Create table
CREATE TABLE useraccount (
id serial PRIMARY KEY,
username VARCHAR ( 100 ) NOT NULL,
password VARCHAR ( 100 ) NOT NULL
);
Insert data
INSERT INTO useraccount (username, password) VALUES ('tutorial101', 'pbkdf2:sha256:150000$KxxiGerN$4c37a656baa0034035a6be2cd698b5da8b036ae63eef3ab0b08b9c18b9765648');
{"username":"tutorial101","password":"cairocoders"}
Username : tutorial101
password : cairocoders
Testing Rest API
REST API Testing is open-source web automation testing technique that is used for testing RESTful APIs for web applications. The purpose of rest api testing is to record the response of rest api by sending various HTTP/S requests to check if rest api is working fine or not. Rest api testing is done by GET, POST, PUT and DELETE methods.
Rest stands for Representational State Transfer. It is an architectural style and an approach for communication used in the development of Web Services. REST has become a logical choice for building APIs. It enables users to connect and interact with cloud services efficiently.
An API or Application Programming Interface is a set of programming instructions for accessing a web-based software application.
API is a set of commands used by an individual program to communicate with one another directly and use each other's functions to get information.
Install the Advanced Rest Client
1. Go to Google Chrome's Web Store
2. Search for "Advanced Rest Client" https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo and Install the extension
#app.py
from flask import Flask, jsonify, request, session
from werkzeug.security import generate_password_hash, check_password_hash
from flask_cors import CORS #pip install -U flask-cors
from datetime import timedelta
import psycopg2 #pip install psycopg2
import psycopg2.extras
app = Flask(__name__)
app.config['SECRET_KEY'] = 'cairocoders-ednalan'
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(minutes=10)
CORS(app)
DB_HOST = "localhost"
DB_NAME = "sampledb"
DB_USER = "postgres"
DB_PASS = "admin"
conn = psycopg2.connect(dbname=DB_NAME, user=DB_USER, password=DB_PASS, host=DB_HOST)
@app.route('/')
def home():
passhash = generate_password_hash('cairocoders')
print(passhash)
if 'username' in session:
username = session['username']
return jsonify({'message' : 'You are already logged in', 'username' : username})
else:
resp = jsonify({'message' : 'Unauthorized'})
resp.status_code = 401
return resp
@app.route('/login', methods=['POST'])
def login():
_json = request.json
_username = _json['username']
_password = _json['password']
print(_password)
# validate the received values
if _username and _password:
#check user exists
cursor = conn.cursor(cursor_factory=psycopg2.extras.DictCursor)
sql = "SELECT * FROM useraccount WHERE username=%s"
sql_where = (_username,)
cursor.execute(sql, sql_where)
row = cursor.fetchone()
username = row['username']
password = row['password']
if row:
if check_password_hash(password, _password):
session['username'] = username
cursor.close()
return jsonify({'message' : 'You are logged in successfully'})
else:
resp = jsonify({'message' : 'Bad Request - invalid password'})
resp.status_code = 400
return resp
else:
resp = jsonify({'message' : 'Bad Request - invalid credendtials'})
resp.status_code = 400
return resp
@app.route('/logout')
def logout():
if 'username' in session:
session.pop('username', None)
return jsonify({'message' : 'You successfully logged out'})
if __name__ == "__main__":
app.run()
