TG-35 : Ajout de l'API UserInfo + TU

2017-01-26 17:16:23 +01:00 · 2017-01-26 17:16:23 +01:00 · c7ed6d7f02
parent faebce28a2
commit c7ed6d7f02
5 changed files with 37 additions and 0 deletions
--- a/backend/README.md
+++ b/backend/README.md
@ -26,6 +26,9 @@ python-tk
 pdftk
 libmagickwand-dev
 ```
+```
+apt install python-dev python-pip libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk pdftk libmagickwand-dev
+```

 ## Python

--- a/backend/app/api/UserInfoAPI.py
+++ b/backend/app/api/UserInfoAPI.py
@ -0,0 +1,12 @@
+from flask import session
+from flask_restful import Resource
+
+
+class UserInfoAPI(Resource):
+    """
+        UserInfo Api Resource
+    """
+
+    def get(self):
+        user = session["user"]
+        return {'USER': user}, 200
--- a/backend/app/api/loginAPI.py
+++ b/backend/app/api/loginAPI.py
@ -16,6 +16,9 @@ class LoginAPI(Resource):
        parser.add_argument('password', required=True, help="Password cannot be blank!")
        args = parser.parse_args()

+        if "user" in session and session["user"] is not None:
+            return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201
+
        userInfo = self.getUserInfoFromCAS(args['login'], args['password'])

        if userInfo is not None:
@ -24,8 +27,10 @@ class LoginAPI(Resource):
                session['user'] = user
                return {'AUTH_RESULT': 'OK'}, 200
            else:
+                session['user'] = None
                return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
        else:
+            session['user'] = None
            return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401

    def delete(self):
--- a/backend/app/urls.py
+++ b/backend/app/urls.py
@ -1,3 +1,4 @@
+from app.api.UserInfoAPI import UserInfoAPI
 from app.api.exampleapi import SomeApi
 from app.api.loginAPI import LoginAPI
 from app.core import api
@ -5,3 +6,4 @@ from app.core import api
 # Some Api resource
 api.add_resource(SomeApi, '/api/someapi', '/api/someapi/<int:id>')
 api.add_resource(LoginAPI, '/api/login', '/api/login')
+api.add_resource(UserInfoAPI, '/api/userInfo', '/api/userInfo')
--- a/backend/tests/api/test_loginAPI.py
+++ b/backend/tests/api/test_loginAPI.py
@ -50,6 +50,9 @@ class AuthTestCase(unittest.TestCase):
                                 )
                             ), content_type='application/json')

+    def getUserInfo(self):
+        return self.app.get('/api/userInfo')
+
    def logout(self):
        return self.app.delete('/api/login')

@ -57,12 +60,24 @@ class AuthTestCase(unittest.TestCase):
        rv = self.login('admin', 'admin')
        self.assertEqual(rv.status_code, 200, 'Login as admin Failed')

+        rv = self.login('admin', 'admin')
+        self.assertEqual(rv.status_code, 201, 'Login as admin succeed but should have already been done')
+
+        rv = self.getUserInfo()
+        self.assertEqual(rv.status_code, 200, 'Getting user info failed')
+        self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": 4,
+                          "phone": "00.00.00.00.00"}, json.loads(rv.data)['USER'], 'Invalid user info')
+
        rv = self.logout()
        self.assertEqual(rv.status_code, 200, 'Logout Failed')

        rv = self.login('adminx', 'admin')
        self.assertEqual(rv.status_code, 401, 'Authentication from CAS has not failed for the invalid user xadmin !')

+        rv = self.getUserInfo()
+        self.assertEqual(rv.status_code, 200, 'Getting user info failed')
+        self.assertIsNone(json.loads(rv.data)['USER'], 'User info should be None')
+
        rv = self.login('admin', 'adminx')
        self.assertEqual(rv.status_code, 401,
                         'Authentication from CAS has not failed for the invalid password xadmin !')