Patch use authentication on api (#1110)

* patch: use token to authenticate aganist API * patch: add authentication to test * patch: add authentication to api * patch: update tests to generate and use token for api
kartoza · Oct 9, 2024 · c88eb10 · c88eb10
1 parent 43659bf
commit c88eb10
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/django_project/monitor/site_views.py b/django_project/monitor/site_views.py
@@ -20,6 +20,8 @@
 from django.utils.dateparse import parse_date
 from drf_yasg.utils import swagger_auto_schema
 from drf_yasg import openapi
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework.permissions import IsAuthenticated
 
 
 from monitor.serializers import (
@@ -203,6 +205,8 @@ def get(self, request, latitude, longitude):
 
 class SitesWithObservationsView(APIView):
  serializer_class = SitesAndObservationsSerializer
+ authentication_classes = [JWTAuthentication]
+ permission_classes = [IsAuthenticated]
  @swagger_auto_schema(
  operation_description="Retrieve detailed information about a site, including its observations and images.",
  manual_parameters=[

diff --git a/django_project/monitor/tests/test_sites.py b/django_project/monitor/tests/test_sites.py
@@ -30,6 +30,11 @@ def image_field(self, name):
  def setUp(self):
  # Create a user for authentication
  self.user = User.objects.create_user(username='testuser', password='testpassword', email='test@example.com')
+ self.user_token = User.objects.create_superuser(
+ username='testuser2', 
+ password='testpassword', 
+ email='test@example2.com'
+ )
  self.site = Sites.objects.create(
  site_name='Test Site',
  river_name='Test River',
@@ -81,6 +86,15 @@ def setUp(self):
  elec_cond="2.50",
  elec_cond_unit="mS/m"
  )
+ self.token = self.generate_token_for_user(self.user_token.email)
+ self.client = APIClient()
+ self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token)
+
+ def generate_token_for_user(self, email):
+ url = reverse('generate_special_token', args=[email])
+ response = self.client.post(url)
+ self.assertEqual(response.status_code, status.HTTP_200_OK)
+ return response.json().get('token')
 
 
  def test_get_all_sites_with_observations(self):
@@ -119,6 +133,16 @@ def test_get_sites_with_observations_with_no_data(self):
  self.assertEqual(response.status_code, status.HTTP_200_OK)
  self.assertEqual(len(response.data), 0)
 
+ def test_get_sites_with_observations_without_token(self):
+ # Remove token authentication for this request
+ self.client.credentials()
+
+ url = reverse('sites-with-observations')
+ response = self.client.get(url)
+
+ # Expect 401 Unauthorized without a token
+ self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
 
  def test_multiple_image_upload(self):
  client = APIClient()