Better session api spec : POST instead of GET, Json body instead of query params for login

tracim/tests/functional/test_session.py

@@ -7,6 +7,7 @@ from tracim.tests import FunctionalTest
 class TestLogoutEndpoint(FunctionalTest):
 
     def test_logout(self):
+        res = self.testapp.post_json('/api/v2/sessions/logout', status=204)
         res = self.testapp.get('/api/v2/sessions/logout', status=204)
 
 
@@ -17,10 +18,10 @@ class TestLoginEndpoint(FunctionalTest):
             'email': 'admin@admin.admin',
             'password': 'admin@admin.admin',
         }
-        res = self.testapp.get(
+        res = self.testapp.post_json(
             '/api/v2/sessions/login',
+            params=params,
             status=204,
-            params=params
         )
 
     def test_bad_password(self):
@@ -28,7 +29,7 @@ class TestLoginEndpoint(FunctionalTest):
             'email': 'admin@admin.admin',
             'password': 'bad_password',
         }
-        res = self.testapp.get(
+        res = self.testapp.post_json(
             '/api/v2/sessions/login',
             status=400,
             params=params,
@@ -39,14 +40,14 @@ class TestLoginEndpoint(FunctionalTest):
             'email': 'unknown_user@unknown.unknown',
             'password': 'bad_password',
         }
-        res = self.testapp.get(
+        res = self.testapp.post_json(
             '/api/v2/sessions/login',
             status=400,
             params=params,
         )
 
     def test_uncomplete(self):
-        res = self.testapp.get('/api/v2/sessions/login', status=400)
+        res = self.testapp.post_json('/api/v2/sessions/login', status=400)
 
 
 class TestWhoamiEndpoint(FunctionalTest):

tracim/views/core_api/session_controller.py

@@ -29,7 +29,7 @@ class SessionController(Controller):
 
     @hapic.with_api_doc()
     @hapic.input_headers(LoginOutputHeaders())
-    @hapic.input_query(BasicAuthSchema())
+    @hapic.input_body(BasicAuthSchema())
     @hapic.handle_exception(LoginFailed, http_code=HTTPStatus.BAD_REQUEST)
     # TODO - G.M - 17-04-2018 - fix output header ?
     # @hapic.output_headers()
@@ -41,10 +41,8 @@ class SessionController(Controller):
         """
         Logs user into the system
         """
-        email = request.params['email']
-        password = request.params['password']
-        if not (email and password):
-            raise Exception
+        email = request.json_body['email']
+        password = request.json_body['password']
         app_config = request.registry.settings['CFG']
         try:
             uapi = UserApi(
@@ -99,7 +97,7 @@ class SessionController(Controller):
         configurator.add_route(
             'login',
             os.path.join(BASE_API_V2, 'sessions', 'login'),
-            request_method='GET'
+            request_method='POST',
         )
         configurator.add_view(
             self.login,
@@ -107,20 +105,28 @@ class SessionController(Controller):
         )
         # Logout
         configurator.add_route(
-            'logout',
+            'post_logout',
             os.path.join(BASE_API_V2, 'sessions', 'logout'),
-            request_method='GET'
+            request_method='POST',
+        )
+        configurator.add_route(
+            'get_logout',
+            os.path.join(BASE_API_V2, 'sessions', 'logout'),
+            request_method='GET',
+        )
+        configurator.add_view(
+            self.logout,
+            route_name='get_logout',
         )
-
         configurator.add_view(
             self.logout,
-            route_name='logout',
+            route_name='post_logout',
         )
         # Whoami
         configurator.add_route(
             'whoami',
             os.path.join(BASE_API_V2, 'sessions', 'whoami'),
-            request_method='GET'
+            request_method='GET',
         )
         configurator.add_view(
             self.whoami,