Merge pull request #67 from onaio/support-opensrp-fhir-core-oauth

Support Opensrp Fhir Core oAuth

CHANGES.md

@@ -1,4 +1,7 @@
 
+v0.5.0 Tue Sept 5 11:50:00 AM EAT 2023
+-  https://github.com/onaio/superset-patchup/pull/67 Fetches user details directly from Keycloak when using the OpenSRP provider. The `api_base_url` in the `OAUTH_PROVIDERS` block will now require a keycloak url  eg. `https://<keycloak-domain>/auth/realms/<realm>/protocol/openid-connect/`.
+
 v0.4.0 Thu Aug  4 02:09:35 PM EAT 2022
 -  https://github.com/onaio/superset-patchup/pull/63 Allow onadata provider name to be configurable.
 

requirements/dev.txt

@@ -12,7 +12,7 @@ alembic==1.7.7
     # via flask-migrate
 amqp==2.6.1
     # via kombu
-apache-superset==1.4.2
+apache-superset==1.5.0
     # via superset-patchup
 apispec[yaml]==3.3.2
     # via flask-appbuilder
@@ -53,7 +53,7 @@ bleach==3.3.1
     # via apache-superset
 brotli==1.0.9
     # via flask-compress
-cachelib==0.1.1
+cachelib==0.4.1
     # via apache-superset
 celery==4.4.7
     # via apache-superset
@@ -261,7 +261,7 @@ multidict==6.0.2
     #   yarl
 mypy-extensions==0.4.3
     # via black
-numpy==1.22.3
+numpy==1.24.4
     # via
     #   pandas
     #   pyarrow
@@ -275,7 +275,7 @@ packaging==21.3
     #   pytest
     #   redis
     #   tox
-pandas==1.2.5
+pandas==1.3
     # via apache-superset
 parsedatetime==2.6
     # via apache-superset
@@ -318,7 +318,7 @@ py==1.11.0
     # via
     #   pytest
     #   tox
-pyarrow==4.0.1
+pyarrow==5.0.0
     # via apache-superset
 pycodestyle==2.8.0
     # via flake8
@@ -348,7 +348,7 @@ pymeeus==0.5.11
     # via convertdate
 pyopenssl==22.0.0
     # via urllib3
-pyparsing==2.4.7
+pyparsing==3.0.6
     # via
     #   apache-superset
     #   packaging
@@ -377,7 +377,7 @@ pytz==2022.1
     #   celery
     #   flask-babel
     #   pandas
-pyyaml==6.0
+pyyaml==6.0.1
     # via
     #   apache-superset
     #   apispec

superset_patchup/oauth.py

@@ -305,16 +305,16 @@ def oauth_user_info(self, provider, response=None):
         if is_valid_provider(provider, "OpenSRP"):
             user_object = (
                 self.appbuilder.sm.oauth_remotes[provider]
-                .get("user-details", token=response)
+                .get("userinfo", token=response)
                 .json()
             )
 
-            username = user_object.get("username") or user_object.get("userName")
+            username = user_object.get("preferred_username")
 
             result = {"username": username}
 
-            if user_object.get("preferredName"):
-                result["name"] = user_object.get("preferredName")
+            if user_object.get("name"):
+                result["name"] = user_object.get("name")
 
             if email_base:
                 # change emails from [email protected] to [email protected]

superset_patchup/version.py

@@ -1,3 +1,3 @@
 """Version goes here - to avoid cyclic dependencies :-("""
-VERSION = (0, 4, 0)
+VERSION = (0, 5, 0)
 __version__ = ".".join(str(v) for v in VERSION)

tests/test_oauth.py

@@ -188,60 +188,27 @@ def test_oauth_user_info_opensrp_provider(self):  # pylint: disable=R0201
         # set test configs
         app.config["PATCHUP_EMAIL_BASE"] = "[email protected]"
 
-        # Sample data returned OpenSRP
-        data = {"userName": "tlv1", "roles": ["Privilege Level: Full"]}
+        # Sample data returned KeyCloak
+        data = {
+            "sub": "296fad33-ad11-4030-86e5-405025149224",
+            "email_verified": False,
+            "preferred_username": "test-user",
+            "enabled": True
+        }
 
         # Expected result
-        result_info = {"email": "noreply+tlv1@example.com", "username": "tlv1"}
+        result_info = {"email": "noreply+test-user@example.com", "username": "test-user"}
 
         appbuilder = MagicMock()
         user_mock = MagicMock()
         user_mock.json.return_value = data
-        appbuilder.sm.oauth_remotes["OpenSRP"].get = MagicMock(side_effect=[user_mock])
+        appbuilder.sm.oauth_remotes["OpenSRP"].get = MagicMock(
+            side_effect=[user_mock]
+        )
         csm = CustomSecurityManager(appbuilder=appbuilder)
         user_info = csm.oauth_user_info(provider="OpenSRP")
         assert user_info == result_info
 
-        # Sample data returned OpenSRP with preferredName
-        data2 = {
-            "preferredName": "mosh",
-            "userName": "mosh",
-            "roles": ["Privilege Level: Full"],
-        }
-
-        # Expected result
-        result_info2 = {
-            "email": "[email protected]",
-            "name": "mosh",
-            "username": "mosh",
-        }
-
-        appbuilder2 = MagicMock()
-        user_mock2 = MagicMock()
-        request_mock = MagicMock(side_effect=[user_mock2])
-        user_mock2.json.return_value = data2
-        appbuilder2.sm.oauth_remotes["OpenSRP"].get = request_mock
-        csm2 = CustomSecurityManager(appbuilder=appbuilder2)
-        user_info2 = csm2.oauth_user_info(provider="OpenSRP")
-        request_mock.assert_called_once_with("user-details", token=None)
-        assert user_info2 == result_info2
-
-        # Sample data returned OpenSRP v2
-        data3 = {"username": "mosh", "roles": ["Privilege Level: Full"]}
-
-        # Expected result
-        result_info3 = {"email": "[email protected]", "username": "mosh"}
-
-        appbuilder3 = MagicMock()
-        user_mock3 = MagicMock()
-        user_mock3.json.return_value = data3
-        appbuilder3.sm.oauth_remotes["OpenSRP"].get = MagicMock(
-            side_effect=[user_mock3]
-        )
-        csm3 = CustomSecurityManager(appbuilder=appbuilder3)
-        user_info3 = csm3.oauth_user_info(provider="OpenSRP")
-        assert user_info3 == result_info3
-
     def test_oauth_user_info_no_provider(self):  # pylint: disable=R0201
         """
         Test that when no provider is provided

tests/test_views.py

@@ -20,7 +20,7 @@ class TestApiViews(SupersetTestCase):
 
     def setUp(self):
         superset.db.create_all()
-        superset.utils.core.get_or_create_db("main", "sqlite:///main.db")
+        superset.utils.database.get_or_create_db("main", "sqlite:///main.db")
         superset.appbuilder.add_permissions(update_perms=True)
         superset.security_manager.sync_role_definitions()