Projet

Général

Profil

0002-api_views-handle-ou-wise-api-client-checks-71275.patch

Paul Marillonnet, 07 décembre 2022 16:28

Télécharger (3,53 ko)

Voir les différences:

Subject: [PATCH 2/2] api_views: handle ou-wise api-client checks (#71275)

 src/authentic2/api_views.py | 11 ++++++++++-
 tests/api/test_all.py       | 23 ++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 2 deletions(-)
src/authentic2/api_views.py
1431 1431
class CheckAPIClientSerializer(serializers.Serializer):
1432 1432
    identifier = serializers.CharField(required=True)
1433 1433
    password = serializers.CharField(required=True)
1434
    ou = serializers.SlugRelatedField(
1435
        queryset=OrganizationalUnit.objects.all(),
1436
        slug_field='slug',
1437
        default=None,
1438
        required=False,
1439
        allow_null=True,
1440
    )
1434 1441

  
1435 1442

  
1436 1443
class CheckPasswordAPI(BaseRpcView):
......
1467 1474
    def rpc(self, request, serializer):
1468 1475
        identifier = serializer.validated_data['identifier']
1469 1476
        password = serializer.validated_data['password']
1477
        ou = serializer.validated_data.get('ou', None)
1470 1478
        api_client = None
1471 1479
        try:
1472 1480
            api_client = APIClient.objects.get(identifier=identifier, password=password)
......
1474 1482
            pass
1475 1483

  
1476 1484
        result = {}
1477
        if api_client is None:
1485
        if api_client is None or ou and ou != api_client.ou:
1478 1486
            result['err'] = 1
1479 1487
            result['err_desc'] = 'api client not found'
1480 1488
        else:
......
1484 1492
                'is_anonymous': api_client.is_anonymous,
1485 1493
                'is_authenticated': api_client.is_authenticated,
1486 1494
                'is_superuser': api_client.is_superuser,
1495
                'ou': api_client.ou.slug if api_client.ou else None,
1487 1496
                'restrict_to_anonymised_data': api_client.restrict_to_anonymised_data,
1488 1497
                'roles': [role.uuid for role in api_client.apiclient_roles.all()],
1489 1498
            }
tests/api/test_all.py
2787 2787
    )
2788 2788

  
2789 2789

  
2790
def test_check_api_client(app, superuser):
2790
def test_check_api_client(app, superuser, ou1, ou2):
2791 2791
    url = '/api/check-api-client/'
2792 2792
    payload = {'identifier': 'foo', 'password': 'bar'}
2793 2793
    resp = app.post_json(url, params=payload, status=401)
......
2816 2816
    assert data['is_superuser'] is False
2817 2817
    assert data['restrict_to_anonymised_data'] is False
2818 2818
    assert data['roles'] == [role1.uuid]
2819
    assert data['ou'] is None
2820

  
2821
    api_client.ou = ou1
2822
    api_client.save()
2823
    resp = app.post_json(url, params=payload)
2824
    assert resp.json['data']['ou'] == 'ou1'
2825

  
2826
    payload['ou'] = ou1.slug
2827
    resp = app.post_json(url, params=payload)
2828
    assert resp.json['data']['ou'] == 'ou1'
2829

  
2830
    payload['ou'] = ou2.slug
2831
    resp = app.post_json(url, params=payload)
2832
    assert resp.json['err'] == 1
2833
    assert resp.json['err_desc'] == 'api client not found'
2834

  
2835
    api_client.ou = None
2836
    api_client.save()
2837
    resp = app.post_json(url, params=payload)
2838
    assert resp.json['err'] == 1
2839
    assert resp.json['err_desc'] == 'api client not found'
2819
-