2 files changed, 48 insertions, 0 deletions

diff --git a/ihatemoney/api.py b/ihatemoney/api.py
index bb2ac9b..67c6cc1 100644
--- a/ihatemoney/api.py
+++ b/ihatemoney/api.py
@@ -186,8 +186,20 @@ class BillHandler(Resource):
         return "OK", 200
 
 
+class TokenHandler(Resource):
+    method_decorators = [need_auth]
+
+    def get(self, project):
+        if not project:
+            return "Not Found", 404
+
+        token = project.generate_token()
+        return {"token": token}, 200
+
+
 restful_api.add_resource(ProjectsHandler, "/projects")
 restful_api.add_resource(ProjectHandler, "/projects/<string:project_id>")
+restful_api.add_resource(TokenHandler, "/projects/<string:project_id>/token")
 restful_api.add_resource(MembersHandler, "/projects/<string:project_id>/members")
 restful_api.add_resource(
     ProjectStatsHandler, "/projects/<string:project_id>/statistics"
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index 7fe4adf..7644490 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -1357,6 +1357,42 @@ class APITestCase(IhatemoneyTestCase):
         )
         self.assertEqual(401, resp.status_code)
 
+    def test_token_creation(self):
+        """Test that token of project is generated
+        """
+
+        # Create project
+        resp = self.api_create("raclette")
+        self.assertTrue(201, resp.status_code)
+
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+
+        # Access with token
+        resp = self.client.get(
+            "/api/projects/raclette/token",
+            headers={"Authorization": "Basic %s" % decoded_resp["token"]},
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+    def test_token_login(self):
+        resp = self.api_create("raclette")
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+        resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"]))
+        # Test that we are redirected.
+        self.assertEqual(302, resp.status_code)
+
     def test_member(self):
         # create a project
         self.api_create("raclette")