From 0ec69b89ee709dcf8e159694764ff4651f461acd Mon Sep 17 00:00:00 2001 From: Nicholas Staples Date: Wed, 20 Jan 2016 16:25:18 +0000 Subject: [PATCH] Added user verify password endpoint. --- app/user/rest.py | 26 +++++++++++-- tests/app/user/test_rest.py | 73 +++++++++++++++++++++++++++++++++++++ 2 files changed, 95 insertions(+), 4 deletions(-) diff --git a/app/user/rest.py b/app/user/rest.py index 9e1fbb6d0..71f3327b7 100644 --- a/app/user/rest.py +++ b/app/user/rest.py @@ -13,11 +13,11 @@ from flask import Blueprint user = Blueprint('user', __name__) -# TODO auth to be added @user.route('', methods=['POST']) def create_user(): user, errors = user_schema.load(request.get_json()) req_json = request.get_json() + # TODO password policy, what is valid password if not req_json.get('password'): errors = {'password': ['Missing data for required field.']} return jsonify(result="error", message=errors), 400 @@ -29,7 +29,6 @@ def create_user(): return jsonify(data=user_schema.dump(user).data), 201 -# TODO auth to be added @user.route('/', methods=['PUT', 'DELETE']) def update_user(user_id): try: @@ -50,7 +49,27 @@ def update_user(user_id): return jsonify(data=user_schema.dump(user).data), status_code -# TODO auth to be added. +@user.route('//verify/password', methods=['POST']) +def verify_user_password(user_id): + try: + user = get_model_users(user_id=user_id) + except DataError: + return jsonify(result="error", message="Invalid user id"), 400 + except NoResultFound: + return jsonify(result="error", message="User not found"), 404 + text_pwd = None + try: + text_pwd = request.get_json()['password'] + except KeyError: + return jsonify( + result="error", + message={'password': ['Required field missing data']}), 400 + if user.check_password(text_pwd): + return jsonify(), 204 + else: + return jsonify(result='error', message={'password': ['Incorrect password']}), 400 + + @user.route('/', methods=['GET']) @user.route('/', methods=['GET']) def get_user(user_id=None): @@ -64,7 +83,6 @@ def get_user(user_id=None): return jsonify(data=result.data) -# TODO auth to be added @user.route('//service', methods=['GET']) @user.route('//service/', methods=['GET']) def get_service_by_user_id(user_id, service_id=None): diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py index 38f5dc13e..0c01dae75 100644 --- a/tests/app/user/test_rest.py +++ b/tests/app/user/test_rest.py @@ -358,3 +358,76 @@ def test_delete_user_not_exists(notify_api, notify_db, notify_db_session, sample headers=[('Content-Type', 'application/json'), auth_header]) assert resp.status_code == 404 assert User.query.count() == 2 + + +def test_user_verify_password(notify_api, + notify_db, + notify_db_session, + sample_user, + sample_admin_service_id): + """ + Tests POST endpoint '//verify/password' + """ + with notify_api.test_request_context(): + with notify_api.test_client() as client: + data = json.dumps({'password': 'password'}) + auth_header = create_authorization_header( + service_id=sample_admin_service_id, + path=url_for('user.verify_user_password', user_id=sample_user.id), + method='POST', + request_body=data) + resp = client.post( + url_for('user.verify_user_password', user_id=sample_user.id), + data=data, + headers=[('Content-Type', 'application/json'), auth_header]) + assert resp.status_code == 204 + + +def test_user_verify_password_invalid_password(notify_api, + notify_db, + notify_db_session, + sample_user, + sample_admin_service_id): + """ + Tests POST endpoint '//verify/password' invalid endpoint. + """ + with notify_api.test_request_context(): + with notify_api.test_client() as client: + data = json.dumps({'password': 'bad password'}) + auth_header = create_authorization_header( + service_id=sample_admin_service_id, + path=url_for('user.verify_user_password', user_id=sample_user.id), + method='POST', + request_body=data) + resp = client.post( + url_for('user.verify_user_password', user_id=sample_user.id), + data=data, + headers=[('Content-Type', 'application/json'), auth_header]) + assert resp.status_code == 400 + json_resp = json.loads(resp.get_data(as_text=True)) + assert 'Incorrect password' in json_resp['message']['password'] + + +def test_user_verify_password_missing_password(notify_api, + notify_db, + notify_db_session, + sample_user, + sample_admin_service_id): + """ + Tests POST endpoint '//verify/password' missing password. + """ + with notify_api.test_request_context(): + with notify_api.test_client() as client: + data = json.dumps({'bingo': 'bongo'}) + auth_header = create_authorization_header( + service_id=sample_admin_service_id, + path=url_for('user.verify_user_password', user_id=sample_user.id), + method='POST', + request_body=data) + resp = client.post( + url_for('user.verify_user_password', user_id=sample_user.id), + data=data, + headers=[('Content-Type', 'application/json'), auth_header]) + assert resp.status_code == 400 + json_resp = json.loads(resp.get_data(as_text=True)) + assert 'Required field missing data' in json_resp['message']['password']