Add custom media type, add /auth/register/ endpoint, add more test he…

…lpers. * Implement registration on /auth/register/ * Add custom application/vnd.keybar+json media-type in preparation for api-versioning * Add more test-helpers for testing the API * Lots of cleanups along the way
keybar · Mar 20, 2016 · a4a958c · a4a958c
1 parent ace50fd
commit a4a958c
Show file tree

Hide file tree

Showing 12 changed files with 188 additions and 13 deletions.
diff --git a/src/keybar/api/parsers.py b/src/keybar/api/parsers.py
@@ -1,4 +1,3 @@
-from django.conf import settings
 from rest_framework.parsers import JSONParser
 
 

diff --git a/src/keybar/api/renderers.py b/src/keybar/api/renderers.py
@@ -0,0 +1,5 @@
+from rest_framework import renderers
+
+
+class JSONRenderer(renderers.JSONRenderer):
+    media_type = 'application/vnd.keybar+json'
diff --git a/src/keybar/api/serializers/registration.py b/src/keybar/api/serializers/registration.py
@@ -7,12 +7,20 @@
 
 
 class RegisterSerializer(serializers.ModelSerializer):
-    device_name = serializers.CharField(max_length=256, required=False)
-    public_key = serializers.CharField(required=True)
+    device_name = serializers.CharField(
+        max_length=256, required=False, write_only=True)
+    public_key = serializers.CharField(
+        required=True, write_only=True)
+
+    # Device ID will be inserted into the response.
+    device_id = serializers.UUIDField(source='_saved_device.id', read_only=True)
 
     class Meta:
         model = User
-        fields = ('email', 'password', 'device_name', 'public_key')
+        fields = ('email', 'password', 'device_name', 'device_id', 'public_key')
+        extra_kwargs = {
+            'password': {'write_only': True}
+        }
 
     def validate_password(self, password):
         password_validation.validate_password(password)
@@ -35,9 +43,10 @@ def create(self, validated_data):
         user.set_password(password)
         user.save()
 
-        Device.objects.create(
+        device = Device.objects.create(
             public_key=public_key,
             name=device_name,
             user=user,
             authorized=True)
+        user._saved_device = device
         return user
diff --git a/src/keybar/api/urls.py b/src/keybar/api/urls.py
@@ -1,8 +1,11 @@
 from django.conf.urls import url
 
-from .endpoints.dummy import AuthenticatedDummyEndpoint
-
+from .endpoints.dummy import AuthenticatedDummyView
+from .endpoints.registration import RegisterView
 
 urlpatterns = [
-    url(r'dummy/$', AuthenticatedDummyEndpoint.as_view())
+    url(r'auth/register/$', RegisterView.as_view(), name='register'),
+
+    # Dummy view, used for testing.
+    url(r'dummy/$', AuthenticatedDummyView.as_view()),
 ]
diff --git a/src/keybar/client.py b/src/keybar/client.py
@@ -31,7 +31,7 @@ def __str__(self):
 
 class Client(requests.Session):
     """Proof of concept client implementation."""
-    content_type = 'application/json'
+    content_type = 'application/vnd.keybar+json'
 
     host = 'keybar.me'
     port = '443'

diff --git a/src/keybar/conf/base.py b/src/keybar/conf/base.py
@@ -208,7 +208,7 @@
         'keybar.api.parsers.JSONParser',
     ),
     'DEFAULT_RENDERER_CLASSES': (
-        'rest_framework.renderers.JSONRenderer',
+        'keybar.api.renderers.JSONRenderer',
     ),
 }
 
@@ -239,6 +239,6 @@ def _default_ca_certs():
 KEYBAR_HOST = None
 
 # NOTE: CHANGING THOSE VALUES REQUIRES RE-ENCRYPTION OF EVERYTHING
-# AND HAS SOME DEEP IMPACT. !! JUST DONT !!
+# AND HAS SOME HUGE IMPACT. !! JUST DONT !!
 # In 2013 100,000 was the recommended value, so we settle with one million for now.
 KEYBAR_KDF_ITERATIONS = 1000000
diff --git a/src/keybar/tests/api/endpoints/__init__.py b/src/keybar/tests/api/endpoints/__init__.py
diff --git a/src/keybar/tests/api/endpoints/test_registration.py b/src/keybar/tests/api/endpoints/test_registration.py
@@ -0,0 +1,100 @@
+import mock
+import pytest
+from django.core.urlresolvers import reverse
+
+from keybar.models.user import User
+from keybar.models.device import Device
+from keybar.utils.test import APIClient
+from keybar.utils.crypto import serialize_public_key
+from keybar.tests.factories.device import PUBLIC_KEY
+
+
+@pytest.mark.django_db
+class TestRegistration:
+
+    def test_simple_register(self):
+        url = reverse('api:register')
+
+        response = APIClient().post(url, data={
+            'email': 'test@example.com',
+            'password': 'test123456',
+            'public_key': serialize_public_key(PUBLIC_KEY)
+        })
+
+        assert response.status_code == 201
+        assert response.json() == {
+            'email': 'test@example.com',
+            'device_id': mock.ANY
+        }
+        assert User.objects.filter(email='test@example.com').exists()
+
+    def test_register_invalid_password(self):
+        url = reverse('api:register')
+
+        response = APIClient().post(url, data={
+            'email': 'test@example.com',
+            'password': '1234',
+            'public_key': serialize_public_key(PUBLIC_KEY)
+        })
+
+        assert response.status_code == 400
+        assert response.json() == {
+            'password': [
+                'This password is too short. It must contain at least 10 characters.',
+                'This password is too common.',
+                'This password is entirely numeric.'
+            ]
+        }
+
+        # Make sure we never created a user or device
+        assert User.objects.all().count() == 0
+        assert Device.objects.all().count() == 0
+
+    def test_register_invalid_email(self):
+        url = reverse('api:register')
+
+        response = APIClient().post(url, data={
+            'email': 'test',
+            'password': 'test123456',
+            'public_key': serialize_public_key(PUBLIC_KEY)
+        })
+
+        assert response.status_code == 400
+        assert response.json() == {
+            'email': ['Enter a valid email address.']
+        }
+
+        assert User.objects.all().count() == 0
+        assert Device.objects.all().count() == 0
+
+    def test_register_invalid_public_key(self):
+        url = reverse('api:register')
+
+        response = APIClient().post(url, data={
+            'email': 'test@test.test',
+            'password': 'test123456',
+            'public_key': 'invalid'
+        })
+
+        assert response.status_code == 400
+        assert response.json() == {
+            'public_key': ['Invalid public key']
+        }
+
+        assert User.objects.all().count() == 0
+        assert Device.objects.all().count() == 0
+
+    def test_register_invalid_email_unique(self):
+        url = reverse('api:register')
+
+        User.objects.create(email='test@test.test')
+        response = APIClient().post(url, data={
+            'email': 'test@test.test',
+            'password': 'test123456',
+            'public_key': serialize_public_key(PUBLIC_KEY)
+        })
+
+        assert response.status_code == 400
+        assert response.json() == {
+            'email': ['User with this Email already exists.']
+        }
diff --git a/src/keybar/tests/factories/user.py b/src/keybar/tests/factories/user.py
@@ -17,3 +17,12 @@ def _prepare(cls, create, **kwargs):
         if 'password' not in kwargs:
             kwargs['password'] = make_password(raw_password, hasher='pbkdf2_sha256')
         return super(UserFactory, cls)._prepare(create, **kwargs)
+
+
+class APIUserFactory(UserFactory):
+    """
+    User factory that creates a user with predefined credentials for usage
+    with :class:`~keybar.utils.test.APIClient`
+    """
+    email = 'test@test.test'
+    raw_password = 'test123456'
diff --git a/src/keybar/tests/test_client.py b/src/keybar/tests/test_client.py
@@ -55,7 +55,7 @@ def test_simple_authorized(self):
         response = client.get(endpoint)
 
         assert response.status_code == 200
-        assert response.content == b'"{\\"dummy\\":\\"ok\\"}"'
+        assert response.content == b'"{\\"dummy\\": \\"ok\\"}"'
 
     def test_simple_wrong_device_secret(self, settings):
         user = UserFactory.create(is_superuser=True)

diff --git a/src/keybar/urls.py b/src/keybar/urls.py
@@ -4,7 +4,7 @@
 
 urlpatterns = [
     # Hookup our REST Api
-    url(r'^api/', include('keybar.api.urls', namespace='keybar-api')),
+    url(r'^api/', include('keybar.api.urls', namespace='api')),
     url(r'^api/docs/', include('rest_framework.urls', namespace='rest_framework')),
 
     # Admin

diff --git a/src/keybar/utils/test.py b/src/keybar/utils/test.py
@@ -0,0 +1,50 @@
+import json
+
+from rest_framework.test import APIClient as BaseAPIClient
+
+from keybar.models.device import Device
+from keybar.utils.jwt import encode_token
+
+
+class APIClient(BaseAPIClient):
+    """
+    Subclass to handle our custom accept headers required
+    for proper versioning and data parsing.
+
+    Requires a test-user with the following credentials to be setup in
+    case of using an authenticated endpoint:
+
+    * E-mail: test@test.test
+    * Password: test123456
+    """
+    content_type = 'application/vnd.keybar+json'
+    default_format = 'json'
+
+    def __init__(self, *args, **kwargs):
+        self.device_id = kwargs.pop('device_id', None)
+        super().__init__(*args, **kwargs)
+
+    def generic(self, method, path, data='', content_type=None, secure=False, **extra):
+        extra.update({
+            'HTTP_HOST': 'testserver',
+            'HTTP_ACCEPT': self.content_type,
+        })
+
+        if extra.get('authorized', False):
+            device = Device.objects.get(pk=self.device_id)
+            token = encode_token(device.id, device.public_key)
+            extra['HTTP_AUTHORIZATION'] = 'JWT {}'.format(token)
+
+        return super().generic(method, path, data, self.content_type, secure, **extra)
+
+    def _parse_json(self, response, **extra):
+        content_type = response.get('Content-Type')
+        types = ('application/json', self.content_type)
+
+        if not any(type in content_type for type in types):
+            raise ValueError(
+                'Content-Type header is "{0}", not "application/json"'
+                .format(response.get('Content-Type'))
+            )
+
+        return json.loads(response.content.decode(), **extra)