From af975d3e524029db0880db1f6c0ce56725e0dcf1 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 16 May 2018 22:47:17 +0200 Subject: [PATCH] =?UTF-8?q?nanterre:=20ajoute=20un=20ws=20de=20r=C3=A9cup?= =?UTF-8?q?=C3=A9ration=20de=20cl=C3=A9=20de=20f=C3=A9d=C3=A9ration=20(fix?= =?UTF-8?q?es=20#23873)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/test_nanterre.py | 26 +++++++++++++++++++++++++- zoo/zoo_nanterre/api_views.py | 16 ++++++++++++++++ zoo/zoo_nanterre/urls.py | 2 ++ 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/tests/test_nanterre.py b/tests/test_nanterre.py index d511bef..6b5d8ab 100644 --- a/tests/test_nanterre.py +++ b/tests/test_nanterre.py @@ -67,7 +67,7 @@ def test_person_search_api(app, db, rsu): assert any(data['id'] == rsu[0].id for data in response.json['data']) -def test_create_individu(transactional_db, app, rsu_schema): +def test_create_individu(settings, transactional_db, app, rsu_schema): def get_reseau(identifier): reseau_url = reverse('rsu-api-reseau', kwargs={ @@ -789,6 +789,30 @@ def test_create_individu(transactional_db, app, rsu_schema): for i, r in enumerate(responses): assert r.json['err'] == 0 + # test obtention de clés de fédération + def get_federation(uuid, **kwargs): + return app.get('/rsu/individu/%s/federation/technocarte/' % uuid, **kwargs).json + first = Entity.objects.get(id=first_id) + first.content['cles_de_federation']['authentic'] = 'abcd' + first.save() + enfant = Entity.objects.get(id=enfant_id) + enfant.content['cles_de_federation']['authentic'] = 'efgh' + enfant.save() + + assert get_federation('abcd', status=403)['err'] == 1 + assert get_federation('efgh', status=403)['err'] == 1 + + settings.ZOO_NANTERRE_APPLICATIONS['technocarte']['apikey'] = 'xyz' + assert get_federation('abcd', status=401)['err'] == 1 + assert get_federation('efgh', status=401)['err'] == 1 + assert get_federation('abcd', params={'apikey': 'xyz'})['cle_de_federation'] == '1234' + assert get_federation('efgh', params={'apikey': 'xyz'})['cle_de_federation'] == '5678' + + settings.ZOO_NANTERRE_APPLICATIONS['technocarte']['apikey'] = '' + assert get_federation('abcd', params={'apikey': 'xyz'}, status=403)['err'] == 1 + + del settings.ZOO_NANTERRE_APPLICATIONS['technocarte']['apikey'] + assert get_federation('abcd', params={'apikey': 'xyz'}, status=403)['err'] == 1 @pytest.mark.django_db(True) def test_cles_de_federations(app, rsu_schema): diff --git a/zoo/zoo_nanterre/api_views.py b/zoo/zoo_nanterre/api_views.py index df13184..9a4673d 100644 --- a/zoo/zoo_nanterre/api_views.py +++ b/zoo/zoo_nanterre/api_views.py @@ -1463,6 +1463,22 @@ class SuppressionIndividu(IndividuViewMixin, TransactionalView): suppression_individu = SuppressionIndividu.as_view() +class Federation(IndividuViewMixin, APIView): + def get(self, request, identifier, application, format=None): + app_dfn = utils.get_application(application) + if not app_dfn: + raise Http404 + apikey = app_dfn.get('apikey') + if not apikey: + return Response({'err': 1, 'errors': ['accès interdit']}, status=403) + if request.GET.get('apikey') != apikey: + return Response({'err': 1, 'errors': ['apikey invalide']}, status=401) + individu = self.get_individu(identifier) + return Response({'err': 0, 'cle_de_federation': individu.content['cles_de_federation'].get(application)}) + +federation = Federation.as_view() + + class SagaTiers(APIView): def get(self, request, application, identifier, format=None): app_dfn = utils.get_application(application) diff --git a/zoo/zoo_nanterre/urls.py b/zoo/zoo_nanterre/urls.py index 21be016..a212105 100644 --- a/zoo/zoo_nanterre/urls.py +++ b/zoo/zoo_nanterre/urls.py @@ -48,6 +48,8 @@ urlpatterns = [ api_views.suppression_lien_de_responsabilite, name='rsu-api-suppression-lien-de-responsabilite'), url(r'^individu/$', api_views.create_individu, name='rsu-api-create-individu'), + url(r'^individu/(?P[-\w]+)/federation/(?P\w+)/$', api_views.federation, + name='rsu-api-federation'), url(r'^declaration-union/$', api_views.declaration_union, name='rsu-api-declaration-union'), url(r'^synchronisation/$', api_views.synchronization, -- 2.17.0