aeecleclair · BLEMENT33 · Feb 23, 2024 · Feb 23, 2024 · Mar 4, 2024 · Mar 15, 2024
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -13,7 +13,9 @@
     "[python]": {
         "editor.defaultFormatter": "ms-python.black-formatter"
     },
-    "python.testing.pytestArgs": ["tests"],
+    "python.testing.pytestArgs": [
+        "."
+    ],
     "python.testing.unittestEnabled": false,
     "python.testing.pytestEnabled": true,
     "black-formatter.path": [

diff --git a/app/api.py b/app/api.py
@@ -13,6 +13,7 @@
     campaign,
     cinema,
     core,
+    external_account,
     groups,
     loan,
     notification,
@@ -32,6 +33,7 @@
 api_router.include_router(campaign.router)
 api_router.include_router(cinema.router)
 api_router.include_router(core.router)
+api_router.include_router(external_account.router)
 api_router.include_router(groups.router)
 api_router.include_router(loan.router)
 api_router.include_router(notification.router)

diff --git a/app/cruds/cruds_external_account.py b/app/cruds/cruds_external_account.py
@@ -0,0 +1,24 @@
+from sqlalchemy import update
+from sqlalchemy.exc import IntegrityError
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.models import models_core
+from app.utils.types.groups_type import GroupType
+
+
+async def disable_external_accounts(db: AsyncSession):
+    try:
+        await db.execute(
+            update(models_core.CoreUser)
+            .where(
+                models_core.CoreUser.groups.any(
+                    models_core.CoreGroup.id == GroupType.external.value
+                )
+            )
+            .values(enabled=False)
+        )
+        await db.commit()
+
+    except IntegrityError as error:
+        await db.rollback()
+        raise ValueError(error)
diff --git a/app/endpoints/auth.py b/app/endpoints/auth.py
@@ -81,6 +81,11 @@
             detail="Incorrect login or password",
             headers={"WWW-Authenticate": "Bearer"},
         )
+    if not user.enabled:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Disabled account. Contact eclair@myecl.fr for more informations.",
+        )
     # We put the user id in the subject field of the token.
     # The subject `sub` is a JWT registered claim name, see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
     data = schemas_auth.TokenData(sub=user.id, scopes=ScopeType.API)

diff --git a/app/endpoints/external_account.py b/app/endpoints/external_account.py
@@ -0,0 +1,22 @@
+from fastapi import APIRouter, Depends
+from sqlalchemy.ext.asyncio import AsyncSession
+
+from app.cruds import cruds_external_account
+from app.dependencies import get_db, is_user_a_member_of
+from app.models import models_core
+from app.utils.types.groups_type import GroupType
+from app.utils.types.tags import Tags
+
+router = APIRouter()
+
+
+@router.get(
+    "/external/",
+    status_code=200,
+    tags=[Tags.external_account],
+)
+async def disable_external_users(
+    db: AsyncSession = Depends(get_db),
+    user: models_core.CoreUser = Depends(is_user_a_member_of(GroupType.admin)),
+):
+    return await cruds_external_account.disable_external_accounts(db=db)
diff --git a/app/endpoints/users.py b/app/endpoints/users.py
@@ -178,9 +178,10 @@
         # Its a former student email address
         account_type = AccountType.formerstudent
     else:
-        raise HTTPException(
-            status_code=400,
-            detail="Invalid ECL email address.",
+        # Its a external student email address
+        account_type = AccountType.external
+        hyperion_security_logger.info(
+            "External account created. Will maybe be disabled."
         )
 
     # Make sure a confirmed account does not already exist

diff --git a/app/models/models_core.py b/app/models/models_core.py
@@ -2,7 +2,7 @@
 
 from datetime import date, datetime
 
-from sqlalchemy import Date, DateTime, Enum, ForeignKey, Integer, String
+from sqlalchemy import Boolean, Date, DateTime, Enum, ForeignKey, Integer, String
 from sqlalchemy.orm import Mapped, mapped_column, relationship
 
 from app.database import Base
@@ -35,6 +35,7 @@ class CoreUser(Base):
     phone: Mapped[str | None] = mapped_column(String)
     floor: Mapped[FloorsType] = mapped_column(Enum(FloorsType), nullable=False)
     created_on: Mapped[datetime | None] = mapped_column(DateTime(timezone=True))
+    enabled: Mapped[bool] = mapped_column(Boolean, nullable=False)
 
     # We use list["CoreGroup"] with quotes as CoreGroup is only defined after this class
     # Defining CoreUser after CoreGroup would cause a similar issue

diff --git a/app/schemas/schemas_core.py b/app/schemas/schemas_core.py
@@ -71,6 +71,7 @@ class CoreUser(CoreUserSimple):
     phone: str | None = None
     created_on: datetime | None = None
     groups: list[CoreGroupSimple] = []
+    enabled: bool
 
 
 class CoreUserUpdate(BaseModel):

diff --git a/app/utils/types/groups_type.py b/app/utils/types/groups_type.py
@@ -16,6 +16,7 @@ class GroupType(str, Enum):
     formerstudent = "ab4c7503-41b3-11ee-8177-089798f1a4a5"
     staff = "703056c4-be9d-475c-aa51-b7fc62a96aaa"
     association = "29751438-103c-42f2-b09b-33fbb20758a7"
+    external = "e9f1085f-50e5-440c-80c7-b36c9ad4d6fb"
 
     # Core groups
     admin = "0a25cb76-4b63-4fd3-b939-da6d9feabf28"
@@ -43,6 +44,7 @@ class AccountType(str, Enum):
     formerstudent = GroupType.formerstudent.value
     staff = GroupType.staff.value
     association = GroupType.association.value
+    external = GroupType.external.value
 
     def __str__(self):
         return f"{self.name}<{self.value}>"
diff --git a/app/utils/types/tags.py b/app/utils/types/tags.py
@@ -17,3 +17,4 @@ class Tags(str, Enum):
     raffle = "Raffle"
     advert = "Advert"
     notifications = "Notifications"
+    external_account = "External_account"
diff --git a/tests/commons.py b/tests/commons.py
@@ -141,6 +141,7 @@ async def create_user_with_groups(
         name=name or get_random_string(),
         firstname=firstname or get_random_string(),
         floor=floor,
+        enabled=True
     )
 
     async with TestingSessionLocal() as db:

diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -29,6 +29,7 @@ async def init_objects():
         birthday=date.fromisoformat("2000-01-01"),
         floor=FloorsType.Autre,
         created_on=date.fromisoformat("2000-01-01"),
+        enabled=True,
     )
     await add_object_to_db(user)
 

diff --git a/tests/test_external_account.py b/tests/test_external_account.py
@@ -0,0 +1,41 @@
+import pytest_asyncio
+
+from app.models import models_core
+from app.utils.types.groups_type import GroupType
+
+# We need to import event_loop for pytest-asyncio routine defined bellow
+from tests.commons import event_loop  # noqa
+from tests.commons import client, create_api_access_token, create_user_with_groups
+
+user: models_core.CoreUser
+
+token_admin: str = ""
+
+
+@pytest_asyncio.fixture(scope="module", autouse=True)
+async def init_objects():
+    global user
+    user = await create_user_with_groups([GroupType.external])
+
+    global user_admin
+    user_admin = await create_user_with_groups([GroupType.admin])
+
+    global token_admin
+    token_admin = create_api_access_token(user_admin)
+
+
+def test_disable_external_account():
+    global user
+    response = client.get(
+        "/external/",
+        follow_redirects=False,
+        headers={"Authorization": f"Bearer {token_admin}"},
+    )
+    response1 = client.get(
+        f"/users/{user.id}",
+        headers={"Authorization": f"Bearer {token_admin}"},
+    )
+    assert response.status_code == 200
+    assert response1.status_code == 200
+    data = response1.json()
+    assert not data["enabled"]