def test_get(app): """Test Get.""" with app.app_context(): mock_get_token = patch('pay_api.services.oauth_service.requests.Session.get') mock_get = mock_get_token.start() mock_get.return_value = Mock(status_code=201) mock_get.return_value.json.return_value = {} get_token_response = OAuthService.get('http://google.com/', '', AuthHeaderType.BEARER, ContentType.JSON) mock_get_token.stop() assert get_token_response.json() == {}
def _create_site(access_token, account, contact_info, receipt_method): """Create site in PayBC.""" current_app.logger.debug('<Creating site ') if not contact_info: contact_info = {} site_url = current_app.config.get('CFS_BASE_URL') + '/cfs/parties/{}/accs/{}/sites/' \ .format(account.get('party_number', None), account.get('account_number', None)) site: Dict[str, Any] = { 'site_name': 'Site 1', # Make it dynamic if we ever need multiple sites per account 'city': get_non_null_value(contact_info.get('city'), DEFAULT_CITY), 'address_line_1': get_non_null_value(contact_info.get('addressLine1'), DEFAULT_ADDRESS_LINE_1), 'postal_code': get_non_null_value(contact_info.get('postalCode'), DEFAULT_POSTAL_CODE).replace(' ', ''), 'province': get_non_null_value(contact_info.get('province'), DEFAULT_JURISDICTION), 'country': get_non_null_value(contact_info.get('country'), DEFAULT_COUNTRY), 'customer_site_id': '1', 'primary_bill_to': 'Y', 'customer_profile_class': CFS_CUSTOMER_PROFILE_CLASS } if receipt_method: site['receipt_method'] = receipt_method try: site_response = OAuthService.post(site_url, access_token, AuthHeaderType.BEARER, ContentType.JSON, site).json() except HTTPError as e: # If the site creation fails with 400, query and return site if e.response.status_code == 400: site_response = \ OAuthService.get(site_url, access_token, AuthHeaderType.BEARER, ContentType.JSON).json().get( 'items')[0] else: raise e current_app.logger.debug('>Creating site ') return site_response
def check_auth(business_identifier: str, jwt: JwtManager, **kwargs): """Authorize the user for the business entity.""" bearer_token = jwt.get_token_auth_header() if jwt else None auth_url = current_app.config.get( 'AUTH_API_ENDPOINT') + f'entities/{business_identifier}/authorizations' auth_response = RestService.get(auth_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON) is_authorized: bool = False if auth_response: roles: list = auth_response.json().get('roles', []) if kwargs.get('one_of_roles', None): is_authorized = list(set(kwargs.get('one_of_roles')) & set(roles)) != [] if kwargs.get('contains_role', None): is_authorized = kwargs.get('contains_role') in roles if not is_authorized: abort(403)
def check_auth(business_identifier: str, **kwargs): """Authorize the user for the business entity.""" user: UserContext = kwargs['user'] is_authorized: bool = False if Role.SYSTEM.value in user.roles: is_authorized = bool(Role.EDITOR.value in user.roles) else: bearer_token = user.bearer_token auth_url = current_app.config.get( 'AUTH_API_ENDPOINT' ) + f'entities/{business_identifier}/authorizations' auth_response = RestService.get(auth_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON) roles: list = auth_response.json().get('roles', []) if kwargs.get('one_of_roles', None): is_authorized = list(set(kwargs.get('one_of_roles')) & set(roles)) != [] if kwargs.get('contains_role', None): is_authorized = kwargs.get('contains_role') in roles if not is_authorized: abort(403)
def check_auth(business_identifier: str, account_id: str = None, corp_type_code: str = None, **kwargs): # pylint: disable=unused-argument """Authorize the user for the business entity and return authorization response.""" user: UserContext = kwargs['user'] is_authorized: bool = False auth_response = None is_business_auth = True is_service_account = False if not account_id: account_id = user.account_id if Role.SYSTEM.value in user.roles: is_authorized = bool(Role.EDITOR.value in user.roles) is_service_account = True else: bearer_token = user.bearer_token if business_identifier: auth_url = current_app.config.get( 'AUTH_API_ENDPOINT' ) + f'entities/{business_identifier}/authorizations?expanded=true' auth_response = RestService.get(auth_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON).json() roles: list = auth_response.get('roles', []) if kwargs.get('one_of_roles', None): is_authorized = list( set(kwargs.get('one_of_roles')) & set(roles)) != [] if kwargs.get('contains_role', None): is_authorized = kwargs.get('contains_role') in roles elif account_id: is_business_auth = False # TODO For now, just make a call to /orgs/<id> to see if the user has access to the account # When product level subscription is in place, use the below commented code. # auth_url = current_app.config.get( # 'AUTH_API_ENDPOINT') + f'accounts/{account_id}/products/{corp_type_code}/authorizations?expanded=true' # auth_response = RestService.get(auth_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON).json() # roles: list = auth_response.get('roles', []) # if roles: # is_authorized = True # TODO Remove the below call and uncomment the above code once product subscription is in place. account_url = current_app.config.get( 'AUTH_API_ENDPOINT') + f'orgs/{account_id}' account_response = RestService.get(account_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON, retry_on_failure=True).json() auth_response = {} is_authorized = True if not is_authorized: abort(403) # TODO Remove this code once the authorizations endpoint returns the account details if not is_service_account: if is_business_auth: account_url = current_app.config.get( 'AUTH_API_ENDPOINT' ) + f'orgs?affiliation={business_identifier}' account_response = RestService.get( account_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON, retry_on_failure=True).json().get('orgs')[0] # else: # account_url = current_app.config.get( # 'AUTH_API_ENDPOINT') + f'orgs/{account_id}' # account_response = RestService.get(account_url, bearer_token, AuthHeaderType.BEARER, ContentType.JSON, # retry_on_failure=True).json() auth_response['account'] = {'paymentPreference': {}} auth_response['account']['id'] = account_response['id'] auth_response['account']['name'] = account_response['name'] auth_response['account']['paymentPreference'][ 'methodOfPayment'] = account_response['preferred_payment'] auth_response['account']['paymentPreference'][ 'bcOnlineUserId'] = account_response.get('bc_online_user_id', None) return auth_response
def upgrade(): # ### commands auto generated by Alembic - please adjust! ### op.create_table( 'bcol_payment_account', sa.Column('id', sa.Integer(), autoincrement=True, nullable=False), sa.Column('bcol_user_id', sa.String(length=50), nullable=True), sa.Column('bcol_account_id', sa.String(length=50), nullable=True), sa.Column('account_id', sa.Integer(), nullable=True), sa.ForeignKeyConstraint( ['account_id'], ['payment_account.id'], ), sa.PrimaryKeyConstraint('id')) op.create_index(op.f('ix_bcol_payment_account_account_id'), 'bcol_payment_account', ['account_id'], unique=False) op.create_index(op.f('ix_bcol_payment_account_bcol_account_id'), 'bcol_payment_account', ['bcol_account_id'], unique=False) op.create_index(op.f('ix_bcol_payment_account_bcol_user_id'), 'bcol_payment_account', ['bcol_user_id'], unique=False) op.create_table( 'credit_payment_account', sa.Column('id', sa.Integer(), autoincrement=True, nullable=False), sa.Column('corp_number', sa.String(length=20), nullable=True), sa.Column('corp_type_code', sa.String(length=10), nullable=True), sa.Column('paybc_account', sa.String(length=50), nullable=True), sa.Column('paybc_party', sa.String(length=50), nullable=True), sa.Column('paybc_site', sa.String(length=50), nullable=True), sa.Column('account_id', sa.Integer(), nullable=True), sa.ForeignKeyConstraint( ['account_id'], ['payment_account.id'], ), sa.ForeignKeyConstraint( ['corp_type_code'], ['corp_type.code'], ), sa.PrimaryKeyConstraint('id')) op.create_index(op.f('ix_credit_payment_account_account_id'), 'credit_payment_account', ['account_id'], unique=False) op.create_index(op.f('ix_credit_payment_account_paybc_account'), 'credit_payment_account', ['paybc_account'], unique=False) op.create_table( 'internal_payment_account', sa.Column('id', sa.Integer(), autoincrement=True, nullable=False), sa.Column('corp_number', sa.String(length=20), nullable=True), sa.Column('corp_type_code', sa.String(length=10), nullable=True), sa.Column('account_id', sa.Integer(), nullable=True), sa.ForeignKeyConstraint( ['account_id'], ['payment_account.id'], ), sa.ForeignKeyConstraint( ['corp_type_code'], ['corp_type.code'], ), sa.PrimaryKeyConstraint('id')) op.create_index(op.f('ix_internal_payment_account_account_id'), 'internal_payment_account', ['account_id'], unique=False) op.add_column('invoice', sa.Column('bcol_account_id', sa.Integer(), nullable=True)) op.add_column('invoice', sa.Column('credit_account_id', sa.Integer(), nullable=True)) op.add_column( 'invoice', sa.Column('internal_account_id', sa.Integer(), nullable=True)) op.drop_constraint('invoice_account_id_fkey', 'invoice', type_='foreignkey') op.create_foreign_key(None, 'invoice', 'bcol_payment_account', ['bcol_account_id'], ['id']) op.create_foreign_key(None, 'invoice', 'credit_payment_account', ['credit_account_id'], ['id']) op.create_foreign_key(None, 'invoice', 'internal_payment_account', ['internal_account_id'], ['id']) op.add_column( 'invoice', sa.Column('business_identifier', sa.String(length=20), nullable=True)) op.add_column( 'invoice', sa.Column('corp_type_code', sa.String(length=10), nullable=True)) op.create_foreign_key(None, 'invoice', 'corp_type', ['corp_type_code'], ['code']) # Create temp variable to keep the payment accounts payment_accounts: [] = [] conn = op.get_bind() res = conn.execute( f"select id,corp_number,corp_type_code,payment_system_code,account_number,party_number,site_number from payment_account;" ) results = res.fetchall() for result in results: payment_accounts.append({ "id": result[0], "corp_number": result[1], "corp_type_code": result[2], "payment_system_code": result[3], "account_number": result[4], "party_number": result[5], "site_number": result[6] }) # Now drop the columns from payment_account table op.drop_index('ix_payment_account_account_number', table_name='payment_account') op.drop_index('ix_payment_account_bcol_account_id', table_name='payment_account') op.drop_index('ix_payment_account_bcol_user_id', table_name='payment_account') op.drop_constraint('payment_account_payment_system_code_fkey', 'payment_account', type_='foreignkey') op.drop_constraint('payment_account_corp_type_code_fkey', 'payment_account', type_='foreignkey') op.drop_column('payment_account', 'payment_system_code') op.drop_column('payment_account', 'corp_type_code') op.drop_column('payment_account', 'site_number') op.drop_column('payment_account', 'bcol_user_id') op.drop_column('payment_account', 'account_number') op.drop_column('payment_account', 'bcol_account_id') op.drop_column('payment_account', 'corp_number') op.drop_column('payment_account', 'party_number') # Delete all records from payment_account op.execute('delete from payment_account;') # Create admin token to call auth-api config = current_app.config token_url = config.get( 'JWT_OIDC_ISSUER' ) + '/protocol/openid-connect/token' # https://sso-dev.pathfinder.gov.bc.ca/auth/realms/fcf0kpqr/protocol/openid-connect/token basic_auth_encoded = base64.b64encode( bytes( config.get('KEYCLOAK_SERVICE_ACCOUNT_ID') + ':' + config.get('KEYCLOAK_SERVICE_ACCOUNT_SECRET'), 'utf-8')).decode('utf-8') data = 'grant_type=client_credentials' token_response = OAuthService.post(token_url, basic_auth_encoded, AuthHeaderType.BASIC, ContentType.FORM_URL_ENCODED, data) token = token_response.json().get('access_token') payment_account_table = table('payment_account', column('auth_account_id', String)) credit_payment_account_table = table('credit_payment_account', column('corp_number', String), column('corp_type_code', String), column('paybc_account', String), column('paybc_party', String), column('paybc_site', String), column('account_id', Integer)) internal_payment_account_table = table('internal_payment_account', column('corp_number', String), column('corp_type_code', String), column('account_id', Integer)) for payment_account in payment_accounts: corp_number = payment_account.get('corp_number') payment_system_code = payment_account.get('payment_system_code') corp_type_code = payment_account.get('corp_type_code') account_number = payment_account.get('account_number') party_number = payment_account.get('party_number') site_number = payment_account.get('site_number') id = payment_account.get('id') if corp_number: # Call Auth-API to get the auth_account id auth_search_url = config.get( 'AUTH_API_ENDPOINT') + 'orgs?affiliation=' + corp_number.upper( ) orgs_response = None try: orgs_response = OAuthService.get( auth_search_url, token, AuthHeaderType.BEARER, ContentType.JSON).json().get('orgs') except Exception as e: print( f'--- Error Occured while getting org for affiliation {corp_number}' ) if orgs_response and orgs_response[0]: auth_account_id = str(orgs_response[0].get('id')) else: auth_account_id = f'PASSCODE_ACCOUNT_{corp_number}' res = conn.execute( f"select id from payment_account where auth_account_id = '{auth_account_id}'" ) results = res.fetchall() credit_payment_account_id = None internal_payment_account_id = None if results and results[0]: payment_account_id = results[0][0] else: op.bulk_insert(payment_account_table, [{ "auth_account_id": auth_account_id }]) res = conn.execute( f"select id from payment_account where auth_account_id = '{auth_account_id}'" ) results = res.fetchall() payment_account_id = results[0][0] if payment_system_code == 'PAYBC': print(f'Creating credit account for {payment_account_id}') op.bulk_insert(credit_payment_account_table, [{ "corp_number": corp_number, "corp_type_code": corp_type_code, "paybc_account": account_number, "paybc_party": party_number, "paybc_site": site_number, "account_id": payment_account_id }]) res = conn.execute( f"select id from credit_payment_account where account_id = '{payment_account_id}' and corp_number='{corp_number}' and paybc_account='{account_number}'" ) results = res.fetchall() credit_payment_account_id = results[0][0] elif payment_system_code == 'INTERNAL': print( f'Creating internal payment account for {payment_account_id}' ) op.bulk_insert(internal_payment_account_table, [{ "corp_number": corp_number, "corp_type_code": corp_type_code, "account_id": payment_account_id }]) res = conn.execute( f"select id from internal_payment_account where account_id = '{payment_account_id}' and corp_number='{corp_number}' and corp_type_code='{corp_type_code}'" ) results = res.fetchall() internal_payment_account_id = results[0][0] print('Internal ', internal_payment_account_id) print('Credit ', credit_payment_account_id) if internal_payment_account_id: op.execute( f"update invoice set internal_account_id = '{internal_payment_account_id}', corp_type_code='{corp_type_code}', business_identifier='{corp_number}' where account_id = '{id}'" ) elif credit_payment_account_id: op.execute( f"update invoice set credit_account_id = '{credit_payment_account_id}', corp_type_code='{corp_type_code}', business_identifier='{corp_number}' where account_id = '{id}'" ) op.drop_column('invoice', 'account_id')