Skip to content

Commit

Permalink
Merge pull request #16 from chrisfilo/enh/token
Browse files Browse the repository at this point in the history 
[ENH] Token authentication
  • Loading branch information
@oesteban
oesteban authored Jun 1, 2017
2 parents aba6375 + f9d554a commit 71f8f8d
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 33 deletions.
7 changes: 6 additions & 1 deletion dockereve-master/eve-app/app.py
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
from eve import Eve
from eve.auth import TokenAuth
from eve_swagger import swagger
from settings import my_settings as ms
import os
script_dir = os.path.dirname(os.path.abspath(__file__))

app = Eve(settings=ms)
class TokenAuth(TokenAuth):
def check_auth(self, token, allowed_roles, resource, method):
return token == '<secret_token>'

app = Eve(settings=ms, auth=TokenAuth)
app.register_blueprint(swagger, url_prefix='/docs/api')
app.add_url_rule('/docs/api', 'eve_swagger.index')

Expand Down
2 changes: 2 additions & 0 deletions dockereve-master/eve-app/settings.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -554,6 +554,8 @@
'MONGO_HOST': get_mongo_host.group(1),
'MONGO_PORT': get_mongo_host.group(2),
'MONGO_DBNAME': 'scenarios',
'PUBLIC_METHODS': ['GET'],
'PUBLIC_ITEM_METHODS': ['GET'],
'X_DOMAINS': '*',
'DOMAIN': {
'bold': {
Expand Down
87 changes: 55 additions & 32 deletions test/testGetPost.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,34 +27,39 @@ def getRequest(post_resp, url):
get_resp = requests.get(getURL(post_resp, url))
return get_resp.json()


###### MAIN ######
header = {'content-type': 'application/json', 'Accept-Charset': 'UTF-8'}
authenticated_header = header.copy()
authenticated_header['Authorization'] = '<secret_token>'
numOfTestData = 84
urlBold = "http://localhost:80/bold"
urlT1w = "http://localhost:80/T1w"
codeForInvalid = 422


class TestCase(unittest.TestCase):

def test_00_GETAllData(self):
log = logging.getLogger("mriqcwebapi")

input_count = 0
for file_name in glob(T1wPattern):
with open(file_name) as fp:
input_data = json.load(fp)
for fileName in glob(T1wPattern):
with open(fileName) as fp:
inputData = json.load(fp)

input_count += 1 # POST request
postResponse = requests.post(urlT1w, data=json.dumps(inputData),
headers=authenticated_header)
self.assertTrue(postResponse.raise_for_status() is None)

input_count += 1
# POST request
requests.post(
urlT1w, data=json.dumps(input_data), headers=header)
# GET request
# print requests.get(urlT1w)
get_resp = requests.get(urlT1w).json()
log.debug("total: %d (input_count=%d)", get_resp['_meta']['total'], input_count)
log.debug("total: %d (input_count=%d)", get_resp['_meta']['total'],
input_count)
self.assertTrue(input_count == get_resp['_meta']['total'])


########## Testing Bold ############
def test_01_ConnectionStatus(self):
log = logging.getLogger("mriqcwebapi")
Expand All @@ -65,7 +70,7 @@ def test_01_ConnectionStatus(self):

# POST request
post_resp = requests.post(
urlBold, data=json.dumps(input_data), headers=header)
urlBold, data=json.dumps(input_data), headers=authenticated_header)

if post_resp.raise_for_status() is not None:
log.debug('Response: %s', post_resp.json())
Expand All @@ -77,6 +82,7 @@ def test_01_ConnectionStatus(self):
log.debug('Response: %s', get_resp.json())
self.assertTrue(get_resp.raise_for_status() is None)


def test_02_MissingFieldInput(self):
log = logging.getLogger("mriqcwebapi")

Expand All @@ -85,10 +91,12 @@ def test_02_MissingFieldInput(self):
input_data = json.load(fp)
# POST request
post_resp = requests.post(
urlBold, data=json.dumps(input_data), headers=header)
urlBold, data=json.dumps(input_data),
headers=authenticated_header)
# print post_resp.status_code
self.assertTrue(post_resp.status_code == codeForInvalid)


########## Testing T1w ############
def test_03_ConnectionStatus(self):
log = logging.getLogger("mriqcwebapi")
Expand All @@ -99,7 +107,7 @@ def test_03_ConnectionStatus(self):
# print input_data
# POST request
post_resp = requests.post(
urlT1w, data=json.dumps(input_data), headers=header)
urlT1w, data=json.dumps(input_data), headers=authenticated_header)

log.debug('Response: %s', post_resp.json())
if post_resp.raise_for_status() is not None:
Expand All @@ -111,6 +119,7 @@ def test_03_ConnectionStatus(self):
log.debug('Response: %s', get_resp.json())
self.assertTrue(get_resp.raise_for_status() is None)


def test_04_MissingFieldInput(self):
log = logging.getLogger("mriqcwebapi")

Expand All @@ -119,10 +128,12 @@ def test_04_MissingFieldInput(self):
input_data = json.load(fp)
# POST request
post_resp = requests.post(
urlT1w, data=json.dumps(input_data), headers=header)
urlT1w, data=json.dumps(input_data),
headers=authenticated_header)
# print post_resp.status_code
self.assertTrue(post_resp.status_code == codeForInvalid)


########## Cross Testing: send data to wrong end point ############
def test_05_boldDataToT1wEndPoint(self):
log = logging.getLogger("mriqcwebapi")
Expand All @@ -132,9 +143,11 @@ def test_05_boldDataToT1wEndPoint(self):
input_data = json.load(fp)
# POST request
post_resp = requests.post(
urlT1w, data=json.dumps(input_data), headers=header)
urlT1w, data=json.dumps(input_data),
headers=authenticated_header)
self.assertTrue(post_resp.status_code == codeForInvalid)


def test_06_T1wDataToBoldEndPoint(self):
log = logging.getLogger("mriqcwebapi")

Expand All @@ -143,17 +156,19 @@ def test_06_T1wDataToBoldEndPoint(self):
input_data = json.load(fp)
# POST request
post_resp = requests.post(
urlBold, data=json.dumps(input_data), headers=header)
urlBold, data=json.dumps(input_data),
headers=authenticated_header)
self.assertTrue(post_resp.status_code == codeForInvalid)

def test_07_T1wDataValid(self):

def test_07_T1wDataValid(self):
for file_name in glob(T1wPattern):
with open(file_name) as fp:
input_data = json.load(fp)
# 2. POST request
post_resp = requests.post(
urlT1w, data=json.dumps(input_data), headers=header)
urlT1w, data=json.dumps(input_data),
headers=authenticated_header)

# 3. GET request
queried_data = getRequest(post_resp, urlT1w)
Expand All @@ -164,26 +179,34 @@ def test_07_T1wDataValid(self):
# check key-value pair match
self.assertTrue(input_data[key] == queried_data[key])

def test_08_boldDataValid(self):

def test_08_boldDataValid(self):
for file_name in glob(boldPattern):
with open(file_name) as fp:
input_data = json.load(fp)
# 2. POST request
post_resp = requests.post(
urlBold, data=json.dumps(input_data), headers=header)

# 3. GET request
queried_data = getRequest(post_resp, urlBold)
# 4. validate input data and queried data
for key in input_data:
# check missing key
self.assertTrue(key in queried_data)
# check key-value pair match
self.assertTrue(input_data[key] == queried_data[key])


# ****************
# 2. POST request
post_resp = requests.post(
urlBold, data=json.dumps(input_data),
headers=authenticated_header)
self.assertTrue(post_resp.raise_for_status() is None)

# 3. GET request
queried_data = getRequest(post_resp, urlBold)
# 4. validate input data and queried data
for key in input_data:
# check missing key
self.assertTrue(key in queried_data)
# check key-value pair match
self.assertTrue(input_data[key] == queried_data[key])


def test_09_failedAuth(self):
with open(glob(boldPattern)[0]) as fp:
inputData = json.load(fp)
postResponse = requests.post(urlBold, data=json.dumps(inputData),
headers=header)
self.assertTrue(postResponse.status_code == 401) # ****************


if __name__ == '__main__':
Expand Down

0 comments on commit 71f8f8d

Please sign in to comment.