diff options
| author | José Antonio de la Torre <1927763+JoseAntonioTorre@users.noreply.github.com> | 2019-10-25 13:17:54 +0200 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2019-10-25 11:17:54 +0000 |
| commit | b683d062f018fe042d789957891acadf96535e49 (patch) | |
| tree | ac2fa7db70934f5069796be3c117aa24e8c1f744 | |
| parent | e30d863c56e17ebb0c8344e6d8513a206d825092 (diff) | |
| download | ihatemoney-mirror-b683d062f018fe042d789957891acadf96535e49.zip ihatemoney-mirror-b683d062f018fe042d789957891acadf96535e49.tar.gz ihatemoney-mirror-b683d062f018fe042d789957891acadf96535e49.tar.bz2 | |
Token support (#504)
Added API support to generate authentication tokens, at `/api/projects/:id/token`
| -rw-r--r-- | ihatemoney/api.py | 12 | ||||
| -rw-r--r-- | ihatemoney/tests/tests.py | 36 |
2 files changed, 48 insertions, 0 deletions
diff --git a/ihatemoney/api.py b/ihatemoney/api.py index bb2ac9b..67c6cc1 100644 --- a/ihatemoney/api.py +++ b/ihatemoney/api.py @@ -186,8 +186,20 @@ class BillHandler(Resource): return "OK", 200 +class TokenHandler(Resource): + method_decorators = [need_auth] + + def get(self, project): + if not project: + return "Not Found", 404 + + token = project.generate_token() + return {"token": token}, 200 + + restful_api.add_resource(ProjectsHandler, "/projects") restful_api.add_resource(ProjectHandler, "/projects/<string:project_id>") +restful_api.add_resource(TokenHandler, "/projects/<string:project_id>/token") restful_api.add_resource(MembersHandler, "/projects/<string:project_id>/members") restful_api.add_resource( ProjectStatsHandler, "/projects/<string:project_id>/statistics" diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index 7fe4adf..7644490 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -1357,6 +1357,42 @@ class APITestCase(IhatemoneyTestCase): ) self.assertEqual(401, resp.status_code) + def test_token_creation(self): + """Test that token of project is generated + """ + + # Create project + resp = self.api_create("raclette") + self.assertTrue(201, resp.status_code) + + # Get token + resp = self.client.get( + "/api/projects/raclette/token", headers=self.get_auth("raclette") + ) + + self.assertEqual(200, resp.status_code) + + decoded_resp = json.loads(resp.data.decode("utf-8")) + + # Access with token + resp = self.client.get( + "/api/projects/raclette/token", + headers={"Authorization": "Basic %s" % decoded_resp["token"]}, + ) + + self.assertEqual(200, resp.status_code) + + def test_token_login(self): + resp = self.api_create("raclette") + # Get token + resp = self.client.get( + "/api/projects/raclette/token", headers=self.get_auth("raclette") + ) + decoded_resp = json.loads(resp.data.decode("utf-8")) + resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"])) + # Test that we are redirected. + self.assertEqual(302, resp.status_code) + def test_member(self): # create a project self.api_create("raclette") |