def test_api_permission(self, client_pk, provider_id, expect):
request = Mock()
request.auth = Mock()
request.auth.client_id = client_pk
result = ThirdPartyAuthProviderApiPermission(
provider_id).has_permission(request, None)
self.assertEqual(result, expect)
def test_api_permission_unauthorized_client(self):
client = self.configure_oauth_client()
self.configure_api_permission(client, 'saml-anotherprovider')
request = Mock()
request.auth = Mock()
request.auth.client_id = client.pk
result = ThirdPartyAuthProviderApiPermission(
PROVIDER_ID_TESTSHIB).has_permission(request, None)
self.assertEqual(result, False)
def test_api_permission_unauthorized_client(self):
dop_client = self.configure_oauth_dop_client()
self.configure_api_permission(dop_client, 'saml-anotherprovider')
request = Mock()
request.auth = Mock()
request.auth.client_id = dop_client.pk
view = Mock(kwargs={'provider_id': PROVIDER_ID_TESTSHIB})
result = ThirdPartyAuthProviderApiPermission().has_permission(
request, view)
self.assertEqual(result, False)
def test_api_permission(self, client_pk, provider_id, expect):
dop_client = self.configure_oauth_dop_client()
self.configure_api_permission(dop_client, PROVIDER_ID_TESTSHIB)
request = Mock()
request.auth = Mock()
request.auth.client_id = client_pk
view = Mock(kwargs={'provider_id': provider_id})
result = ThirdPartyAuthProviderApiPermission().has_permission(
request, view)
self.assertEqual(result, expect)
def get_queryset(self):
provider_id = self.kwargs.get('provider_id')
# permission checking. We allow both API_KEY access and OAuth2 client credential access
if not (self.request.user.is_superuser
or ApiKeyHeaderPermission().has_permission(self.request, self)
or ThirdPartyAuthProviderApiPermission(
provider_id).has_permission(self.request, self)):
raise exceptions.PermissionDenied()
# provider existence checking
self.provider = Registry.get(provider_id)
if not self.provider:
raise Http404
query_set = UserSocialAuth.objects.select_related('user').filter(
provider=self.provider.backend_name)
# build our query filters
# When using multi-IdP backend, we only retrieve the ones that are for current IdP.
# test if the current provider has a slug
uid = self.provider.get_social_auth_uid('uid')
if uid != 'uid':
# if yes, we add a filter for the slug on uid column
query_set = query_set.filter(uid__startswith=uid[:-3])
query = Q()
usernames = self.request.query_params.getlist('username', None)
remote_ids = self.request.query_params.getlist('remote_id', None)
if usernames:
usernames = ','.join(usernames)
usernames = set(usernames.split(',')) if usernames else set()
if usernames:
query = query | Q(user__username__in=usernames)
if remote_ids:
remote_ids = ','.join(remote_ids)
remote_ids = set(remote_ids.split(',')) if remote_ids else set()
if remote_ids:
query = query | Q(uid__in=[
self.provider.get_social_auth_uid(remote_id)
for remote_id in remote_ids
])
return query_set.filter(query)