Undo short-term fix and adjust tests (#1261)

jimmyfagan · web-flow · commit 3d7f3b4f5769 · 2024-11-06T16:01:26.000-05:00
diff --git a/apps/capabilities/permissions.py b/apps/capabilities/permissions.py
@@ -37,20 +37,15 @@ def has_permission(self, request, view):
                 slug__in=token_scopes
             ).values_list('protected_resources', flat=True).all())
 
-            # this is a shorterm fix to reject all tokens that do not have either
-            # patient/coverage.read or patient/ExplanationOfBenefit.read
-            if ("patient/Coverage.read" in token_scopes) or ("patient/ExplanationOfBenefit.read" in token_scopes):
-                for scope in scopes:
-                    for method, path in json.loads(scope):
-                        if method != request.method:
-                            continue
-                        if path == request.path:
-                            return True
-                        if re.fullmatch(path, request.path) is not None:
-                            return True
-                return False
-            else:
-                return False
+            for scope in scopes:
+                for method, path in json.loads(scope):
+                    if method != request.method:
+                        continue
+                    if path == request.path:
+                        return True
+                    if re.fullmatch(path, request.path) is not None:
+                        return True
+            return False
         else:
             # BB2-237: Replaces ASSERT with exception. We should never reach here.
             mesg = ("TokenHasScope requires the `oauth2_provider.rest_framework.OAuth2Authentication`"
diff --git a/apps/capabilities/tests.py b/apps/capabilities/tests.py
@@ -1,5 +1,4 @@
 import json
-import unittest
 
 from django.contrib.auth.models import Group
 from django.test import TestCase
@@ -41,7 +40,6 @@ def setUp(self):
             protected_resources=json.dumps([["POST", "/path"]]),
         )
 
-    @unittest.skip("Broke with quick fix")
     def test_request_is_protected(self):
         request = SimpleRequest("scope")
         request.method = "GET"
diff --git a/apps/dot_ext/forms.py b/apps/dot_ext/forms.py
@@ -335,7 +335,7 @@ def clean(self):
             scope = ""
 
         # Remove demographic information scopes, if beneficiary is not sharing
-        if cleaned_data.get("share_demographic_scopes") == "False":
+        if cleaned_data.get("share_demographic_scopes") != "True":
             cleaned_data["scope"] = " ".join(
                 [
                     s
diff --git a/apps/dot_ext/tests/demographic_scopes_test_cases.py b/apps/dot_ext/tests/demographic_scopes_test_cases.py
@@ -47,7 +47,7 @@
     --------------------------------------------------
     USED in the following test:
       apps.dot_ext.tests.test_form_oauth2
-                        .TestSimpleAllowFormForm.test_form()
+                        .TestSimpleAllowForm.test_form()
     Test case dictionary key and value meanings:
     REQUEST PARAMETERS:
       These are used to setup the authorization request.
@@ -68,7 +68,7 @@
         "request_scopes": APPLICATION_SCOPES_FULL,
         # Result:
         "result_form_is_valid": True,
-        "result_token_scopes_granted": APPLICATION_SCOPES_FULL,
+        "result_token_scopes_granted": APPLICATION_SCOPES_NON_DEMOGRAPHIC,
     },
     "test 2: share_demographic_scopes = False": {
         # Request:
@@ -181,7 +181,7 @@
         "request_scopes": APPLICATION_SCOPES_FULL,
         # Result:
         "result_has_error": False,
-        "result_token_scopes_granted": APPLICATION_SCOPES_FULL,
+        "result_token_scopes_granted": APPLICATION_SCOPES_NON_DEMOGRAPHIC,
         "result_access_token_count": 1,
         "result_refresh_token_count": 1,
         "result_archived_token_count": 0,
@@ -221,7 +221,7 @@
         "request_scopes": APPLICATION_SCOPES_FULL,
         # Result:
         "result_has_error": False,
-        "result_token_scopes_granted": APPLICATION_SCOPES_FULL,
+        "result_token_scopes_granted": APPLICATION_SCOPES_NON_DEMOGRAPHIC,
         "result_access_token_count": 3,
         "result_refresh_token_count": 3,
         "result_archived_token_count": 1,
@@ -314,7 +314,7 @@
         "request_scopes": SCOPES_JUST_PATIENT_AND_A,
         # Result:
         "result_has_error": False,
-        "result_token_scopes_granted": SCOPES_JUST_PATIENT_AND_A,
+        "result_token_scopes_granted": SCOPES_JUST_A,
         "result_access_token_count": 3,
         "result_refresh_token_count": 3,
         "result_archived_token_count": 8,
diff --git a/apps/dot_ext/tests/test_form_oauth2.py b/apps/dot_ext/tests/test_form_oauth2.py
@@ -4,7 +4,7 @@
 from .demographic_scopes_test_cases import FORM_OAUTH2_SCOPES_TEST_CASES
 
 
-class TestSimpleAllowFormForm(BaseApiTest):
+class TestSimpleAllowForm(BaseApiTest):
     fixtures = ['scopes.json']
 
     def test_form(self):
diff --git a/apps/dot_ext/tests/test_verify_bfd_headers.py b/apps/dot_ext/tests/test_verify_bfd_headers.py
@@ -63,6 +63,7 @@ def _create_test_token(self, user, application):
             "scope": application.scopes().split(" "),
             "expires_in": 86400,
             "allow": True,
+            "share_demographic_scopes": True
         }
         if application.authorization_grant_type == Application.GRANT_IMPLICIT:
             payload["response_type"] = "token"
diff --git a/apps/dot_ext/tests/test_views.py b/apps/dot_ext/tests/test_views.py
@@ -1,6 +1,5 @@
 import json
 import base64
-import unittest
 from datetime import date, timedelta
 
 from django.conf import settings
@@ -163,20 +162,8 @@ def test_post_with_restricted_scopes_issues_token_with_same_scopes(self):
         # and here we test that only the capability-a scope has been issued
         self.assertEqual(content["scope"], "capability-a")
 
-    @unittest.skip("Broke with quick fix")
-    def test_post_with_share_demographic_scopes(self):
-        # Test with-out new_auth switch
-        self.testing_post_with_share_demographic_scopes()
-
-    @unittest.skip("Broke with quick fix")
-    @override_switch("new_auth", active=True)
-    def test_post_with_share_demographic_scopes_new_auth_switch(self):
-        # Test with new_auth switch.
-        self.testing_post_with_share_demographic_scopes()
-
-    @unittest.skip("Broke with quick fix")
     @override_switch("require-scopes", active=True)
-    def testing_post_with_share_demographic_scopes(self):
+    def test_post_with_share_demographic_scopes(self):
         """
         Test authorization related to different, beneficiary "share_demographic_scopes",
         application.require_demographic_scopes, and requested scopes values.

Original file line number	Diff line number	Diff line change
`@@ -335,7 +335,7 @@ def clean(self):`
`335`	`335`	`scope = ""`
`336`	`336`
`337`	`337`	`# Remove demographic information scopes, if beneficiary is not sharing`
`338`		`- if cleaned_data.get("share_demographic_scopes") == "False":`
	`338`	`+ if cleaned_data.get("share_demographic_scopes") != "True":`
`339`	`339`	`cleaned_data["scope"] = " ".join(`
`340`	`340`	`[`
`341`	`341`	`s`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ def _create_test_token(self, user, application):`
`63`	`63`	`"scope": application.scopes().split(" "),`
`64`	`64`	`"expires_in": 86400,`
`65`	`65`	`"allow": True,`
	`66`	`+ "share_demographic_scopes": True`
`66`	`67`	`}`
`67`	`68`	`if application.authorization_grant_type == Application.GRANT_IMPLICIT:`
`68`	`69`	`payload["response_type"] = "token"`