QRouland/M2OLA
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

TG-123 Revert les modifications liées au CAS

Browse Source
This commit is contained in:
Quentin Rouland 2017-03-24 09:16:21 +01:00
parent 5d55a9ae61
commit 23478481b1
3 changed files with 22 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
backend/app/api/LoginAPI.py
View File

@ -1,8 +1,8 @@
from flask import session from flask import session
from flask_restful import Resource from flask_restful import Resource
from flask_restful.reqparse import RequestParser
from app.core import cas from app.model import getUser
from app.model import *
class LoginAPI(Resource): class LoginAPI(Resource):
@ -10,19 +10,20 @@ class LoginAPI(Resource):
Login Api Resource Login Api Resource
""" """
def get(self): def post(self):
parser = RequestParser()
parser.add_argument('email', required=True, help="Email cannot be blank!")
parser.add_argument('password', required=True, help="Password cannot be blank!")
args = parser.parse_args()
if "user" in session and session["user"] is not None: if "user" in session and session["user"] is not None:
return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201 return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201
userInfo = self.getUserInfoFromCAS()
if userInfo is not None: user = getUser(email=args['email'])
user = getUser(login=userInfo['login'])
if user is not None and isUserAllowed(user["id"]): if user is not None and args['password'] == args['email']:
session['user'] = user session['user'] = user
return {'AUTH_RESULT': 'OK'}, 200 return {'AUTH_RESULT': 'OK'}, 200
else:
session['user'] = None
return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
else: else:
session['user'] = None session['user'] = None
return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401 return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
@ -31,8 +32,3 @@ class LoginAPI(Resource):
session['user'] = None session['user'] = None
return {'AUTH_RESULT': 'OK'}, 200 return {'AUTH_RESULT': 'OK'}, 200
def getUserInfoFromCAS(self):
if cas.username is not None:
return {"login": cas.username}
else:
return None

1
backend/requirements/common.txt
View File

@ -3,6 +3,7 @@ flask-script < 2.1
flask-sqlalchemy < 2.2 flask-sqlalchemy < 2.2
flask-restful < 0.4 flask-restful < 0.4
flask-cas flask-cas
mailer
mysqlclient < 1.4 mysqlclient < 1.4
pdfjinja < 1.1 pdfjinja < 1.1
PyPDF2 < 1.27 PyPDF2 < 1.27

20
backend/tests/api/test_Auth.py
View File

@ -46,7 +46,7 @@ class AuthTestCase(unittest.TestCase):
return self.app.post('/api/login', return self.app.post('/api/login',
data=json.dumps( data=json.dumps(
dict( dict(
login=email, email=email,
password=password password=password
) )
), content_type='application/json') ), content_type='application/json')
@ -58,34 +58,30 @@ class AuthTestCase(unittest.TestCase):
return self.app.delete('/api/login') return self.app.delete('/api/login')
def test_login_logout(self): def test_login_logout(self):
rv = self.login('admin', 'admin') rv = self.login('admin@admin.com', 'admin@admin.com')
self.assertEqual(rv.status_code, 200, 'Login as admin Failed') self.assertEqual(rv.status_code, 200, 'Login as admin Failed')
rv = self.login('admin', 'admin') rv = self.login('admin@admin.com', 'admin@admin.com')
self.assertEqual(rv.status_code, 201, 'Login as admin succeed but should have already been done') self.assertEqual(rv.status_code, 201, 'Login as admin succeed but should have already been done')
rv = self.getUserInfo() rv = self.getUserInfo()
self.assertEqual(rv.status_code, 200, 'Getting user info failed') self.assertEqual(rv.status_code, 200, 'Getting user info failed')
self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": 4, self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": "4",
"phone": "00.00.00.00.00"}, json.loads(rv.data)['USER'], 'Invalid user info') "phone": "00.00.00.00.00"}, json.loads(rv.data)['USER'], 'Invalid user info')
rv = self.logout() rv = self.logout()
self.assertEqual(rv.status_code, 200, 'Logout Failed') self.assertEqual(rv.status_code, 200, 'Logout Failed')
rv = self.login('adminx', 'admin') rv = self.login('adminx@admin.com', 'admin@admin.com')
self.assertEqual(rv.status_code, 401, 'Authentication from CAS has not failed for the invalid user xadmin !') self.assertEqual(rv.status_code, 401, 'Authentication not failed for the invalid user!')
rv = self.getUserInfo() rv = self.getUserInfo()
self.assertEqual(rv.status_code, 200, 'Getting user info failed') self.assertEqual(rv.status_code, 200, 'Getting user info failed')
self.assertIsNone(json.loads(rv.data)['USER'], 'User info should be None') self.assertIsNone(json.loads(rv.data)['USER'], 'User info should be None')
rv = self.login('admin', 'adminx') rv = self.login('admin@admin.com', 'admin@admin.comx')
self.assertEqual(rv.status_code, 401, self.assertEqual(rv.status_code, 401,
'Authentication from CAS has not failed for the invalid password xadmin !') 'Authenticationnot failed for the invalid password !')
rv = self.login('toto', 'toto')
self.assertEqual(rv.status_code, 403, 'Authentication shouldn\'t be allowed for user toto !')
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()