api: add http basic auth support to geojson endpoint (#42851)

2020-05-13 18:30:56 +02:00 · 2020-05-13 18:30:56 +02:00 · 21364341ea
parent 8d3e067c83
commit 21364341ea
2 changed files with 20 additions and 2 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -1979,6 +1979,21 @@ def test_api_geojson_formdata(pub, local_user):
    assert 'features' in resp.json
    assert len(resp.json['features']) == 20

+    # check with http basic auth
+    app = get_app(pub)
+    app.authorization = ('Basic', ('user', 'password'))
+    resp = app.get('/api/forms/test/geojson?email=%s' % local_user.email, status=401)
+
+    # add authentication info
+    pub.load_site_options()
+    pub.site_options.add_section('api-http-auth-geojson')
+    pub.site_options.set('api-http-auth-geojson', 'user', 'password')
+    pub.site_options.write(open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w'))
+
+    resp = app.get('/api/forms/test/geojson?email=%s' % local_user.email)
+    assert 'features' in resp.json
+    assert len(resp.json['features']) == 10
+
    # check 404 if the formdef doesn't have geolocation support
    formdef.geolocations = {}
    formdef.store()
--- a/wcs/backoffice/management.py
+++ b/wcs/backoffice/management.py
@ -2120,10 +2120,13 @@ class FormPage(Directory):
        if 'anonymise' in get_request().form:
            # api/ will let this pass but we don't want that.
            raise errors.AccessForbiddenError()
-        self.check_access()
+        self.check_access('geojson')
        get_response().set_content_type('application/json')

-        user = get_user_from_api_query_string() or get_request().user
+        user = get_request().user
+        if not user:
+            user = get_user_from_api_query_string('geojson')
+
        selected_filter = self.get_filter_from_query()
        fields = self.get_fields_from_query()
        criterias = self.get_criterias_from_query()