0001-webservice-add-remove-user-from-role-8234.patch
src/authentic2/api_urls.py | ||
---|---|---|
9 | 9 |
name='a2-api-password-change'), |
10 | 10 |
url(r'^user/$', api_views.user, |
11 | 11 |
name='a2-api-user'), |
12 |
url(r'^roles/(?P<role_uuid>[\w+]*)/members/(?P<member_uuid>[\w+]*)/$', api_views.roles_add_member, |
|
13 |
name='a2-api-role-member'), |
|
12 | 14 |
) |
src/authentic2/api_views.py | ||
---|---|---|
7 | 7 |
from django.utils.translation import ugettext as _ |
8 | 8 |
from django.views.decorators.vary import vary_on_headers |
9 | 9 |
from django.views.decorators.cache import cache_control |
10 |
from django.shortcuts import get_object_or_404 |
|
11 |
from django.http import HttpResponse |
|
10 | 12 | |
11 |
from django_rbac.utils import get_ou_model |
|
13 |
from django_rbac.utils import get_ou_model, get_role_model
|
|
12 | 14 | |
13 | 15 |
from rest_framework import serializers |
14 |
from rest_framework.generics import GenericAPIView |
|
16 |
from rest_framework.views import APIView |
|
17 |
from rest_framework.generics import GenericAPIView |
|
15 | 18 |
from rest_framework.response import Response |
16 | 19 |
from rest_framework import authentication, permissions, status |
17 | 20 |
from rest_framework.exceptions import PermissionDenied |
... | ... | |
202 | 205 |
if request.user.is_anonymous(): |
203 | 206 |
return {} |
204 | 207 |
return request.user.to_json() |
208 | ||
209 | ||
210 |
class RoleView(APIView): |
|
211 | ||
212 |
authentication_classes = (authentication.BasicAuthentication,) |
|
213 |
permission_classes = (permissions.IsAuthenticated, |
|
214 |
HasUserAddPermission) |
|
215 | ||
216 |
def dispatch(self, request, *args, **kwargs): |
|
217 |
Role = get_role_model() |
|
218 |
User = get_user_model() |
|
219 | ||
220 |
self.role = get_object_or_404(Role, uuid=kwargs['role_uuid']) |
|
221 |
self.member = get_object_or_404(User, uuid=kwargs['member_uuid']) |
|
222 | ||
223 |
perm = 'a2_rbac.change_role' |
|
224 |
authorized = request.user.has_perm(perm, obj=Role) |
|
225 | ||
226 |
if not authorized: |
|
227 |
return HttpResponse(status=status.HTTP_403_FORBIDDEN) |
|
228 |
|
|
229 |
return super(RoleView, self).dispatch(request, *args, **kwargs) |
|
230 | ||
231 |
def post(self, request, *args, **kwargs): |
|
232 |
self.role.members.add(self.member) |
|
233 |
self.role.save() |
|
234 |
return Response({'message': _('user added to role')}, status.HTTP_201_CREATED) |
|
235 | ||
236 |
def delete(self, request, *args, **kwargs): |
|
237 |
self.role.members.remove(self.member) |
|
238 |
self.role.save() |
|
239 |
return Response({'message': _('user deleted from role')}, status.HTTP_200_OK) |
|
240 | ||
241 |
roles_add_member = RoleView.as_view() |
src/authentic2/idp/saml/tests.py | ||
---|---|---|
258 | 258 |
% saml_response) |
259 | 259 |
with self.assertRaises(lasso.ProfileRequestDeniedError): |
260 | 260 |
assertion = self.parse_authn_response(saml_response) |
261 |
self.assertIn('samlp:StatusMessage', saml_response_decoded) |
|
262 |
self.assertIn('User canceled login process', saml_response_decoded) |
|
261 |
namespaces = {'samlp': lasso.SAML2_PROTOCOL_HREF} |
|
262 |
constraints = ( |
|
263 |
("/samlp:Response/samlp:Status/samlp:StatusCode/@Value", lasso.SAML2_STATUS_CODE_RESPONDER), |
|
264 |
("/samlp:Response/samlp:Status/samlp:StatusCode/samlp:StatusCode/@Value", lasso.SAML2_STATUS_CODE_REQUEST_DENIED), |
|
265 |
("/samlp:Response/samlp:Status/samlp:StatusMessage", 'User canceled login process') |
|
266 |
) |
|
267 |
self.assertXPathConstraints(saml_response_decoded, constraints, namespaces) |
|
263 | 268 |
else: |
264 | 269 |
response = client.post(url, { |
265 | 270 |
'username': self.email, |
... | ... | |
281 | 286 |
base64.b64decode(saml_response) |
282 | 287 |
except TypeError: |
283 | 288 |
self.fail('SAMLResponse is not base64 encoded: %s' % saml_response) |
289 |
|
|
284 | 290 |
login = self.parse_authn_response(saml_response) |
285 | 291 |
assertion = login.assertion |
286 | 292 |
assertion_xml = assertion.exportToXml() |
src/authentic2/tests/test_all.py | ||
---|---|---|
84 | 84 |
'is_superuser': False, |
85 | 85 |
'last_login': u.last_login, |
86 | 86 |
'date_joined': u.date_joined, |
87 |
'groups': [],
|
|
87 |
'group': [], |
|
88 | 88 |
'user_permissions': [], |
89 | 89 |
'password': '', |
90 | 90 |
'ou': None, |
... | ... | |
1200 | 1200 |
response = client.post(reset_url, {'new_password1': 'newPassword1', |
1201 | 1201 |
'new_password2': 'newPassword1'}) |
1202 | 1202 |
self.assertRedirects(response, ENTROUVERT_COM) |
1203 | ||
1204 | ||
1205 |
class RolesTest(Authentic2TestCase): |
|
1206 | ||
1207 |
def setUp(self,): |
|
1208 | ||
1209 |
from rest_framework import test |
|
1210 | ||
1211 |
self.auth_client = test.APIClient() |
|
1212 | ||
1213 |
User = get_user_model() |
|
1214 |
Role = get_role_model() |
|
1215 | ||
1216 |
role = Role.objects.first() |
|
1217 |
super_user = User.objects.create(username='super', email='super@super.com', is_superuser=True) |
|
1218 |
super_user.set_password('super_user') |
|
1219 |
super_user.save() |
|
1220 | ||
1221 |
cred = base64.b64encode('%s:%s' %(super_user.username.encode('utf-8'), 'super_user')) |
|
1222 |
self.auth_client.credentials(HTTP_AUTHORIZATION='Basic %s' % cred) |
|
1223 | ||
1224 |
user = User.objects.create(username='john', email='john@doe.com', password='password') |
|
1225 |
user.set_password('password') |
|
1226 |
user.save() |
|
1227 | ||
1228 |
self.role_uuid = role.uuid |
|
1229 |
self.member_uuid = user.uuid |
|
1230 |
self.url = self._build_url(role.uuid, user.uuid) |
|
1231 |
self.payload = {'role_uuid': self.role_uuid, 'member_uuid': self.member_uuid} |
|
1232 | ||
1233 |
def _build_url(self, role_uuid, member_uuid): |
|
1234 |
return reverse('a2-api-role-member', kwargs={'role_uuid': self.role_uuid, 'member_uuid':self.member_uuid}) |
|
1235 | ||
1236 |
def test_add_member_to_role(self,): |
|
1237 |
response = self.auth_client.post(self.url,content_type='application/json', data= self.payload ) |
|
1238 |
self.assertEqual(response.status_code, 201) |
|
1239 | ||
1240 |
def test_remove_member_from_role(self,): |
|
1241 |
response = self.auth_client.delete(self.url) |
|
1242 |
self.assertEqual(response.status_code, 200) |
|
1243 | ||
1244 |
def test_access_forbiden(self,): |
|
1245 |
response = self.client.post(self.url, data=self.payload) |
|
1246 |
self.assertEqual(response.status_code, 403) |
|
1247 | ||
1248 |
def test_role_not_found(self,): |
|
1249 |
response = self.auth_client.post(self._build_url('fake_role_uuid','fake_member_uuid'), content_type='application/json', data= self.payload) |
|
1250 | ||
1251 |
self.assertEqual(response.status_code, 404) |
|
1203 |
- |