Last active
October 14, 2020 10:16
-
-
Save btel/8a1446af8417a3c9ab7a2602ee7068f3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# export the key created with the new quetz deployment (user bob) | |
export QUETZ_API_KEY=4f3f9c7fd6fb472c923ce27b676f6e21 | |
# create channel | |
curl -X POST "http://localhost:8000/api/channels" -H "X-API-Key: ${QUETZ_API_KEY}" -d '{"name": "test-channel", "private": true}' | |
# -> null | |
# list packages without key - permission denied | |
curl http://localhost:8000/api/channels/test-channel/packages | |
# {"detail":"Not logged in"} | |
# list packages (no packages were added so empty list) | |
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY}" | |
# [] | |
# dummy login of dev user 'alice' and save session cookies to file | |
curl -j -c session-cookies.txt localhost:8000/api/dummylogin/alice | |
cat session-cookies.txt | |
# #HttpOnly_localhost FALSE / FALSE 1603879804 session eyJ1c2VyX2lkIjogIjIyMzljNDMzLTY3YzAtNDNmYy1iMWJkLTEwMWVkYWM5MDNkZiIsICJpZGVudGl0eV9wcm92aWRlciI6ICJkdW1teSJ9.X4bOfA.awDnOzCuhQuWSUQXh6UeECoBOsI | |
# add an api key without assigning extra roles (reusing the session cookies) | |
export QUETZ_API_KEY_ALICE_BLANK=`curl -X POST -b session-cookies.txt localhost:8000/api/api-keys -d '{"description" : "test-key", "channel": "", "roles": []}' | jq -r .key` | |
echo ${QUETZ_API_KEY_ALICE_BLANK} | |
# _3UqZkYCr4a-zc4JVJJkwmorzduC7QVGYENA8cN-LLQ | |
# list packages in the test-channel with the new api key - access denied | |
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY_ALICE_BLANK}" | |
# {"detail":"No permission"} | |
# bob adds a permission for alice | |
curl http://localhost:8000/api/channels/test-channel/members -H "X-API-Key: ${QUETZ_API_KEY}" -d '{"username": "alice", "role": "owner"}' | |
# null | |
# alice can list packages from test-channel using the blank key | |
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY_ALICE_BLANK}" | |
# [] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment