def form_valid(self, form, *args, **kwargs): username = form.cleaned_data.get("email") password = form.cleaned_data.get("password") role_code = form.cleaned_data.get("role") user = authenticate(username=username, password=password) if user and user.is_active: login(self.request, user) role = APIToken.get_role_from_code(role_code) orgs = [] if role: valid_orgs = APIToken.get_orgs_for_role(user, role) for org in valid_orgs: token = APIToken.get_or_create(org, user, role) orgs.append(dict(id=org.pk, name=org.name, token=token.key)) else: # pragma: needs cover return HttpResponse(status=403) return JsonResponse(orgs, safe=False) else: # pragma: needs cover return HttpResponse(status=403)
def test_get_or_create(self): token1 = APIToken.get_or_create(self.org, self.admin) self.assertEqual(token1.org, self.org) self.assertEqual(token1.user, self.admin) self.assertEqual(token1.role, self.admins_group) self.assertTrue(token1.key) self.assertEqual(six.text_type(token1), token1.key) # tokens for different roles with same user should differ token2 = APIToken.get_or_create(self.org, self.admin, self.admins_group) token3 = APIToken.get_or_create(self.org, self.admin, self.editors_group) token4 = APIToken.get_or_create(self.org, self.admin, self.surveyors_group) self.assertEqual(token1, token2) self.assertNotEqual(token1, token3) self.assertNotEqual(token1, token4) self.assertNotEqual(token1.key, token3.key) # tokens with same role for different users should differ token5 = APIToken.get_or_create(self.org, self.editor) self.assertNotEqual(token3, token5) APIToken.get_or_create(self.org, self.surveyor) # can't create token for viewer users or other users using viewers role self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.admin, Group.objects.get(name="Viewers")) self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.user)
def test_get_or_create(self): token1 = APIToken.get_or_create(self.org, self.admin) self.assertEqual(token1.org, self.org) self.assertEqual(token1.user, self.admin) self.assertEqual(token1.role, self.admins_group) self.assertTrue(token1.key) self.assertEqual(str(token1), token1.key) # tokens for different roles with same user should differ token2 = APIToken.get_or_create(self.org, self.admin, self.admins_group) token3 = APIToken.get_or_create(self.org, self.admin, self.editors_group) token4 = APIToken.get_or_create(self.org, self.admin, self.surveyors_group) self.assertEqual(token1, token2) self.assertNotEqual(token1, token3) self.assertNotEqual(token1, token4) self.assertNotEqual(token1.key, token3.key) # tokens with same role for different users should differ token5 = APIToken.get_or_create(self.org, self.editor) self.assertNotEqual(token3, token5) APIToken.get_or_create(self.org, self.surveyor) # can't create token for viewer users or other users using viewers role self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.admin, Group.objects.get(name="Viewers")) self.assertRaises(ValueError, APIToken.get_or_create, self.org, self.user)
def get_response(self, **query_params): url = self.reverse(self.get_url_namespace(), query_params=query_params) token = APIToken.get_or_create( self.org, self.admin, Group.objects.get(name="Administrators")) return self.client.get(url, HTTP_AUTHORIZATION=f"Token {token.key}")