From c88eb10246fad3a6b006844f5b41b71eae1b908c Mon Sep 17 00:00:00 2001
From: Tinashe <70011086+tinashechiraya@users.noreply.github.com>
Date: Wed, 9 Oct 2024 13:22:50 +0200
Subject: [PATCH] Patch use authentication on api (#1110)

* patch: use token to authenticate aganist API

* patch: add authentication to test

* patch: add authentication to api

* patch: update tests to generate and use token for api
---
 django_project/monitor/site_views.py       |  4 ++++
 django_project/monitor/tests/test_sites.py | 24 ++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/django_project/monitor/site_views.py b/django_project/monitor/site_views.py
index d53d0001..fbb8a27d 100644
--- a/django_project/monitor/site_views.py
+++ b/django_project/monitor/site_views.py
@@ -20,6 +20,8 @@
 from django.utils.dateparse import parse_date
 from drf_yasg.utils import swagger_auto_schema
 from drf_yasg import openapi
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework.permissions import IsAuthenticated
 
 
 from monitor.serializers import (
@@ -203,6 +205,8 @@ def get(self, request, latitude, longitude):
 
 class SitesWithObservationsView(APIView):
 	serializer_class = SitesAndObservationsSerializer
+	authentication_classes = [JWTAuthentication]
+	permission_classes = [IsAuthenticated]
 	@swagger_auto_schema(
 		operation_description="Retrieve detailed information about a site, including its observations and images.",
 		manual_parameters=[
diff --git a/django_project/monitor/tests/test_sites.py b/django_project/monitor/tests/test_sites.py
index 7ea40d54..00286030 100644
--- a/django_project/monitor/tests/test_sites.py
+++ b/django_project/monitor/tests/test_sites.py
@@ -30,6 +30,11 @@ def image_field(self, name):
     def setUp(self):
         # Create a user for authentication
         self.user = User.objects.create_user(username='testuser', password='testpassword', email='test@example.com')
+        self.user_token = User.objects.create_superuser(
+            username='testuser2', 
+            password='testpassword', 
+            email='test@example2.com'
+        )
         self.site = Sites.objects.create(
             site_name='Test Site',
             river_name='Test River',
@@ -81,6 +86,15 @@ def setUp(self):
             elec_cond="2.50",
             elec_cond_unit="mS/m"
         )
+        self.token = self.generate_token_for_user(self.user_token.email)
+        self.client = APIClient()
+        self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token)
+
+    def generate_token_for_user(self, email):
+        url = reverse('generate_special_token', args=[email])
+        response = self.client.post(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        return response.json().get('token')
 
 
     def test_get_all_sites_with_observations(self):
@@ -119,6 +133,16 @@ def test_get_sites_with_observations_with_no_data(self):
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(len(response.data), 0)
 
+    def test_get_sites_with_observations_without_token(self):
+        # Remove token authentication for this request
+        self.client.credentials()
+        
+        url = reverse('sites-with-observations')
+        response = self.client.get(url)
+
+        # Expect 401 Unauthorized without a token
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
     
     def test_multiple_image_upload(self):
         client = APIClient()