def post(self, request, format=None):
"""Performs search and returns CSV file."""
validated_data = self.validate_data(request.data)
es_query = self._get_es_query(request, validated_data)
ids = tuple(self._get_ids(es_query))
db_queryset = self._get_rows(ids, validated_data['sortby'])
base_filename = self._get_base_filename()
user_event_data = {
'num_results': len(ids),
'args': validated_data,
}
record_user_event(request,
USER_EVENT_TYPES.search_export,
data=user_event_data)
return create_csv_response(db_queryset, self.field_titles,
base_filename)
def test_records_data(self, data, expected_data):
"""Test various data values."""
adviser = AdviserFactory()
request = Mock(user=adviser, path='test-path')
event = record_user_event(request,
UserEventType.SEARCH_EXPORT,
data=data)
event.refresh_from_db()
assert event.adviser == adviser
assert event.type == UserEventType.SEARCH_EXPORT
assert event.api_url_path == 'test-path'
assert event.data == expected_data
def test_success(self, data, data_flow_api_client):
"""Test that endpoint returns with expected data for a single user event"""
request = Mock(user=self.factory(), path='test-path')
event = record_user_event(request,
UserEventType.SEARCH_EXPORT,
data=data)
event.refresh_from_db()
response = data_flow_api_client.get(self.view_url)
assert response.status_code == status.HTTP_200_OK
response_results = response.json()['results']
assert len(response_results) == 1
result = response_results[0]
expected_result = get_expected_data_from_user_log(event)
assert result == expected_result
def authenticate(self, request):
"""
Authenticate the user using token introspection.
This first checks if the token is cached. If it's not cached, the token is looked
up in Staff SSO. An adviser is then looked up using the retrieved token data.
"""
try:
authorization_header = request.META['HTTP_AUTHORIZATION']
except KeyError as exc:
raise AuthenticationFailed(NO_CREDENTIALS_MESSAGE) from exc
scheme, _, token = authorization_header.partition(' ')
if scheme.lower() != 'bearer':
raise AuthenticationFailed(INCORRECT_SCHEME)
if not token:
raise AuthenticationFailed(NO_CREDENTIALS_MESSAGE)
token_data, was_cached = _look_up_token(token, request)
if not token_data:
raise AuthenticationFailed(INVALID_CREDENTIALS_MESSAGE)
user = _look_up_adviser(token_data)
if not (user and user.is_active):
raise AuthenticationFailed(INVALID_CREDENTIALS_MESSAGE)
# Only record real (non-cached) introspections (otherwise we'd be recording every
# request)
if not was_cached:
record_user_event(request,
UserEventType.OAUTH_TOKEN_INTROSPECTION,
adviser=user)
return user, None
def destroy(self, request, *args, **kwargs):
"""Record delete event."""
entity_document = self.get_object()
data = self.serializer_class(entity_document).data
record_user_event(request, UserEventType.EVIDENCE_DOCUMENT_DELETE, data=data)
return super().destroy(request, *args, **kwargs)