From 5b52119e89cbee7f6f3d06356e495eceff7d8202 Mon Sep 17 00:00:00 2001
From: mpeltriaux <michel.peltriaux@sgdnord.rlp.de>
Date: Fri, 28 Jan 2022 16:35:25 +0100
Subject: [PATCH] #31 API further credential

* adds Kspuser as another expected header data to resolve the api user
* adds/updates translations
---
 api/models/token.py                    |   6 ++++--
 api/settings.py                        |   3 ++-
 api/tests/v1/share/test_api_sharing.py |   1 +
 api/views/views.py                     |   6 ++++--
 locale/de/LC_MESSAGES/django.mo        | Bin 36201 -> 36202 bytes
 locale/de/LC_MESSAGES/django.po        |  17 +++++++++--------
 6 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/api/models/token.py b/api/models/token.py
index 81c0373e..e0ad6646 100644
--- a/api/models/token.py
+++ b/api/models/token.py
@@ -25,11 +25,12 @@ class APIUserToken(models.Model):
         return self.token
 
     @staticmethod
-    def get_user_from_token(token: str):
+    def get_user_from_token(token: str, username: str):
         """ Getter for the related user object
 
         Args:
             token (str): The used token
+            username (str): The username
 
         Returns:
             user (User): Otherwise None
@@ -38,11 +39,12 @@ class APIUserToken(models.Model):
         try:
             token_obj = APIUserToken.objects.get(
                 token=token,
+                user__username=username
             )
             if not token_obj.is_active:
                 raise PermissionError("Token unverified")
             if token_obj.valid_until is not None and token_obj.valid_until < _today:
                 raise PermissionError("Token validity expired")
         except ObjectDoesNotExist:
-            raise PermissionError("Token invalid")
+            raise PermissionError("Credentials invalid")
         return token_obj.user
diff --git a/api/settings.py b/api/settings.py
index ad7afef1..27cd8e51 100644
--- a/api/settings.py
+++ b/api/settings.py
@@ -5,4 +5,5 @@ Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 21.01.22
 
 """
-KSP_TOKEN_HEADER_IDENTIFIER = "Ksptoken"
\ No newline at end of file
+KSP_TOKEN_HEADER_IDENTIFIER = "Ksptoken"
+KSP_USER_HEADER_IDENTIFIER = "Kspuser"
\ No newline at end of file
diff --git a/api/tests/v1/share/test_api_sharing.py b/api/tests/v1/share/test_api_sharing.py
index d5c8b057..9e7c9eec 100644
--- a/api/tests/v1/share/test_api_sharing.py
+++ b/api/tests/v1/share/test_api_sharing.py
@@ -20,6 +20,7 @@ class BaseAPIV1TestCase(BaseTestCase):
 
         cls.header_data = {
             "HTTP_ksptoken": cls.superuser.api_token.token,
+            "HTTP_kspuser": cls.superuser.username,
         }
 
 
diff --git a/api/views/views.py b/api/views/views.py
index 4e0899f2..fb4f6df1 100644
--- a/api/views/views.py
+++ b/api/views/views.py
@@ -13,7 +13,7 @@ from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 
 from api.models import APIUserToken
-from api.settings import KSP_TOKEN_HEADER_IDENTIFIER
+from api.settings import KSP_TOKEN_HEADER_IDENTIFIER, KSP_USER_HEADER_IDENTIFIER
 from compensation.models import EcoAccount
 from ema.models import Ema
 from intervention.models import Intervention
@@ -39,7 +39,9 @@ class AbstractAPIView(View):
     def dispatch(self, request, *args, **kwargs):
         try:
             # Fetch the proper user from the given request header token
-            self.user = APIUserToken.get_user_from_token(request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None))
+            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
+            self.user = APIUserToken.get_user_from_token(ksp_token, ksp_user)
             if not self.user.is_default_user():
                 raise PermissionError("Default permissions required")
         except PermissionError as e:
diff --git a/locale/de/LC_MESSAGES/django.mo b/locale/de/LC_MESSAGES/django.mo
index 714249f64471928803f5bb65d070024d03973544..cb58ae7f8b439c804a3b076f7d39b7817f299f24 100644
GIT binary patch
delta 2453
zcmXZde@xX?7{~Dg7vXmO1(zR|#J!gxghs|yS_XqyL@E|6Z6d?TX2T^SA_gU*Ur9m}
z$_-sJbh?l>wz5_Jq0UWdv9{b=mNipL&5A~&S=w-`Eqi}B=O13@Ih^l#&Uwx`FxDUY
zdw=Xl<0;-LW6Y6_#ypJGO~yQgyHN4_I0G-CA4f3}Z($0WO~%|0shEcI@jfhfaTO*L
zufrs4clKh0_{b*XO*YQa5l_brjKklY<2Z%*FI0lN7{nRP)=boQ1*k+tn1EH7h}G!B
zmrxsMbp5TUdAplE+vs%z`*141c-svaKviG}r{PKG2+kz_8t36pI3K5NHYOH}Pzx(T
zZKxbosS51F7cm_tJQ`YIu*D`yLzOlgm7vh|S6~ux4F+%nPRBO)`z{yn$H(b^7qyYg
zSc$*l16Z)dR;Ci4BKGQN#LyVPWE{jqJcZi%7pT&Ik4x|t2655L)@7JMyaqMC1GVrT
z)KMHl-HBtU1s%scJdKZ#-;B~w=~7yac@)bqid*m*d=D4kIBH?xHk&vfONq-+3A!*J
z-@+&H9O}&PIsLB~Gn+UGbtHM1M1B*cp$W=R37$i(d<~}HI-G^uFogS2NAU@2rz5Bd
zzeSz-Wt@vQumc0H8gm$T<1U=D)tKjT2&a?Z{6ixZ{q1&VAylcNs6@psu0oZ#*4cnz
z;;op2@1Txm*!5q;FNyD<D)H$yd&K9R*U(d`ZqrD^1uRzymZB1`ayFnA*x}+nRD}jn
zm+=Esf|K|l4r4a{h?>W@-EJrqb=fmfuOWLo_2&|p5;|1sM%1nDbOZLGb~J=~R%cL&
z&!Ud(b5zMMpb}p~CHxzeAby8E^DydY3o!$ip*FOB2ldy79vvY(j4I_BEXA9s1!XZ#
zA4E|J7NaJtK|P}eR0WS?6h}~ZV**Psey5$M995|msJ|zxJsSFOJ%(^6X5mp6e}?JA
zH&F}y4>c~m(^`m=3qe(|0hPc*Rc;R|(IM14L#U06xY)ZwLq{-y8aU@QYZNtM32MhH
zP?xeEwX@9_!A{io0~m`JP)Bspc@??%=4aG1Ud<CYi2ION;+fnoV>Z&U9CLBlIffD9
z;Oq9E(L&S$>QLi0;9@+0&*BgGG|uhj9$^#4;#Jfoy@t9oW2kxVpil4r9*qJze7o&)
zT7(+73N^u6R7vYmx3>usumv?yJE}t6E<T7V^&sk~hA|$mqmF76Rq4AJB)^H<V=u=n
z)Jn5a1M*QH6k`Hbq879g{aAy#Y-_O)4>-R<-SWU2wt~5sOS}||umyAQL-gWkd`ClG
zab9=+g4*$zi~m4B@om(C{zdJ~x7U6jaL&Xj^rxV{pN$$Ha&Zm@i0AF4{<>t3xnES^
z<W5lwTIu?0Q4`jo64tx^M%1`w)Fo_1{VzF&`S=Y!fxaFa7vtm+qMl_-5A|P8<6}DX
z2P3Z6K93BH5HG|`d;znt&DoDriO*s-o=5%j`V+$#dDH$SEk%v1a&axj5GV6PufRJ|
P6FOZLlXoK6R2}{wR0vmj

delta 2451
zcmXZde@xd!9LMqViwH;%U%p={fAHm7fM8~PK{p0LI>ro~ew#FfaI)EOiG+Ybi6kGA
z(1LUm=Q1i6(#BS{+1#|;loo5tKgzOZYN=V#D4nGZx7xCvFYf-~aqr_k_r81I9sEA%
z`)$y7^hVG-VT?J{WXwWbyTzCs+=+_c!(=><@i>ktcoT#8AKs6_W@FND5hh@{i=!AI
z-iUteaQ0)E`0ZxnO*Kx_F@uh)I30g=UdLGCKT!$pU@9iHSi`9A7NZgsV;n{?1=nH>
zK7-moqw8-&&D-1J*+#z`xDONg#Q`^92$P9N@E$zw9K(Bwzru&`M|=bmTaEEyF=}C@
zs122)DpiRC_%zPNNsoqB=-+A+%|ewn3zeYA^;e>wxCUq9W=z6%_xm0f4`3nv@1Qnv
z0i*Z}&c?;h*~+ZKGGece#xxp37{Fmn!4s&Re~v2scUXZpF%=8jtSc~`cs*)-Cu-q+
zsG}G}-HF4f1s%bM@grPBelt!(r3<thlZR!Pk6Up$zKaET9ksB~^EPoFE+Z~OCFsEj
z?!l#a8g=G(opCQ1Glw_@btDVXPks}jp$W=R309(3z8-_P5%0t87{US6QGAHn=@@Fl
zZ%}7`0T<v^d=V428S@tI!XC`*FlIH5U=sPw-!x`n+;+RObX2J#s6-_$j-pCj>ukUb
z;%zt|52B7{)b*dkFNklWD)C9DJ>oOY%jl_8w`incKFd{t3RL21X9H@1oi5&os?ad%
zGQN*Wa2)61C}!gisCj%l?1qA<%N|C(hO8abpG#m$=}@T~QMbC=4cLp?(Fp2UokS%*
zg*vj&P$fT$N_-xb@Gn$?*e-kKA=J?pVLGlrZD>;$_1A}8bcFCtR4Gs5GQ5Ub(1VQA
z2N6_)<){g3P|v6VRly^ek7KC2F^P|1Y`2}K995|*)ZdeJ9u0lC2}7tj6A!ugQ=ChD
z4YkmJQRC*kWG%v}g`g_ffJ)GXs@!f=qCwO=BdCpxx!Ai%Lq{-)8ko7$8bM81irR4%
z>QdIDcGiMn>_&Y*gg!irI-+yVOUT7HKcSxSI-bBm+>5*t&*Z#pOcNceF&9Uj6Bs7;
z_u79(1*iqop~h{-$8kTd#P6{jb9Wi@EH<GJFQG2!Wz?OSK+SU-WAy&-(pW-=Z?}C;
zg{Xnms0lWpN?MP)y-gU0t*D7QP!;NR@$0Bk52KE16ldTS)KQJ2Dt!l2$!}s_v6mwa
zwbCrqfIQR(B^ZaRPzzdv@mPbpY#Xo`_dCBt-SUK2Z3S~Mm$(8S#a5h;AD}m##<w)&
zMduag&!`<wxcCOf6W>BD=pWS1e0}!&1ZOhF(jP#5KN~eZ-No5BlXyWN_17g^;(k$y
zQ#(a1XpQTyMNL?TN?7mu8&Tt$QJ1g{^}pmWM(}GaLSMg)OK|E4QO~lqpZZtPI7)~9
zV8py;pT|556BpnE_#|dxyYmf9BtC`Ncn0;)>krJpj6L=*=~C3VsEccH8gYOhdIjFG
Or$Qe;aV)T<I^%yw$yXo%

diff --git a/locale/de/LC_MESSAGES/django.po b/locale/de/LC_MESSAGES/django.po
index c3e256ff..40c27fe3 100644
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
@@ -26,7 +26,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-01-27 11:44+0100\n"
+"POT-Creation-Date: 2022-01-28 16:27+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -1950,15 +1950,16 @@ msgstr "Hallo Support"
 msgid "you need to verify the API token for user"
 msgstr "Sie müssen einen API Token für folgenden Nutzer freischalten"
 
-#: templates/email/api/verify_token.html:13
+#: templates/email/api/verify_token.html:15
 msgid ""
 "If unsure, please contact the user. The API token can not be used until you "
 "activated it in the admin backend."
 msgstr ""
-"Falls Sie sich unsicher sind, kontaktieren Sie den Nutzer vorher. Der API Token kann so lange nicht verwendet werden, "
-"wie er noch nicht von Ihnen im Admin Backend aktiviert worden ist."
+"Falls Sie sich unsicher sind, kontaktieren Sie den Nutzer vorher. Der API "
+"Token kann so lange nicht verwendet werden, wie er noch nicht von Ihnen im "
+"Admin Backend aktiviert worden ist."
 
-#: templates/email/api/verify_token.html:16
+#: templates/email/api/verify_token.html:18
 #: templates/email/checking/shared_data_checked.html:17
 #: templates/email/deleting/shared_data_deleted.html:17
 #: templates/email/recording/shared_data_recorded.html:17
@@ -2354,15 +2355,15 @@ msgstr "Aktueller Token"
 msgid "Authenticated by admins"
 msgstr "Von Admin freigeschaltet"
 
-#: user/templates/user/token.html:16
+#: user/templates/user/token.html:18
 msgid "Token has been verified and can be used"
 msgstr "Token wurde freigeschaltet und kann verwendet werden"
 
-#: user/templates/user/token.html:18
+#: user/templates/user/token.html:20
 msgid "Token waiting for verification"
 msgstr "Token noch nicht freigeschaltet"
 
-#: user/templates/user/token.html:22
+#: user/templates/user/token.html:24
 msgid "Valid until"
 msgstr "Läuft ab am"