From fdd20042c1c98f1f740d01d83002f787688c413b Mon Sep 17 00:00:00 2001 From: Hafiyyan Date: Mon, 30 Sep 2019 14:36:11 +0700 Subject: [PATCH 1/2] Login sso fix --- core/tests/test_accounts.py | 7 ++++-- core/tests/test_vacancies.py | 12 ++++++--- core/views/accounts.py | 19 ++++++-------- core/views/sso_login.py | 48 ++++++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 17 deletions(-) create mode 100644 core/views/sso_login.py diff --git a/core/tests/test_accounts.py b/core/tests/test_accounts.py index 35458de..25281a7 100644 --- a/core/tests/test_accounts.py +++ b/core/tests/test_accounts.py @@ -8,6 +8,7 @@ from core.models.accounts import Company, Supervisor, Student class LoginTests(APITestCase): @requests_mock.Mocker() def test_succesful_student_login_relogin(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -16,7 +17,7 @@ class LoginTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -35,6 +36,7 @@ class LoginTests(APITestCase): @requests_mock.Mocker() def test_successful_supervisor_login_relogin(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.dosen", "nama": "Dummy Dosen", @@ -106,6 +108,7 @@ class ProfileUpdateTests(APITestCase): @requests_mock.Mocker() def test_student_profile_update(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -114,7 +117,7 @@ class ProfileUpdateTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ diff --git a/core/tests/test_vacancies.py b/core/tests/test_vacancies.py index 78cdc5a..1667ac1 100644 --- a/core/tests/test_vacancies.py +++ b/core/tests/test_vacancies.py @@ -12,6 +12,7 @@ from core.models.vacancies import Vacancy, Application class ApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_list(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -20,7 +21,7 @@ class ApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -42,6 +43,7 @@ class ApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_create_and_delete(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -50,7 +52,7 @@ class ApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -84,6 +86,7 @@ class ApplicationTests(APITestCase): class BookmarkApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_list(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -92,7 +95,7 @@ class BookmarkApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ @@ -114,6 +117,7 @@ class BookmarkApplicationTests(APITestCase): @requests_mock.Mocker() def test_application_create_and_delete(self, m): + m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200) m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={ "username": "dummy.mahasiswa", "nama": "Dummy Mahasiswa", @@ -122,7 +126,7 @@ class BookmarkApplicationTests(APITestCase): "kodeidentitas": "1234567890", "nama_role": "mahasiswa" }, status_code=200) - m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={ + m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={ "kota_lahir": "kota_kota", "tgl_lahir": "2017-12-31", "program": [{ diff --git a/core/views/accounts.py b/core/views/accounts.py index 0b74350..9ea10d8 100644 --- a/core/views/accounts.py +++ b/core/views/accounts.py @@ -9,6 +9,7 @@ from rest_framework.parsers import FormParser,MultiPartParser from rest_framework.permissions import AllowAny from rest_framework.permissions import IsAdminUser, IsAuthenticated from rest_framework.response import Response +from .sso_login import get_access_token, verify_user, get_riwayat_user, get_summary_user from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor, \ IsAdminOrSupervisorOrCompanyOrSelf @@ -81,14 +82,9 @@ class StudentViewSet(viewsets.ModelViewSet): raise PermissionDenied("You are not allowed to see other student's transcript") if student.show_transcript: - s = requests.Session() - credentials = settings.API_CS_CREDENTIALS - s.get('https://api.cs.ui.ac.id/api-auth/login/') - csrf = s.cookies['csrftoken'] - resp = s.post('https://api.cs.ui.ac.id/api-auth/login/', - data={'username': credentials["user"], 'password': credentials["password"], - 'csrfmiddlewaretoken': csrf}) - response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/') + access_token = get_access_token(credentials["user"], credentials["password"]) + ver_user = verify_user(access_token) + response = get_riwayat_user(access_token, ver_user['identity_number']) return Response({'name': student.full_name, 'transcript': response.json()}, status=status.HTTP_200_OK) else: return Response({'name': student.full_name, 'error': 'student does not allow transcript to be shown'}, @@ -146,7 +142,7 @@ class LoginViewSet(viewsets.GenericViewSet): return Response(status=status.HTTP_400_BAD_REQUEST) if login_type == "sso-ui": r = requests.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', - json={"username": username, "password": password}) + data={"username": username, "password": password}) resp = r.json() if resp.get('state') != 0: # create user @@ -167,8 +163,9 @@ class LoginViewSet(viewsets.GenericViewSet): login(request, user) if created: if resp.get('nama_role') == "mahasiswa": - student_detail = requests.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/{}/'.format(resp.get("kodeidentitas"))) - resp_student_detail = student_detail.json() + access_token = get_access_token(username, password) + ver_user = verify_user(access_token) + resp_student_detail = get_summary_user(access_token, ver_user['identity_number']) student = Student.objects.create( user=user, npm=resp.get("kodeidentitas"), diff --git a/core/views/sso_login.py b/core/views/sso_login.py new file mode 100644 index 0000000..669bf2b --- /dev/null +++ b/core/views/sso_login.py @@ -0,0 +1,48 @@ +import requests + +API_MAHASISWA = "https://api.cs.ui.ac.id/siakngcs/mahasiswa/" +API_RIWAYAT_MAHASISWA = API_MAHASISWA+'{npm}/riwayat/' +API_VERIFY_USER = "https://akun.cs.ui.ac.id/oauth/token/verify/" +def get_access_token(username, password): + try: + url = "https://akun.cs.ui.ac.id/oauth/token/" + + payload = "username=" + username + "&password=" + password + "&grant_type=password" + headers = { + 'authorization': "Basic WDN6TmtGbWVwa2RBNDdBU05NRFpSWDNaOWdxU1UxTHd5d3U1V2VwRzpCRVFXQW43RDl6a2k3NEZ0bkNpWVhIRk50Ymg3eXlNWmFuNnlvMU1uaUdSVWNGWnhkQnBobUU5TUxuVHZiTTEzM1dsUnBwTHJoTXBkYktqTjBxcU9OaHlTNGl2Z0doczB0OVhlQ3M0Ym1JeUJLMldwbnZYTXE4VU5yTEFEMDNZeA==", + 'cache-control': "no-cache", + 'content-type': "application/x-www-form-urlencoded" + } + response = requests.request("POST", url, data=payload, headers=headers) + + return response.json()["access_token"] + except Exception as e: + return None + # raise Exception("username atau password sso salah, input : [{}, {}]".format(username, password,)) + +def get_client_id(): + client_id = 'X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG' + return client_id + +def verify_user(access_token): + print ("#get identity number") + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_VERIFY_USER, params=parameters) + print ("response => ", response.json()) + return response.json() + +def get_summary_user(access_token, npm): + print ("#get summary user => ", npm) + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_MAHASISWA+str(npm), params=parameters) + print ("response => ", response.text) + print ("response => ", response.json()) + return response.json() + +def get_riwayat_user(access_token, npm): + print ("#get riwayat user => ", npm) + parameters = {"access_token": access_token, "client_id": get_client_id()} + response = requests.get(API_RIWAYAT_MAHASISWA.format(npm=npm), params=parameters) + print ("response => ", response.text) + print ("response => ", response.json()) + return response.json() -- GitLab From e891c101292e563332db1aee9e7d3c3ea60216b6 Mon Sep 17 00:00:00 2001 From: Daya Adianto Date: Thu, 3 Oct 2019 18:41:22 +0700 Subject: [PATCH 2/2] Fix SonarScanner CI job and add project badges add test case for new vacancy fail or success implemented new vacancy fail or success add test case for update vacancy fail or success implemented update vacancy fail or success --- .gitlab/CODEOWNERS | 4 ++ README.md | 7 +++ core/tests/test_create_vacancies.py | 66 +++++++++++++++++++++++++++++ core/views/vacancies.py | 38 +++++++++++++++-- sonar-project.properties | 1 + 5 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 .gitlab/CODEOWNERS create mode 100644 core/tests/test_create_vacancies.py diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS new file mode 100644 index 0000000..a690232 --- /dev/null +++ b/.gitlab/CODEOWNERS @@ -0,0 +1,4 @@ +# Code owners file + +## Changes to these file(s) require approval from the teaching team +sonar-project.properties @addianto @hafiyyan94 \ No newline at end of file diff --git a/README.md b/README.md index 3020546..3734ba0 100755 --- a/README.md +++ b/README.md @@ -2,6 +2,13 @@ > Internship matchmaking platform for students and companies. +[![pipeline status](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/badges/master/pipeline.svg)](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/commits/master) +[![coverage report](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/badges/master/coverage.svg)](https://gitlab.cs.ui.ac.id/pmpl/class-project/kape/commits/master) + +[![Quality Gate Status](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=alert_status)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) +[![Bugs](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=bugs)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) +[![Code Smells](https://pmpl.cs.ui.ac.id/sonarqube/api/project_badges/measure?project=id.ac.ui.cs.foss%3Akape&metric=code_smells)](https://pmpl.cs.ui.ac.id/sonarqube/dashboard?id=id.ac.ui.cs.foss%3Akape) + ## Table of Contents - [Install](#install) diff --git a/core/tests/test_create_vacancies.py b/core/tests/test_create_vacancies.py new file mode 100644 index 0000000..3a8fd4a --- /dev/null +++ b/core/tests/test_create_vacancies.py @@ -0,0 +1,66 @@ +from datetime import datetime + +import requests_mock +from django.contrib.auth.models import User +from rest_framework import status +from rest_framework.test import APITestCase + +from core.models.accounts import Company, Student, Supervisor +from core.models.vacancies import Vacancy, Application + +class CreateAndUpdateVacancyTest(APITestCase): + def test_new_vacancy_success(self): + superuser = User.objects.create_superuser('dummy.company', 'dummy.company@company.com', 'lalala123') + new_company = Company.objects.create(user=superuser, description="lalalaz", status=Company.VERIFIED, logo=None, + address=None) + self.client.force_authenticate(user=superuser) + + url = '/api/vacancies/' + response = self.client.post(url, {'company': new_company.pk, 'open_time': datetime.fromtimestamp(0), + 'close_time': datetime.today(), 'name': 'new_vacancy', 'description': 'new_vacancy '}, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + vacancies = Vacancy.objects.count() + self.assertEqual(vacancies,1) + + def test_new_vacancy_failed(self): + superuser = User.objects.create_superuser('dummy.company', 'dummy.company@company.com', 'lalala123') + new_company = Company.objects.create(user=superuser, description="lalalaz", status=Company.VERIFIED, logo=None, + address=None) + self.client.force_authenticate(user=superuser) + + url = '/api/vacancies/' + response = self.client.post(url, {'company': new_company.pk, 'open_time': datetime.today(), + 'close_time': datetime.fromtimestamp(0), 'name': 'new_vacancy', 'description': 'new_vacancy'}, format='json') + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) + + vacancies = Vacancy.objects.count() + self.assertEqual(vacancies,0) + + def test_update_vacancy_success(self): + superuser = User.objects.create_superuser('dummy.company', 'dummy.company@company.com', 'lalala123') + new_company = Company.objects.create(user=superuser, description="lalalaz", status=Company.VERIFIED, logo=None, + address=None) + self.client.force_authenticate(user=superuser) + + new_vacancy = Vacancy.objects.create(company=new_company, verified=False, open_time=datetime.fromtimestamp(0), + description="lalala", close_time=datetime.today(), name='new_company') + + url = '/api/vacancies/' + str(new_vacancy.pk) + '/' + response = self.client.patch(url, {'open_time': datetime.fromtimestamp(0), 'close_time': datetime.today(), + 'name': 'new_vacancy2', 'description': 'new_vacancy2'}, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_update_vacancy_failed(self): + superuser = User.objects.create_superuser('dummy.company', 'dummy.company@company.com', 'lalala123') + new_company = Company.objects.create(user=superuser, description="lalalaz", status=Company.VERIFIED, logo=None, + address=None) + self.client.force_authenticate(user=superuser) + + new_vacancy = Vacancy.objects.create(company=new_company, verified=False, open_time=datetime.fromtimestamp(0), + description="lalala", close_time=datetime.today(), name='new_company') + + url = '/api/vacancies/' + str(new_vacancy.pk) + '/' + response = self.client.patch(url, {'open_time': datetime.today(), 'close_time': datetime.fromtimestamp(0), + 'name': 'new_vacancy2', 'description': 'new_vacancy2'}, format='json') + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) \ No newline at end of file diff --git a/core/views/vacancies.py b/core/views/vacancies.py index e4b8b98..39f7422 100644 --- a/core/views/vacancies.py +++ b/core/views/vacancies.py @@ -21,9 +21,9 @@ from core.views.accounts import StudentViewSet class VacancyViewSet(MultiSerializerViewSetMixin, viewsets.ModelViewSet): queryset = Vacancy.objects.all() serializer_class = VacancySerializer - serializer_action_classes = { - 'create': PostVacancySerializer - } + # serializer_action_classes = { + # 'create': PostVacancySerializer + # } permission_classes = [IsAdminOrCompany] pagination_class = PageNumberPagination @@ -44,6 +44,38 @@ class VacancyViewSet(MultiSerializerViewSetMixin, viewsets.ModelViewSet): return self.get_paginated_response(VacancySerializer(page, many=True, context={'request': request}).data) return Response(VacancySerializer(vacancies, many=True, context={'request': request}).data) + def create(self, request): + data = request.data + company_set = Company.objects.filter(id=data['company']) + if len(company_set) == 0: + raise ValidationError('no company') + company = company_set[0] + open_time = data['open_time'] + close_time = data['close_time'] + name = data['name'] + description = data['description'] + if close_time < open_time: + raise ValidationError('Waktu tutup lowongan harus lebih dari waktu buka lowongan!') + vacancy = Vacancy(company=company, open_time=open_time, close_time=close_time, name=name, description=description) + vacancy.save() + return Response(status=status.HTTP_200_OK) + + def partial_update(self, request, pk): + data = request.data + vacancy = Vacancy.objects.get(pk=pk) + open_time = data['open_time'] + close_time = data['close_time'] + name = data['name'] + description = data['description'] + if close_time < open_time: + raise ValidationError('Waktu tutup lowongan harus lebih dari waktu buka lowongan!') + vacancy.open_time = open_time + vacancy.close_time = close_time + vacancy.name = name + vacancy.description = description + vacancy.save() + return Response(status=status.HTTP_200_OK) + @detail_route(permission_classes=[IsAdminOrCompany]) def count(self, request, pk=None): vacancy = self.get_object() diff --git a/sonar-project.properties b/sonar-project.properties index 48a6c49..c3db74c 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -7,6 +7,7 @@ sonar.projectKey=id.ac.ui.cs.foss:kape sonar.exclusions=/.devcontainer/,/.gitlab/,*.config.js,/.tmp/, sonar.scm.provider=git +sonar.projectVersion=1.0.0 ## Authentication ### sonar.login=[pass token via CLI/CI] -- GitLab