fossasia · niranjan94 · Jun 21, 2019 · Jun 20, 2019 · poush · Jun 20, 2019
diff --git a/app/api/auth.py b/app/api/auth.py
@@ -30,6 +30,7 @@
 from app.models.notification import PASSWORD_CHANGE as PASSWORD_CHANGE_NOTIF
 from app.models.user import User
 from app.api.helpers.storage import UPLOAD_PATHS
+from app.api.helpers.auth import AuthManager
 
 authorised_blueprint = Blueprint('authorised_blueprint', __name__, url_prefix='/')
 ticket_blueprint = Blueprint('ticket_blueprint', __name__, url_prefix='/v1')
@@ -343,24 +344,11 @@ def order_invoices(order_identifier):
 
 
 # Access for Environment details & Basic Auth Support
-def check_auth_admin(username, password):
-    """
-    This function is called to check for proper authentication & admin rights
-    """
-    if username and password:
-        user = User.query.filter_by(_email=username).first()
-        if user:
-            if user.is_correct_password(password):
-                if user.is_admin:
-                    return True
-    return False
-
-
 def requires_basic_auth(f):
     @wraps(f)
     def decorated(*args, **kwargs):
         auth = request.authorization
-        if not auth or not check_auth_admin(auth.username, auth.password):
+        if not auth or not AuthManager.check_auth_admin(auth.username, auth.password):
             return make_response('Could not verify your access level for that URL.\n'
                                  'You have to login with proper credentials', 401,
                                  {'WWW-Authenticate': 'Basic realm="Login Required"'})

diff --git a/app/api/helpers/auth.py b/app/api/helpers/auth.py
@@ -31,3 +31,12 @@ def is_verified_user():
     @staticmethod
     def is_accessible():
         return current_user.is_authenticated
+
+    @staticmethod
+    def check_auth_admin(username, password):
+        # This function is called to check for proper authentication & admin rights
+        if username and password:
+            user = User.query.filter_by(_email=username).first()
+            if user and user.is_correct_password(password) and user.is_admin:
+                return True
+        return False
diff --git a/tests/all/integration/api/helpers/test_auth.py b/tests/all/integration/api/helpers/test_auth.py
@@ -45,5 +45,22 @@ def test_is_accessible(self):
             logout_user()
             self.assertEqual(auth_manager.is_accessible(), False)
 
+    def test_check_auth_admin(self):
+        """Method to test proper authentication & admin rights for a user"""
+
+        with app.test_request_context():
+            auth_manager = auth.AuthManager()
+            auth_manager.init_login(app)
+            user = create_user(email='authtest@gmail.com', password='password')
+            user.is_admin = True
+            status = auth_manager.check_auth_admin('authtest@gmail.com', 'password')
+            self.assertEqual(True, status)
+
+            user = create_user(email='authtest2@gmail.com', password='password')
+            user.is_admin = False
+            status = auth_manager.check_auth_admin('authtest2@gmail.com', 'password')
+            self.assertEqual(False, status)
+
+
 if __name__ == '__main__':
     unittest.main()