization, Recovery, Signout,
                                 Signin, User, UserAuthorizationList, UserAuthorization, UserNotification,
-                                VerifyUser, DetachExternal, StarredRepositoryList, StarredRepository)
+                                VerifyUser, DetachExternal, StarredRepositoryList, StarredRepository,
+                                ClientKey)
 from endpoints.api.repotoken import RepositoryToken, RepositoryTokenList
 from endpoints.api.prototype import PermissionPrototype, PermissionPrototypeList
 from endpoints.api.logs import UserLogs, OrgLogs, RepositoryLogs
@@ -528,6 +529,26 @@ class TestVerifyUser(ApiTestCase):
     self._run_test('POST', 200, 'devtable', {u'password': 'password'})
 
 
+
+class TestClientKey(ApiTestCase):
+  def setUp(self):
+    ApiTestCase.setUp(self)
+    self._set_url(ClientKey)
+
+  def test_post_anonymous(self):
+    self._run_test('POST', 401, None, {u'password': 'LQ0N'})
+
+  def test_post_freshuser(self):
+    self._run_test('POST', 400, 'freshuser', {u'password': 'LQ0N'})
+
+  def test_post_reader(self):
+    self._run_test('POST', 200, 'reader', {u'password': 'password'})
+
+  def test_post_devtable(self):
+    self._run_test('POST', 200, 'devtable', {u'password': 'password'})
+
+
+
 class TestListPlans(ApiTestCase):
   def setUp(self):
     ApiTestCase.setUp(self)