diff --git a/src/objects/setup_configuration/steps/token_auth.py b/src/objects/setup_configuration/steps/token_auth.py index 4137a362..8e123718 100644 --- a/src/objects/setup_configuration/steps/token_auth.py +++ b/src/objects/setup_configuration/steps/token_auth.py @@ -1,11 +1,14 @@ import logging from typing import Any -from django.core.exceptions import ValidationError +from django.core.exceptions import ObjectDoesNotExist, ValidationError from django.db import IntegrityError from django_setup_configuration.configuration import BaseConfigurationStep -from django_setup_configuration.exceptions import ConfigurationRunFailed +from django_setup_configuration.exceptions import ( + ConfigurationRunFailed, + PrerequisiteFailed, +) from objects.core.models import ObjectType from objects.setup_configuration.models.token_auth import ( @@ -42,13 +45,16 @@ def _configure_permissions(self, token: TokenAuth, permissions: list) -> None: logger.warning("No permissions provided for %s", token.identifier) for permission in permissions: - permission_kwargs = { - "token_auth": token, - "object_type": ObjectType.objects.get(uuid=permission.object_type), - "mode": permission.mode, - "use_fields": permission.use_fields, - "fields": permission.fields, - } + try: + permission_kwargs = { + "token_auth": token, + "object_type": ObjectType.objects.get(uuid=permission.object_type), + "mode": permission.mode, + "use_fields": permission.use_fields, + "fields": permission.fields, + } + except ObjectDoesNotExist as exception: + raise PrerequisiteFailed(step=self, validation_error=exception) permission_instance = Permission(**permission_kwargs) self._full_clean(permission_instance) @@ -88,7 +94,6 @@ def execute(self, model: TokenAuthGroupConfigurationModel) -> None: token_instance = TokenAuth(**token_kwargs) self._full_clean(token_instance) - try: logger.debug("Saving %s", item.identifier) token, _ = TokenAuth.objects.update_or_create( diff --git a/src/objects/setup_configuration/tests/test_token_auth_config.py b/src/objects/setup_configuration/tests/test_token_auth_config.py index 676f8a34..7303d4c7 100644 --- a/src/objects/setup_configuration/tests/test_token_auth_config.py +++ b/src/objects/setup_configuration/tests/test_token_auth_config.py @@ -414,17 +414,6 @@ def setUp(self): _name="Object Type 003", ) - # superuser settato - # permission con diversi valori - # UUID -> sbagliato - # UUID -> vuoto - # mode - # mode- > sbagliat con valori fuori dalle choice - # use_fields - # fields - # fields ->sbagliati - # - return super().setUp() def test_valid_setup_default_without_permissions(self): @@ -547,3 +536,361 @@ def test_valid_setup_complete(self): self.assertTrue(token.is_superuser) self.assertEqual(token.permissions.count(), 0) self.assertEqual(token.object_types.count(), 0) + + def test_invalid_permissions_type(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": ["permission1", "permission2"], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "Input should be a valid dictionary or instance of TokenAuthPermissionConfigurationModel" + in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_object_type_empty(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "", + "mode": "read_only", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "Input should be a valid UUID, invalid length: expected length 32 for simple format, found 0" + in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_object_type_field_required(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "mode": "read_only", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue("Field required" in str(command_error.exception)) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_object_type_none(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": None, + "mode": "read_only", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "UUID input should be a string, bytes or UUID object" + in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_object_type_not_valid_uuid(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "uuid 1234", + "mode": "read_only", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "Input should be a valid UUID, invalid character" + in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_object_type_does_not_exist(self): + self.assertFalse( + ObjectType.objects.filter( + uuid="69feca90-6c3d-4628-ace8-19e4b0ae4065", service=self.service + ).exists() + ) + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "69feca90-6c3d-4628-ace8-19e4b0ae4065", + "mode": "read_only", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "ObjectType matching query does not exist" in str(command_error.exception) + ) + # Token was created without permissions + self.assertEqual(TokenAuth.objects.count(), 1) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_mode_not_valid(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "3a82fb7f-fc9b-4104-9804-993f639d6d0d", + "mode": "test", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "Input should be 'read_only' or 'read_and_write'" + in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_mode_required(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "3a82fb7f-fc9b-4104-9804-993f639d6d0d", + "use_fields": True, + "fields": { + "key1": "value1", + "key2": "value2", + "key3": "value3", + }, + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue("Field required" in str(command_error.exception)) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_invalid_permissions_fields_not_valid(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "3a82fb7f-fc9b-4104-9804-993f639d6d0d", + "mode": "read_only", + "fields": "test", + }, + ], + }, + ], + }, + } + with self.assertRaises(PrerequisiteFailed) as command_error: + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + self.assertTrue( + "Input should be a valid dictionary" in str(command_error.exception) + ) + self.assertEqual(TokenAuth.objects.count(), 0) + self.assertEqual(Permission.objects.count(), 0) + + def test_valid_permissions_fields_default(self): + object_source = { + "tokenauth_config_enable": True, + "tokenauth": { + "items": [ + { + "identifier": "token-1", + "token": "ba9d233e95e04c4a8a661a27daffe7c9bd019067", + "contact_person": "Person 1", + "email": "person-1@example.com", + "organization": "Organization 1", + "application": "Application 1", + "administration": "Administration 1", + "permissions": [ + { + "object_type": "3a82fb7f-fc9b-4104-9804-993f639d6d0d", + "mode": "read_only", + }, + ], + }, + ], + }, + } + + execute_single_step(TokenAuthConfigurationStep, object_source=object_source) + + self.assertEqual(Permission.objects.count(), 1) + self.assertEqual(TokenAuth.objects.count(), 1) + + token = TokenAuth.objects.get(identifier="token-1") + self.assertEqual(token.permissions.count(), 1) + self.assertEqual(token.permissions.first().mode, "read_only") + self.assertEqual(token.permissions.first().use_fields, False) + self.assertEqual(token.permissions.first().fields, None)