Merge branch 'login_sso_fix' into 'master'

Login sso fix

See merge request !1

core/tests/test_accounts.py

@@ -8,6 +8,7 @@ from core.models.accounts import Company, Supervisor, Student
 class LoginTests(APITestCase):
     @requests_mock.Mocker()
     def test_succesful_student_login_relogin(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
                 "username": "dummy.mahasiswa",
                 "nama": "Dummy Mahasiswa",
@@ -16,7 +17,7 @@ class LoginTests(APITestCase):
                 "kodeidentitas": "1234567890",
                 "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
                 "kota_lahir": "kota_kota",
                 "tgl_lahir": "2017-12-31",
                 "program": [{
@@ -35,6 +36,7 @@ class LoginTests(APITestCase):
 
     @requests_mock.Mocker()
     def test_successful_supervisor_login_relogin(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.dosen",
             "nama": "Dummy Dosen",
@@ -106,6 +108,7 @@ class ProfileUpdateTests(APITestCase):
 
     @requests_mock.Mocker()
     def test_student_profile_update(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.mahasiswa",
             "nama": "Dummy Mahasiswa",
@@ -114,7 +117,7 @@ class ProfileUpdateTests(APITestCase):
             "kodeidentitas": "1234567890",
             "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
             "kota_lahir": "kota_kota",
             "tgl_lahir": "2017-12-31",
             "program": [{

core/tests/test_vacancies.py

@@ -12,6 +12,7 @@ from core.models.vacancies import Vacancy, Application
 class ApplicationTests(APITestCase):
     @requests_mock.Mocker()
     def test_application_list(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.mahasiswa",
             "nama": "Dummy Mahasiswa",
@@ -20,7 +21,7 @@ class ApplicationTests(APITestCase):
             "kodeidentitas": "1234567890",
             "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
             "kota_lahir": "kota_kota",
             "tgl_lahir": "2017-12-31",
             "program": [{
@@ -42,6 +43,7 @@ class ApplicationTests(APITestCase):
 
     @requests_mock.Mocker()
     def test_application_create_and_delete(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.mahasiswa",
             "nama": "Dummy Mahasiswa",
@@ -50,7 +52,7 @@ class ApplicationTests(APITestCase):
             "kodeidentitas": "1234567890",
             "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
             "kota_lahir": "kota_kota",
             "tgl_lahir": "2017-12-31",
             "program": [{
@@ -84,6 +86,7 @@ class ApplicationTests(APITestCase):
 class BookmarkApplicationTests(APITestCase):
     @requests_mock.Mocker()
     def test_application_list(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.mahasiswa",
             "nama": "Dummy Mahasiswa",
@@ -92,7 +95,7 @@ class BookmarkApplicationTests(APITestCase):
             "kodeidentitas": "1234567890",
             "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
             "kota_lahir": "kota_kota",
             "tgl_lahir": "2017-12-31",
             "program": [{
@@ -114,6 +117,7 @@ class BookmarkApplicationTests(APITestCase):
 
     @requests_mock.Mocker()
     def test_application_create_and_delete(self, m):
+        m.get('https://akun.cs.ui.ac.id/oauth/token/verify/?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={"username": 'dummy.mahasiswa', "role": 'mahasiswa', "identity_number": '1234567890'}, status_code=200)
         m.post('https://api.cs.ui.ac.id/authentication/ldap/v2/', json={
             "username": "dummy.mahasiswa",
             "nama": "Dummy Mahasiswa",
@@ -122,7 +126,7 @@ class BookmarkApplicationTests(APITestCase):
             "kodeidentitas": "1234567890",
             "nama_role": "mahasiswa"
         }, status_code=200)
-        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890/', json={
+        m.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/1234567890?client_id=X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG', json={
             "kota_lahir": "kota_kota",
             "tgl_lahir": "2017-12-31",
             "program": [{

core/views/accounts.py

@@ -9,6 +9,7 @@ from rest_framework.parsers import FormParser,MultiPartParser
 from rest_framework.permissions import AllowAny
 from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.response import Response
+from .sso_login import get_access_token, verify_user, get_riwayat_user, get_summary_user
 
 from core.lib.permissions import IsAdminOrStudent, IsAdminOrSelfOrReadOnly, IsAdminOrCompany, IsAdminOrSupervisor, \
     IsAdminOrSupervisorOrCompanyOrSelf
@@ -81,14 +82,9 @@ class StudentViewSet(viewsets.ModelViewSet):
             raise PermissionDenied("You are not allowed to see other student's transcript")
 
         if student.show_transcript:
-            s = requests.Session()
-            credentials = settings.API_CS_CREDENTIALS
-            s.get('https://api.cs.ui.ac.id/api-auth/login/')
-            csrf = s.cookies['csrftoken']
-            resp = s.post('https://api.cs.ui.ac.id/api-auth/login/',
-                          data={'username': credentials["user"], 'password': credentials["password"],
-                                'csrfmiddlewaretoken': csrf})
-            response = s.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/' + str(student.npm) + '/riwayat/')
+            access_token = get_access_token(credentials["user"], credentials["password"])
+            ver_user = verify_user(access_token)
+            response = get_riwayat_user(access_token, ver_user['identity_number'])
             return Response({'name': student.full_name, 'transcript': response.json()}, status=status.HTTP_200_OK)
         else:
             return Response({'name': student.full_name, 'error': 'student does not allow transcript to be shown'},
@@ -146,7 +142,7 @@ class LoginViewSet(viewsets.GenericViewSet):
             return Response(status=status.HTTP_400_BAD_REQUEST)
         if login_type == "sso-ui":
             r = requests.post('https://api.cs.ui.ac.id/authentication/ldap/v2/',
-                              json={"username": username, "password": password})
+                              data={"username": username, "password": password})
             resp = r.json()
             if resp.get('state') != 0:
                 # create user
@@ -167,8 +163,9 @@ class LoginViewSet(viewsets.GenericViewSet):
                 login(request, user)
                 if created:
                     if resp.get('nama_role') == "mahasiswa":
-                        student_detail = requests.get('https://api.cs.ui.ac.id/siakngcs/mahasiswa/{}/'.format(resp.get("kodeidentitas")))
-                        resp_student_detail = student_detail.json()
+                        access_token = get_access_token(username, password)
+                        ver_user = verify_user(access_token)
+                        resp_student_detail = get_summary_user(access_token, ver_user['identity_number'])
                         student = Student.objects.create(
                             user=user,
                             npm=resp.get("kodeidentitas"),

core/views/sso_login.py

+import requests
+
+API_MAHASISWA = "https://api.cs.ui.ac.id/siakngcs/mahasiswa/"
+API_RIWAYAT_MAHASISWA = API_MAHASISWA+'{npm}/riwayat/'
+API_VERIFY_USER = "https://akun.cs.ui.ac.id/oauth/token/verify/"
+def get_access_token(username, password):
+    try:
+        url = "https://akun.cs.ui.ac.id/oauth/token/"
+
+        payload = "username=" + username + "&password=" + password + "&grant_type=password"
+        headers = {
+            'authorization': "Basic WDN6TmtGbWVwa2RBNDdBU05NRFpSWDNaOWdxU1UxTHd5d3U1V2VwRzpCRVFXQW43RDl6a2k3NEZ0bkNpWVhIRk50Ymg3eXlNWmFuNnlvMU1uaUdSVWNGWnhkQnBobUU5TUxuVHZiTTEzM1dsUnBwTHJoTXBkYktqTjBxcU9OaHlTNGl2Z0doczB0OVhlQ3M0Ym1JeUJLMldwbnZYTXE4VU5yTEFEMDNZeA==",
+            'cache-control': "no-cache",
+            'content-type': "application/x-www-form-urlencoded"
+        }
+        response = requests.request("POST", url, data=payload, headers=headers)
+
+        return response.json()["access_token"]
+    except Exception as e:
+        return None
+        # raise Exception("username atau password sso salah, input : [{}, {}]".format(username, password,))
+
+def get_client_id():
+    client_id = 'X3zNkFmepkdA47ASNMDZRX3Z9gqSU1Lwywu5WepG'
+    return client_id
+
+def verify_user(access_token):
+    print ("#get identity number")
+    parameters = {"access_token": access_token, "client_id": get_client_id()}
+    response = requests.get(API_VERIFY_USER, params=parameters)
+    print ("response => ", response.json())
+    return response.json()
+
+def get_summary_user(access_token, npm):
+    print ("#get summary user => ", npm)
+    parameters = {"access_token": access_token, "client_id": get_client_id()}
+    response = requests.get(API_MAHASISWA+str(npm), params=parameters)
+    print ("response => ", response.text)
+    print ("response => ", response.json())
+    return response.json()
+
+def get_riwayat_user(access_token, npm):
+    print ("#get riwayat user => ", npm)
+    parameters = {"access_token": access_token, "client_id": get_client_id()}
+    response = requests.get(API_RIWAYAT_MAHASISWA.format(npm=npm), params=parameters)
+    print ("response => ", response.text)
+    print ("response => ", response.json())
+    return response.json()