scim: Further slim down SCIMClient removing unused attributes.

This removes everything from SCIMClient except the "is_authenticated` method. Previously, "realm" and "name" were only needed for logging purposes. It is the best to keep SCIMClient as minimal as possible, as it is only intended to be used for authenticating requests to SCIM views. This change also gurantees that the "LogRequests" middleware will not rely on the type unsafe access of the format_requestor_for_logs method on SCIMClient. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-09-28 20:48:41 -04:00 · 2022-09-28 20:48:41 -04:00 · e16de8d9e7
parent a9273c9aac
commit e16de8d9e7
2 changed files with 15 additions and 17 deletions
--- a/zerver/middleware.py
+++ b/zerver/middleware.py
@ -2,7 +2,6 @@ import cProfile
 import logging
 import time
 import traceback
-from dataclasses import dataclass
 from typing import Any, AnyStr, Callable, Dict, Iterable, List, MutableMapping, Optional, Tuple
 from urllib.parse import urlencode

@ -697,21 +696,7 @@ class ZulipCommonMiddleware(CommonMiddleware):
        return super().should_redirect_with_slash(request)


-@dataclass
 class SCIMClient:
-    realm: Realm
-    name: str
-
-    def __str__(self) -> str:
-        return f"<SCIMClient {self.name} for realm {self.realm_id}>"
-
-    def format_requestor_for_logs(self) -> str:
-        return f"scim-client:{self.name}:realm:{self.realm_id}"
-
-    @property
-    def realm_id(self) -> int:
-        return self.realm.id
-
    @property
    def is_authenticated(self) -> bool:
        """
@ -746,12 +731,15 @@ def validate_scim_bearer_token(request: HttpRequest) -> Optional[SCIMClient]:
        return None

    request_notes = RequestNotes.get_notes(request)
-    assert request_notes.realm
+    assert request_notes.realm is not None
+    request_notes.requestor_for_logs = (
+        f"scim-client:{scim_client_name}:realm:{request_notes.realm.id}"
+    )

    # While API authentication code paths are sufficiently high
    # traffic that we prefer to use a cache, SCIM is much lower
    # traffic, and doing a database query is plenty fast.
-    return SCIMClient(realm=request_notes.realm, name=scim_client_name)
+    return SCIMClient()


 class ZulipSCIMAuthCheckMiddleware(SCIMAuthCheckMiddleware):
--- a/zerver/tests/test_scim.py
+++ b/zerver/tests/test_scim.py
@ -680,6 +680,16 @@ class TestSCIMUser(SCIMTestCase):
                m.output, [f"ERROR:django.request:Not Implemented: /scim/v2/Users/{hamlet.id}"]
            )

+    def test_scim_client_requestor_for_logs(self) -> None:
+        hamlet = self.example_user("hamlet")
+        with self.assertLogs("zulip.requests", level="INFO") as m:
+            result = self.client_get(f"/scim/v2/Users/{hamlet.id}", {}, **self.scim_headers())
+        self.assertIn(
+            f"scim-client:{settings.SCIM_CONFIG['zulip']['scim_client_name']}:realm:{hamlet.realm.id}",
+            m.output[0],
+        )
+        self.assertEqual(result.status_code, 200)
+

 class TestSCIMGroup(SCIMTestCase):
    """