Skip to content
Snippets Groups Projects
Commit 548da86b4b45 authored by Frank Bessou's avatar Frank Bessou :spider_web:
Browse files

test: add tests for login routes

parent 3699ded6973f
No related branches found
No related tags found
1 merge request!43fix: use remember from `pyramid.serurity` instead od req.authentication_policy.remember
Hide whitespace changes
Inline Side-by-side
cubicweb_api/routes.py
+ 11
13
View file @ 548da86b
......@@ -21,6 +21,7 @@
from pyramid.config import Configurator
from pyramid.request import Request
from pyramid.response import Response
from pyramid.security import remember
from pyramid.view import view_config, view_defaults
from cubicweb_api.api_transaction import ApiTransactionsRepository
......@@ -28,7 +29,6 @@
from cubicweb_api.constants import (
API_ROUTE_NAME_PREFIX,
)
from cubicweb_api.httperrors import get_http_error
from cubicweb_api.openapi.openapi import setup_openapi
from cubicweb_api.util import get_cw_repo, get_transactions_repository
......@@ -115,18 +115,16 @@
try:
cwuser = repo.authenticate_user(cnx, login, password=pwd)
except AuthenticationError:
raise get_http_error(
401, "AuthenticationFailure", "Login and/or password invalid."
)
else:
headers = self.request.authentication_policy.remember(
self.request,
cwuser.eid,
login=cwuser.login,
firstname=cwuser.firstname,
lastname=cwuser.surname,
)
return Response(headers=headers, status=204)
raise AuthenticationError("Invalid credentials")
headers = self.request.authentication_policy.remember(
self.request,
cwuser.eid,
login=cwuser.login,
firstname=cwuser.firstname,
lastname=cwuser.surname,
)
return Response(headers=headers, status=204)
@view_config(
route_name=get_route_name(ApiRoutes.current_user),
......
test/test_api.py
+ 52
1
View file @ 548da86b
......@@ -84,7 +84,7 @@
assert rset_as_list == response.json
def test_400_error_on_rql(self):
def test_sending_bad_rql_query_returns_400(self):
response = self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/rql",
params=json.dumps(
......@@ -120,6 +120,57 @@
"title": "Unauthorized",
}
def test_successful_login_returns_204(self):
self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
content_type="application/json",
status=204,
)
def test_wrong_login_returns_401(self):
self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
params=json.dumps({"login": self.admlogin, "password": "INVALID PASSWORD"}),
content_type="application/json",
status=401,
)
def test_logged_user_can_insert_data(self):
self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
content_type="application/json",
status=204,
)
group_eid = self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/rql",
params=json.dumps(
{
"query": "INSERT CWGroup G: G name 'test-group'",
}
),
content_type="application/json",
status=200,
).json[0][0]
with self.admin_access.repo_cnx() as cnx:
assert cnx.entity_from_eid(group_eid).name == "test-group"
def test_current_user_returns_user_as_json(self):
self.webapp.post(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/login",
params=json.dumps({"login": self.admlogin, "password": self.admpassword}),
content_type="application/json",
status=204,
)
response = self.webapp.get(
f"{BASE_URL[:-1]}{API_PATH_DEFAULT_PREFIX}/v1/current-user", status=200
).json
assert response["login"] == self.admlogin
assert response["dcTitle"] == self.admlogin
assert type(response["eid"]) == int
if __name__ == "__main__":
from unittest import main
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment