Merge pull request #8 from VisualVault/feature/impersonation

feature/impersonation

CHANGELOG.md

@@ -1,5 +1,14 @@
 # *vvrest* release changelog
 
+## v1.3.0
+- user impersonation feature.
+- add optional parameter `user_web_token` to `Vault`. if passed in, this
+optional parameter will be used to authenticate on behalf of the user
+that the `user_web_token` belongs to (user impersonation). if not passed in, 
+then vv will authenticate on behalf of the user that the `client_id` and 
+`client_secret` belong to.
+- enhance `UserService` unittest with user impersonation.
+
 ## v1.2.1
 - fix issue where user creation was failing in
 `SiteService.create_site_user`, and `UserService.create_user`.

README.md

@@ -53,7 +53,7 @@ Name                                     Stmts   Miss  Cover   Missing
 vvrest/__init__.py                           0      0   100%
 vvrest/constants.py                         30      0   100%
 vvrest/services/__init__.py                  0      0   100%
-vvrest/services/auth_service.py             21      0   100%
+vvrest/services/auth_service.py             27      0   100%
 vvrest/services/document_service.py         80      0   100%
 vvrest/services/email_service.py            11      0   100%
 vvrest/services/file_service.py             25      0   100%
@@ -65,7 +65,7 @@ vvrest/services/site_service.py             35      0   100%
 vvrest/services/user_service.py             37      1    97%   17
 vvrest/token.py                              5      0   100%
 vvrest/utilities.py                          5      0   100%
-vvrest/vault.py                             33      0   100%
+vvrest/vault.py                             34      0   100%
 ----------------------------------------------------------------------
-TOTAL                                      553     29    95%
+TOTAL                                      560     29    95%
 ```

setup.py

@@ -5,7 +5,7 @@
 
 setuptools.setup(
     name='vvrest',
-    version='1.2.1',
+    version='1.3.0',
     author='Jared Runyon',
     author_email='[email protected]',
     maintainer='Jared Runyon',

tests/user_service_test.py

@@ -48,7 +48,18 @@ def test_get_user_web_token(self):
 
         self.assertEqual(resp['meta']['status'], 200)
         self.assertIn('webToken', resp['data'])
-        UUID(resp['data']['webToken'], version=4)  # validate webToken is a valid uuid4
+        user_web_token = resp['data']['webToken']
+        UUID(user_web_token, version=4)  # validate webToken is a valid uuid4
+
+        # validate user impersonation
+        vault_impersonation = get_vault_object(user_web_token)
+        user_service = UserService(vault_impersonation)
+        resp = user_service.get_users()
+
+        self.assertEqual(resp['meta']['status'], 200)
+        self.assertGreater(len(resp['data']), 0)
+        for user in resp['data']:
+            self.assertEqual(user['dataType'], 'User')
 
     def test_update_user(self):
         """

tests/utilities.py

@@ -5,15 +5,16 @@
 from random import choice
 
 
-def get_vault_object():
+def get_vault_object(user_web_token=None):
     """
+    :param user_web_token: string UUID(version=4), used for user impersonation
     :return: Vault
     """
     with open(credentials_file) as credentials_json:
         credentials = json.load(credentials_json)
 
     vault = Vault(credentials['url'], credentials['customer_alias'], credentials['database_alias'],
-                  credentials['client_id'], credentials['client_secret'])
+                  credentials['client_id'], credentials['client_secret'], user_web_token)
 
     return vault
 

vvrest/services/auth_service.py

@@ -3,19 +3,21 @@
 
 
 class AuthService:
-    def __init__(self, url, customer_alias, database_alias, client_id, client_secret):
+    def __init__(self, url, customer_alias, database_alias, client_id, client_secret, user_web_token):
         """
-        :param url:
-        :param customer_alias:
-        :param database_alias:
-        :param client_id:
-        :param client_secret:
+        :param url: string, example: https://demo.visualvault.com
+        :param customer_alias: string
+        :param database_alias: string
+        :param client_id: string UUID(version=4)
+        :param client_secret: string, example: khN18YAZPe6F3Z0tc2W0HXCb487jm0wgwe6kNffUNf0=
+        :param user_web_token: string UUID(version=4), passed in if authentication is user impersonation
         """
         self.url = url
         self.customer_alias = customer_alias
         self.database_alias = database_alias
         self.client_id = client_id
         self.client_secret = client_secret
+        self.user_web_token = user_web_token
 
     def get_access_token(self):
         """
@@ -28,11 +30,16 @@ def get_access_token(self):
         payload = {
             'client_id': self.client_id,
             'client_secret': self.client_secret,
-            'username': self.client_id,
-            'password': self.client_secret,
             'grant_type': GRANT_TYPE_PASSWORD
         }
 
+        if self.user_web_token:  # impersonation
+            payload['username'] = self.user_web_token
+            payload['password'] = self.user_web_token
+        else:
+            payload['username'] = self.client_id
+            payload['password'] = self.client_secret
+
         resp = requests.post(request_url, data=payload, headers=headers).json()
 
         return resp

vvrest/vault.py

@@ -4,19 +4,24 @@
 
 
 class Vault:
-    def __init__(self, url, customer_alias, database_alias, client_id, client_secret):
+    def __init__(self, url, customer_alias, database_alias, client_id, client_secret, user_web_token=None):
         """
+        if user_web_token is passed in, then vv will authenticate on behalf of the user that
+        the web_token belongs to. if user_web_token is not passed in (default=None), then
+        vv will authenticate on behalf of the user that the client_id and client_secret belong to.
         :param url: string, example: https://demo.visualvault.com
         :param customer_alias: string
         :param database_alias: string
         :param client_id: string UUID(version=4)
         :param client_secret: string, example: khN18YAZPe6F3Z0tc2W0HXCb487jm0wgwe6kNffUNf0=
+        :param user_web_token: string UUID(version=4), passed in if authentication is user impersonation
         """
         self.url = url
         self.customer_alias = customer_alias
         self.database_alias = database_alias
         self.client_id = client_id
         self.client_secret = client_secret
+        self.user_web_token = user_web_token
         self.token = self.get_access_token()
         self.base_url = self.get_base_url()
 
@@ -25,7 +30,8 @@ def get_access_token(self):
         requests access token
         :return: Token
         """
-        authentication_service = AuthService(self.url, self.customer_alias, self.database_alias, self.client_id, self.client_secret)
+        authentication_service = AuthService(self.url, self.customer_alias, self.database_alias, self.client_id,
+                                             self.client_secret, self.user_web_token)
 
         resp = authentication_service.get_access_token()
         access_token = resp['access_token']
@@ -48,7 +54,8 @@ def refresh_access_token(self):
         void method that refreshes Vault.token
         :return: None
         """
-        authentication_service = AuthService(self.url, self.customer_alias, self.database_alias, self.client_id, self.client_secret)
+        authentication_service = AuthService(self.url, self.customer_alias, self.database_alias, self.client_id,
+                                             self.client_secret, self.user_web_token)
 
         resp = authentication_service.refresh_access_token(self.token.refresh_token)
         access_token = resp['access_token']