From f7f9b7447b4b47fb1d98b78852434e49daeb3295 Mon Sep 17 00:00:00 2001
From: Louise Davies <louise.davies@stfc.ac.uk>
Date: Thu, 6 Feb 2020 13:26:53 +0000
Subject: [PATCH 1/2] #120 - set username + expiredatetime on POST /session

---
 src/resources/non_entities/sessions_endpoints.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/resources/non_entities/sessions_endpoints.py b/src/resources/non_entities/sessions_endpoints.py
index 157258b9..53ab521e 100644
--- a/src/resources/non_entities/sessions_endpoints.py
+++ b/src/resources/non_entities/sessions_endpoints.py
@@ -6,6 +6,7 @@
 from common.database_helpers import insert_row_into_table, delete_row_by_id, get_row_by_id
 from common.helpers import get_session_id_from_auth_header, requires_session_id, queries_records
 from common.models.db_models import SESSION
+import datetime
 
 
 class Sessions(Resource):
@@ -19,7 +20,7 @@ def post(self):
             return "Bad request", 400
         if request.json["username"] == "user" and request.json["password"] == "password":
             session_id = str(uuid.uuid1())
-            insert_row_into_table(SESSION, SESSION(ID=session_id))
+            insert_row_into_table(SESSION, SESSION(ID=session_id, USERNAME="datagateway-api/user", EXPIREDATETIME=datetime.datetime.now() + datetime.timedelta(days=1)))
             return {"sessionID": session_id}, 201
         return "Forbidden", 403
 

From 206a78fae4513c5fa340fca9271a6487df1490c0 Mon Sep 17 00:00:00 2001
From: Louise Davies <louise.davies@stfc.ac.uk>
Date: Tue, 11 Feb 2020 15:22:31 +0000
Subject: [PATCH 2/2] set username to simple/root to give root access on
 default install

---
 src/resources/non_entities/sessions_endpoints.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/resources/non_entities/sessions_endpoints.py b/src/resources/non_entities/sessions_endpoints.py
index 53ab521e..2a4531c4 100644
--- a/src/resources/non_entities/sessions_endpoints.py
+++ b/src/resources/non_entities/sessions_endpoints.py
@@ -20,7 +20,7 @@ def post(self):
             return "Bad request", 400
         if request.json["username"] == "user" and request.json["password"] == "password":
             session_id = str(uuid.uuid1())
-            insert_row_into_table(SESSION, SESSION(ID=session_id, USERNAME="datagateway-api/user", EXPIREDATETIME=datetime.datetime.now() + datetime.timedelta(days=1)))
+            insert_row_into_table(SESSION, SESSION(ID=session_id, USERNAME="simple/root", EXPIREDATETIME=datetime.datetime.now() + datetime.timedelta(days=1)))
             return {"sessionID": session_id}, 201
         return "Forbidden", 403