Token support (#504)

Added API support to generate authentication tokens, at `/api/projects/:id/token`
2025-04-28 17:32:38 +02:00 · 2019-10-25 13:17:54 +02:00 · 2019-10-25 13:17:54 +02:00 · b683d062f0
commit b683d062f0
parent e30d863c56
2 changed files with 48 additions and 0 deletions
--- a/ihatemoney/api.py
+++ b/ihatemoney/api.py
@ -186,8 +186,20 @@ class BillHandler(Resource):
        return "OK", 200


+class TokenHandler(Resource):
+    method_decorators = [need_auth]
+
+    def get(self, project):
+        if not project:
+            return "Not Found", 404
+
+        token = project.generate_token()
+        return {"token": token}, 200
+
+
 restful_api.add_resource(ProjectsHandler, "/projects")
 restful_api.add_resource(ProjectHandler, "/projects/<string:project_id>")
+restful_api.add_resource(TokenHandler, "/projects/<string:project_id>/token")
 restful_api.add_resource(MembersHandler, "/projects/<string:project_id>/members")
 restful_api.add_resource(
    ProjectStatsHandler, "/projects/<string:project_id>/statistics"
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@ -1357,6 +1357,42 @@ class APITestCase(IhatemoneyTestCase):
        )
        self.assertEqual(401, resp.status_code)

+    def test_token_creation(self):
+        """Test that token of project is generated
+        """
+
+        # Create project
+        resp = self.api_create("raclette")
+        self.assertTrue(201, resp.status_code)
+
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+
+        # Access with token
+        resp = self.client.get(
+            "/api/projects/raclette/token",
+            headers={"Authorization": "Basic %s" % decoded_resp["token"]},
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+    def test_token_login(self):
+        resp = self.api_create("raclette")
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+        resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"]))
+        # Test that we are redirected.
+        self.assertEqual(302, resp.status_code)
+
    def test_member(self):
        # create a project
        self.api_create("raclette")