Merge pull request #77 from CartoDB/75-Auth_API_based_client

juanignaciosl · web-flow · commit b792fa7f31c3 · 2018-02-27T10:43:42.000+01:00
AuthAPIClient class
diff --git a/NEWS b/NEWS
@@ -1,5 +1,8 @@
+Feb-21-2018: version 1.2.1
+ - Added AuthAPIClient class for future Auth API usage and API key validation (#69)
+
 Feb-21-2018: version 1.2.0
- - Added PROTOCOL and HOST to test configuration allowing local testing.
+ - Added PROTOCOL and HOST to test configuration allowing local testing
 
 Dec-27-2017: version 1.1.2
  - Fix on examples management of environment variables (#70)
diff --git a/carto/auth.py b/carto/auth.py
@@ -7,6 +7,7 @@
 
 .. moduleauthor:: Daniel Carrion <daniel@carto.com>
 .. moduleauthor:: Alberto Romeu <alrocar@carto.com>
+.. moduleauthor:: Juan Ignacio Sánchez <juanignaciosl@carto.com>
 
 
 """
@@ -16,7 +17,7 @@
 import sys
 import warnings
 
-from pyrestcli.auth import BaseAuthClient
+from pyrestcli.auth import BaseAuthClient, BasicAuthClient
 
 from .exceptions import CartoException
 
@@ -26,7 +27,43 @@
     from urlparse import urlparse
 
 
-class APIKeyAuthClient(BaseAuthClient):
+class _UsernameGetter:
+    def get_user_name(self, base_url):
+        try:
+            url_info = urlparse(base_url)
+            # On-Prem:
+            #   /user/<username>
+            m = re.search('^/user/([^/]+)/.*$', url_info.path)
+            if m is None:
+                # Cloud personal account (org and standalone)
+                # <username>.carto.com
+                netloc = url_info.netloc
+                if netloc.startswith('www.'):
+                    netloc = netloc.split('www.')[1]
+                m = re.search('^(.*?)\..*', netloc)
+            return m.group(1)
+        except Exception:
+            raise CartoException(_("Could not find a valid user_name in the " +
+                                   "base URL provided. Please check that the" +
+                                   "URL is one of " +
+                                   "'https://{user_name}.carto.com', " +
+                                   "'https://carto.com/user/{user_name}' " +
+                                   "or a similar one based on your domain"))
+
+
+class _BaseUrlChecker:
+    def check_base_url(self, base_url):
+        if not base_url.startswith("https"):
+            warnings.warn("You are using unencrypted API key \
+                          authentication!!!")
+        # Make sure there is a trailing / for urljoin
+        if not base_url.endswith('/'):
+            base_url += '/'
+
+        return base_url
+
+
+class APIKeyAuthClient(_UsernameGetter, _BaseUrlChecker, BaseAuthClient):
     """
     This class provides you with authenticated access to CARTO's APIs using
     your API key.
@@ -48,17 +85,9 @@ def __init__(self, base_url, api_key, organization=None, session=None):
 
         :return:
         """
-        if not base_url.startswith("https"):
-            warnings.warn("You are using unencrypted API key \
-                          authentication!!!")
-
         self.organization = organization
         self.api_key = api_key
-
-        # Make sure there is a trailing / for urljoin
-        if not base_url.endswith('/'):
-            base_url += '/'
-
+        base_url = self.check_base_url(base_url)
         self.username = self.get_user_name(base_url)
 
         super(APIKeyAuthClient, self).__init__(base_url, session=session)
@@ -88,28 +117,6 @@ def send(self, relative_path, http_method, **requests_args):
         except Exception as e:
             raise CartoException(e)
 
-    def get_user_name(self, base_url):
-        try:
-            url_info = urlparse(base_url)
-            # On-Prem:
-            #   /user/<username>
-            m = re.search('^/user/([^/]+)/.*$', url_info.path)
-            if m is None:
-                # Cloud personal account (org and standalone)
-                # <username>.carto.com
-                netloc = url_info.netloc
-                if netloc.startswith('www.'):
-                    netloc = netloc.split('www.')[1]
-                m = re.search('^(.*?)\..*', netloc)
-            return m.group(1)
-        except Exception:
-            raise CartoException(_("Could not find a valid user_name in the " +
-                                   "base URL provided. Please check that the" +
-                                   "URL is one of " +
-                                   "'https://{user_name}.carto.com', " +
-                                   "'https://carto.com/user/{user_name}' " +
-                                   "or a similar one based on your domain"))
-
     def prepare_send(self, http_method, **requests_args):
         http_method = http_method.lower()
         if (http_method in ['post', 'put']) and "json" in requests_args:
@@ -169,4 +176,51 @@ def send(self, relative_path, http_method, **requests_args):
                                                       http_method,
                                                       **requests_args)
         except Exception as e:
-            raise CartoException(e)
+            raise CartoException(e)
+
+
+class AuthAPIClient(_UsernameGetter, _BaseUrlChecker, BasicAuthClient):
+    """
+    This class provides you with authenticated access to CARTO's APIs using
+    your API key at Basic authentication header, as provided by Auth API.
+
+    Auth API is still under development. You might want to take a look at
+    APIKeyAuthClient for missing features or an stable API.
+
+    You can find your API key by clicking on the API key section of the user
+    dropdown menu
+    """
+
+    def __init__(self, base_url, api_key, organization=None, session=None):
+        """
+        Init method
+
+        :param base_url: Base URL. API endpoint paths will always be relative
+        to this URL
+        :param api_key: API key
+        :param organization: For enterprise users, organization user belongs to
+        :param session: requests' session object
+        :type api_key: str
+        :type organization: str
+
+        :return:
+        """
+        self.organization = organization
+        self.api_key = api_key
+        base_url = self.check_base_url(base_url)
+        self.username = self.get_user_name(base_url)
+
+        super(AuthAPIClient, self).__init__(self.username, api_key, base_url, session=session)
+
+    def is_valid_api_key(self):
+        """
+        Checks validity. Right now, an API key is considered valid if it
+        can list user API keys and the result contains that API key.
+        This might change in the future.
+
+        :return: True if the API key is considered valid for current user.
+        """
+        res = self.send('/api/v3/api_keys', 'get')
+        return \
+            res.ok and \
+            self.api_key in (ak['token'] for ak in res.json()['result'])
diff --git a/doc/source/conf.py b/doc/source/conf.py
@@ -55,9 +55,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = u'1.1.2'
+version = u'1.2.1'
 # The full version, including alpha/beta/rc tags.
-release = u'1.1.2'
+release = u'1.2.1'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/setup.py b/setup.py
@@ -17,7 +17,7 @@
       author="Daniel Carrión",
       author_email="daniel@carto.com",
       description="SDK around CARTO's APIs",
-      version="1.1.2",
+      version="1.2.1",
       url="https://github.com/CartoDB/carto-python",
       install_requires=required,
       packages=["carto"])
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -7,6 +7,8 @@
 from carto.users import UserManager
 from mocks import MockRequests, NotMockRequests
 
+DEFAULT_PUBLIC_API_KEY = 'default_public'
+
 if "PROTOCOL" in os.environ:
     PROTOCOL = os.environ["PROTOCOL"]
 else:
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -1,9 +1,10 @@
 import pytest
 
 from secret import API_KEY
-
 from carto.auth import APIKeyAuthClient
 from carto.exceptions import CartoException
+from conftest import USR_BASE_URL, DEFAULT_PUBLIC_API_KEY
+from carto.auth import AuthAPIClient
 
 
 def test_wrong_url():
@@ -33,3 +34,56 @@ def test_on_prem_url():
     assert user1 == 'user1'
     assert user2 == 'user2'
     assert user3 == 'user3'
+
+USER1_BASE_URL = 'https://user1.carto.com/'
+USER1_USERNAME = 'user1'
+
+
+def test_api_key_auth_client_username():
+    conf_username = APIKeyAuthClient(USER1_BASE_URL, API_KEY).username
+    assert conf_username == USER1_USERNAME
+
+
+def test_api_key_auth_client_me_endpoint():
+    client = APIKeyAuthClient(USER1_BASE_URL, API_KEY)
+    username = client.send('/api/v3/me', 'get').json()['config']['user_name']
+    assert username == USER1_USERNAME
+
+
+def test_auth_api_client_username():
+    conf_username = AuthAPIClient(USER1_BASE_URL, API_KEY).username
+    assert conf_username == USER1_USERNAME
+
+
+def test_auth_api_client_me_endpoint():
+    client = AuthAPIClient(USER1_BASE_URL, API_KEY)
+    username = client.send('/api/v3/me', 'get').json()['config']['user_name']
+    assert username == USER1_USERNAME
+
+
+def test_api_key_auth_cant_read_api_keys_with_default_public():
+    client = APIKeyAuthClient(USER1_BASE_URL, DEFAULT_PUBLIC_API_KEY)
+    response = client.send('/api/v3/api_keys', 'get')
+    assert response.status_code == 401
+
+
+def test_auth_api_can_read_api_keys_with_default_public():
+    client = AuthAPIClient(USER1_BASE_URL, DEFAULT_PUBLIC_API_KEY)
+    response = client.send('/api/v3/api_keys', 'get')
+    assert response.status_code == 200
+    assert response.json()['count'] == 1
+
+
+def test_auth_api_is_valid_api_key_with_wrong_key():
+    assert AuthAPIClient(USER1_BASE_URL, 'wadus').is_valid_api_key() is False
+
+
+def test_auth_api_is_valid_api_key_with_default_public_key():
+    assert AuthAPIClient(USER1_BASE_URL, DEFAULT_PUBLIC_API_KEY). \
+               is_valid_api_key()
+
+
+def test_auth_api_is_valid_api_key_with_master_key():
+    if API_KEY == 'mockmockmock':
+        pytest.skip("Can't be tested with mock api key")
+    assert AuthAPIClient(USR_BASE_URL, API_KEY).is_valid_api_key()
