Merge pull request #845 from simple-login/feature/api-key-require-sudo
require password to use the api key page
This commit is contained in:
commit
7464588144
|
@ -4,6 +4,7 @@ from flask_wtf import FlaskForm
|
|||
from wtforms import StringField, validators
|
||||
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.dashboard.views.enter_sudo import sudo_required
|
||||
from app.db import Session
|
||||
from app.models import ApiKey
|
||||
|
||||
|
@ -14,6 +15,7 @@ class NewApiKeyForm(FlaskForm):
|
|||
|
||||
@dashboard_bp.route("/api_key", methods=["GET", "POST"])
|
||||
@login_required
|
||||
@sudo_required
|
||||
def api_key():
|
||||
api_keys = (
|
||||
ApiKey.filter(ApiKey.user_id == current_user.id)
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
from time import time
|
||||
|
||||
from flask import url_for
|
||||
|
||||
from app.db import Session
|
||||
|
@ -5,10 +7,22 @@ from app.models import User, ApiKey
|
|||
from tests.utils import login
|
||||
|
||||
|
||||
def test_api_key_page_requires_password(flask_client):
|
||||
r = flask_client.get(
|
||||
url_for("dashboard.api_key"),
|
||||
)
|
||||
|
||||
assert r.status_code == 302
|
||||
|
||||
|
||||
def test_create_delete_api_key(flask_client):
|
||||
user = login(flask_client)
|
||||
Session.commit()
|
||||
|
||||
# to bypass sudo mode
|
||||
with flask_client.session_transaction() as session:
|
||||
session["sudo_time"] = int(time())
|
||||
|
||||
# create api_key
|
||||
create_r = flask_client.post(
|
||||
url_for("dashboard.api_key"),
|
||||
|
@ -51,6 +65,10 @@ def test_delete_all_api_keys(flask_client):
|
|||
assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2
|
||||
assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
|
||||
|
||||
# to bypass sudo mode
|
||||
with flask_client.session_transaction() as session:
|
||||
session["sudo_time"] = int(time())
|
||||
|
||||
# delete all of user 1's API keys
|
||||
r = flask_client.post(
|
||||
url_for("dashboard.api_key"),
|
||||
|
|
Loading…
Reference in New Issue