feat: add user API tokens; handler methods to manage/authenticate

2025-08-08 22:40:52 -05:00 · 2025-08-08 22:40:52 -05:00 · a721e63275
commit a721e63275
parent 988749d80e
6 changed files with 242 additions and 4 deletions
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -63,6 +63,32 @@ else:
            user = self.handler.authenticate_user(self.session, 'barney', 'goodpass')
            self.assertIsNone(user)

+        def test_authenticate_user_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+            token = self.handler.add_api_token(barney, "test token")
+            self.session.commit()
+
+            user = self.handler.authenticate_user_token(self.session, None)
+            self.assertIsNone(user)
+
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIs(user, barney)
+
+            barney.active = False
+            self.session.flush()
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIsNone(user)
+
+            barney.active = True
+            self.session.flush()
+            user = self.handler.authenticate_user_token(self.session, token.token_string)
+            self.assertIs(user, barney)
+
+            user = self.handler.authenticate_user_token(self.session, 'bad-token')
+            self.assertIsNone(user)
+
        def test_check_user_password(self):
            model = self.app.model
            barney = model.User(username='barney')
@ -416,3 +442,32 @@ else:
            self.handler.revoke_permission(myrole, 'foo')
            self.session.commit()
            self.assertEqual(self.session.query(model.Permission).count(), 0)
+
+        def test_generate_api_token_string(self):
+            token = self.handler.generate_api_token_string()
+            # TODO: not sure how to propertly test this yet...
+            self.assertEqual(len(token), 43)
+
+        def test_add_api_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+
+            token = self.handler.add_api_token(barney, "test token")
+            self.assertIs(token.user, barney)
+            self.assertEqual(token.description, "test token")
+            # TODO: not sure how to propertly test this yet...
+            self.assertEqual(len(token.token_string), 43)
+
+        def test_delete_api_token(self):
+            model = self.app.model
+            barney = model.User(username='barney')
+            self.session.add(barney)
+            token = self.handler.add_api_token(barney, "test token")
+            self.session.commit()
+
+            self.session.refresh(barney)
+            self.assertEqual(len(barney.api_tokens), 1)
+            self.handler.delete_api_token(token)
+            self.session.refresh(barney)
+            self.assertEqual(len(barney.api_tokens), 0)