def form_valid(self, form, *args, **kwargs): username = form.cleaned_data.get("email") password = form.cleaned_data.get("password") role_code = form.cleaned_data.get("role") user = authenticate(username=username, password=password) if user and user.is_active: login(self.request, user) role = APIToken.get_role_from_code(role_code) orgs = [] if role: valid_orgs = APIToken.get_orgs_for_role(user, role) for org in valid_orgs: token = APIToken.get_or_create(org, user, role) orgs.append(dict(id=org.pk, name=org.name, token=token.key)) else: # pragma: needs cover return HttpResponse(status=403) return JsonResponse(orgs, safe=False) else: # pragma: needs cover return HttpResponse(status=403)
def test_get_orgs_for_role(self): self.assertEqual( set(APIToken.get_orgs_for_role(self.admin, self.admins_group)), {self.org}) self.assertEqual( set(APIToken.get_orgs_for_role(self.admin, self.surveyors_group)), {self.org, self.org2})
def test_get_default_role(self): self.assertEqual(APIToken.get_default_role(self.org, self.admin), self.admins_group) self.assertEqual(APIToken.get_default_role(self.org, self.editor), self.editors_group) self.assertEqual(APIToken.get_default_role(self.org, self.surveyor), self.surveyors_group) self.assertIsNone(APIToken.get_default_role(self.org, self.user)) # user from another org has no API roles self.assertIsNone(APIToken.get_default_role(self.org, self.admin2))
def test_get_allowed_roles(self): self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin)), {self.admins_group, self.editors_group, self.surveyors_group}) self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.editor)), {self.editors_group, self.surveyors_group}) self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.surveyor)), {self.surveyors_group}) self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.user)), set()) # user from another org has no API roles self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin2)), set())
def test_get_allowed_roles(self): self.assertEqual( set(APIToken.get_allowed_roles(self.org, self.admin)), {self.admins_group, self.editors_group, self.surveyors_group}, ) self.assertEqual( set(APIToken.get_allowed_roles(self.org, self.editor)), {self.editors_group, self.surveyors_group} ) self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.surveyor)), {self.surveyors_group}) self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.user)), set()) # user from another org has no API roles self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin2)), set())
def test_get_or_create(self): token1 = APIToken.get_or_create(self.org, self.admin) self.assertEqual(token1.org, self.org) self.assertEqual(token1.user, self.admin) self.assertEqual(token1.role, self.admins_group) self.assertTrue(token1.key) self.assertEqual(six.text_type(token1), token1.key) # tokens for different roles with same user should differ token2 = APIToken.get_or_create(self.org, self.admin, self.admins_group) token3 = APIToken.get_or_create(self.org, self.admin, self.editors_group) token4 = APIToken.get_or_create(self.org, self.admin, self.surveyors_group) self.assertEqual(token1, token2) self.assertNotEqual(token1, token3) self.assertNotEqual(token1, token4) self.assertNotEqual(token1.key, token3.key) # tokens with same role for different users should differ token5 = APIToken.get_or_create(self.org, self.editor) self.assertNotEqual(token3, token5) APIToken.get_or_create(self.org, self.surveyor) # can't create token for viewer users or other users using viewers role self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.admin, Group.objects.get(name="Viewers")) self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.user)
def test_get_or_create(self): token1 = APIToken.get_or_create(self.org, self.admin) self.assertEqual(token1.org, self.org) self.assertEqual(token1.user, self.admin) self.assertEqual(token1.role, self.admins_group) self.assertTrue(token1.key) self.assertEqual(str(token1), token1.key) # tokens for different roles with same user should differ token2 = APIToken.get_or_create(self.org, self.admin, self.admins_group) token3 = APIToken.get_or_create(self.org, self.admin, self.editors_group) token4 = APIToken.get_or_create(self.org, self.admin, self.surveyors_group) self.assertEqual(token1, token2) self.assertNotEqual(token1, token3) self.assertNotEqual(token1, token4) self.assertNotEqual(token1.key, token3.key) # tokens with same role for different users should differ token5 = APIToken.get_or_create(self.org, self.editor) self.assertNotEqual(token3, token5) APIToken.get_or_create(self.org, self.surveyor) # can't create token for viewer users or other users using viewers role self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.admin, Group.objects.get(name="Viewers")) self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.user)
def test_get_orgs_for_role(self): self.assertEqual(set(APIToken.get_orgs_for_role(self.admin, self.admins_group)), {self.org}) self.assertEqual(set(APIToken.get_orgs_for_role(self.admin, self.surveyors_group)), {self.org, self.org2})
def get_response(self, **query_params): url = self.reverse(self.get_url_namespace(), query_params=query_params) token = APIToken.get_or_create( self.org, self.admin, Group.objects.get(name="Administrators")) return self.client.get(url, HTTP_AUTHORIZATION=f"Token {token.key}")