test: add tests for login routes

548da86b4b45 · Frank Bessou · 3699ded6973f · 548da86b · 548da86b
Commit 548da86b4b45 authored 1 year ago by Frank Bessou
--- a/cubicweb_api/routes.py
+++ b/cubicweb_api/routes.py
@@ -21,6 +21,7 @@
 from pyramid.config import Configurator
 from pyramid.request import Request
 from pyramid.response import Response
+from pyramid.security import remember
 from pyramid.view import view_config, view_defaults
 from cubicweb_api.api_transaction import ApiTransactionsRepository
@@ -28,7 +29,6 @@
 from cubicweb_api.constants import (
    API_ROUTE_NAME_PREFIX,
 )
-from cubicweb_api.httperrors import get_http_error
 from cubicweb_api.openapi.openapi import setup_openapi
 from cubicweb_api.util import get_cw_repo, get_transactions_repository
@@ -115,18 +115,16 @@
            try:
                cwuser = repo.authenticate_user(cnx, login, password=pwd)
            except AuthenticationError:
-                raise get_http_error(
+                raise AuthenticationError("Invalid credentials")
-                    401, "AuthenticationFailure", "Login and/or password invalid."
-                )
+            headers = self.request.authentication_policy.remember(
-            else:
+                self.request,
-                headers = self.request.authentication_policy.remember(
+                cwuser.eid,
-                    self.request,
+                login=cwuser.login,
-                    cwuser.eid,
+                firstname=cwuser.firstname,
-                    login=cwuser.login,
+                lastname=cwuser.surname,
-                    firstname=cwuser.firstname,
+            )
-                    lastname=cwuser.surname,
+            return Response(headers=headers, status=204)
-                )
-                return Response(headers=headers, status=204)
    @view_config(
        route_name=get_route_name(ApiRoutes.current_user),

--- a/test/test_api.py
+++ b/test/test_api.py
@@ -84,7 +84,7 @@
        assert rset_as_list == response.json
-    def test_400_error_on_rql(self):
+    def test_sending_bad_rql_query_returns_400(self):
        response = self.webapp.post(
            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/rql",
            params=json.dumps(
@@ -120,6 +120,57 @@
            "title": "Unauthorized",
        }
+    def test_successful_login_returns_204(self):
+        self.webapp.post(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
+            params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
+            content_type="application/json",
+            status=204,
+        )
+    def test_wrong_login_returns_401(self):
+        self.webapp.post(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
+            params=json.dumps({"login": self.admlogin, "password": "INVALID PASSWORD"}),
+            content_type="application/json",
+            status=401,
+        )
+    def test_logged_user_can_insert_data(self):
+        self.webapp.post(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
+            params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
+            content_type="application/json",
+            status=204,
+        )
+        group_eid = self.webapp.post(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/rql",
+            params=json.dumps(
+                {
+                    "query": "INSERT CWGroup G: G name 'test-group'",
+                }
+            ),
+            content_type="application/json",
+            status=200,
+        ).json[0][0]
+        with self.admin_access.repo_cnx() as cnx:
+            assert cnx.entity_from_eid(group_eid).name == "test-group"
+    def test_current_user_returns_user_as_json(self):
+        self.webapp.post(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
+            params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
+            content_type="application/json",
+            status=204,
+        )
+        response = self.webapp.get(
+            f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/current-user", status=200
+        ).json
+        assert response["login"] == self.admlogin
+        assert response["dcTitle"] == self.admlogin
+        assert type(response["eid"]) == int
 if __name__ == "__main__":
    from unittest import main