Add identity checking endpoint

Queries iga for an external id matching ours. If a match is found, the name of the owner is returend. Otherwise we return null. Uses the new iga module to fetch the data.

Add identity checking endpoint
Queries iga for an external id matching ours. If a match is found, the name of the owner is returend. Otherwise we return null. Uses the new iga module to fetch the data.
470dda53 · Andreas Ellewsen · 59cde6ad · 470dda53 · 470dda53 · 470dda53
Verified Commit 470dda53 authored 3 years ago by Andreas Ellewsen
--- a/gregsite/settings/base.py
+++ b/gregsite/settings/base.py
@@ -341,3 +341,9 @@ DEFAULT_IDENTITY_SOURCE = "greg"
 # Toggle to prevent verification of NIN from the sponsor frontend.
 # Introduced to prevent using greg for takeover of existing accounts in IGA.
 DISABLE_NIN_VERIFY = False
+
+# Iga client config used by identity checking view when checking iga
+IGA_CLIENT = {
+    "url": "http://example.com/cerebrum/",
+    "headers": {"X-Gravitee-Api-Key": "<KEY>"},
+}
--- a/gregui/api/urls.py
+++ b/gregui/api/urls.py
 from django.urls import re_path, path
 from rest_framework.routers import DefaultRouter
-from gregui.api.views.identity import IdentityViewSet
+from gregui.api.views.identity import IdentityCheckView, IdentityViewSet

 from gregui.api.views.invitation import (
    CheckInvitationView,
@@ -42,4 +42,5 @@ urlpatterns += [
        name="person-search",
    ),
    path("userinfo/", UserInfoView.as_view(), name="userinfo"),
+    path("identitycheck/<int:id>", IdentityCheckView.as_view(), name="identitycheck"),
 ]
--- a/gregui/api/views/identity.py
+++ b/gregui/api/views/identity.py
+from django.conf import settings
 from rest_framework.authentication import SessionAuthentication, BasicAuthentication
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.viewsets import GenericViewSet
 from rest_framework import mixins
-from rest_framework.exceptions import MethodNotAllowed
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import status
+
 from greg.models import Identity
 from greg.permissions import IsSponsor
 from gregui.api.serializers.identity import IdentitySerializer
-from gregui.models import GregUserProfile
+from iga import get_iga_client


 class IdentityViewSet(
@@ -29,3 +33,21 @@ class IdentityViewSet(
    permission_classes = [IsAuthenticated, IsSponsor]
    serializer_class = IdentitySerializer
    http_method_names = ["get", "patch"]
+
+
+class IdentityCheckView(APIView):
+
+    authentication_classes = [SessionAuthentication, BasicAuthentication]
+    permission_classes = [IsAuthenticated, IsSponsor]
+    client = get_iga_client(settings.INSTANCE_NAME, settings.IGA_CLIENT)
+
+    def get(self, request, *args, **kwargs):
+        try:
+            ident: Identity = Identity.objects.get(pk=kwargs["id"])
+        except Identity.DoesNotExist:
+            return Response(
+                f"Unknown identifier: {kwargs['id']}",
+                status=status.HTTP_404_NOT_FOUND,
+            )
+        match = self.client.extid_search(ident.type, ident.value)
+        return Response({"match": match.dict() if match else match})
--- a/gregui/tests/api/views/test_identity.py
+++ b/gregui/tests/api/views/test_identity.py
@@ -30,3 +30,57 @@ def test_identity_patch(client, log_in, user_sponsor, person_foo):
    ident.refresh_from_db()
    assert ident.verified == Identity.Verified.MANUAL
    assert ident.verified_by == GregUserProfile.objects.get(user=user_sponsor).sponsor
+
+
+@pytest.mark.django_db
+def test_identity_check_nonexisting_fnr(
+    requests_mock, client, log_in, user_sponsor, person_foo
+):
+    """Verify that identitycheck endpoint checks iga when queried"""
+    requests_mock.get(
+        "http://example.com/cerebrum/v1/search/persons/external-ids?id_type=NO_BIRTHNO&external_id=12345612345",
+        json={"external_ids": []},
+    )
+    log_in(user_sponsor)
+    url = reverse("gregui-v1:identitycheck", kwargs={"id": person_foo.fnr.id})
+    response = client.get(url)
+    assert response.json() == {"match": None}
+
+
+@pytest.mark.django_db
+def test_identity_check_existing_fnr(
+    requests_mock, client, log_in, user_sponsor, person_foo
+):
+    """Verify that identitycheck endpoint checks iga when queried"""
+    requests_mock.get(
+        "http://example.com/cerebrum/v1/search/persons/external-ids?id_type=NO_BIRTHNO&external_id=12345612345",
+        json={
+            "external_ids": [
+                {
+                    "person_id": 1,
+                    "source_system": "dfo_sap",
+                    "external_id": "12345612345",
+                    "id_type": "NO_BIRTHNO",
+                }
+            ]
+        },
+    )
+    requests_mock.get(
+        "http://example.com/cerebrum/v1/persons/1",
+        json={
+            "contexts": ["string"],
+            "created_at": "2022-02-17T10:17:31.305Z",
+            "href": "http://example.com/cerebrum/v1/search/persons/1",
+            "names": [
+                {"source_system": "dfo_sap", "variant": "FIRST", "name": "Ola"},
+                {"source_system": "dfo_sap", "variant": "LAST", "name": "Nordmann"},
+            ],
+            "birth_date": "2022-02-17T10:17:31.305Z",
+            "id": 1,
+        },
+    )
+
+    log_in(user_sponsor)
+    url = reverse("gregui-v1:identitycheck", kwargs={"id": person_foo.fnr.id})
+    response = client.get(url)
+    assert response.json() == {"match": {"first": "Ola", "last": "Nordmann"}}