diff --git a/app/api/tokens.py b/app/api/tokens.py index de190a59d..9bc5f5a2a 100644 --- a/app/api/tokens.py +++ b/app/api/tokens.py @@ -18,6 +18,8 @@ def get_token(): @token_auth.login_required def revoke_token(): "révoque le jeton de l'utilisateur courant" - token_auth.current_user().revoke_token() + user = token_auth.current_user() + user.revoke_token() db.session.commit() + log(f"API: revoking token for {user}") return "", 204 diff --git a/app/auth/models.py b/app/auth/models.py index e9a8615c5..af0d76037 100644 --- a/app/auth/models.py +++ b/app/auth/models.py @@ -307,7 +307,7 @@ class User(UserMixin, db.Model): @staticmethod def check_token(token): - """Retreive user for given token, chek token's validity + """Retreive user for given token, check token's validity and returns the user object. """ user = User.query.filter_by(token=token).first() diff --git a/tests/api/exemple-api-basic.py b/tests/api/exemple-api-basic.py index b9095e12d..eb7ae3b3a 100644 --- a/tests/api/exemple-api-basic.py +++ b/tests/api/exemple-api-basic.py @@ -28,6 +28,7 @@ avec la config du client API: """ from pprint import pprint as pp +import requests import sys import urllib3 from setup_test_api import ( @@ -43,6 +44,11 @@ from setup_test_api import ( ) +def logout_api_user(): + r = requests.delete(API_URL + "/tokens", headers=HEADERS, verify=CHECK_CERTIFICATE) + assert r.status_code == 204 + + if not CHECK_CERTIFICATE: urllib3.disable_warnings() diff --git a/tests/api/setup_test_api.py b/tests/api/setup_test_api.py index 8cfce023f..89433c2b8 100644 --- a/tests/api/setup_test_api.py +++ b/tests/api/setup_test_api.py @@ -66,33 +66,32 @@ def api_admin_headers() -> dict: def GET(path: str, headers: dict = None, errmsg=None, dept=None): """Get and returns as JSON - Special case for non json result (image or pdf): return Content-Disposition string (inline or attachment) + Special case for non json result (image or pdf): + return Content-Disposition string (inline or attachment) """ if dept: url = SCODOC_URL + f"/ScoDoc/{dept}/api" + path else: url = API_URL + path - r = requests.get(url, headers=headers or {}, verify=CHECK_CERTIFICATE) - if r.status_code != 200: - raise APIError(errmsg or f"""erreur status={r.status_code} !""", r.json()) + reply = requests.get(url, headers=headers or {}, verify=CHECK_CERTIFICATE) + if reply.status_code != 200: + raise APIError( + errmsg or f"""erreur status={reply.status_code} !""", reply.json() + ) - if r.headers.get("Content-Type", None) == "application/json": - return r.json() # decode la reponse JSON - elif r.headers.get("Content-Type", None) in [ + if reply.headers.get("Content-Type", None) == "application/json": + return reply.json() # decode la reponse JSON + elif reply.headers.get("Content-Type", None) in [ "image/jpg", "image/png", "application/pdf", ]: retval = { - "Content-Type": r.headers.get("Content-Type", None), - "Content-Disposition": r.headers.get("Content-Disposition", None), + "Content-Type": reply.headers.get("Content-Type", None), + "Content-Disposition": reply.headers.get("Content-Disposition", None), } return retval - else: - raise APIError( - "Unknown returned content {r.headers.get('Content-Type', None} !\n" - ) - return r.json() # decode la reponse JSON + raise APIError("Unknown returned content {r.headers.get('Content-Type', None} !\n") def POST_JSON(path: str, data: dict = {}, headers: dict = None, errmsg=None, dept=None):