0008-notifications-add-a-listing-API.patch

Benjamin Dauvergne, 18 mars 2018 22:13

Voir les différences: en ligne côte à côte

Subject: [PATCH 8/8] notifications: add a listing API

- listing API allow showing notifications on a remote site
- each notification description contains signed ack and forget URL
  allowing direct interfaction between the browser and combo from a remote
  site, based on CORS AJAX calls (authorizations are opened)
- ack and forget web-services are also still usable with classi Django
  session authentication.
- first test done using django-webtest&pytest-django

 combo/apps/notifications/api_views.py              | 79 +++++++++++++++++++---
 combo/apps/notifications/models.py                 | 12 +++-
 .../templates/combo/notificationscell.html         |  4 +-
 combo/apps/notifications/urls.py                   |  8 ++-
 tests/test_notification.py                         | 57 +++++++++++++---
 5 files changed, 136 insertions(+), 24 deletions(-)

     # You should have received a copy of the GNU Affero General Public License
     # along with this program.  If not, see <http://www.gnu.org/licenses/>.
     import hmac
     from django.conf import settings
     from rest_framework import serializers, permissions, status
     from rest_framework.generics import GenericAPIView
     from rest_framework.response import Response
-...
     from .models import Notification
     class IsAuthenticatedOrSignedPermission(object):
         @classmethod
         def signature(self, url):
             return hmac.HMAC(settings.SECRET_KEY, url).hexdigest()
         @classmethod
         def sign_url(cls, url):
             signature = cls.signature(url)
             separator = '&' if '?' in url else '?'
             return '%s%ssignature=%s' % (url, separator, signature)
         def has_permission(self, request, view):
             if request.user and request.user.is_authenticated:
                 if 'user_id' in view.kwargs and str(request.user.id) == view.kwargs['user_id']:
                     return True
             full_path = request.build_absolute_uri()
             if not ('&signature=' in full_path or '?signature=' in full_path):
                 return False
             payload, signature = full_path.rsplit('signature=', 1)
             return self.signature(payload[:-1]) == signature
     class NotificationSerializer(serializers.Serializer):
         summary = serializers.CharField(required=True, allow_blank=False, max_length=140)
         id = serializers.CharField(required=False, allow_null=True)
-...
         duration = serializers.IntegerField(required=False, allow_null=True, min_value=0)
     class Get(GenericAPIView):
         permission_classes = (permissions.IsAuthenticated,)
         serializer_class = NotificationSerializer
         def get(self, request, *args, **kwargs):
             notifications = Notification.objects.visible(request.user)
             data = []
             response = {'err': 0, 'data': data}
             for notification in notifications:
                 id = notification.public_id,
                 data.append({
                     'id': id,
                     'acked': notification.acked,
                     'summary': notification.summary,
                     'body': notification.body,
                     'url': notification.url,
                     'origin': notification.origin,
                     'end_timestamp': notification.end_timestamp,
                     'ack_url': IsAuthenticatedOrSignedPermission.sign_url(
                         request.build_absolute_uri(notification.ack_url)),
                     'forget_url': IsAuthenticatedOrSignedPermission.sign_url(
                         request.build_absolute_uri(notification.forget_url)),
                 })
             return Response(response)
     get = Get.as_view()
     class Add(GenericAPIView):
         permission_classes = (permissions.IsAuthenticated,)
         serializer_class = NotificationSerializer
-...
+                )
             except ValueError as e:
                 response = {'err': 1, 'err_desc': {'id': [unicode(e)]}}
                 return Response(response, status.HTTP_400_BAD_REQUEST)
                 return Response(response, status.HTTP_404_NOT_FOUND)
             else:
                 response = {'err': 0, 'data': {'id': notification.public_id}}
                 return Response(response)
     add = Add.as_view()
     class CORSApi(object):
         def options(self, request, *args, **kwargs):
             response = super(CORSApi, self).options(request, *args, **kwargs)
             response['Access-Control-Request-Method'] = 'GET'
             response['Access-Control-Allow-Origin'] = '*'
             return response
     class Ack(GenericAPIView):
         permission_classes = (permissions.IsAuthenticated,)
         def get(self, request, notification_id, *args, **kwargs):
             Notification.objects.find(request.user, notification_id).ack()
     class Ack(CORSApi, GenericAPIView):
         permission_classes = (IsAuthenticatedOrSignedPermission,)
         def get(self, request, user_id, notification_id, *args, **kwargs):
             Notification.objects.find(user_id, notification_id).ack()
             return Response({'err': 0})
     ack = Ack.as_view()
     class Forget(GenericAPIView):
         permission_classes = (permissions.IsAuthenticated,)
     class Forget(CORSApi, GenericAPIView):
         permission_classes = (IsAuthenticatedOrSignedPermission,)
         def get(self, request, notification_id, *args, **kwargs):
             Notification.objects.find(request.user, notification_id).forget()
         def get(self, request, user_id, notification_id, *args, **kwargs):
             Notification.objects.find(user_id, notification_id).forget()
             return Response({'err': 0})
     forget = Forget.as_view()

     from django.utils.timezone import now, timedelta
     from django.db.models import Q
     from django.db.models.query import QuerySet
     from django.core.urlresolvers import reverse
     from combo.data.models import CellBase
     from combo.data.library import register_cell_class
-...
         acked = models.BooleanField(_('Acked'), default=False)
         external_id = models.SlugField(_('External identifier'), null=True)
         class Meta:
             verbose_name = _('Notification')
             unique_together = (
-...
             self.acked = True
             self.save(update_fields=['acked'])
         @property
         def ack_url(self):
             return reverse('api-notification-ack', kwargs={
                 'user_id': self.user_id, 'notification_id': self.public_id})
         @property
         def forget_url(self):
             return reverse('api-notification-forget', kwargs={
                 'user_id': self.user_id, 'notification_id': self.public_id})
     @register_cell_class
     class NotificationsCell(CellBase):

     <ul>
       {% for notification in notifications %}
       <li class="combo-notification {% if notification.acked %}combo-notification-acked{% endif %}"
           data-combo-notification-id="{{ notification.public_id }}">
           data-combo-notification-id="{{ notification.public_id }}"
           data-combo-notification-ack-url="{{ notification.ack_url }}"
           data-combo-notification-forget-url="{{ notification.forget_url }}">
         <a href="{{ notification.url|default:"#" }}">{{ notification.summary }}</a>
         {% if notification.body %}
         <div class="description">

     from django.conf.urls import url
     from .api_views import add, ack, forget
     from .api_views import add, get, ack, forget
     urlpatterns = [
         url('^api/notification/add/$', add,
             name='api-notification-add'),
         url(r'^api/notification/ack/(?P<notification_id>[\w-]+)/$', ack,
         url('^api/notification/get/$', get,
             name='api-notification-get'),
         url(r'^api/notification/ack/(?P<user_id>\d{1,15})/(?P<notification_id>[\w-]+)/$', ack,
             name='api-notification-ack'),
         url(r'^api/notification/forget/(?P<notification_id>[\w-]+)/$', forget,
         url(r'^api/notification/forget/(?P<user_id>\d{1,15})/(?P<notification_id>[\w-]+)/$', forget,
             name='api-notification-forget'),
+    ]

         del notif['end_timestamp']
         notif['duration'] = 3600
         result = notify(notif, '5', 5)
         assert result.end_timestamp.isoformat()[:19] == '2016-11-11T12:11:00'
         result1 = notify(notif, '5', 5)
         assert result1.end_timestamp.isoformat()[:19] == '2016-11-11T12:11:00'
         notif['duration'] = '3600'
         result = notify(notif, '6', 6)
         assert result.end_timestamp.isoformat()[:19] == '2016-11-11T12:11:00'
         result2 = notify(notif, '6', 6)
         assert result2.end_timestamp.isoformat()[:19] == '2016-11-11T12:11:00'
         resp = client.get(reverse('api-notification-ack', kwargs={'notification_id': '6'}))
         resp = client.get(result2.ack_url)
         assert resp.status_code == 200
         assert Notification.objects.filter(acked=True).count() == 1
         assert Notification.objects.filter(acked=True).get().public_id == '6'
         resp = client.get(reverse('api-notification-forget', kwargs={'notification_id': '5'}))
         resp = client.get(result1.forget_url)
         assert resp.status_code == 200
         assert Notification.objects.filter(acked=True).count() == 2
         notif = Notification.objects.find(user, '5').get()
-...
                            json.dumps({'summary': 'ok'}),
                            content_type='application/json').status_code == 403
         assert client.get(reverse('api-notification-ack',
                                   kwargs={'notification_id': '1'})).status_code == 403
                                   kwargs={'user_id': 1, 'notification_id': '1'})).status_code == 403
         assert client.get(reverse('api-notification-forget',
                                   kwargs={'notification_id': '1'})).status_code == 403
                                   kwargs={'user_id': 1, 'notification_id': '1'})).status_code == 403
     def test_notification_ws_check_urls():
         assert reverse('api-notification-add') == '/api/notification/add/'
         assert reverse('api-notification-ack',
                        kwargs={'notification_id': 'noti1'}) == '/api/notification/ack/noti1/'
                        kwargs={'user_id': '1', 'notification_id': 'noti1'}) == '/api/notification/ack/1/noti1/'
         assert reverse('api-notification-forget',
                        kwargs={'notification_id': 'noti1'}) == '/api/notification/forget/noti1/'
                        kwargs={'user_id': '2', 'notification_id': 'noti1'}) == '/api/notification/forget/2/noti1/'
     def test_notification_id_and_origin(user):
-...
         result = notify({'summary': 'foo', 'id': 'foo:foo', 'origin': 'bar'})
         assert result['err'] == 0
     def test_notification_ws_get(app, user):
         Notification.notify(user, 'foo')
         Notification.notify(user, 'bar')
         app.set_user(user)
         response = app.get(reverse('api-notification-get'))
         result = response.json
         assert result['err'] == 0
         assert len(result['data']) == 2
         app.set_user(None)
         app.session.flush()
         app.get(reverse('api-notification-get'), status=403)
         assert Notification.objects.visible(user).new().count() == 2
         for notif in result['data']:
             response = app.options(notif['ack_url'])
             assert response['Access-Control-Allow-Origin'] == '*'
             assert response['Access-Control-Request-Method'] == 'GET'
             assert app.get(notif['ack_url'])
             assert app.get(notif['ack_url'])
         assert Notification.objects.visible(user).new().count() == 0
         assert Notification.objects.visible(user).count() == 2
         for notif in result['data']:
             response = app.options(notif['forget_url'])
             assert response['Access-Control-Allow-Origin'] == '*'
             assert response['Access-Control-Request-Method'] == 'GET'
             assert app.get(notif['forget_url'])
             assert app.get(notif['forget_url'])
         assert Notification.objects.visible(user).count() == 0
+    -

Projet

Général

Profil

Produits Entr'ouvert » Combo

0008-notifications-add-a-listing-API.patch