FIX: Login endpoint compatibility

It was previously missed, that the login endpoint unintentionally
changes the input format from HTTP Form to JSON. It's now fixed
and tested.

Author: kamil-certat

intelmq_api/api.py

@@ -28,7 +28,7 @@
 
 from .dependencies import (api_config, cached_response, session_store,
                            token_authorization)
-from .models import LoginForm, TokenResponse
+from .models import TokenResponse
 
 api = APIRouter()
 
@@ -137,8 +137,8 @@ def config(file: str, fetch: bool = False,
 
 
 @api.post("/api/login", status_code=status.HTTP_200_OK, response_model=TokenResponse)
-def login(login_form: LoginForm, session: session.SessionStore = Depends(session_store)):
-    username, password = login_form.username, login_form.password
+def login(username: str = Form(), password: str = Form(),
+          session: session.SessionStore = Depends(session_store)):
     if session is None:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,

intelmq_api/models.py

@@ -7,11 +7,6 @@
 from pydantic import BaseModel
 
 
-class LoginForm(BaseModel):
-    username: str
-    password: str
-
-
 class TokenResponse(BaseModel):
     login_token: str
     username: str

tests/test_api.py

@@ -7,6 +7,7 @@
 import json
 import os
 import subprocess
+import tempfile
 from tempfile import TemporaryDirectory
 from typing import Dict, List, Optional
 from unittest import TestCase, mock
@@ -17,8 +18,10 @@
 from intelmq_api import dependencies
 from intelmq_api.api import runner
 from intelmq_api.config import Config
+from intelmq_api.dependencies import session_store
 from intelmq_api.main import app
 from intelmq_api.runctl import RunIntelMQCtl
+from intelmq_api.session import SessionStore
 from intelmq_api.version import __version__
 
 
@@ -165,3 +168,43 @@ def test_post_positions(self):
         with open(f"{self.conf_dir.name}/manager/positions.conf", "r") as f:
             saved = json.load(f)
         self.assertEqual(saved, data)
+
+
+class TestAPILogin(TestCase):
+    def setUp(self) -> None:
+        self.client = TestClient(app=app)
+        dependencies.startup(DummyConfig())
+        self.temp_dir = tempfile.TemporaryDirectory()
+        self.addCleanup(self.temp_dir.cleanup)
+
+        self.session = SessionStore(os.path.join(self.temp_dir.name, 'sessionsb'), 1000000)
+        self.session.add_user('test', 'pass')
+
+        app.dependency_overrides[session_store] = lambda: self.session
+        app.dependency_overrides[runner] = get_dummy_reader()
+
+    def tearDown(self) -> None:
+        app.dependency_overrides = {}
+
+    def test_login(self):
+        response = self.client.post("/v1/api/login", data={"username": "test", "password": "pass"})
+        self.assertEqual(response.status_code, 200)
+        self.assertIsNotNone(response.json().get("login_token"))
+
+    def test_login_and_call(self):
+        response = self.client.post("/v1/api/login", data={"username": "test", "password": "pass"})
+        self.assertEqual(response.status_code, 200)
+
+        token = response.json().get("login_token")
+        authorized_response = self.client.get("/v1/api/version", headers={"authorization": token})
+        self.assertEqual(authorized_response.status_code, 200)
+        self.assertEqual(authorized_response.json()["intelmq-api"], __version__)
+
+    def test_unauthorized_call(self):
+        response = self.client.get("/v1/api/version")
+        self.assertEqual(response.status_code, 401)
+
+    def test_bad_token(self):
+        response = self.client.get(
+            "/v1/api/version", headers={"authorization": "not-a-valid-token"})
+        self.assertEqual(response.status_code, 401)