feat: add user API tokens; handler methods to manage/authenticate

2025-08-08 22:40:52 -05:00 · 2025-08-08 22:40:52 -05:00 · a721e63275
commit a721e63275
parent 988749d80e
6 changed files with 242 additions and 4 deletions
--- a/tests/db/model/test_auth.py
+++ b/tests/db/model/test_auth.py
@ -43,3 +43,12 @@ else:
            person = Person(full_name="Barney Rubble")
            user.person = person
            self.assertEqual(str(user), "Barney Rubble")
+
+
+    class TestUserAPIToken(TestCase):
+
+        def test_str(self):
+            token = model.UserAPIToken()
+            self.assertEqual(str(token), "")
+            token.description = "test token"
+            self.assertEqual(str(token), "test token")
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -63,6 +63,32 @@ else:
            user = self.handler.authenticate_user(self.session, 'barney', 'goodpass')
            self.assertIsNone(user)

+        def test_authenticate_user_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+            token = self.handler.add_api_token(barney, "test token")
+            self.session.commit()
+
+            user = self.handler.authenticate_user_token(self.session, None)
+            self.assertIsNone(user)
+
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIs(user, barney)
+
+            barney.active = False
+            self.session.flush()
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIsNone(user)
+
+            barney.active = True
+            self.session.flush()
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIs(user, barney)
+
+            user = self.handler.authenticate_user_token(self.session, 'bad-token')
+            self.assertIsNone(user)
+
        def test_check_user_password(self):
            model = self.app.model
            barney = model.User(username='barney')
@ -416,3 +442,32 @@ else:
            self.handler.revoke_permission(myrole, 'foo')
            self.session.commit()
            self.assertEqual(self.session.query(model.Permission).count(), 0)
+
+        def test_generate_api_token_string(self):
+            token = self.handler.generate_api_token_string()
+            # TODO: not sure how to propertly test this yet...
+            self.assertEqual(len(token), 43)
+
+        def test_add_api_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+
+            token = self.handler.add_api_token(barney, "test token")
+            self.assertIs(token.user, barney)
+            self.assertEqual(token.description, "test token")
+            # TODO: not sure how to propertly test this yet...
+            self.assertEqual(len(token.token_string), 43)
+
+        def test_delete_api_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+            token = self.handler.add_api_token(barney, "test token")
+            self.session.commit()
+
+            self.session.refresh(barney)
+            self.assertEqual(len(barney.api_tokens), 1)
+            self.handler.delete_api_token(token)
+            self.session.refresh(barney)
+            self.assertEqual(len(barney.api_tokens), 0)