darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-02 09:15:19 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added user verify password endpoint.

Browse Source
This commit is contained in:
Nicholas Staples
2016-01-20 16:25:18 +00:00
parent 76c228a550
commit 0ec69b89ee
2 changed files with 95 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/user/rest.py
View File

@@ -13,11 +13,11 @@ from flask import Blueprint
user = Blueprint('user', __name__) user = Blueprint('user', __name__)
# TODO auth to be added
@user.route('', methods=['POST']) @user.route('', methods=['POST'])
def create_user(): def create_user():
user, errors = user_schema.load(request.get_json()) user, errors = user_schema.load(request.get_json())
req_json = request.get_json() req_json = request.get_json()
# TODO password policy, what is valid password
if not req_json.get('password'): if not req_json.get('password'):
errors = {'password': ['Missing data for required field.']} errors = {'password': ['Missing data for required field.']}
return jsonify(result="error", message=errors), 400 return jsonify(result="error", message=errors), 400
@@ -29,7 +29,6 @@ def create_user():
return jsonify(data=user_schema.dump(user).data), 201 return jsonify(data=user_schema.dump(user).data), 201
# TODO auth to be added
@user.route('/<int:user_id>', methods=['PUT', 'DELETE']) @user.route('/<int:user_id>', methods=['PUT', 'DELETE'])
def update_user(user_id): def update_user(user_id):
try: try:
@@ -50,7 +49,27 @@ def update_user(user_id):
return jsonify(data=user_schema.dump(user).data), status_code return jsonify(data=user_schema.dump(user).data), status_code
# TODO auth to be added. @user.route('/<int:user_id>/verify/password', methods=['POST'])
def verify_user_password(user_id):
try:
user = get_model_users(user_id=user_id)
except DataError:
return jsonify(result="error", message="Invalid user id"), 400
except NoResultFound:
return jsonify(result="error", message="User not found"), 404
text_pwd = None
try:
text_pwd = request.get_json()['password']
except KeyError:
return jsonify(
result="error",
message={'password': ['Required field missing data']}), 400
if user.check_password(text_pwd):
return jsonify(), 204
else:
return jsonify(result='error', message={'password': ['Incorrect password']}), 400
@user.route('/<int:user_id>', methods=['GET']) @user.route('/<int:user_id>', methods=['GET'])
@user.route('/', methods=['GET']) @user.route('/', methods=['GET'])
def get_user(user_id=None): def get_user(user_id=None):
@@ -64,7 +83,6 @@ def get_user(user_id=None):
return jsonify(data=result.data) return jsonify(data=result.data)
# TODO auth to be added
@user.route('/<int:user_id>/service', methods=['GET']) @user.route('/<int:user_id>/service', methods=['GET'])
@user.route('/<int:user_id>/service/<int:service_id>', methods=['GET']) @user.route('/<int:user_id>/service/<int:service_id>', methods=['GET'])
def get_service_by_user_id(user_id, service_id=None): def get_service_by_user_id(user_id, service_id=None):

73
tests/app/user/test_rest.py
View File

@@ -358,3 +358,76 @@ def test_delete_user_not_exists(notify_api, notify_db, notify_db_session, sample
headers=[('Content-Type', 'application/json'), auth_header]) headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 404 assert resp.status_code == 404
assert User.query.count() == 2 assert User.query.count() == 2
def test_user_verify_password(notify_api,
notify_db,
notify_db_session,
sample_user,
sample_admin_service_id):
"""
Tests POST endpoint '/<user_id>/verify/password'
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'password': 'password'})
auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
def test_user_verify_password_invalid_password(notify_api,
notify_db,
notify_db_session,
sample_user,
sample_admin_service_id):
"""
Tests POST endpoint '/<user_id>/verify/password' invalid endpoint.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'password': 'bad password'})
auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True))
assert 'Incorrect password' in json_resp['message']['password']
def test_user_verify_password_missing_password(notify_api,
notify_db,
notify_db_session,
sample_user,
sample_admin_service_id):
"""
Tests POST endpoint '/<user_id>/verify/password' missing password.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'bingo': 'bongo'})
auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True))
assert 'Required field missing data' in json_resp['message']['password']