Change auth-token endpoint from GET to POST.

This commit is contained in:
Jonathan Bernard 2017-05-08 12:39:12 -05:00
parent 6aaca4a078
commit 781eeb6a13
2 changed files with 15 additions and 6 deletions

View File

@ -130,9 +130,16 @@ proc start*(cfg: StrawBossConfig): void =
get "/ping": resp($(%*"pong"), JSON)
get "/auth-token":
post "/auth-token":
var uname, pwd: string
try:
let authToken = makeAuthToken(cfg, @"username", @"password")
let jsonBody = parseJson(request.body)
uname = jsonBody["username"].getStr
pwd = jsonBody["password"].getStr
except: resp(Http400, makeJsonResp(Http400), JSON)
try:
let authToken = makeAuthToken(cfg, uname, pwd)
resp("\"" & $authToken & "\"", JSON)
except: resp(Http401, makeJsonResp(Http401, getCurrentExceptionMsg()), JSON)

View File

@ -8,9 +8,9 @@ import ../../main/nim/strawbosspkg/server
import ../../main/nim/strawbosspkg/private/util
# test helpers
proc newAuthenticatedHttpClient(apiBase, uname, pwd: string): HttpClient =
proc newAuthenticatedHttpClient(apiBase, uname, pwd: string): HttpClient =
result = newHttpClient()
let authResp = result.get(apiBase & "/auth-token?username=" & uname & "&password=" & pwd)
let authResp = result.post(apiBase & "/auth-token", $(%*{"username": uname, "password": pwd}))
assert authResp.status.startsWith("200")
result.headers = newHttpHeaders({"Authorization": "Bearer " & parseJson(authResp.body).getStr})
@ -54,11 +54,13 @@ suite "strawboss server":
resp.body == "\"pong\""
test "fail auth":
let resp = http.get(apiBase & "/auth-token?username=bob@builder.com&password=notpassword")
let resp = http.post(apiBase & "/auth-token",
$(%*{"username": "bob@builder.com", "password": "notpassword"}))
check resp.status.startsWith("401")
test "auth":
let resp = http.get(apiBase & "/auth-token?username=bob@builder.com&password=password")
let resp = http.post(apiBase & "/auth-token",
$(%*{"username": "bob@builder.com", "password": "password"}))
check resp.status.startsWith("200")
test "verify valid auth token":