[AAP-50320] Add missing api schema for /ui_auth endpoint (#782)

Dostonbek1 · web-flow · commit 372a174c5488 · 2025-07-28T14:17:24.000-04:00
[AAP-50320] Add missing api schema for /ui_auth endpoint
diff --git a/ansible_base/authentication/serializers/__init__.py b/ansible_base/authentication/serializers/__init__.py
@@ -1,2 +1,3 @@
 from .authenticator import AuthenticatorSerializer  # noqa: 401
 from .authenticator_map import AuthenticatorMapSerializer  # noqa: 401
+from .ui_auth import PasswordAuthenticatorSerializer, SSOAuthenticatorSerializer, UIAuthResponseSerializer  # noqa: 401
diff --git a/ansible_base/authentication/serializers/ui_auth.py b/ansible_base/authentication/serializers/ui_auth.py
@@ -0,0 +1,27 @@
+from rest_framework import serializers
+
+
+class PasswordAuthenticatorSerializer(serializers.Serializer):
+    """Serializer for password authenticator items in UI auth response."""
+
+    name = serializers.CharField(read_only=True)
+
+
+class SSOAuthenticatorSerializer(serializers.Serializer):
+    """Serializer for SSO authenticator items in UI auth response."""
+
+    name = serializers.CharField(read_only=True)
+    login_url = serializers.URLField(read_only=True)
+    type = serializers.CharField(read_only=True)
+
+
+class UIAuthResponseSerializer(serializers.Serializer):
+    """Serializer for UI authentication configuration response."""
+
+    passwords = PasswordAuthenticatorSerializer(many=True, read_only=True)
+    ssos = SSOAuthenticatorSerializer(many=True, read_only=True)
+    show_login_form = serializers.BooleanField(read_only=True)
+    login_redirect_override = serializers.CharField(allow_blank=True, read_only=True)
+    custom_login_info = serializers.CharField(allow_blank=True, read_only=True)
+    custom_logo = serializers.CharField(allow_blank=True, read_only=True)
+    managed_cloud_install = serializers.BooleanField(read_only=True)
diff --git a/ansible_base/authentication/views/ui_auth.py b/ansible_base/authentication/views/ui_auth.py
@@ -1,10 +1,12 @@
 import logging
 
+from django.conf import settings
 from django.utils.translation import gettext_lazy as _
 from rest_framework.response import Response
 from rest_framework.serializers import ValidationError
 
 from ansible_base.authentication.models import Authenticator
+from ansible_base.authentication.serializers import UIAuthResponseSerializer
 from ansible_base.lib.utils.settings import get_setting, is_aoc_instance
 from ansible_base.lib.utils.validation import validate_image_data, validate_url
 from ansible_base.lib.utils.views.django_app_api import AnsibleBaseDjangoAppApiView
@@ -15,12 +17,27 @@
 class UIAuth(AnsibleBaseDjangoAppApiView):
     authentication_classes = []
     permission_classes = []
+    serializer_class = UIAuthResponseSerializer
 
-    def get(self, request, format=None):
+    def _get(self):
         response = generate_ui_auth_data()
-
         return Response(response)
 
+    # Conditionally add openapi documentation
+    if 'ansible_base.api_documentation' in settings.INSTALLED_APPS:
+        from drf_spectacular.utils import extend_schema
+
+        @extend_schema(
+            request=None, responses=UIAuthResponseSerializer, description="Get UI authentication configuration including available authenticators and settings."
+        )
+        def get(self, request, format=None):
+            return self._get()
+
+    else:
+
+        def get(self):
+            return self._get()
+
 
 def generate_ui_auth_data():
     authenticators = Authenticator.objects.filter(enabled=True)
diff --git a/test_app/tests/authentication/serializers/test_ui_auth.py b/test_app/tests/authentication/serializers/test_ui_auth.py
@@ -0,0 +1,220 @@
+from ansible_base.authentication.serializers.ui_auth import (
+    PasswordAuthenticatorSerializer,
+    SSOAuthenticatorSerializer,
+    UIAuthResponseSerializer,
+)
+
+
+class TestPasswordAuthenticatorSerializer:
+    def test_serializes_password_authenticator_data(self):
+        """Test PasswordAuthenticatorSerializer serializes data correctly"""
+        data = {'name': 'password_auth'}
+        serializer = PasswordAuthenticatorSerializer(data)
+        assert serializer.data == data
+
+    def test_serializes_with_different_name(self):
+        """Test PasswordAuthenticatorSerializer with different name"""
+        data = {'name': 'local_password'}
+        serializer = PasswordAuthenticatorSerializer(data)
+        assert serializer.data == data
+
+
+class TestSSOAuthenticatorSerializer:
+    def test_serializes_sso_authenticator_data(self):
+        """Test SSOAuthenticatorSerializer serializes data correctly"""
+        data = {'name': 'sso_auth', 'login_url': 'https://example.com/login', 'type': 'saml'}
+        serializer = SSOAuthenticatorSerializer(data)
+        assert serializer.data == data
+
+    def test_serializes_different_sso_types(self):
+        """Test SSOAuthenticatorSerializer with different SSO types"""
+        saml_data = {'name': 'saml_auth', 'login_url': 'https://example.com/saml', 'type': 'saml'}
+        oidc_data = {'name': 'oidc_auth', 'login_url': 'https://example.com/oidc', 'type': 'oidc'}
+
+        saml_serializer = SSOAuthenticatorSerializer(saml_data)
+        oidc_serializer = SSOAuthenticatorSerializer(oidc_data)
+
+        assert saml_serializer.data == saml_data
+        assert oidc_serializer.data == oidc_data
+
+
+class TestUIAuthResponseSerializer:
+    def test_serializes_complete_auth_response(self):
+        """Test UIAuthResponseSerializer serializes complete data correctly"""
+        data = {
+            'passwords': [{'name': 'password_auth'}],
+            'ssos': [{'name': 'sso_auth', 'login_url': 'https://example.com/login', 'type': 'saml'}],
+            'show_login_form': True,
+            'login_redirect_override': 'https://example.com/redirect',
+            'custom_login_info': 'Please login with your credentials',
+            'custom_logo': 'data:image/gif;base64,R0lGODlhAQABAIABAP///wAAACwAAAAAAQABAAACAkQBADs=',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        assert serializer.data == data
+
+    def test_serializes_minimal_auth_response(self):
+        """Test UIAuthResponseSerializer serializes minimal data correctly"""
+        data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': False,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        assert serializer.data == data
+
+    def test_serializes_multiple_password_authenticators(self):
+        """Test UIAuthResponseSerializer with multiple password authenticators"""
+        data = {
+            'passwords': [{'name': 'password_auth_1'}, {'name': 'password_auth_2'}],
+            'ssos': [],
+            'show_login_form': True,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        result = serializer.data
+        assert len(result['passwords']) == 2
+        assert result['passwords'][0] == {'name': 'password_auth_1'}
+        assert result['passwords'][1] == {'name': 'password_auth_2'}
+
+    def test_serializes_multiple_sso_authenticators(self):
+        """Test UIAuthResponseSerializer with multiple SSO authenticators"""
+        data = {
+            'passwords': [],
+            'ssos': [
+                {'name': 'saml_auth', 'login_url': 'https://example.com/saml', 'type': 'saml'},
+                {'name': 'oidc_auth', 'login_url': 'https://example.com/oidc', 'type': 'oidc'},
+            ],
+            'show_login_form': True,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        result = serializer.data
+        assert len(result['ssos']) == 2
+        assert result['ssos'][0] == {'name': 'saml_auth', 'login_url': 'https://example.com/saml', 'type': 'saml'}
+        assert result['ssos'][1] == {'name': 'oidc_auth', 'login_url': 'https://example.com/oidc', 'type': 'oidc'}
+
+    def test_serializes_nested_authenticator_data(self):
+        """Test UIAuthResponseSerializer correctly serializes nested authenticator data"""
+        data = {
+            'passwords': [{'name': 'local_auth'}, {'name': 'ldap_auth'}],
+            'ssos': [
+                {'name': 'google_sso', 'login_url': 'https://accounts.google.com/oauth', 'type': 'oidc'},
+                {'name': 'okta_sso', 'login_url': 'https://company.okta.com/saml', 'type': 'saml'},
+            ],
+            'show_login_form': True,
+            'login_redirect_override': '/dashboard',
+            'custom_login_info': 'Use your company credentials',
+            'custom_logo': 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg==',
+            'managed_cloud_install': True,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        result = serializer.data
+
+        # Verify top-level structure
+        assert result == data
+
+        # Verify nested data is properly serialized
+        assert len(result['passwords']) == 2
+        assert len(result['ssos']) == 2
+        assert result['show_login_form'] is True
+        assert result['managed_cloud_install'] is True
+
+    def test_serializes_empty_authenticator_lists(self):
+        """Test UIAuthResponseSerializer with empty authenticator lists"""
+        data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': False,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        result = serializer.data
+        assert result['passwords'] == []
+        assert result['ssos'] == []
+        assert result['show_login_form'] is False
+
+    def test_serializes_boolean_fields_correctly(self):
+        """Test UIAuthResponseSerializer handles boolean fields correctly"""
+        true_data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': True,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': True,
+        }
+        false_data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': False,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+
+        true_serializer = UIAuthResponseSerializer(true_data)
+        false_serializer = UIAuthResponseSerializer(false_data)
+
+        assert true_serializer.data['show_login_form'] is True
+        assert true_serializer.data['managed_cloud_install'] is True
+        assert false_serializer.data['show_login_form'] is False
+        assert false_serializer.data['managed_cloud_install'] is False
+
+    def test_serializes_string_fields_correctly(self):
+        """Test UIAuthResponseSerializer handles string fields correctly"""
+        data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': False,
+            'login_redirect_override': 'https://example.com/custom-redirect',
+            'custom_login_info': 'Welcome! Please sign in with your credentials.',
+            'custom_logo': 'data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAiIGhlaWdodD0iMTAiPjxyZWN0IHdpZHRoPSIxMCIgaGVpZ2h0PSIxMCIgZmlsbD0iYmx1ZSIvPjwvc3ZnPg==',
+            'managed_cloud_install': False,
+        }
+        serializer = UIAuthResponseSerializer(data)
+        result = serializer.data
+
+        assert result['login_redirect_override'] == 'https://example.com/custom-redirect'
+        assert result['custom_login_info'] == 'Welcome! Please sign in with your credentials.'
+        assert result['custom_logo'].startswith('data:image/svg+xml;base64,')
+
+    def test_read_only_serializer_behavior(self):
+        """Test that the serializer behaves as read-only (for documentation purposes)"""
+        # This test documents that the serializer is read-only
+        # Input validation is not performed since all fields are read_only=True
+        data = {
+            'passwords': [],
+            'ssos': [],
+            'show_login_form': False,
+            'login_redirect_override': '',
+            'custom_login_info': '',
+            'custom_logo': '',
+            'managed_cloud_install': False,
+        }
+
+        # When used as a response serializer (the intended use case)
+        serializer = UIAuthResponseSerializer(data)
+        assert serializer.data == data
+
+        # When used with invalid input data (which would normally fail validation)
+        # it still works because read_only fields are ignored during validation
+        invalid_input = {'invalid_field': 'invalid_value'}
+        input_serializer = UIAuthResponseSerializer(data=invalid_input)
+        assert input_serializer.is_valid()  # Always valid since all fields are read_only
+        assert input_serializer.validated_data == {}  # Empty since fields are read_only

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`from .authenticator import AuthenticatorSerializer # noqa: 401`
`2`	`2`	`from .authenticator_map import AuthenticatorMapSerializer # noqa: 401`
	`3`	`+from .ui_auth import PasswordAuthenticatorSerializer, SSOAuthenticatorSerializer, UIAuthResponseSerializer # noqa: 401`