Merge pull request #3917 from freedomofpress/reply-uuid

add uuid to reply endpoint
freedomofpress · Nov 2, 2018 · 3fb4a91 · 3fb4a91
2 parents 18f9063 + 49ca003
commit 3fb4a91
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 8 deletions.
diff --git a/docs/development/journalist_api.rst b/docs/development/journalist_api.rst
@@ -363,25 +363,29 @@ source.
 
 with the reply in the request body:
 
-.. code:: sh
+.. code:: json
 
   {
    "reply": "-----BEGIN PGP MESSAGE-----[...]-----END PGP MESSAGE-----"
   }
 
 Response 201 created (application/json):
 
-.. code:: sh
+.. code:: json
 
   {
-    "message": "Your reply has been stored"
+    "message": "Your reply has been stored",
+    "uuid": "0bc588dd-f613-4999-b21e-1cebbd9adc2c"
   }
 
+The returned ``uuid`` field is the UUID of the reply and can be used to
+reference this reply later.
+
 Replies that do not contain a GPG encrypted message will be rejected:
 
 Response 400 (application/json):
 
-.. code:: sh
+.. code:: json
 
   {
       "message": "You must encrypt replies client side"

diff --git a/securedrop/journalist_app/api.py b/securedrop/journalist_app/api.py
@@ -244,7 +244,8 @@ def all_source_replies(source_uuid):
             db.session.add(reply)
             db.session.add(source)
             db.session.commit()
-            return jsonify({'message': 'Your reply has been stored'}), 201
+            return jsonify({'message': 'Your reply has been stored',
+                            'uuid': reply.uuid}), 201
 
     @api.route('/sources/<source_uuid>/replies/<reply_uuid>',
                methods=['GET', 'DELETE'])

diff --git a/securedrop/tests/test_journalist_api.py b/securedrop/tests/test_journalist_api.py
@@ -4,6 +4,7 @@
 import os
 
 from pyotp import TOTP
+from uuid import UUID
 
 from flask import current_app, url_for
 from itsdangerous import TimedJSONWebSignatureSerializer
@@ -641,10 +642,14 @@ def test_authorized_user_can_add_reply(journalist_app, journalist_api_token,
                             headers=get_api_headers(journalist_api_token))
         assert response.status_code == 201
 
-    with journalist_app.app_context():  # Now verify everything was saved.
-        # Get most recent reply in the database
-        reply = Reply.query.order_by(Reply.id.desc()).first()
+    # ensure the uuid is present and valid
+    reply_uuid = UUID(response.json['uuid'])
+
+    # check that the uuid has a matching db object
+    reply = Reply.query.filter_by(uuid=str(reply_uuid)).one_or_none()
+    assert reply is not None
 
+    with journalist_app.app_context():  # Now verify everything was saved.
         assert reply.journalist_id == test_journo['id']
         assert reply.source_id == source_id