test_quetz_keys.sh

# export the key created with the new quetz deployment (user bob)
export QUETZ_API_KEY=4f3f9c7fd6fb472c923ce27b676f6e21

# create channel
curl -X POST "http://localhost:8000/api/channels" -H "X-API-Key: ${QUETZ_API_KEY}" -d '{"name": "test-channel", "private": true}'
# -> null

# list packages without key - permission denied
curl http://localhost:8000/api/channels/test-channel/packages
# {"detail":"Not logged in"}

# list packages (no packages were added so empty list)
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY}"
# []

# dummy login of dev user 'alice' and save session cookies to file
curl -j -c session-cookies.txt localhost:8000/api/dummylogin/alice
cat session-cookies.txt
# #HttpOnly_localhost	FALSE	/	FALSE	1603879804	session	eyJ1c2VyX2lkIjogIjIyMzljNDMzLTY3YzAtNDNmYy1iMWJkLTEwMWVkYWM5MDNkZiIsICJpZGVudGl0eV9wcm92aWRlciI6ICJkdW1teSJ9.X4bOfA.awDnOzCuhQuWSUQXh6UeECoBOsI

# add an api key without assigning extra roles (reusing the session cookies)
export QUETZ_API_KEY_ALICE_BLANK=`curl -X POST -b session-cookies.txt localhost:8000/api/api-keys -d '{"description" : "test-key", "channel": "", "roles": []}' | jq -r .key`
echo ${QUETZ_API_KEY_ALICE_BLANK}
# _3UqZkYCr4a-zc4JVJJkwmorzduC7QVGYENA8cN-LLQ

# list packages in the test-channel with the new api key - access denied
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY_ALICE_BLANK}"
# {"detail":"No permission"}

# bob adds a permission for alice
curl http://localhost:8000/api/channels/test-channel/members -H "X-API-Key: ${QUETZ_API_KEY}" -d '{"username": "alice", "role": "owner"}'
# null

# alice can list packages from test-channel using the blank key
curl http://localhost:8000/api/channels/test-channel/packages -H "X-API-Key: ${QUETZ_API_KEY_ALICE_BLANK}"
# []