From 5b128cf8fb3e5635b024a1966548bc8a35836637 Mon Sep 17 00:00:00 2001 From: Josue Kouka Date: Tue, 10 Oct 2017 14:29:46 +0200 Subject: [PATCH] archimed: truncate sent uuid when over 30 characters (#19149) --- mandayejs/applications.py | 2 +- mandayejs/views.py | 5 ++++- tests/test_archimed.py | 20 +++++++++----------- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/mandayejs/applications.py b/mandayejs/applications.py index f4d220f..5a9440b 100644 --- a/mandayejs/applications.py +++ b/mandayejs/applications.py @@ -185,7 +185,7 @@ class Archimed(AppSettings): urlpatterns = patterns( '', url( - r'account/(?P[\w+]*)/$', + r'account/(?P[\w,-]+)/$', 'mandayejs.views.archimed_account_details', name='archimed-account-details'), ) diff --git a/mandayejs/views.py b/mandayejs/views.py index 8dc6499..40fef02 100644 --- a/mandayejs/views.py +++ b/mandayejs/views.py @@ -46,7 +46,10 @@ class ArchimedAccountDetails(APIView): ws_uri = request.build_absolute_uri( app_settings.SITE_WS_ENDPOINT['account_details']) - username = kwargs['username'] + # mellon truncates username to 30 characters + # thus the passed username must be truncated to 30 characters + # for searching purpose. + username = kwargs['username'][:30] try: user = User.objects.get(username=username) diff --git a/tests/test_archimed.py b/tests/test_archimed.py index 0f55b4d..df52416 100644 --- a/tests/test_archimed.py +++ b/tests/test_archimed.py @@ -1,5 +1,6 @@ import os import json +import uuid import pytest import mock @@ -34,36 +35,33 @@ def test_archimed_ws(mocked_get_app_settings, mocked_requests_post): mocked_get_app_settings.return_value = Archimed mocked_requests_post.side_effect = MOCKED_RESPONSES_LIST - user = create_user(username='kevin', password='kevin') + user_uuid = uuid.uuid4().hex + + user = create_user(username=user_uuid[:30], password='kevin') # test with invalid username client = Client() - client.login(username='kevin', password='kevin') + client.login(username=user_uuid[:30], password='kevin') response = client.get('/_mandaye/ws/account/whatever/') assert response.status_code == 404 assert json.loads(response.content)['err_desc'] == 'User whatever does not exist' assert json.loads(response.content)['err'] == 1 # test with unlinked user - client = Client() - client.login(username='kevin', password='kevin') - response = client.get('/_mandaye/ws/account/kevin/') + response = client.get('/_mandaye/ws/account/%s/' % user_uuid) assert response.status_code == 404 - assert json.loads(response.content)['err_desc'] == 'User kevin is not associated' + assert json.loads(response.content)['err_desc'] == 'User %s is not associated' % user_uuid[:30] assert json.loads(response.content)['err'] == 1 create_credentials(user, {'carte': 'kevin', 'code': 'whatever'}) # test with wrong credentials - client = Client() - client.login(username='kevin', password='kevin') - response = client.get('/_mandaye/ws/account/kevin/') + response = client.get('/_mandaye/ws/account/%s/' % user_uuid) assert response.status_code == 401 assert json.loads(response.content)['err_desc'] == 'Authentication failed' assert json.loads(response.content)['err'] == 1 # test with good credentials - client.login(username='kevin', password='kevin') - response = client.get('/_mandaye/ws/account/kevin/') + response = client.get('/_mandaye/ws/account/%s/' % user_uuid) assert response.status_code == 200 assert json.loads(response.content)['data']['message'] == 'Whatever is whatever' assert json.loads(response.content)['data']['success'] is True -- 2.11.0