Merge pull request #8 from ral-facilities/4_post_sessions_take_data_i…

…n_body

#4: Move credentials checking to post body

src/resources/non_entities/sessions_endpoints.py

@@ -1,5 +1,6 @@
 import uuid
 
+from flask import request
 from flask_restful import Resource, reqparse
 
 from common.database_helpers import insert_row_into_table, delete_row_by_id, get_row_by_id
@@ -14,12 +15,9 @@ def post(self):
         Generates a sessionID if the user has correct credentials
         :return: String - SessionID
         """
-        parser = reqparse.RequestParser()
-        parser.add_argument("Authorization", location="headers")
-        args = parser.parse_args()
-        if args["Authorization"] is None:
-            return "Unauthorized", 401
-        if args["Authorization"] == "user:password":
+        if not (request.data and "username" in request.json and "password" in request.json):
+            return "Bad request", 400
+        if request.json["username"] == "user" and request.json["password"] == "password":
             session_id = str(uuid.uuid1())
             insert_row_into_table(SESSION(ID=session_id))
             return {"sessionID": session_id}, 201

test/resources/non_entities/test_sessions.py

@@ -2,8 +2,8 @@
 
 import requests
 
-from test.test_base.constants import GOOD_CREDENTIALS_HEADER, BAD_CREDENTIALS_HEADER
 from test.test_base.base_rest_test import RestTestCase
+from test.test_base.constants import GOOD_CREDENTIALS_HEADER, BAD_CREDENTIALS_HEADER
 
 uuid_pattern = re.compile("\\b[0-9a-f]{8}\\b-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-\\b[0-9a-f]{12}\\b")
 sessions_url = "http://localhost:5000/sessions"
@@ -18,18 +18,22 @@ def is_session_id_uuid(response):
 class TestSessions(RestTestCase):
 
     def test_post_generate_session_id_with_good_credentials(self):
-        response = requests.post(sessions_url, headers={"Authorization": "user:password"})
+        response = requests.post(sessions_url, json={"username": "user", "password": "password"})
         self.assertTrue(is_session_id_uuid(response), "sessionID returned is not a uuid")
         self.expect_status_code(201, response)
         self.expect_json_response(response)
 
     def test_post_generate_session_id_with_bad_credentials(self):
-        response = requests.post(sessions_url, headers=BAD_CREDENTIALS_HEADER)
+        response = requests.post(sessions_url, json={"username": "test", "password": "test"})
         self.expect_status_code(403, response)
 
+    def test_post_generate_session_id_with_bad_json(self):
+        response = requests.post(sessions_url, json={"test": "test", "test": "test"})
+        self.expect_status_code(400, response)
+
     def test_post_generate_session_id_with_no_credentials(self):
         response = requests.post(sessions_url)
-        self.expect_status_code(401, response)
+        self.expect_status_code(400, response)
 
     def test_delete_remove_session_id_with_real_session_id(self):
         response = requests.delete(sessions_url, headers=GOOD_CREDENTIALS_HEADER)