creylopez
/
django-ex
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Browse Source

Merge pull request #155 from bcgov/feature/DIV-1246 

DIV-1246 - Change the implementation of efiling JWT tokens, so we don…
pull/172/head
Michael Olund 5 years ago
committed by GitHub
parent
64d085c14b c597a50410
commit
d7c26b4530
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 29 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +9
    -12
      edivorce/apps/core/tests/test_efiling_submission.py
  2. +14
    -17
      edivorce/apps/core/utils/efiling_submission.py

+ 9
- 12
edivorce/apps/core/tests/test_efiling_submission.py View File

@ -47,7 +47,7 @@ class EFilingSubmissionTests(TransactionTestCase):
middleware = SessionMiddleware() middleware = SessionMiddleware()
middleware.process_request(self.request) middleware.process_request(self.request)
self.request.session.save() self.request.session.save()
self.hub = EFilingSubmission(initial_filing=True) self.hub = EFilingSubmission(initial_filing=True)
self.packaging = EFilingPackaging(initial_filing=True) self.packaging = EFilingPackaging(initial_filing=True)
@ -70,8 +70,7 @@ class EFilingSubmissionTests(TransactionTestCase):
text=json.dumps(SAMPLE_TOKEN_RESPONSE)) text=json.dumps(SAMPLE_TOKEN_RESPONSE))
self.assertTrue(self.hub._get_token(self.request)) self.assertTrue(self.hub._get_token(self.request))
self.assertEqual(self.request.session['access_token'],
SAMPLE_TOKEN_RESPONSE['access_token'])
self.assertEqual(self.hub.access_token, SAMPLE_TOKEN_RESPONSE['access_token'])
@mock.patch('requests.post') @mock.patch('requests.post')
def test_get_token_error(self, mock_request_post): def test_get_token_error(self, mock_request_post):
@ -85,11 +84,10 @@ class EFilingSubmissionTests(TransactionTestCase):
def test_renew_token(self, mock_request_post): def test_renew_token(self, mock_request_post):
mock_request_post.return_value = self._mock_response( mock_request_post.return_value = self._mock_response(
text=json.dumps(SAMPLE_TOKEN_RESPONSE)) text=json.dumps(SAMPLE_TOKEN_RESPONSE))
self.request.session['refresh_token'] = 'alskdfjadlfads'
self.hub.refresh_token = 'alskdfjadlfads'
self.assertTrue(self.hub._refresh_token(self.request)) self.assertTrue(self.hub._refresh_token(self.request))
self.assertEqual(self.request.session['access_token'],
SAMPLE_TOKEN_RESPONSE['access_token'])
self.assertEqual(self.hub.access_token, SAMPLE_TOKEN_RESPONSE['access_token'])
@mock.patch('requests.post') @mock.patch('requests.post')
def test_renew_token_anon(self, mock_request_post): def test_renew_token_anon(self, mock_request_post):
@ -104,17 +102,16 @@ class EFilingSubmissionTests(TransactionTestCase):
def test_renew_token_error(self, mock_request_post): def test_renew_token_error(self, mock_request_post):
mock_request_post.return_value = self._mock_response( mock_request_post.return_value = self._mock_response(
text=json.dumps(SAMPLE_TOKEN_RESPONSE), status=401) text=json.dumps(SAMPLE_TOKEN_RESPONSE), status=401)
self.request.session['refresh_token'] = 'alskdfjadlfads'
self.hub.refresh_token = 'alskdfjadlfads'
self.assertTrue(self.hub._refresh_token(self.request)) self.assertTrue(self.hub._refresh_token(self.request))
self.assertEqual(self.request.session['access_token'],
SAMPLE_TOKEN_RESPONSE['access_token'])
self.assertEqual(self.hub.access_token, SAMPLE_TOKEN_RESPONSE['access_token'])
@mock.patch('requests.post') @mock.patch('requests.post')
def test_get_api_success(self, mock_request_post): def test_get_api_success(self, mock_request_post):
mock_request_post.return_value = self._mock_response( mock_request_post.return_value = self._mock_response(
text=json.dumps(INITIAL_DOC_UPLOAD_RESPONSE)) text=json.dumps(INITIAL_DOC_UPLOAD_RESPONSE))
self.request.session['access_token'] = 'aslkfjadskfjd'
self.hub.access_token = 'aslkfjadskfjd'
response = self.hub._get_api( response = self.hub._get_api(
self.request, 'https://somewhere.com', 'alksdjfa', 'kasdkfd', {}) self.request, 'https://somewhere.com', 'alksdjfa', 'kasdkfd', {})
@ -126,8 +123,8 @@ class EFilingSubmissionTests(TransactionTestCase):
@mock.patch('requests.post') @mock.patch('requests.post')
def test_get_api_expired_token(self, mock_request_post): def test_get_api_expired_token(self, mock_request_post):
self.request.session['access_token'] = 'aslkfjadskfjd'
self.request.session['refresh_token'] = 'alskdfjadlfads'
self.hub.access_token = 'aslkfjadskfjd'
self.hub.refresh_token = 'alskdfjadlfads'
# we want 3 mock side effects for post .. a 401 on the first and success on token renewal # we want 3 mock side effects for post .. a 401 on the first and success on token renewal
mock_request_post.side_effect = [ mock_request_post.side_effect = [


+ 14
- 17
edivorce/apps/core/utils/efiling_submission.py View File

@ -19,10 +19,11 @@ class EFilingSubmission:
self.token_base_url = settings.EFILING_HUB_KEYCLOAK_BASE_URL self.token_base_url = settings.EFILING_HUB_KEYCLOAK_BASE_URL
self.token_realm = settings.EFILING_HUB_KEYCLOAK_REALM self.token_realm = settings.EFILING_HUB_KEYCLOAK_REALM
self.api_base_url = settings.EFILING_HUB_API_BASE_URL self.api_base_url = settings.EFILING_HUB_API_BASE_URL
self.submission_id = None
self.initial_filing = initial_filing self.initial_filing = initial_filing
self.packaging = EFilingPackaging(initial_filing) self.packaging = EFilingPackaging(initial_filing)
self.submission_id = None
self.access_token = None
self.refresh_token = None
def _get_token(self, request): def _get_token(self, request):
payload = f'client_id={self.client_id}&grant_type=client_credentials&client_secret={self.client_secret}' payload = f'client_id={self.client_id}&grant_type=client_credentials&client_secret={self.client_secret}'
@ -35,21 +36,20 @@ class EFilingSubmission:
if response.status_code == 200: if response.status_code == 200:
response = json.loads(response.text) response = json.loads(response.text)
# save in session .. lets just assume that current user is authenticated
# save token as object property..
if 'access_token' in response: if 'access_token' in response:
request.session['access_token'] = response['access_token']
self.access_token = response['access_token']
if 'refresh_token' in response: if 'refresh_token' in response:
request.session['refresh_token'] = response['refresh_token']
self.refresh_token = response['refresh_token']
return True return True
return False return False
def _refresh_token(self, request): def _refresh_token(self, request):
refresh_token = request.session.get('refresh_token', None)
if not refresh_token:
if not self.refresh_token:
return False return False
payload = f'client_id={self.client_id}&grant_type=refresh_token&client_secret={self.client_secret}&refresh_token={refresh_token}'
payload = f'client_id={self.client_id}&grant_type=refresh_token&client_secret={self.client_secret}&refresh_token={self.refresh_token}'
headers = {'Content-Type': 'application/x-www-form-urlencoded'} headers = {'Content-Type': 'application/x-www-form-urlencoded'}
url = f'{self.token_base_url}/auth/realms/{self.token_realm}/protocol/openid-connect/token' url = f'{self.token_base_url}/auth/realms/{self.token_realm}/protocol/openid-connect/token'
@ -61,25 +61,23 @@ class EFilingSubmission:
# save in session .. lets just assume that current user is authenticated # save in session .. lets just assume that current user is authenticated
if 'access_token' in response: if 'access_token' in response:
request.session['access_token'] = response['access_token']
self.access_token = response['access_token']
if 'refresh_token' in response: if 'refresh_token' in response:
request.session['refresh_token'] = response['refresh_token']
self.refresh_token = response['refresh_token']
return True return True
return False return False
def _get_api(self, request, url, transaction_id, bce_id, headers, data=None, files=None): def _get_api(self, request, url, transaction_id, bce_id, headers, data=None, files=None):
# make sure we have a session
access_token = request.session.get('access_token', None)
if not access_token:
# make sure we have an access token
if not self.access_token:
if not self._get_token(request): if not self._get_token(request):
raise Exception('EFH - Unable to get API Token') raise Exception('EFH - Unable to get API Token')
access_token = request.session.get('access_token', None)
headers.update({ headers.update({
'X-Transaction-Id': transaction_id, 'X-Transaction-Id': transaction_id,
'X-User-Id': bce_id, 'X-User-Id': bce_id,
'Authorization': f'Bearer {access_token}'
'Authorization': f'Bearer {self.access_token}'
}) })
if not data: if not data:
@ -91,11 +89,10 @@ class EFilingSubmission:
if response.status_code == 401: if response.status_code == 401:
# not authorized .. try refreshing token # not authorized .. try refreshing token
if self._refresh_token(request): if self._refresh_token(request):
access_token = request.session.get('access_token', None)
headers.update({ headers.update({
'X-Transaction-Id': transaction_id, 'X-Transaction-Id': transaction_id,
'X-User-Id': bce_id, 'X-User-Id': bce_id,
'Authorization': f'Bearer {access_token}'
'Authorization': f'Bearer {self.access_token}'
}) })
response = requests.post(url, headers=headers, data=data, files=files) response = requests.post(url, headers=headers, data=data, files=files)


Write Preview
Loading…
Cancel
Save