diff --git a/ihatemoney/api.py b/ihatemoney/api.py index bb2ac9ba..67c6cc18 100644 --- a/ihatemoney/api.py +++ b/ihatemoney/api.py @@ -186,8 +186,20 @@ class BillHandler(Resource): return "OK", 200 +class TokenHandler(Resource): + method_decorators = [need_auth] + + def get(self, project): + if not project: + return "Not Found", 404 + + token = project.generate_token() + return {"token": token}, 200 + + restful_api.add_resource(ProjectsHandler, "/projects") restful_api.add_resource(ProjectHandler, "/projects/") +restful_api.add_resource(TokenHandler, "/projects//token") restful_api.add_resource(MembersHandler, "/projects//members") restful_api.add_resource( ProjectStatsHandler, "/projects//statistics" diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index 7fe4adfb..7644490c 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -1357,6 +1357,42 @@ class APITestCase(IhatemoneyTestCase): ) self.assertEqual(401, resp.status_code) + def test_token_creation(self): + """Test that token of project is generated + """ + + # Create project + resp = self.api_create("raclette") + self.assertTrue(201, resp.status_code) + + # Get token + resp = self.client.get( + "/api/projects/raclette/token", headers=self.get_auth("raclette") + ) + + self.assertEqual(200, resp.status_code) + + decoded_resp = json.loads(resp.data.decode("utf-8")) + + # Access with token + resp = self.client.get( + "/api/projects/raclette/token", + headers={"Authorization": "Basic %s" % decoded_resp["token"]}, + ) + + self.assertEqual(200, resp.status_code) + + def test_token_login(self): + resp = self.api_create("raclette") + # Get token + resp = self.client.get( + "/api/projects/raclette/token", headers=self.get_auth("raclette") + ) + decoded_resp = json.loads(resp.data.decode("utf-8")) + resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"])) + # Test that we are redirected. + self.assertEqual(302, resp.status_code) + def test_member(self): # create a project self.api_create("raclette")