0001-webservice-add-remove-user-from-role-8234.patch
| src/authentic2/api_urls.py | ||
|---|---|---|
| 9 | 9 |
name='a2-api-password-change'), |
| 10 | 10 |
url(r'^user/$', api_views.user, |
| 11 | 11 |
name='a2-api-user'), |
| 12 |
url(r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[\w+]*)/$', api_views.roles_add_member, |
|
| 13 |
name='a2-api-role-member'), |
|
| 12 | 14 |
) |
| src/authentic2/api_views.py | ||
|---|---|---|
| 7 | 7 |
from django.utils.translation import ugettext as _ |
| 8 | 8 |
from django.views.decorators.vary import vary_on_headers |
| 9 | 9 |
from django.views.decorators.cache import cache_control |
| 10 |
from django.shortcuts import get_object_or_404 |
|
| 11 |
from django.http import HttpResponse |
|
| 10 | 12 | |
| 11 |
from django_rbac.utils import get_ou_model |
|
| 13 |
from django_rbac.utils import get_ou_model, get_role_model
|
|
| 12 | 14 | |
| 13 | 15 |
from rest_framework import serializers |
| 14 |
from rest_framework.generics import GenericAPIView |
|
| 16 |
from rest_framework.views import APIView |
|
| 17 |
from rest_framework.generics import GenericAPIView |
|
| 15 | 18 |
from rest_framework.response import Response |
| 16 | 19 |
from rest_framework import authentication, permissions, status |
| 17 | 20 |
from rest_framework.exceptions import PermissionDenied |
| ... | ... | |
| 202 | 205 |
if request.user.is_anonymous(): |
| 203 | 206 |
return {}
|
| 204 | 207 |
return request.user.to_json() |
| 208 | ||
| 209 | ||
| 210 |
class RoleView(APIView): |
|
| 211 | ||
| 212 |
authentication_classes = (authentication.BasicAuthentication,) |
|
| 213 |
permission_classes = (permissions.IsAuthenticated, |
|
| 214 |
HasUserAddPermission) |
|
| 215 | ||
| 216 |
def dispatch(self, request, *args, **kwargs): |
|
| 217 |
Role = get_role_model() |
|
| 218 |
User = get_user_model() |
|
| 219 | ||
| 220 |
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid']) |
|
| 221 |
self.member = get_object_or_404(User, uuid=kwargs['member_uuid']) |
|
| 222 | ||
| 223 |
perm = 'a2_rbac.change_role' |
|
| 224 |
authorized = request.user.has_perm(perm, obj=Role) |
|
| 225 | ||
| 226 |
if not authorized: |
|
| 227 |
return HttpResponse(status=status.HTTP_403_FORBIDDEN) |
|
| 228 |
|
|
| 229 |
return super(RoleView, self).dispatch(request, *args, **kwargs) |
|
| 230 | ||
| 231 |
def post(self, request, *args, **kwargs): |
|
| 232 |
self.role.members.add(self.member) |
|
| 233 |
self.role.save() |
|
| 234 |
return Response({'message': _('user added to role')}, status.HTTP_201_CREATED)
|
|
| 235 | ||
| 236 |
def delete(self, request, *args, **kwargs): |
|
| 237 |
self.role.members.remove(self.member) |
|
| 238 |
self.role.save() |
|
| 239 |
return Response({'message': _('user deleted from role')}, status.HTTP_200_OK)
|
|
| 240 | ||
| 241 |
roles_add_member = RoleView.as_view() |
|
| src/authentic2/idp/saml/tests.py | ||
|---|---|---|
| 258 | 258 |
% saml_response) |
| 259 | 259 |
with self.assertRaises(lasso.ProfileRequestDeniedError): |
| 260 | 260 |
assertion = self.parse_authn_response(saml_response) |
| 261 |
self.assertIn('samlp:StatusMessage', saml_response_decoded)
|
|
| 262 |
self.assertIn('User canceled login process', saml_response_decoded)
|
|
| 261 |
namespaces = {'samlp': lasso.SAML2_PROTOCOL_HREF}
|
|
| 262 |
constraints = ( |
|
| 263 |
("/samlp:Response/samlp:Status/samlp:StatusCode/@Value", lasso.SAML2_STATUS_CODE_RESPONDER),
|
|
| 264 |
("/samlp:Response/samlp:Status/samlp:StatusCode/samlp:StatusCode/@Value", lasso.SAML2_STATUS_CODE_REQUEST_DENIED),
|
|
| 265 |
("/samlp:Response/samlp:Status/samlp:StatusMessage", 'User canceled login process')
|
|
| 266 |
) |
|
| 267 |
self.assertXPathConstraints(saml_response_decoded, constraints, namespaces) |
|
| 263 | 268 |
else: |
| 264 | 269 |
response = client.post(url, {
|
| 265 | 270 |
'username': self.email, |
| ... | ... | |
| 281 | 286 |
base64.b64decode(saml_response) |
| 282 | 287 |
except TypeError: |
| 283 | 288 |
self.fail('SAMLResponse is not base64 encoded: %s' % saml_response)
|
| 289 |
|
|
| 284 | 290 |
login = self.parse_authn_response(saml_response) |
| 285 | 291 |
assertion = login.assertion |
| 286 | 292 |
assertion_xml = assertion.exportToXml() |
| src/authentic2/tests/test_all.py | ||
|---|---|---|
| 84 | 84 |
'is_superuser': False, |
| 85 | 85 |
'last_login': u.last_login, |
| 86 | 86 |
'date_joined': u.date_joined, |
| 87 |
'groups': [],
|
|
| 87 |
'group': [], |
|
| 88 | 88 |
'user_permissions': [], |
| 89 | 89 |
'password': '', |
| 90 | 90 |
'ou': None, |
| ... | ... | |
| 1200 | 1200 |
response = client.post(reset_url, {'new_password1': 'newPassword1',
|
| 1201 | 1201 |
'new_password2': 'newPassword1'}) |
| 1202 | 1202 |
self.assertRedirects(response, ENTROUVERT_COM) |
| 1203 | ||
| 1204 | ||
| 1205 |
class RolesTest(Authentic2TestCase): |
|
| 1206 | ||
| 1207 |
def setUp(self,): |
|
| 1208 | ||
| 1209 |
from rest_framework import test |
|
| 1210 | ||
| 1211 |
self.auth_client = test.APIClient() |
|
| 1212 | ||
| 1213 |
User = get_user_model() |
|
| 1214 |
Role = get_role_model() |
|
| 1215 | ||
| 1216 |
role = Role.objects.first() |
|
| 1217 |
super_user = User.objects.create(username='super', email='super@super.com', is_superuser=True) |
|
| 1218 |
super_user.set_password('super_user')
|
|
| 1219 |
super_user.save() |
|
| 1220 | ||
| 1221 |
cred = base64.b64encode('%s:%s' %(super_user.username.encode('utf-8'), 'super_user'))
|
|
| 1222 |
self.auth_client.credentials(HTTP_AUTHORIZATION='Basic %s' % cred) |
|
| 1223 | ||
| 1224 |
user = User.objects.create(username='john', email='john@doe.com', password='password') |
|
| 1225 |
user.set_password('password')
|
|
| 1226 |
user.save() |
|
| 1227 | ||
| 1228 |
self.role_uuid = role.uuid |
|
| 1229 |
self.member_uuid = user.uuid |
|
| 1230 |
self.url = self._build_url(role.uuid, user.uuid) |
|
| 1231 |
self.payload = {'role_uuid': self.role_uuid, 'member_uuid': self.member_uuid}
|
|
| 1232 | ||
| 1233 |
def _build_url(self, role_uuid, member_uuid): |
|
| 1234 |
return reverse('a2-api-role-member', kwargs={'role_uuid': self.role_uuid, 'member_uuid':self.member_uuid})
|
|
| 1235 | ||
| 1236 |
def test_add_member_to_role(self,): |
|
| 1237 |
response = self.auth_client.post(self.url,content_type='application/json', data= self.payload ) |
|
| 1238 |
self.assertEqual(response.status_code, 201) |
|
| 1239 | ||
| 1240 |
def test_remove_member_from_role(self,): |
|
| 1241 |
response = self.auth_client.delete(self.url) |
|
| 1242 |
self.assertEqual(response.status_code, 200) |
|
| 1243 | ||
| 1244 |
def test_access_forbiden(self,): |
|
| 1245 |
response = self.client.post(self.url, data=self.payload) |
|
| 1246 |
self.assertEqual(response.status_code, 403) |
|
| 1247 | ||
| 1248 |
def test_role_not_found(self,): |
|
| 1249 |
response = self.auth_client.post(self._build_url('fake_role_uuid','fake_member_uuid'), content_type='application/json', data= self.payload)
|
|
| 1250 | ||
| 1251 |
self.assertEqual(response.status_code, 404) |
|
| 1203 |
- |
|