api: add franceconnect information to user's API when ?full is used (fixes #21962)

The following field is added to user's attributes if FC plugin is enabled and the "full" parameter is given to the user's API: "franceconnect": { "linked": true, "link_url": "https://idp/accounts/fc/callback/", "unlink_url": "https://idp/accounts/fc/unlink/" }
2018-02-19 13:40:28 +01:00 · 2018-02-19 13:40:28 +01:00 · afa48159bb
parent 4bb9f76c99
commit afa48159bb
2 changed files with 49 additions and 0 deletions
--- a/src/authentic2_auth_fc/init.py
+++ b/src/authentic2_auth_fc/init.py
@ -42,5 +42,29 @@ class AppConfig(django.apps.AppConfig):
        from authentic2.api_views import UsersAPI
        UsersAPI.fc_unlink = fc_unlink

+    def a2_hook_api_modify_serializer(self, view, serializer):
+        from rest_framework import serializers
+        from authentic2.utils import make_url
+        from . import app_settings
+
+        if not app_settings.enable:
+            return
+
+        request = view.request
+
+        if 'full' not in request.GET:
+            return
+
+        if view.__class__.__name__ == 'UsersAPI':
+            def get_franceconnect(user):
+                linked = user.fc_accounts.exists()
+                return {
+                    'linked': linked,
+                    'link_url': make_url('fc-login-or-link', request=request, absolute=True),
+                    'unlink_url': make_url('fc-unlink', request=request, absolute=True),
+                }
+            serializer.get_franceconnect = get_franceconnect
+            serializer.fields['franceconnect'] = serializers.SerializerMethodField()
+

 default_app_config = '%s.%s' % (__name__, 'AppConfig')
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -12,3 +12,28 @@ def test_api_fc_unlink(app, admin, user_cartman):
    # test success
    app.delete(url, status=204)
    assert FcAccount.objects.filter(user=user_cartman).exists() is False
+
+
+def test_api_user_franceconnect(settings, app, admin, user_cartman):
+    settings.A2_FC_ENABLE = True
+
+    url = '/api/users/%s/' % user_cartman.uuid
+    # test unauthorized method
+    app.authorization = ('Basic', (admin.username, admin.username))
+    response = app.get(url)
+    assert 'franceconnect' not in response.json
+    response = app.get(url + '?full')
+    assert 'franceconnect' in response.json, 'missing franceconnect field in user API'
+    content = response.json['franceconnect']
+    assert isinstance(content, dict), 'franceconnect field is not a dict'
+    assert content.get('linked') is True
+    assert content.get('link_url').startswith('http://')
+    assert content.get('link_url').endswith('/callback/')
+    assert content.get('unlink_url').startswith('http://')
+    assert content.get('unlink_url').endswith('/unlink/')
+
+    unlink_url = '/api/users/%s/fc-unlink/' % user_cartman.uuid
+    app.delete(unlink_url, status=204)
+
+    response = app.get(url + '?full')
+    assert response.json['franceconnect']['linked'] is False