0002-api_views-handle-ou-wise-api-client-checks-71275.patch
src/authentic2/api_views.py | ||
---|---|---|
1431 | 1431 |
class CheckAPIClientSerializer(serializers.Serializer): |
1432 | 1432 |
identifier = serializers.CharField(required=True) |
1433 | 1433 |
password = serializers.CharField(required=True) |
1434 |
ou = serializers.SlugRelatedField( |
|
1435 |
queryset=OrganizationalUnit.objects.all(), |
|
1436 |
slug_field='slug', |
|
1437 |
default=None, |
|
1438 |
required=False, |
|
1439 |
allow_null=True, |
|
1440 |
) |
|
1434 | 1441 | |
1435 | 1442 | |
1436 | 1443 |
class CheckPasswordAPI(BaseRpcView): |
... | ... | |
1467 | 1474 |
def rpc(self, request, serializer): |
1468 | 1475 |
identifier = serializer.validated_data['identifier'] |
1469 | 1476 |
password = serializer.validated_data['password'] |
1477 |
ou = serializer.validated_data.get('ou', None) |
|
1470 | 1478 |
api_client = None |
1471 | 1479 |
try: |
1472 | 1480 |
api_client = APIClient.objects.get(identifier=identifier, password=password) |
... | ... | |
1474 | 1482 |
pass |
1475 | 1483 | |
1476 | 1484 |
result = {} |
1477 |
if api_client is None: |
|
1485 |
if api_client is None or ou and ou != api_client.ou:
|
|
1478 | 1486 |
result['err'] = 1 |
1479 | 1487 |
result['err_desc'] = 'api client not found' |
1480 | 1488 |
else: |
... | ... | |
1484 | 1492 |
'is_anonymous': api_client.is_anonymous, |
1485 | 1493 |
'is_authenticated': api_client.is_authenticated, |
1486 | 1494 |
'is_superuser': api_client.is_superuser, |
1495 |
'ou': api_client.ou.slug if api_client.ou else None, |
|
1487 | 1496 |
'restrict_to_anonymised_data': api_client.restrict_to_anonymised_data, |
1488 | 1497 |
'roles': [role.uuid for role in api_client.apiclient_roles.all()], |
1489 | 1498 |
} |
tests/api/test_all.py | ||
---|---|---|
2787 | 2787 |
) |
2788 | 2788 | |
2789 | 2789 | |
2790 |
def test_check_api_client(app, superuser): |
|
2790 |
def test_check_api_client(app, superuser, ou1, ou2):
|
|
2791 | 2791 |
url = '/api/check-api-client/' |
2792 | 2792 |
payload = {'identifier': 'foo', 'password': 'bar'} |
2793 | 2793 |
resp = app.post_json(url, params=payload, status=401) |
... | ... | |
2816 | 2816 |
assert data['is_superuser'] is False |
2817 | 2817 |
assert data['restrict_to_anonymised_data'] is False |
2818 | 2818 |
assert data['roles'] == [role1.uuid] |
2819 |
assert data['ou'] is None |
|
2820 | ||
2821 |
api_client.ou = ou1 |
|
2822 |
api_client.save() |
|
2823 |
resp = app.post_json(url, params=payload) |
|
2824 |
assert resp.json['data']['ou'] == 'ou1' |
|
2825 | ||
2826 |
payload['ou'] = ou1.slug |
|
2827 |
resp = app.post_json(url, params=payload) |
|
2828 |
assert resp.json['data']['ou'] == 'ou1' |
|
2829 | ||
2830 |
payload['ou'] = ou2.slug |
|
2831 |
resp = app.post_json(url, params=payload) |
|
2832 |
assert resp.json['err'] == 1 |
|
2833 |
assert resp.json['err_desc'] == 'api client not found' |
|
2834 | ||
2835 |
api_client.ou = None |
|
2836 |
api_client.save() |
|
2837 |
resp = app.post_json(url, params=payload) |
|
2838 |
assert resp.json['err'] == 1 |
|
2839 |
assert resp.json['err_desc'] == 'api client not found' |
|
2819 |
- |