backend-auth: Add user ID to fetch api key responses.

Adds the user ID to the return values for the `/fetch_api_key` and `/dev_fetch_api_key` endpoints. This saves clients like mobile a round trip to the server to get the user's unique ID as it is now returned as part of the log in flow. Fixes #24980.
2023-04-04 12:36:44 +02:00 · 2023-04-04 12:36:44 +02:00 · e95b784f6e
parent 52f7eb4463
commit e95b784f6e
6 changed files with 31 additions and 7 deletions
--- a/api_docs/changelog.md
+++ b/api_docs/changelog.md
@ -20,6 +20,13 @@ format used by the Zulip server that they are interacting with.

 ## Changes in Zulip 7.0

+**Feature level 171**:
+
+* [`POST /fetch_api_key`](/api/fetch-api-key),
+  [`POST /dev_fetch_api_key`](/api/dev-fetch-api-key): The return values
+  for these endpoints now include the unique ID of the user who owns the
+  API key.
+
 **Feature level 170**

 * [`POST /user_topics`](/api/update-user-topic):
--- a/version.py
+++ b/version.py
@ -33,7 +33,7 @@ DESKTOP_WARNING_VERSION = "5.4.3"
 # Changes should be accompanied by documentation explaining what the
 # new level means in api_docs/changelog.md, as well as "**Changes**"
 # entries in the endpoint's documentation in `zulip.yaml`.
-API_FEATURE_LEVEL = 170
+API_FEATURE_LEVEL = 171

 # Bump the minor PROVISION_VERSION to indicate that folks should provision
 # only when going from an old version of the code to a newer version. Bump
--- a/zerver/openapi/zulip.yaml
+++ b/zerver/openapi/zulip.yaml
@ -17342,13 +17342,20 @@ components:
            email:
              type: string
              description: |
-                The email address of the user who owns the API key
+                The email address of the user who owns the API key.
+            user_id:
+              type: integer
+              description: |
+                The unique ID of the user who owns the API key.
+
+                **Changes**: New in Zulip 7.0 (feature level 171).
          example:
            {
              "api_key": "gjA04ZYcqXKalvYMA8OeXSfzUOLrtbZv",
              "email": "iago@zulip.com",
              "msg": "",
              "result": "success",
+              "user_id": 5,
            }
    CodedError:
      allOf:
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@ -4460,7 +4460,8 @@ class FetchAPIKeyTest(ZulipTestCase):
            "/api/v1/fetch_api_key",
            dict(username=self.email, password=initial_password(self.email)),
        )
-        self.assert_json_success(result)
+        json_response = self.assert_json_success(result)
+        self.assertEqual(json_response["user_id"], self.user_profile.id)

    def test_invalid_email(self) -> None:
        result = self.client_post(
@ -4500,7 +4501,8 @@ class FetchAPIKeyTest(ZulipTestCase):
                "/api/v1/fetch_api_key",
                dict(username=self.example_email("hamlet"), password=self.ldap_password("hamlet")),
            )
-        self.assert_json_success(result)
+        json_response = self.assert_json_success(result)
+        self.assertEqual(json_response["user_id"], self.user_profile.id)

    @override_settings(
        AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",),
@ -4530,7 +4532,8 @@ class FetchAPIKeyTest(ZulipTestCase):
            "/api/v1/fetch_api_key",
            dict(username="hamlet", password=self.ldap_password("hamlet")),
        )
-        self.assert_json_success(result)
+        json_response = self.assert_json_success(result)
+        self.assertEqual(json_response["user_id"], self.user_profile.id)

    @override_settings(
        AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",),
@ -4663,6 +4666,7 @@ class DevFetchAPIKeyTest(ZulipTestCase):
        result = self.client_post("/api/v1/dev_fetch_api_key", dict(username=self.email))
        data = self.assert_json_success(result)
        self.assertEqual(data["email"], self.email)
+        self.assertEqual(data["user_id"], self.user_profile.id)
        user_api_keys = get_all_api_keys(self.user_profile)
        self.assertIn(data["api_key"], user_api_keys)

--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@ -1000,7 +1000,10 @@ def api_fetch_api_key(

    api_key = process_api_key_fetch_authenticate_result(request, user_profile)

-    return json_success(request, data={"api_key": api_key, "email": user_profile.delivery_email})
+    return json_success(
+        request,
+        data={"api_key": api_key, "email": user_profile.delivery_email, "user_id": user_profile.id},
+    )


 def get_auth_backends_data(request: HttpRequest) -> Dict[str, Any]:
--- a/zerver/views/development/dev_login.py
+++ b/zerver/views/development/dev_login.py
@ -135,7 +135,10 @@ def api_dev_fetch_api_key(request: HttpRequest, username: str = REQ()) -> HttpRe

    do_login(request, user_profile)
    api_key = get_api_key(user_profile)
-    return json_success(request, data={"api_key": api_key, "email": user_profile.delivery_email})
+    return json_success(
+        request,
+        data={"api_key": api_key, "email": user_profile.delivery_email, "user_id": user_profile.id},
+    )


@csrf_exempt