Now, we will compose and send an HTTP request to retrieve the first page of the messages without authentication credentials:
http POST ':5000/api/messages/?page=1'
The following is the equivalent curl
command:
curl -iX GET ':5000/api/messages/?page=1'
We will receive a 401 Unauthorized
status code in the response header. The following lines show a sample response:
HTTP/1.0 401 UNAUTHORIZED Content-Length: 19 Content-Type: text/html; charset=utf-8 Date: Mon, 15 Aug 2016 01:16:36 GMT Server: Werkzeug/0.11.10 Python/3.5.1 WWW-Authenticate: Basic realm="Authentication Required"
If we want to retrieve messages, that is, to make a GET
request to /api/messages/
, we need to provide authentication credentials using HTTP authentication. However, before we can do this, it is necessary to create a new user. We will use the new user to test our new resource classes related to users and our changes in the permissions policies.
http POST :5000/api/users/ name='brandon' password='brandonpassword'
The following is the equivalent curl
command:
curl -iX POST -H "Content-Type: application/json" -d '{"name": "brandon",
"password": "brandonpassword"}' :5000/api/users/
The previous command will compose and send a POST
HTTP request with the specified JSON key-value pairs. The requests specify /api/user/
, and therefore, it will match the '/users/'
URL route for the UserList
resource and run the UserList.post
method that doesn't require authentication. The method doesn't receive arguments because the URL route doesn't include any parameters. As the HTTP verb for the request is POST
, Flask calls the post
method.
The previously specified password only includes lowercase letters, and therefore, it doesn't fulfil all the qualitative requirements we have specified for the passwords in the User.check_password_strength_and_hash_if_ok
method. Thus, We will receive a 400 Bad Request
status code in the response header and the error message indicating the requirement that the password didn't fulfil in the JSON body. The following lines show a sample response:
HTTP/1.0 400 BAD REQUEST Content-Length: 75 Content-Type: application/json Date: Mon, 15 Aug 2016 01:29:55 GMT Server: Werkzeug/0.11.10 Python/3.5.1 { "error": "The password must include at least one uppercase letter" }
The following command will create a user with a valid password:
http POST :5000/api/users/ name='brandon' password='iA4!V3riS#c^R9'
The following is the equivalent curl
command:
curl -iX POST -H "Content-Type: application/json" -d '{"name": "brandon", "password": "iA4!V3riS#c^R9"}' :5000/api/users/
If the new User
instance is successfully persisted in the database, the call will return an HTTP 201 Created
status code and the recently persisted User
serialized to JSON in the response body. The following lines show an example response for the HTTP requests, with the new User
object in the JSON responses. Note that the response includes the URL, url
, for the created user and doesn't include any information related to the password.
HTTP/1.0 201 CREATED Content-Length: 87 Content-Type: application/json Date: Mon, 15 Aug 2016 01:33:23 GMT Server: Werkzeug/0.11.10 Python/3.5.1 { "id": 1, "name": "brandon", "url": "http://localhost:5000/api/users/1" }
We can run the previously explained command to check the contents of the user
table that the migrations created in the PostgreSQL database. We will notice that the hashed_password
field contents are hashed for the new row in the user
table. The following screenshot shows the contents for the new row of the user
table in a PostgreSQL database after running the HTTP request:
If we want to retrieve the first page of messages, that is, to make a GET
request to /api/messages/
, we need to provide authentication credentials using HTTP authentication. Now, we will compose and send an HTTP request to retrieve the first page of messages with authentication credentials, that is, with the user name and the password we have recently created:
http -a 'brandon':'iA4!V3riS#c^R9' ':5000/api/messages/?page=1'
The following is the equivalent curl
command:
curl --user 'brandon':'iA4!V3riS#c^R9' -iX GET ':5000/api/messages/?page=1'
The user will be successfully authenticated and we will be able to process the request to retrieve the first page of messages. With all the changes we have made to our API, unauthenticated requests can only create a new user.
3.144.30.178