api_views: handle ou-wise api-client checks (#71275)
gitea/authentic/pipeline/head Build queued...
Details
gitea/authentic/pipeline/head Build queued...
Details
This commit is contained in:
parent
a7ffb583f8
commit
4240f989ae
|
@ -1434,6 +1434,13 @@ class CheckPasswordSerializer(serializers.Serializer):
|
|||
class CheckAPIClientSerializer(serializers.Serializer):
|
||||
identifier = serializers.CharField(required=True)
|
||||
password = serializers.CharField(required=True)
|
||||
ou = serializers.SlugRelatedField(
|
||||
queryset=OrganizationalUnit.objects.all(),
|
||||
slug_field='slug',
|
||||
default=None,
|
||||
required=False,
|
||||
allow_null=True,
|
||||
)
|
||||
|
||||
|
||||
class CheckPasswordAPI(BaseRpcView):
|
||||
|
@ -1470,6 +1477,7 @@ class CheckAPIClientAPI(BaseRpcView):
|
|||
def rpc(self, request, serializer):
|
||||
identifier = serializer.validated_data['identifier']
|
||||
password = serializer.validated_data['password']
|
||||
ou = serializer.validated_data.get('ou', None)
|
||||
api_client = None
|
||||
try:
|
||||
api_client = APIClient.objects.get(identifier=identifier, password=password)
|
||||
|
@ -1477,7 +1485,7 @@ class CheckAPIClientAPI(BaseRpcView):
|
|||
pass
|
||||
|
||||
result = {}
|
||||
if api_client is None:
|
||||
if api_client is None or ou and ou != api_client.ou:
|
||||
result['err'] = 1
|
||||
result['err_desc'] = 'api client not found'
|
||||
else:
|
||||
|
@ -1487,6 +1495,7 @@ class CheckAPIClientAPI(BaseRpcView):
|
|||
'is_anonymous': api_client.is_anonymous,
|
||||
'is_authenticated': api_client.is_authenticated,
|
||||
'is_superuser': api_client.is_superuser,
|
||||
'ou': api_client.ou.slug if api_client.ou else None,
|
||||
'restrict_to_anonymised_data': api_client.restrict_to_anonymised_data,
|
||||
'roles': [role.uuid for role in api_client.apiclient_roles.all()],
|
||||
}
|
||||
|
|
|
@ -2859,7 +2859,7 @@ def test_user_profile_delete(app, superuser):
|
|||
)
|
||||
|
||||
|
||||
def test_check_api_client(app, superuser):
|
||||
def test_check_api_client(app, superuser, ou1, ou2):
|
||||
url = '/api/check-api-client/'
|
||||
payload = {'identifier': 'foo', 'password': 'bar'}
|
||||
resp = app.post_json(url, params=payload, status=401)
|
||||
|
@ -2888,6 +2888,21 @@ def test_check_api_client(app, superuser):
|
|||
assert data['is_superuser'] is False
|
||||
assert data['restrict_to_anonymised_data'] is False
|
||||
assert data['roles'] == [role1.uuid]
|
||||
assert data['ou'] == get_default_ou().slug
|
||||
|
||||
api_client.ou = ou1
|
||||
api_client.save()
|
||||
resp = app.post_json(url, params=payload)
|
||||
assert resp.json['data']['ou'] == 'ou1'
|
||||
|
||||
payload['ou'] = ou1.slug
|
||||
resp = app.post_json(url, params=payload)
|
||||
assert resp.json['data']['ou'] == 'ou1'
|
||||
|
||||
payload['ou'] = ou2.slug
|
||||
resp = app.post_json(url, params=payload)
|
||||
assert resp.json['err'] == 1
|
||||
assert resp.json['err_desc'] == 'api client not found'
|
||||
|
||||
|
||||
def test_api_basic_authz_user_phone_number(app, settings, superuser):
|
||||
|
|
Loading…
Reference in New Issue