From 23478481b1a31e7cc353d80315848ecf1f37ec18 Mon Sep 17 00:00:00 2001
From: Quentin Rouland <quentin.rouland@rdrive.ovh>
Date: Fri, 24 Mar 2017 09:16:21 +0100
Subject: [PATCH] =?UTF-8?q?TG-123=20Revert=20les=20modifications=20li?=
 =?UTF-8?q?=C3=A9es=20au=20CAS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/app/api/LoginAPI.py     | 30 +++++++++++++-----------------
 backend/requirements/common.txt |  1 +
 backend/tests/api/test_Auth.py  | 20 ++++++++------------
 3 files changed, 22 insertions(+), 29 deletions(-)

diff --git a/backend/app/api/LoginAPI.py b/backend/app/api/LoginAPI.py
index bc3917a..13a4b15 100644
--- a/backend/app/api/LoginAPI.py
+++ b/backend/app/api/LoginAPI.py
@@ -1,8 +1,8 @@
 from flask import session
 from flask_restful import Resource
+from flask_restful.reqparse import RequestParser
 
-from app.core import cas
-from app.model import *
+from app.model import getUser
 
 
 class LoginAPI(Resource):
@@ -10,19 +10,20 @@ class LoginAPI(Resource):
         Login Api Resource
     """
 
-    def get(self):
+    def post(self):
+        parser = RequestParser()
+        parser.add_argument('email', required=True, help="Email cannot be blank!")
+        parser.add_argument('password', required=True, help="Password cannot be blank!")
+        args = parser.parse_args()
+
         if "user" in session and session["user"] is not None:
             return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201
-        userInfo = self.getUserInfoFromCAS()
 
-        if userInfo is not None:
-            user = getUser(login=userInfo['login'])
-            if user is not None and isUserAllowed(user["id"]):
-                session['user'] = user
-                return {'AUTH_RESULT': 'OK'}, 200
-            else:
-                session['user'] = None
-                return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
+        user = getUser(email=args['email'])
+
+        if user is not None and args['password'] == args['email']:
+            session['user'] = user
+            return {'AUTH_RESULT': 'OK'}, 200
         else:
             session['user'] = None
             return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
@@ -31,8 +32,3 @@ class LoginAPI(Resource):
         session['user'] = None
         return {'AUTH_RESULT': 'OK'}, 200
 
-    def getUserInfoFromCAS(self):
-        if cas.username is not None:
-            return {"login": cas.username}
-        else:
-            return None
diff --git a/backend/requirements/common.txt b/backend/requirements/common.txt
index d0d77ca..f923bb7 100644
--- a/backend/requirements/common.txt
+++ b/backend/requirements/common.txt
@@ -3,6 +3,7 @@ flask-script < 2.1
 flask-sqlalchemy < 2.2
 flask-restful < 0.4
 flask-cas
+mailer
 mysqlclient < 1.4
 pdfjinja < 1.1
 PyPDF2 < 1.27
diff --git a/backend/tests/api/test_Auth.py b/backend/tests/api/test_Auth.py
index b13869f..82c0e55 100644
--- a/backend/tests/api/test_Auth.py
+++ b/backend/tests/api/test_Auth.py
@@ -46,7 +46,7 @@ class AuthTestCase(unittest.TestCase):
         return self.app.post('/api/login',
                              data=json.dumps(
                                  dict(
-                                     login=email,
+                                     email=email,
                                      password=password
                                  )
                              ), content_type='application/json')
@@ -58,34 +58,30 @@ class AuthTestCase(unittest.TestCase):
         return self.app.delete('/api/login')
 
     def test_login_logout(self):
-        rv = self.login('admin', 'admin')
+        rv = self.login('admin@admin.com', 'admin@admin.com')
         self.assertEqual(rv.status_code, 200, 'Login as admin Failed')
 
-        rv = self.login('admin', 'admin')
+        rv = self.login('admin@admin.com', 'admin@admin.com')
         self.assertEqual(rv.status_code, 201, 'Login as admin succeed but should have already been done')
 
         rv = self.getUserInfo()
         self.assertEqual(rv.status_code, 200, 'Getting user info failed')
-        self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": 4,
+        self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": "4",
                           "phone": "00.00.00.00.00"}, json.loads(rv.data)['USER'], 'Invalid user info')
 
         rv = self.logout()
         self.assertEqual(rv.status_code, 200, 'Logout Failed')
 
-        rv = self.login('adminx', 'admin')
-        self.assertEqual(rv.status_code, 401, 'Authentication from CAS has not failed for the invalid user xadmin !')
+        rv = self.login('adminx@admin.com', 'admin@admin.com')
+        self.assertEqual(rv.status_code, 401, 'Authentication not failed for the invalid user!')
 
         rv = self.getUserInfo()
         self.assertEqual(rv.status_code, 200, 'Getting user info failed')
         self.assertIsNone(json.loads(rv.data)['USER'], 'User info should be None')
 
-        rv = self.login('admin', 'adminx')
+        rv = self.login('admin@admin.com', 'admin@admin.comx')
         self.assertEqual(rv.status_code, 401,
-                         'Authentication from CAS has not failed for the invalid password xadmin !')
-
-        rv = self.login('toto', 'toto')
-        self.assertEqual(rv.status_code, 403, 'Authentication shouldn\'t be allowed for user toto !')
-
+                         'Authenticationnot failed for the invalid password !')
 
 if __name__ == '__main__':
     unittest.main()