Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

backend-auth: Add user ID to fetch api key responses. 

Adds the user ID to the return values for the `/fetch_api_key` and
`/dev_fetch_api_key` endpoints. This saves clients like mobile a
round trip to the server to get the user's unique ID as it is now
returned as part of the log in flow.

Fixes #24980.
This commit is contained in:
Lauryn Menard 2023-04-04 12:36:44 +02:00 committed by Tim Abbott
parent 52f7eb4463
commit e95b784f6e
6 changed files with 31 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api_docs/changelog.md
View File

@ -20,6 +20,13 @@ format used by the Zulip server that they are interacting with.
## Changes in Zulip 7.0 ## Changes in Zulip 7.0
**Feature level 171**:
* [`POST /fetch_api_key`](/api/fetch-api-key),
[`POST /dev_fetch_api_key`](/api/dev-fetch-api-key): The return values
for these endpoints now include the unique ID of the user who owns the
API key.
**Feature level 170** **Feature level 170**
* [`POST /user_topics`](/api/update-user-topic): * [`POST /user_topics`](/api/update-user-topic):

2
version.py
View File

@ -33,7 +33,7 @@ DESKTOP_WARNING_VERSION = "5.4.3"
# Changes should be accompanied by documentation explaining what the # Changes should be accompanied by documentation explaining what the
# new level means in api_docs/changelog.md, as well as "**Changes**" # new level means in api_docs/changelog.md, as well as "**Changes**"
# entries in the endpoint's documentation in `zulip.yaml`. # entries in the endpoint's documentation in `zulip.yaml`.
API_FEATURE_LEVEL = 170 API_FEATURE_LEVEL = 171
# Bump the minor PROVISION_VERSION to indicate that folks should provision # Bump the minor PROVISION_VERSION to indicate that folks should provision
# only when going from an old version of the code to a newer version. Bump # only when going from an old version of the code to a newer version. Bump

9
zerver/openapi/zulip.yaml
View File

@ -17342,13 +17342,20 @@ components:
email: email:
type: string type: string
description: | description: |
The email address of the user who owns the API key The email address of the user who owns the API key.
user_id:
type: integer
description: |
The unique ID of the user who owns the API key.
**Changes**: New in Zulip 7.0 (feature level 171).
example: example:
{ {
"api_key": "gjA04ZYcqXKalvYMA8OeXSfzUOLrtbZv", "api_key": "gjA04ZYcqXKalvYMA8OeXSfzUOLrtbZv",
"email": "iago@zulip.com", "email": "iago@zulip.com",
"msg": "", "msg": "",
"result": "success", "result": "success",
"user_id": 5,
} }
CodedError: CodedError:
allOf: allOf:

10
zerver/tests/test_auth_backends.py
View File

@ -4460,7 +4460,8 @@ class FetchAPIKeyTest(ZulipTestCase):
"/api/v1/fetch_api_key", "/api/v1/fetch_api_key",
dict(username=self.email, password=initial_password(self.email)), dict(username=self.email, password=initial_password(self.email)),
) )
self.assert_json_success(result) json_response = self.assert_json_success(result)
self.assertEqual(json_response["user_id"], self.user_profile.id)
def test_invalid_email(self) -> None: def test_invalid_email(self) -> None:
result = self.client_post( result = self.client_post(
@ -4500,7 +4501,8 @@ class FetchAPIKeyTest(ZulipTestCase):
"/api/v1/fetch_api_key", "/api/v1/fetch_api_key",
dict(username=self.example_email("hamlet"), password=self.ldap_password("hamlet")), dict(username=self.example_email("hamlet"), password=self.ldap_password("hamlet")),
) )
self.assert_json_success(result) json_response = self.assert_json_success(result)
self.assertEqual(json_response["user_id"], self.user_profile.id)
@override_settings( @override_settings(
AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",), AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",),
@ -4530,7 +4532,8 @@ class FetchAPIKeyTest(ZulipTestCase):
"/api/v1/fetch_api_key", "/api/v1/fetch_api_key",
dict(username="hamlet", password=self.ldap_password("hamlet")), dict(username="hamlet", password=self.ldap_password("hamlet")),
) )
self.assert_json_success(result) json_response = self.assert_json_success(result)
self.assertEqual(json_response["user_id"], self.user_profile.id)
@override_settings( @override_settings(
AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",), AUTHENTICATION_BACKENDS=("zproject.backends.ZulipLDAPAuthBackend",),
@ -4663,6 +4666,7 @@ class DevFetchAPIKeyTest(ZulipTestCase):
result = self.client_post("/api/v1/dev_fetch_api_key", dict(username=self.email)) result = self.client_post("/api/v1/dev_fetch_api_key", dict(username=self.email))
data = self.assert_json_success(result) data = self.assert_json_success(result)
self.assertEqual(data["email"], self.email) self.assertEqual(data["email"], self.email)
self.assertEqual(data["user_id"], self.user_profile.id)
user_api_keys = get_all_api_keys(self.user_profile) user_api_keys = get_all_api_keys(self.user_profile)
self.assertIn(data["api_key"], user_api_keys) self.assertIn(data["api_key"], user_api_keys)

5
zerver/views/auth.py
View File

@ -1000,7 +1000,10 @@ def api_fetch_api_key(
api_key = process_api_key_fetch_authenticate_result(request, user_profile) api_key = process_api_key_fetch_authenticate_result(request, user_profile)
return json_success(request, data={"api_key": api_key, "email": user_profile.delivery_email}) return json_success(
request,
data={"api_key": api_key, "email": user_profile.delivery_email, "user_id": user_profile.id},
)
def get_auth_backends_data(request: HttpRequest) -> Dict[str, Any]: def get_auth_backends_data(request: HttpRequest) -> Dict[str, Any]:

5
zerver/views/development/dev_login.py
View File

@ -135,7 +135,10 @@ def api_dev_fetch_api_key(request: HttpRequest, username: str = REQ()) -> HttpRe
do_login(request, user_profile) do_login(request, user_profile)
api_key = get_api_key(user_profile) api_key = get_api_key(user_profile)
return json_success(request, data={"api_key": api_key, "email": user_profile.delivery_email}) return json_success(
request,
data={"api_key": api_key, "email": user_profile.delivery_email, "user_id": user_profile.id},
)
@csrf_exempt @csrf_exempt