Remove API password (#290)

* Remove the password from API GET responses While keeping it for POST/PUT. fix #289 * Add a test to check password change via API
author: JocelynDelalande <JocelynDelalande@users.noreply.github.com> 2017-12-22 17:39:48 +0100
committer: Alexis Metaireau <alexis@notmyidea.org> 2017-12-22 17:39:48 +0100
commit: b65ee59b1bf03a972079439e8f838e4040dfa874 (patch)
tree: 76911a86fc84984a2c8d849d7f1fb1668f1dc5fc /ihatemoney/tests
parent: 5160dac4a56fcd9ae3d30d96d9bb4f827000fc57 (diff)
download: ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.zip
ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.tar.gz
ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.tar.bz2
1 files changed, 16 insertions, 6 deletions
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index dc46580..6708ca8 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -1076,7 +1076,6 @@ class APITestCase(IhatemoneyTestCase):
             "balance": {},
         }
         decoded_resp = json.loads(resp.data.decode('utf-8'))
-        self.assertTrue(check_password_hash(decoded_resp.pop('password'), 'raclette'))
         self.assertDictEqual(decoded_resp, expected)
 
         # edit should work
@@ -1101,15 +1100,27 @@ class APITestCase(IhatemoneyTestCase):
             "balance": {},
         }
         decoded_resp = json.loads(resp.data.decode('utf-8'))
-        self.assertTrue(check_password_hash(decoded_resp.pop('password'), 'raclette'))
         self.assertDictEqual(decoded_resp, expected)
 
-        # delete should work
-        resp = self.client.delete("/api/projects/raclette",
-                                  headers=self.get_auth("raclette"))
+        # password change is possible via API
+        resp = self.client.put("/api/projects/raclette", data={
+            "contact_email": "yeah@notmyidea.org",
+            "password": "tartiflette",
+            "name": "The raclette party",
+        }, headers=self.get_auth("raclette"))
 
         self.assertEqual(200, resp.status_code)
 
+        resp = self.client.get("/api/projects/raclette",
+                               headers=self.get_auth(
+                                   "raclette", "tartiflette"))
+        self.assertEqual(200, resp.status_code)
+
+        # delete should work
+        resp = self.client.delete("/api/projects/raclette",
+                                  headers=self.get_auth(
+                                      "raclette", "tartiflette"))
+
         # get should return a 401 on an unknown resource
         resp = self.client.get("/api/projects/raclette",
                                headers=self.get_auth("raclette"))
@@ -1341,7 +1352,6 @@ class APITestCase(IhatemoneyTestCase):
 
         self.assertStatus(200, req)
         decoded_req = json.loads(req.data.decode('utf-8'))
-        self.assertTrue(check_password_hash(decoded_req.pop('password'), 'raclette'))
         self.assertDictEqual(decoded_req, expected)
author	JocelynDelalande <JocelynDelalande@users.noreply.github.com>	2017-12-22 17:39:48 +0100
committer	Alexis Metaireau <alexis@notmyidea.org>	2017-12-22 17:39:48 +0100
commit	b65ee59b1bf03a972079439e8f838e4040dfa874 (patch)
tree	76911a86fc84984a2c8d849d7f1fb1668f1dc5fc /ihatemoney/tests
parent	5160dac4a56fcd9ae3d30d96d9bb4f827000fc57 (diff)
download	ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.zip ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.tar.gz ihatemoney-mirror-b65ee59b1bf03a972079439e8f838e4040dfa874.tar.bz2