Fix user-based authentication

This reintroduces the authentication with ISPyB's REST endpoint for user-based authentication that was removed in commit f2b58d6 (full commit hash: f2b58d6) GitHub: relates to mxcube#1038 GitHub: fixes mxcube#1045
fabcor-maxiv · Sep 19, 2023 · 3762cc7 · 3762cc7
1 parent 55a61ec
commit 3762cc7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/mxcube3/core/components/lims.py b/mxcube3/core/components/lims.py
@@ -207,6 +207,12 @@ def lims_login(self, loginID, password, create_session):
                 logging.getLogger("MX3.HWR").error(msg)
                 return ERROR_CODE
 
+            try:
+                HWR.beamline.lims.lims_rest.authenticate(loginID, password)
+            except Exception:
+                logging.getLogger("MX3.HWR").error("[LIMS-REST] Could not authenticate")
+                return ERROR_CODE
+
             try:
                 proposals = HWR.beamline.lims.get_proposals_by_user(loginID)
 

diff --git a/test/test_authn.py b/test/test_authn.py
@@ -29,8 +29,13 @@
 USER_DB_PATH = "/tmp/mxcube-test-user.db"
 
 
+@pytest.fixture(params=["proposal", "user"])
+def login_type(request):
+    return request.param
+
+
 @pytest.fixture
-def server():
+def server(request, login_type):
     try:
         os.remove(USER_DB_PATH)
     except FileNotFoundError:
@@ -45,6 +50,12 @@ def server():
     # with a much smaller value, so that tests do not need to wait as long.
     server_.flask.permanent_session_lifetime = SESSION_LIFETIME
 
+    hw_repo = mxcubecore.HardwareRepository.get_hardware_repository()
+    lims = hw_repo.get_hardware_object("lims")
+    lims.set_property("loginType", login_type)
+    # TODO It seems like forcing a `get_property` after `set_property` makes a difference
+    lims.get_property("loginType")
+
     yield server_
 
     try:
@@ -76,7 +87,7 @@ def test_authn_signin_good_credentials(client):
 def test_authn_signin_wrong_credentials(client):
     resp = client.post(URL_SIGNIN, json=CREDENTIALS_0_WRONG)
     assert resp.status_code == 200
-    assert "code" not in resp.json
+    assert "code" not in resp.json, "Could authenticate with wrong credentials"
     assert resp.json["msg"] == "Could not authenticate"
 
 
@@ -89,7 +100,7 @@ def test_authn_signout(client):
     assert resp.headers["Location"] == "/login"
 
 
-def test_authn_info(client):
+def test_authn_info(client, login_type):
     """Test login info.
 
     The login info should have `loggedIn` false before authentication
@@ -104,10 +115,12 @@ def test_authn_info(client):
     resp = client.get(URL_INFO)
     assert resp.status_code == 200
     assert resp.json["loggedIn"] == True
-    assert resp.json["loginType"] == "Proposal"
+    assert resp.json["loginType"].lower() == login_type
     assert resp.json["user"]["inControl"] == True
 
 
+# Test against proposal-based authentication only
+@pytest.mark.parametrize("login_type", ["proposal"], indirect=True)
 def test_authn_same_proposal(make_client):
     """Test two users for the same proposal.
 
@@ -128,6 +141,8 @@ def test_authn_same_proposal(make_client):
     assert resp.json["user"]["inControl"] == False
 
 
+# Test against proposal-based authentication only
+@pytest.mark.parametrize("login_type", ["proposal"], indirect=True)
 def test_authn_different_proposals(make_client):
     """Test two users for different proposals.