Skip to content

Commit

Permalink
Remove authentication for API requests
Browse files Browse the repository at this point in the history 
Remove usage of `auth` attribute in the basic API requests
(get, post, delete, put). When API token is passed, it
gets added to params, that's it.
  • Loading branch information
@skasberger
skasberger committed Jan 26, 2021
1 parent e0f1ceb commit c617395
Show file tree
Hide file tree
Showing 2 changed files with 103 additions and 32 deletions.
40 changes: 8 additions & 32 deletions src/pyDataverse/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,15 +114,8 @@ def get_request(self, url, params=None, auth=False):
"""
params = {}
params["User-Agent"] = "pydataverse"
if auth:
if self.api_token:
params["key"] = str(self.api_token)
else:
raise ApiAuthorizationError(
"ERROR: GET - Api token not passed to `get_request` {0}.".format(
url
)
)
if self.api_token:
params["key"] = str(self.api_token)

try:
resp = get(url, params=params)
Expand Down Expand Up @@ -174,11 +167,8 @@ def post_request(self, url, data=None, auth=False, params=None, files=None):
"""
params = {}
params["User-Agent"] = "pydataverse"
if auth:
if self.api_token:
params["key"] = self.api_token
else:
raise ApiAuthorizationError("ERROR: POST - Api token not available.")
if self.api_token:
params["key"] = self.api_token

try:
resp = post(url, data=data, params=params, files=files)
Expand Down Expand Up @@ -218,15 +208,8 @@ def put_request(self, url, data=None, auth=False, params=None):
"""
params = {}
params["User-Agent"] = "pydataverse"
if auth:
if self.api_token:
params["key"] = self.api_token
else:
raise ApiAuthorizationError(
"ERROR: PUT - Api token not passed to `put_request` {0}.".format(
url
)
)
if self.api_token:
params["key"] = self.api_token

try:
resp = put(url, data=data, params=params)
Expand Down Expand Up @@ -264,15 +247,8 @@ def delete_request(self, url, auth=False, params=None):
"""
params = {}
params["User-Agent"] = "pydataverse"
if auth:
if self.api_token:
params["key"] = self.api_token
else:
raise ApiAuthorizationError(
"ERROR: DELETE - Api token not passed to `delete_request` {0}.".format(
url
)
)
if self.api_token:
params["key"] = self.api_token

try:
return delete(url, params=params)
Expand Down
95 changes: 95 additions & 0 deletions tests/api/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,17 @@
from requests import Response
from time import sleep
from pyDataverse.api import NativeApi
from pyDataverse.exceptions import ApiAuthorizationError
from pyDataverse.exceptions import ApiResponseError
from pyDataverse.exceptions import ApiUrlError
from pyDataverse.models import Dataset
from pyDataverse.utils import read_file
from ..conftest import test_config, import_dataverse_min_dict, import_dataset_min_dict


BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(os.path.dirname(__file__))))


class TestApiConnect(object):
"""Test the NativeApi() class initalization."""

Expand Down Expand Up @@ -58,3 +64,92 @@ def test_get_dataverse(self, native_api):
sleep(test_config["wait_time"])

assert isinstance(resp, Response)


if not os.environ.get("TRAVIS"):

class TestApiToken(object):
"""Test user rights."""

def test_token_missing(self):
BASE_URL = os.getenv("BASE_URL")
api = NativeApi(BASE_URL)
resp = api.get_info_version()
assert resp.json()["data"]["version"] == "4.15.1"
assert resp.json()["data"]["build"] == "1377-701b56b"

with pytest.raises(ApiAuthorizationError):
ds = Dataset()
ds.from_json(
read_file(
os.path.join(
BASE_DIR, "tests/data/dataset_upload_min_default.json"
)
)
)
api.create_dataset(":root", ds.json())

def test_token_empty_string(self):
BASE_URL = os.getenv("BASE_URL")
api = NativeApi(BASE_URL, "")
resp = api.get_info_version()
assert resp.json()["data"]["version"] == "4.15.1"
assert resp.json()["data"]["build"] == "1377-701b56b"

with pytest.raises(ApiAuthorizationError):
ds = Dataset()
ds.from_json(
read_file(
os.path.join(
BASE_DIR, "tests/data/dataset_upload_min_default.json"
)
)
)
api.create_dataset(":root", ds.json())

def test_token_no_rights(self):
BASE_URL = os.getenv("BASE_URL")
API_TOKEN = os.getenv("API_TOKEN_NO_RIGHTS")
api = NativeApi(BASE_URL, API_TOKEN)
resp = api.get_info_version()
assert resp.json()["data"]["version"] == "4.15.1"
assert resp.json()["data"]["build"] == "1377-701b56b"

with pytest.raises(ApiAuthorizationError):
ds = Dataset()
ds.from_json(
read_file(
os.path.join(
BASE_DIR, "tests/data/dataset_upload_min_default.json"
)
)
)
api.create_dataset(":root", ds.json())

def test_token_right_create_dataset_rights(self):
BASE_URL = os.getenv("BASE_URL")
api_su = NativeApi(BASE_URL, os.getenv("API_TOKEN_SUPERUSER"))
api_nru = NativeApi(BASE_URL, os.getenv("API_TOKEN_TEST_NO_RIGHTS"))

resp = api_su.get_info_version()
assert resp.json()["data"]["version"] == "4.15.1"
assert resp.json()["data"]["build"] == "1377-701b56b"
resp = api_nru.get_info_version()
assert resp.json()["data"]["version"] == "4.15.1"
assert resp.json()["data"]["build"] == "1377-701b56b"

ds = Dataset()
ds.from_json(
read_file(
os.path.join(BASE_DIR, "tests/data/dataset_upload_min_default.json")
)
)
resp = api_su.create_dataset(":root", ds.json())
pid = resp.json()["data"]["persistentId"]
assert resp.json()["status"] == "OK"

with pytest.raises(ApiAuthorizationError):
resp = api_nru.get_dataset(pid)

resp = api_su.delete_dataset(pid)
assert resp.json()["status"] == "OK"

0 comments on commit c617395

Please sign in to comment.