ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Fix middleware tests

This commit is contained in:
Christian Cueni 2021-05-18 15:14:14 +02:00
parent 861c276960
commit 9c0afffc7c
3 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/core/utils.py
View File

@ -32,9 +32,9 @@ def is_private_api_call_allowed(user, body):
try: try:
if not user.hep_id: if not user.hep_id:
return True return False
except AttributeError: except AttributeError:
return True return False
# logout, me and coupon resources are always allowed. Even if the user has no valid license # logout, me and coupon resources are always allowed. Even if the user has no valid license
if re.search(r"mutation\s*.*\s*logout\s*{", body_unicode) or re.search(r"query\s*.*\s*me\s*{", body_unicode) \ if re.search(r"mutation\s*.*\s*logout\s*{", body_unicode) or re.search(r"query\s*.*\s*me\s*{", body_unicode) \

10
server/users/middleware.py
View File

@ -1,16 +1,16 @@
import json import json
from django.http import HttpResponse from django.http import HttpResponse
from django.utils.deprecation import MiddlewareMixin
from core.utils import is_private_api_call_allowed from core.utils import is_private_api_call_allowed
class UserHasLicenseMiddleWare(MiddlewareMixin): def user_has_license_middleware(get_response):
def process_response(self, request, response): def middleware(request):
if request.path == '/api/graphql/': if request.path == '/api/graphql/':
if not is_private_api_call_allowed(request.user, request.body): if not is_private_api_call_allowed(request.user, request.body):
return HttpResponse(json.dumps({'errors': ['no active license']}), status=402) return HttpResponse(json.dumps({'errors': ['no active license']}), status=402)
return response return get_response(request)
return middleware

16
server/core/tests/test_middleware.py → server/users/tests/test_middleware.py
View File

@ -8,7 +8,7 @@ from core.utils import is_private_api_call_allowed
class MiddlewareTestCase(TestCase): class MiddlewareTestCase(TestCase):
def test_user_with_license_can_see_private_api(self): def test_user_without_hep_id_cannot_see_private_api(self):
tomorrow = timezone.now() + timedelta(1) tomorrow = timezone.now() + timedelta(1)
user = UserFactory(username='aschiman@ch.ch') user = UserFactory(username='aschiman@ch.ch')
@ -16,6 +16,16 @@ class MiddlewareTestCase(TestCase):
body = b'"{mutation {\\n addRoom}"' body = b'"{mutation {\\n addRoom}"'
self.assertFalse(is_private_api_call_allowed(user, body))
def test_user_with_license_can_see_private_api(self):
tomorrow = timezone.now() + timedelta(1)
user = UserFactory(username='aschiman@ch.ch', hep_id=23)
user.license_expiry_date = tomorrow.date()
body = b'"{mutation {\\n addRoom}"'
self.assertTrue(is_private_api_call_allowed(user, body)) self.assertTrue(is_private_api_call_allowed(user, body))
def test_user_with_expired_license_can_see_private_api(self): def test_user_with_expired_license_can_see_private_api(self):
@ -39,7 +49,7 @@ class MiddlewareTestCase(TestCase):
def test_logout_is_allowed_without_valid_license(self): def test_logout_is_allowed_without_valid_license(self):
yesterday = timezone.now() - timedelta(1) yesterday = timezone.now() - timedelta(1)
user = UserFactory(username='aschiman@ch.ch') user = UserFactory(username='aschiman@ch.ch', hep_id=34)
user.license_expiry_date = yesterday.date() user.license_expiry_date = yesterday.date()
body = b'"{mutation { logout {"' body = b'"{mutation { logout {"'
@ -49,7 +59,7 @@ class MiddlewareTestCase(TestCase):
def test_me_query_is_allowed_without_valid_license(self): def test_me_query_is_allowed_without_valid_license(self):
yesterday = timezone.now() - timedelta(1) yesterday = timezone.now() - timedelta(1)
user = UserFactory(username='aschiman@ch.ch') user = UserFactory(username='aschiman@ch.ch', hep_id=34)
user.license_expiry_date = yesterday user.license_expiry_date = yesterday
body = b'"{query { me {"' body = b'"{query { me {"'