def form_valid(self, form, *args, **kwargs):
username = form.cleaned_data.get("email")
password = form.cleaned_data.get("password")
role_code = form.cleaned_data.get("role")
user = authenticate(username=username, password=password)
if user and user.is_active:
login(self.request, user)
role = APIToken.get_role_from_code(role_code)
orgs = []
if role:
valid_orgs = APIToken.get_orgs_for_role(user, role)
for org in valid_orgs:
token = APIToken.get_or_create(org, user, role)
orgs.append(dict(id=org.pk, name=org.name,
token=token.key))
else: # pragma: needs cover
return HttpResponse(status=403)
return JsonResponse(orgs, safe=False)
else: # pragma: needs cover
return HttpResponse(status=403)
def test_get_orgs_for_role(self):
self.assertEqual(
set(APIToken.get_orgs_for_role(self.admin, self.admins_group)),
{self.org})
self.assertEqual(
set(APIToken.get_orgs_for_role(self.admin, self.surveyors_group)),
{self.org, self.org2})
def test_get_default_role(self):
self.assertEqual(APIToken.get_default_role(self.org, self.admin), self.admins_group)
self.assertEqual(APIToken.get_default_role(self.org, self.editor), self.editors_group)
self.assertEqual(APIToken.get_default_role(self.org, self.surveyor), self.surveyors_group)
self.assertIsNone(APIToken.get_default_role(self.org, self.user))
# user from another org has no API roles
self.assertIsNone(APIToken.get_default_role(self.org, self.admin2))
def test_get_default_role(self):
self.assertEqual(APIToken.get_default_role(self.org, self.admin), self.admins_group)
self.assertEqual(APIToken.get_default_role(self.org, self.editor), self.editors_group)
self.assertEqual(APIToken.get_default_role(self.org, self.surveyor), self.surveyors_group)
self.assertIsNone(APIToken.get_default_role(self.org, self.user))
# user from another org has no API roles
self.assertIsNone(APIToken.get_default_role(self.org, self.admin2))
def test_get_allowed_roles(self):
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin)),
{self.admins_group, self.editors_group, self.surveyors_group})
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.editor)),
{self.editors_group, self.surveyors_group})
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.surveyor)), {self.surveyors_group})
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.user)), set())
# user from another org has no API roles
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin2)), set())
def test_get_allowed_roles(self):
self.assertEqual(
set(APIToken.get_allowed_roles(self.org, self.admin)),
{self.admins_group, self.editors_group, self.surveyors_group},
)
self.assertEqual(
set(APIToken.get_allowed_roles(self.org, self.editor)), {self.editors_group, self.surveyors_group}
)
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.surveyor)), {self.surveyors_group})
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.user)), set())
# user from another org has no API roles
self.assertEqual(set(APIToken.get_allowed_roles(self.org, self.admin2)), set())
def test_get_or_create(self):
token1 = APIToken.get_or_create(self.org, self.admin)
self.assertEqual(token1.org, self.org)
self.assertEqual(token1.user, self.admin)
self.assertEqual(token1.role, self.admins_group)
self.assertTrue(token1.key)
self.assertEqual(six.text_type(token1), token1.key)
# tokens for different roles with same user should differ
token2 = APIToken.get_or_create(self.org, self.admin,
self.admins_group)
token3 = APIToken.get_or_create(self.org, self.admin,
self.editors_group)
token4 = APIToken.get_or_create(self.org, self.admin,
self.surveyors_group)
self.assertEqual(token1, token2)
self.assertNotEqual(token1, token3)
self.assertNotEqual(token1, token4)
self.assertNotEqual(token1.key, token3.key)
# tokens with same role for different users should differ
token5 = APIToken.get_or_create(self.org, self.editor)
self.assertNotEqual(token3, token5)
APIToken.get_or_create(self.org, self.surveyor)
# can't create token for viewer users or other users using viewers role
self.assertRaises(ValueError, APIToken.get_or_create, self.org,
self.admin, Group.objects.get(name="Viewers"))
self.assertRaises(ValueError, APIToken.get_or_create, self.org,
self.user)
def test_get_or_create(self):
token1 = APIToken.get_or_create(self.org, self.admin)
self.assertEqual(token1.org, self.org)
self.assertEqual(token1.user, self.admin)
self.assertEqual(token1.role, self.admins_group)
self.assertTrue(token1.key)
self.assertEqual(str(token1), token1.key)
# tokens for different roles with same user should differ
token2 = APIToken.get_or_create(self.org, self.admin, self.admins_group)
token3 = APIToken.get_or_create(self.org, self.admin, self.editors_group)
token4 = APIToken.get_or_create(self.org, self.admin, self.surveyors_group)
self.assertEqual(token1, token2)
self.assertNotEqual(token1, token3)
self.assertNotEqual(token1, token4)
self.assertNotEqual(token1.key, token3.key)
# tokens with same role for different users should differ
token5 = APIToken.get_or_create(self.org, self.editor)
self.assertNotEqual(token3, token5)
APIToken.get_or_create(self.org, self.surveyor)
# can't create token for viewer users or other users using viewers role
self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.admin, Group.objects.get(name="Viewers"))
self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.user)
def form_valid(self, form, *args, **kwargs):
username = form.cleaned_data.get("email")
password = form.cleaned_data.get("password")
role_code = form.cleaned_data.get("role")
user = authenticate(username=username, password=password)
if user and user.is_active:
login(self.request, user)
role = APIToken.get_role_from_code(role_code)
orgs = []
if role:
valid_orgs = APIToken.get_orgs_for_role(user, role)
for org in valid_orgs:
token = APIToken.get_or_create(org, user, role)
orgs.append(dict(id=org.pk, name=org.name, token=token.key))
else: # pragma: needs cover
return HttpResponse(status=403)
return JsonResponse(orgs, safe=False)
else: # pragma: needs cover
return HttpResponse(status=403)
def test_get_orgs_for_role(self):
self.assertEqual(set(APIToken.get_orgs_for_role(self.admin, self.admins_group)), {self.org})
self.assertEqual(set(APIToken.get_orgs_for_role(self.admin, self.surveyors_group)), {self.org, self.org2})
def get_response(self, **query_params):
url = self.reverse(self.get_url_namespace(), query_params=query_params)
token = APIToken.get_or_create(
self.org, self.admin, Group.objects.get(name="Administrators"))
return self.client.get(url, HTTP_AUTHORIZATION=f"Token {token.key}")
