#31 API further credential

* adds Kspuser as another expected header data to resolve the api user * adds/updates translations
2022-01-28 16:35:25 +01:00 · 2022-01-28 16:35:25 +01:00 · e0f7de37b6
commit e0f7de37b6
parent 1b3adc396f
6 changed files with 20 additions and 13 deletions
--- a/api/models/token.py
+++ b/api/models/token.py
@ -25,11 +25,12 @@ class APIUserToken(models.Model):
        return self.token

    @staticmethod
-    def get_user_from_token(token: str):
+    def get_user_from_token(token: str, username: str):
        """ Getter for the related user object

        Args:
            token (str): The used token
+            username (str): The username

        Returns:
            user (User): Otherwise None
@ -38,11 +39,12 @@ class APIUserToken(models.Model):
        try:
            token_obj = APIUserToken.objects.get(
                token=token,
+                user__username=username
            )
            if not token_obj.is_active:
                raise PermissionError("Token unverified")
            if token_obj.valid_until is not None and token_obj.valid_until < _today:
                raise PermissionError("Token validity expired")
        except ObjectDoesNotExist:
-            raise PermissionError("Token invalid")
+            raise PermissionError("Credentials invalid")
        return token_obj.user
--- a/api/settings.py
+++ b/api/settings.py
@ -6,3 +6,4 @@ Created on: 21.01.22

 """
 KSP_TOKEN_HEADER_IDENTIFIER = "Ksptoken"
+KSP_USER_HEADER_IDENTIFIER = "Kspuser"
--- a/api/tests/v1/share/test_api_sharing.py
+++ b/api/tests/v1/share/test_api_sharing.py
@ -20,6 +20,7 @@ class BaseAPIV1TestCase(BaseTestCase):

        cls.header_data = {
            "HTTP_ksptoken": cls.superuser.api_token.token,
+            "HTTP_kspuser": cls.superuser.username,
        }


--- a/api/views/views.py
+++ b/api/views/views.py
@ -13,7 +13,7 @@ from django.views import View
 from django.views.decorators.csrf import csrf_exempt

 from api.models import APIUserToken
-from api.settings import KSP_TOKEN_HEADER_IDENTIFIER
+from api.settings import KSP_TOKEN_HEADER_IDENTIFIER, KSP_USER_HEADER_IDENTIFIER
 from compensation.models import EcoAccount
 from ema.models import Ema
 from intervention.models import Intervention
@ -39,7 +39,9 @@ class AbstractAPIView(View):
    def dispatch(self, request, *args, **kwargs):
        try:
            # Fetch the proper user from the given request header token
-            self.user = APIUserToken.get_user_from_token(request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None))
+            ksp_token = request.headers.get(KSP_TOKEN_HEADER_IDENTIFIER, None)
+            ksp_user = request.headers.get(KSP_USER_HEADER_IDENTIFIER, None)
+            self.user = APIUserToken.get_user_from_token(ksp_token, ksp_user)
            if not self.user.is_default_user():
                raise PermissionError("Default permissions required")
        except PermissionError as e:
--- a/locale/de/LC_MESSAGES/django.mo
+++ b/locale/de/LC_MESSAGES/django.mo
--- a/locale/de/LC_MESSAGES/django.po
+++ b/locale/de/LC_MESSAGES/django.po
@ -26,7 +26,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2022-01-27 11:44+0100\n"
+"POT-Creation-Date: 2022-01-28 16:27+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -1950,15 +1950,16 @@ msgstr "Hallo Support"
 msgid "you need to verify the API token for user"
 msgstr "Sie müssen einen API Token für folgenden Nutzer freischalten"

-#: templates/email/api/verify_token.html:13
+#: templates/email/api/verify_token.html:15
 msgid ""
 "If unsure, please contact the user. The API token can not be used until you "
 "activated it in the admin backend."
 msgstr ""
-"Falls Sie sich unsicher sind, kontaktieren Sie den Nutzer vorher. Der API Token kann so lange nicht verwendet werden, "
-"wie er noch nicht von Ihnen im Admin Backend aktiviert worden ist."
+"Falls Sie sich unsicher sind, kontaktieren Sie den Nutzer vorher. Der API "
+"Token kann so lange nicht verwendet werden, wie er noch nicht von Ihnen im "
+"Admin Backend aktiviert worden ist."

-#: templates/email/api/verify_token.html:16
+#: templates/email/api/verify_token.html:18
 #: templates/email/checking/shared_data_checked.html:17
 #: templates/email/deleting/shared_data_deleted.html:17
 #: templates/email/recording/shared_data_recorded.html:17
@ -2354,15 +2355,15 @@ msgstr "Aktueller Token"
 msgid "Authenticated by admins"
 msgstr "Von Admin freigeschaltet"

-#: user/templates/user/token.html:16
+#: user/templates/user/token.html:18
 msgid "Token has been verified and can be used"
 msgstr "Token wurde freigeschaltet und kann verwendet werden"

-#: user/templates/user/token.html:18
+#: user/templates/user/token.html:20
 msgid "Token waiting for verification"
 msgstr "Token noch nicht freigeschaltet"

-#: user/templates/user/token.html:22
+#: user/templates/user/token.html:24
 msgid "Valid until"
 msgstr "Läuft ab am"