From 73435a3a345b2455276871f00b289d7046acee3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Antonio=20de=20la=20Torre?=
 <1927763+JoseAntonioTorre@users.noreply.github.com>
Date: Fri, 25 Oct 2019 13:17:54 +0200
Subject: [PATCH] Token support (#504)

Added API support to generate authentication tokens, at `/api/projects/:id/token`
---
 ihatemoney/api.py         | 12 ++++++++++++
 ihatemoney/tests/tests.py | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/ihatemoney/api.py b/ihatemoney/api.py
index bb2ac9ba7..67c6cc183 100644
--- a/ihatemoney/api.py
+++ b/ihatemoney/api.py
@@ -186,8 +186,20 @@ def delete(self, project, bill_id):
         return "OK", 200
 
 
+class TokenHandler(Resource):
+    method_decorators = [need_auth]
+
+    def get(self, project):
+        if not project:
+            return "Not Found", 404
+
+        token = project.generate_token()
+        return {"token": token}, 200
+
+
 restful_api.add_resource(ProjectsHandler, "/projects")
 restful_api.add_resource(ProjectHandler, "/projects/<string:project_id>")
+restful_api.add_resource(TokenHandler, "/projects/<string:project_id>/token")
 restful_api.add_resource(MembersHandler, "/projects/<string:project_id>/members")
 restful_api.add_resource(
     ProjectStatsHandler, "/projects/<string:project_id>/statistics"
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
index 7fe4adfb9..7644490c6 100644
--- a/ihatemoney/tests/tests.py
+++ b/ihatemoney/tests/tests.py
@@ -1357,6 +1357,42 @@ def test_project(self):
         )
         self.assertEqual(401, resp.status_code)
 
+    def test_token_creation(self):
+        """Test that token of project is generated
+        """
+
+        # Create project
+        resp = self.api_create("raclette")
+        self.assertTrue(201, resp.status_code)
+
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+
+        # Access with token
+        resp = self.client.get(
+            "/api/projects/raclette/token",
+            headers={"Authorization": "Basic %s" % decoded_resp["token"]},
+        )
+
+        self.assertEqual(200, resp.status_code)
+
+    def test_token_login(self):
+        resp = self.api_create("raclette")
+        # Get token
+        resp = self.client.get(
+            "/api/projects/raclette/token", headers=self.get_auth("raclette")
+        )
+        decoded_resp = json.loads(resp.data.decode("utf-8"))
+        resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"]))
+        # Test that we are redirected.
+        self.assertEqual(302, resp.status_code)
+
     def test_member(self):
         # create a project
         self.api_create("raclette")