From c7ed6d7f02b88dc0872186a511d4c438e55b602e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20ARNAUDEAU?= <clement.arnaudeau@yahoo.fr>
Date: Thu, 26 Jan 2017 17:16:23 +0100
Subject: [PATCH] TG-35 : Ajout de l'API UserInfo + TU

---
 backend/README.md                                 |  3 +++
 backend/app/api/UserInfoAPI.py                    | 12 ++++++++++++
 backend/app/api/loginAPI.py                       |  5 +++++
 backend/app/urls.py                               |  2 ++
 .../tests/api/{test_loginAPI.py => test_Auth.py}  | 15 +++++++++++++++
 5 files changed, 37 insertions(+)
 create mode 100644 backend/app/api/UserInfoAPI.py
 rename backend/tests/api/{test_loginAPI.py => test_Auth.py} (78%)

diff --git a/backend/README.md b/backend/README.md
index 6e98457..0d43c7a 100644
--- a/backend/README.md
+++ b/backend/README.md
@@ -26,6 +26,9 @@ python-tk
 pdftk
 libmagickwand-dev
 ```
+```
+apt install python-dev python-pip libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk pdftk libmagickwand-dev
+```
 
 ## Python
 
diff --git a/backend/app/api/UserInfoAPI.py b/backend/app/api/UserInfoAPI.py
new file mode 100644
index 0000000..55f3625
--- /dev/null
+++ b/backend/app/api/UserInfoAPI.py
@@ -0,0 +1,12 @@
+from flask import session
+from flask_restful import Resource
+
+
+class UserInfoAPI(Resource):
+    """
+        UserInfo Api Resource
+    """
+
+    def get(self):
+        user = session["user"]
+        return {'USER': user}, 200
diff --git a/backend/app/api/loginAPI.py b/backend/app/api/loginAPI.py
index d35681c..6289abc 100644
--- a/backend/app/api/loginAPI.py
+++ b/backend/app/api/loginAPI.py
@@ -16,6 +16,9 @@ class LoginAPI(Resource):
         parser.add_argument('password', required=True, help="Password cannot be blank!")
         args = parser.parse_args()
 
+        if "user" in session and session["user"] is not None:
+            return {'AUTH_RESULT': 'ALREADY_LOGGED'}, 201
+
         userInfo = self.getUserInfoFromCAS(args['login'], args['password'])
 
         if userInfo is not None:
@@ -24,8 +27,10 @@ class LoginAPI(Resource):
                 session['user'] = user
                 return {'AUTH_RESULT': 'OK'}, 200
             else:
+                session['user'] = None
                 return {'AUTH_RESULT': 'NOT_ALLOWED'}, 403
         else:
+            session['user'] = None
             return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
 
     def delete(self):
diff --git a/backend/app/urls.py b/backend/app/urls.py
index 3ac6771..b8316dd 100644
--- a/backend/app/urls.py
+++ b/backend/app/urls.py
@@ -1,3 +1,4 @@
+from app.api.UserInfoAPI import UserInfoAPI
 from app.api.exampleapi import SomeApi
 from app.api.loginAPI import LoginAPI
 from app.core import api
@@ -5,3 +6,4 @@ from app.core import api
 # Some Api resource
 api.add_resource(SomeApi, '/api/someapi', '/api/someapi/<int:id>')
 api.add_resource(LoginAPI, '/api/login', '/api/login')
+api.add_resource(UserInfoAPI, '/api/userInfo', '/api/userInfo')
diff --git a/backend/tests/api/test_loginAPI.py b/backend/tests/api/test_Auth.py
similarity index 78%
rename from backend/tests/api/test_loginAPI.py
rename to backend/tests/api/test_Auth.py
index d21eabb..f8a6b0a 100644
--- a/backend/tests/api/test_loginAPI.py
+++ b/backend/tests/api/test_Auth.py
@@ -50,6 +50,9 @@ class AuthTestCase(unittest.TestCase):
                                  )
                              ), content_type='application/json')
 
+    def getUserInfo(self):
+        return self.app.get('/api/userInfo')
+
     def logout(self):
         return self.app.delete('/api/login')
 
@@ -57,12 +60,24 @@ class AuthTestCase(unittest.TestCase):
         rv = self.login('admin', 'admin')
         self.assertEqual(rv.status_code, 200, 'Login as admin Failed')
 
+        rv = self.login('admin', 'admin')
+        self.assertEqual(rv.status_code, 201, 'Login as admin succeed but should have already been done')
+
+        rv = self.getUserInfo()
+        self.assertEqual(rv.status_code, 200, 'Getting user info failed')
+        self.assertEqual({"id": getUser(login="admin")["id"], "login": "admin", "email": "admin@admin.com", "role": 4,
+                          "phone": "00.00.00.00.00"}, json.loads(rv.data)['USER'], 'Invalid user info')
+
         rv = self.logout()
         self.assertEqual(rv.status_code, 200, 'Logout Failed')
 
         rv = self.login('adminx', 'admin')
         self.assertEqual(rv.status_code, 401, 'Authentication from CAS has not failed for the invalid user xadmin !')
 
+        rv = self.getUserInfo()
+        self.assertEqual(rv.status_code, 200, 'Getting user info failed')
+        self.assertIsNone(json.loads(rv.data)['USER'], 'User info should be None')
+
         rv = self.login('admin', 'adminx')
         self.assertEqual(rv.status_code, 401,
                          'Authentication from CAS has not failed for the invalid password xadmin !')