Implement a user creation endpoint in the server.

Back a POST handler onto the refactored createuser functionality file which
exposes a function that can be invoked programatically with a configuration.

Author: albu-diku

mig/api/server.py

@@ -43,6 +43,7 @@
 import cgi
 import cgitb
 import codecs
+from collections import defaultdict, namedtuple
 from flask import Flask, request, Response
 from functools import partial, update_wrapper
 import os
@@ -56,7 +57,7 @@
 from wsgiref.simple_server import WSGIRequestHandler
 
 from mig.shared.accountstate import check_account_accessible
-from mig.shared.base import client_dir_id, client_id_dir, cert_field_map
+from mig.shared.base import canonical_user, client_dir_id, client_id_dir, cert_field_map
 from mig.shared.conf import get_configuration_object
 from mig.shared.compat import PY2
 from mig.shared.griddaemons.openid import default_max_user_hits, \
@@ -72,10 +73,11 @@
     valid_complex_url, InputException
 from mig.shared.tlsserver import hardened_ssl_context
 from mig.shared.url import urlparse, urlencode, parse_qsl
-from mig.shared.useradm import create_user, get_any_oid_user_dn, check_password_scramble, \
+from mig.shared.useradm import get_any_oid_user_dn, check_password_scramble, \
     check_hash
 from mig.shared.userdb import default_db_path
 from mig.shared.validstring import possible_user_id, is_valid_email_address
+from mig.server.createuser import _main as createuser
 
 # Update with extra fields
 cert_field_map.update({'role': 'ROLE', 'timezone': 'TZ', 'nickname': 'NICK',
@@ -114,8 +116,8 @@ def _ensure_encoded_string(chunk):
     exc.code: exc for exc in httpexceptions.__dict__.values() if hasattr(exc, 'code')}
 
 
-def http_error_from_status_code(http_status_code, http_url):
-    return httpexceptions_by_code[http_status_code]()
+def http_error_from_status_code(http_status_code, http_url, description=None):
+    return httpexceptions_by_code[http_status_code](description)
 
 
 def quoteattr(val):
@@ -156,7 +158,66 @@ def invalid_argument(arg):
     raise ValueError("Unexpected query variable: %s" % quoteattr(arg))
 
 
-def _create_and_expose_server(configuration):
+# requests
+
+class ValidationReport(RuntimeError):
+    def __init__(self, errors_by_field):
+        self.errors_by_field = errors_by_field
+
+    def serialize(self, output_format='text'):
+        if output_format == 'json':
+            return dict(errors=self.errors_by_field)
+        else:
+            lines = ["- %s: required %s" % (k, v) for k, v in self.errors_by_field.items()]
+            lines.insert(0, '')
+            return 'payload failed to validate:%s' % ('\n'.join(lines),)
+
+
+def _is_not_none(value):
+    """value is not None"""
+    return value is not None
+
+
+def _is_string_and_non_empty(value):
+    """value is a non-empty string"""
+    return isinstance(value, str) and len(value) > 0
+
+
+_REQUEST_ARGS_POST_USER = namedtuple('PostUserArgs', [
+    'full_name',
+    'organization',
+    'state',
+    'country',
+    'email',
+    'comment',
+    'password',
+])
+
+
+_REQUEST_ARGS_POST_USER._validators = defaultdict(lambda: _is_not_none, dict(
+    full_name=_is_string_and_non_empty,
+    organization=_is_string_and_non_empty,
+    state=_is_string_and_non_empty,
+    country=_is_string_and_non_empty,
+    email=_is_string_and_non_empty,
+    comment=_is_string_and_non_empty,
+    password=_is_string_and_non_empty,
+))
+
+def validate_payload(definition, payload):
+    args = definition(*[payload.get(field, None) for field in definition._fields])
+
+    errors_by_field = {}
+    for field_name, field_value in args._asdict().items():
+        validator_fn = definition._validators[field_name]
+        if not validator_fn(field_value):
+            errors_by_field[field_name] = validator_fn.__doc__
+    if errors_by_field:
+        raise ValidationReport(errors_by_field)
+    else:
+        return args
+
+def _create_and_expose_server(server, configuration):
     app = Flask('coreapi')
 
     @app.get('/openid/user')
@@ -171,9 +232,28 @@ def GET_user_username(username):
     def POST_user():
         payload = request.get_json()
 
-        greeting = payload.get('greeting', '<none>')
-        if greeting == 'provocation':
-            raise http_error_from_status_code(422, None)
+        # unpack the payload to a series of arguments
+        try:
+            validated = validate_payload(_REQUEST_ARGS_POST_USER, payload)
+        except ValidationReport as vr:
+            return http_error_from_status_code(400, None, vr.serialize())
+
+        args = list(validated)
+
+        try:
+
+        #     user_dict = canonical_user(configuration, raw_user, raw_user.keys())
+        # except (AttributeError, IndexError, KeyError) as e:
+        #     raise http_error_from_status_code(400, None)
+        # except Exception as e:
+        #     pass
+
+        # try:
+            createuser(configuration, args)
+        except Exception as e:
+            pass
+
+        greeting = 'hello client!'
         return Response(greeting, 201)
 
     return app

tests/support/htmlsupp.py

@@ -0,0 +1,71 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# --- BEGIN_HEADER ---
+#
+# htmlsupp - test support library for HTML
+# Copyright (C) 2003-2024  The MiG Project by the Science HPC Center at UCPH
+#
+# This file is part of MiG.
+#
+# MiG is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# MiG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# -- END_HEADER ---
+#
+
+"""Test support library for HTML."""
+
+
+class HtmlAssertMixin:
+    """Custom assertions for HTML containing strings."""
+
+    def assertHtmlElement(self, value, tag_name):
+        """Check that an occurrence of the specifid tag within an HTML input
+        string can be found. Returns the textual content of the first match.
+        """
+
+        self.assertIsValidHtmlDocument(value, permit_no_close=True)
+
+        # TODO: this is a definitively stop-gap way of finding a tag within the HTML
+        #       and is used purely to keep this initial change to a reasonable size.
+
+        tag_open = ''.join(['<', tag_name, '>'])
+        tag_open_index = value.index(tag_open)
+        tag_open_index_after = tag_open_index + len(tag_open)
+
+        tag_close = ''.join(['</', tag_name, '>'])
+        tag_close_index = value.index(tag_close, tag_open_index_after)
+
+        return value[tag_open_index_after:tag_close_index]
+
+    def assertIsValidHtmlDocument(self, value, permit_no_close=False):
+        """Check that the input string contains a valid HTML document.
+        """
+
+        assert isinstance(value, type(u""))
+
+        error = None
+        try:
+            has_doctype = value.startswith("<!DOCTYPE html") or value.startswith("<!doctype html")
+            assert has_doctype, "no valid document opener"
+            end_html_tag_idx = value.rfind('</html>')
+            if end_html_tag_idx == -1 and permit_no_close:
+                return
+            maybe_document_end = value[end_html_tag_idx:].rstrip()
+            assert maybe_document_end == '</html>', "no valid document closer"
+        except Exception as exc:
+            error = exc
+        if error:
+            raise AssertionError("failed to verify input string as HTML: %s", str(error))

tests/test_mig_api.py

@@ -1,17 +1,21 @@
 from __future__ import print_function
 import codecs
+import errno
 import json
 import os
+import shutil
 import sys
 import unittest
 from threading import Thread
 from unittest import skip
 
 from tests.support import PY2, MIG_BASE, TEST_OUTPUT_DIR, MigTestCase, \
     testmain, temppath, make_wrapped_server
+from tests.support.htmlsupp import HtmlAssertMixin
 
 from mig.api import ThreadedApiHttpServer, _extend_configuration, _create_and_expose_server
 from mig.shared.conf import get_configuration_object
+from mig.shared.useradm import _USERADM_CONFIG_DIR_KEYS
 
 _PYTHON_MAJOR = '2' if PY2 else '3'
 _TEST_CONF_DIR = os.path.join(
@@ -26,11 +30,19 @@
     from urllib.request import urlopen, Request
 
 
-class MigServerGrid_openid(MigTestCase):
+class MigServerGrid_openid(MigTestCase, HtmlAssertMixin):
     def before_each(self):
         self.server_addr = None
         self.server_thread = None
 
+        for config_key in _USERADM_CONFIG_DIR_KEYS:
+            dir_path = getattr(self.configuration, config_key)[0:-1]
+            try:
+                shutil.rmtree(dir_path)
+            except OSError as exc:
+                if exc.errno != errno.ENOENT:  # FileNotFoundError
+                    pass
+
     def _provide_configuration(self):
         return 'testconfig'
 
@@ -61,7 +73,7 @@ def issue_GET(self, request_path):
 
         return (status, data)
 
-    def issue_POST(self, request_path, request_data=None, request_json=None):
+    def issue_POST(self, request_path, request_data=None, request_json=None, response_encoding='textual'):
         assert isinstance(request_path, str) and request_path.startswith(
             '/'), "require http path starting with /"
         request_url = ''.join(
@@ -93,12 +105,18 @@ def issue_POST(self, request_path, request_data=None, request_json=None):
             data = response.read()
         except HTTPError as httpexc:
             status = httpexc.code
-            data = None
+            data = httpexc.file.read()
 
-        try:
-            data = json.loads(data)
-        except Exception as e:
-            pass
+        if response_encoding == 'textual':
+            data = codecs.decode(data, 'utf8')
+
+            try:
+                data = json.loads(data)
+            except Exception as e:
+                pass
+        elif response_encoding != 'binary':
+            raise AssertionError(
+                'issue_POST: unknown response_encoding "%s"' % (response_encoding,))
 
         return (status, data)
 
@@ -180,7 +198,11 @@ def test_POST_user__bad_input_data(self):
             'greeting': 'provocation'
         })
 
-        self.assertEqual(status, 422)
+        self.assertEqual(status, 400)
+        error_description = self.assertHtmlElement(content, 'p')
+        error_description_lines = error_description.split('<br>')
+        self.assertEqual(
+            error_description_lines[0], 'payload failed to validate:')
 
     @unittest.skipIf(PY2, "Python 3 only")
     def test_POST_user(self):
@@ -191,12 +213,18 @@ def test_POST_user(self):
         self.server_thread = self._make_server(configuration)
         self.server_thread.start_wait_until_ready()
 
-        status, content = self.issue_POST('/openid/user', request_json={
-            'greeting': 'hello client!',
-        })
+        status, content = self.issue_POST('/openid/user', response_encoding='textual', request_json=dict(
+            full_name="Test User",
+            organization="Test Org",
+            state="NA",
+            country="DK",
+            email="dummy-user",
+            comment="This is the create comment",
+            password="password",
+        ))
 
         self.assertEqual(status, 201)
-        self.assertEqual(content, b'hello client!')
+        self.assertEqual(content, 'hello client!')
 
     def _make_configuration(self, test_logger, server_addr, overrides=None):
         configuration = self.configuration
@@ -216,7 +244,8 @@ def _make_configuration(self, test_logger, server_addr, overrides=None):
     @staticmethod
     def _make_server(configuration):
         def _on_instance(server):
-            server.server_app = _create_and_expose_server(server.configuration)
+            server.server_app = _create_and_expose_server(
+                server, server.configuration)
 
         server_thread = make_wrapped_server(
             ThreadedApiHttpServer, configuration, on_instance=_on_instance)