Merge pull request #93 from browserstack/feat-identity

fix: user identity fixes

Author: vedharish

Access/accessrequest_helper.py

@@ -385,26 +385,26 @@ def create_request(auth_user, access_request_form):
     json_response["status_list"] = []
     extra_fields = get_extra_fields(access_request=access_request)
 
-    for index1, access_type in enumerate(access_request["accessRequests"]):
+    for index1, access_tag in enumerate(access_request["accessRequests"]):
         access_labels = validate_access_labels(
             access_labels_json=access_request["accessLabel"][index1],
-            access_tag=access_type,
+            access_tag=access_tag,
         )
         access_reason = access_request["accessReason"][index1]
 
         request_id = (
             auth_user.username
             + "-"
-            + access_type
+            + access_tag
             + "-"
             + datetime.datetime.utcnow().strftime("%Y%m%d%H%M%S")
         )
-        json_response[access_type] = {
+        json_response[access_tag] = {
             "requestId": request_id,
             "dateTime": current_date_time,
         }
 
-        access_module = helper.get_available_access_modules()[access_type]
+        access_module = helper.get_available_access_modules()[access_tag]
         extra_field_labels = get_extra_field_labels(access_module)
         if extra_fields and extra_field_labels:
             for field in extra_field_labels:
@@ -420,7 +420,7 @@ def create_request(auth_user, access_request_form):
             access_create_error = _create_access(
                 auth_user=auth_user,
                 access_label=access_label,
-                access_type=access_type,
+                access_tag=access_tag,
                 request_id=request_id,
                 access_reason=access_reason,
             )
@@ -453,17 +453,17 @@ def create_request(auth_user, access_request_form):
     return json_response
 
 
-def _create_access(auth_user, access_label, access_type, request_id, access_reason):
-    user_identity = auth_user.user.get_active_identity(access_tag=access_type)
+def _create_access(auth_user, access_label, access_tag, request_id, access_reason):
+    user_identity = auth_user.user.get_active_identity(access_tag=access_tag)
     if not user_identity:
         return {
             "title": REQUEST_IDENTITY_NOT_SETUP_ERR_MSG["error_msg"],
             "msg": REQUEST_IDENTITY_NOT_SETUP_ERR_MSG["msg"].format(
-                access_tag=access_type
+                access_tag=access_tag
             ),
         }
 
-    access = AccessV2.get(access_type=access_type, access_label=access_label)
+    access = AccessV2.get(access_tag=access_tag, access_label=access_label)
     if access:
         if user_identity.access_mapping_exists(access):
             return {
@@ -481,7 +481,7 @@ def _create_access(auth_user, access_label, access_type, request_id, access_reas
             user_identity=user_identity,
             request_id=request_id,
             access_label=access_label,
-            access_type=access_type,
+            access_tag=access_tag,
             access_reason=access_reason,
         )
     except Exception:
@@ -493,11 +493,11 @@ def _create_access(auth_user, access_label, access_type, request_id, access_reas
 
 @transaction.atomic
 def _create_access_mapping(
-    user_identity, access, request_id, access_type, access_label, access_reason
+    user_identity, access, request_id, access_tag, access_label, access_reason
 ):
     if not access:
         access = AccessV2.objects.create(
-            access_tag=access_type, access_label=access_label
+            access_tag=access_tag, access_label=access_label
         )
 
     user_identity.user_access_mapping.create(

Access/models.py

@@ -308,6 +308,15 @@ def get_active_users_with_permission(permission_label):
             )
         except User.DoesNotExist:
             return None
+    
+    @staticmethod
+    def get_system_user():
+        try:
+            return User.objects.get(name="system_user")
+        except User.DoesNotExist:
+            django_user = user.objects.create(username="system_user")
+            system_user = User.objects.create(email="[email protected]", user=django_user, name=django_user.username)
+            return system_user
 
     def __str__(self):
         return "%s" % (self.user)
@@ -1106,10 +1115,10 @@ def __str__(self):
             return self.access_tag
 
     @staticmethod
-    def get(access_type, access_label):
+    def get(access_tag, access_label):
         try:
             return AccessV2.objects.get(
-                access_tag=access_type, access_label=access_label
+                access_tag=access_tag, access_label=access_label
             )
         except AccessV2.DoesNotExist:
             return None

Access/userlist_helper.py

@@ -63,6 +63,12 @@ def get_identity_templates(auth_user):
             all_modules.pop(user_identity.access_tag)
 
     for mod in all_modules.values():
+        if not mod.get_identity_template():
+            if not auth_user.user.get_active_identity(mod.tag()):
+                auth_user.user.create_new_identity(
+                    access_tag=mod.tag(), identity={}
+                )
+            continue
         context["unconfigured_identity_template"].append(
             {
                 "accessUserTemplatePath": mod.get_identity_template(),
@@ -94,12 +100,12 @@ def create_identity(user_identity_form, auth_user):
         existing_user_identity = user.get_active_identity(
             access_tag=selected_access_module.tag()
         )
-        if new_module_identity_json == existing_user_identity.identity:
-            raise IdentityNotChangedException()
         existing_user_access_mapping = None
 
         # get useraccess if an identity already exists
         if existing_user_identity:
+            if new_module_identity_json == existing_user_identity.identity:
+                raise IdentityNotChangedException()
             existing_user_access_mapping = (
                 existing_user_identity.get_active_access_mapping()
             )
@@ -142,19 +148,20 @@ def __change_identity_and_transfer_access_mapping(
     )
     # replicate the memberships with new identity
     new_user_access_mapping = []
-    if existing_user_access_mapping:
-        new_user_access_mapping = (
-            new_user_identity.replicate_active_access_membership_for_module(
-                existing_access=existing_user_access_mapping
+    if existing_user_identity:
+        if existing_user_access_mapping:
+            new_user_access_mapping = (
+                new_user_identity.replicate_active_access_membership_for_module(
+                    existing_access=existing_user_access_mapping
+                )
             )
-        )
-    system_user = User.get_system_user()
+        system_user = User.get_system_user()
 
-    for mapping in existing_user_access_mapping:
-        if mapping.is_approved():
-            revoke_request(user_access_mapping=mapping, revoker=system_user)
+        for mapping in existing_user_access_mapping:
+            if mapping.is_approved():
+                revoke_request(user_access_mapping=mapping, revoker=system_user)
 
-    existing_user_identity.decline_all_non_approved_access_mappings("Identity Updated")
+        existing_user_identity.decline_all_non_approved_access_mappings("Identity Updated")
 
     for mapping in new_user_access_mapping:
         if mapping.is_processing() or mapping.is_grantfailed():

Access/views.py

@@ -652,7 +652,7 @@ def individual_resolve(request):
             "error_msg": "Bad request",
             "msg": "Error in request not found OR Invalid request type",
         }
-        return render(request, "BSOps/accessStatus.html", json_response)
+        return render(request, "EnigmaOps/accessStatus.html", json_response)
 
 
 @login_required
@@ -689,7 +689,7 @@ def ignore_failure(request, selector):
                         "msg": "The request is already in final state.",
                     }
                 )
-        return render(request, "BSOps/accessStatus.html", json_response)
+        return render(request, "EnigmaOps/accessStatus.html", json_response)
     except Exception as e:
         logger.debug("Error in request not found OR Invalid request type")
         logger.exception(e)
@@ -698,7 +698,7 @@ def ignore_failure(request, selector):
             "error_msg": str(e),
             "msg": "Error in request not found OR Invalid request type",
         }
-        return render(request, "BSOps/accessStatus.html", json_response)
+        return render(request, "EnigmaOps/accessStatus.html", json_response)
 
 
 @login_required
@@ -727,7 +727,7 @@ def resolve_bulk(request):
                         "msg": "The request is already in final state.",
                     }
                 )
-        return render(request, "BSOps/accessStatus.html", json_response)
+        return render(request, "EnigmaOps/accessStatus.html", json_response)
     except Exception as e:
         logger.debug("Error in request not found OR Invalid request type")
         logger.exception(e)

templates/updateUser.html

@@ -72,7 +72,7 @@ <h2 class="h5 no-margin-bottom">Update User Info: {{request.user}}</h2>
       $('#' + formId).find('#success-msg').text("")
       error_message = "There was an error in updating User Identity for module " + modName + ". Please contact Admin"
       $.ajax({
-          url : "{% url 'saveIdentity' %}/", // the endpoint
+          url : "{% url 'saveIdentity' %}", // the endpoint
           type : "POST", // http method
           data : $('#' + formId).serialize(),