abd3333bae
* token based authentication * authentication Basic base64encode(api_key:api_secret) token api_key:api_secret * test added Validation: only user with system manager can generate the keys * codacy issues fixed * token based authentication * authentication Basic base64encode(api_key:api_secret) token api_key:api_secret * test added Validation: only user with system manager can generate the keys * codacy issues fixed * use frappe.safe_encode * base64 encode use frappe.safe_encode * set frappe.local.form_dict after setting user * removed test * removed unused imports * test for python 3 * Update user.js * [user.py] throw correct error * Update user.py
68 lines
No EOL
2.7 KiB
Python
68 lines
No EOL
2.7 KiB
Python
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
|
|
# MIT License. See license.txt
|
|
from __future__ import unicode_literals
|
|
|
|
import unittest, frappe, os
|
|
from frappe.utils import get_url
|
|
from frappe.core.doctype.user.user import generate_keys
|
|
|
|
import requests
|
|
import base64
|
|
|
|
|
|
class TestAPI(unittest.TestCase):
|
|
def test_insert_many(self):
|
|
if os.environ.get('CI'):
|
|
return
|
|
from frappe.frappeclient import FrappeClient
|
|
|
|
frappe.db.sql('delete from `tabToDo` where description like "Test API%"')
|
|
frappe.db.commit()
|
|
|
|
server = FrappeClient(get_url(), "Administrator", "admin", verify=False)
|
|
|
|
server.insert_many([
|
|
{"doctype": "ToDo", "description": "Test API 1"},
|
|
{"doctype": "ToDo", "description": "Test API 2"},
|
|
{"doctype": "ToDo", "description": "Test API 3"},
|
|
])
|
|
|
|
self.assertTrue(frappe.db.get_value('ToDo', {'description': 'Test API 1'}))
|
|
self.assertTrue(frappe.db.get_value('ToDo', {'description': 'Test API 2'}))
|
|
self.assertTrue(frappe.db.get_value('ToDo', {'description': 'Test API 3'}))
|
|
|
|
def test_auth_via_api_key_secret(self):
|
|
|
|
# generate api ke and api secret for administrator
|
|
keys = generate_keys("Administrator")
|
|
frappe.db.commit()
|
|
generated_secret = frappe.utils.password.get_decrypted_password(
|
|
"User", "Administrator", fieldname='api_secret'
|
|
)
|
|
|
|
api_key = frappe.db.get_value("User", "Administrator", "api_key")
|
|
header = {"Authorization": "token {}:{}".format(api_key, generated_secret)}
|
|
res = requests.post(frappe.get_site_config().host_name + "/api/method/frappe.auth.get_logged_user", headers=header)
|
|
|
|
self.assertEqual(res.status_code, 200)
|
|
self.assertEqual("Administrator", res.json()["message"])
|
|
self.assertEqual(keys['api_secret'], generated_secret)
|
|
|
|
header = {"Authorization": "Basic {}".format(base64.b64encode(frappe.safe_encode("{}:{}".format(api_key, generated_secret))).decode())}
|
|
res = requests.post(frappe.get_site_config().host_name + "/api/method/frappe.auth.get_logged_user", headers=header)
|
|
self.assertEqual(res.status_code, 200)
|
|
self.assertEqual("Administrator", res.json()["message"])
|
|
|
|
# Valid api key, invalid api secret
|
|
api_secret = "ksk&93nxoe3os"
|
|
header = {"Authorization": "token {}:{}".format(api_key, api_secret)}
|
|
res = requests.post(frappe.get_site_config().host_name + "/api/method/frappe.auth.get_logged_user", headers=header)
|
|
self.assertEqual(res.status_code, 403)
|
|
|
|
|
|
# random api key and api secret
|
|
api_key = "@3djdk3kld"
|
|
api_secret = "ksk&93nxoe3os"
|
|
header = {"Authorization": "token {}:{}".format(api_key, api_secret)}
|
|
res = requests.post(frappe.get_site_config().host_name + "/api/method/frappe.auth.get_logged_user", headers=header)
|
|
self.assertEqual(res.status_code, 401) |