Merge pull request #436 from keillera/ALIS-5909

ALIS-5909:  Fix a bug that caused deletion when run by an existing user.

Author: keillera

src/handlers/me/external_provider_user/create/me_external_provider_user_create.py

@@ -32,9 +32,17 @@ def exec_main_proc(self):
            UserUtil.check_try_to_register_as_yahoo_user(body['user_id']) or \
            UserUtil.check_try_to_register_as_facebook_user(body['user_id']):
             raise ValidationError('This username is not allowed')
+
+        # ログインしているユーザが本処理対象の external_provider_user であること
+        external_provider_user_id = params['requestContext']['authorizer']['claims']['cognito:username']
+        if not UserUtil.check_try_to_register_as_line_user(external_provider_user_id) and \
+           not UserUtil.check_try_to_register_as_twitter_user(external_provider_user_id) and \
+           not UserUtil.check_try_to_register_as_yahoo_user(external_provider_user_id) and \
+           not UserUtil.check_try_to_register_as_facebook_user(external_provider_user_id):
+            raise ValidationError('This login user is not eligible.')
+
         users_table = self.dynamodb.Table(os.environ['USERS_TABLE_NAME'])
         external_provider_users_table = self.dynamodb.Table(os.environ['EXTERNAL_PROVIDER_USERS_TABLE_NAME'])
-        external_provider_user_id = params['requestContext']['authorizer']['claims']['cognito:username']
 
         # usersテーブルのユーザIDの重複チェック
         already_user_exists_in_users_table = users_table.get_item(Key={'user_id': body['user_id']}).get('Item') is not None

tests/handlers/me/external_provider_user/create/test_me_external_provider_user_create.py

@@ -2,7 +2,7 @@
 import json
 from unittest import TestCase
 from me_external_provider_user_create import MeExternalProviderUserCreate
-from unittest.mock import patch
+from unittest.mock import patch, MagicMock
 from tests_util import TestsUtil
 from record_not_found_error import RecordNotFoundError
 
@@ -56,9 +56,22 @@ def setUp(self):
     def tearDown(self):
         TestsUtil.delete_all_tables(dynamodb)
 
+    @patch('me_external_provider_user_create.UserUtil.delete_external_provider_id_cognito_user',
+           MagicMock(return_value=True))
+    @patch('me_external_provider_user_create.UserUtil.force_non_verified_phone', MagicMock(return_value=None))
+    @patch('me_external_provider_user_create.CryptoUtil', MagicMock(return_value='password'))
     def test_main_ok(self):
-        with patch('me_external_provider_user_create.UserUtil') as user_mock, \
-             patch('me_external_provider_user_create.CryptoUtil') as crypto_mock:
+        with patch('me_external_provider_user_create.UserUtil.create_external_provider_user') as create_external_mock, \
+             patch('me_external_provider_user_create.UserUtil.get_cognito_user_info') as get_cognito_user_mock:
+            create_external_mock.return_value = {
+                'AuthenticationResult': {
+                    'AccessToken': 'aaaaa',
+                    'IdToken': 'bbbbb',
+                    'RefreshToken': 'ccccc'
+                }
+            }
+            get_cognito_user_mock.side_effect = RecordNotFoundError('Record Not Found')
+
             event = {
                 'body': {
                     'user_id': 'username01',
@@ -71,29 +84,8 @@ def test_main_ok(self):
                     }
                 }
             }
-
             event['body'] = json.dumps(event['body'])
 
-            user_mock.check_try_to_register_as_twitter_user.return_value = False
-            user_mock.check_try_to_register_as_line_user.return_value = False
-            user_mock.check_try_to_register_as_yahoo_user.return_value = False
-            user_mock.check_try_to_register_as_facebook_user.return_value = False
-            crypto_mock.decrypt_password.return_value = 'password'
-            user_mock.create_external_provider_user.return_value = {
-                'AuthenticationResult': {
-                    'AccessToken': 'aaaaa',
-                    'IdToken': 'bbbbb',
-                    'RefreshToken': 'ccccc'
-                }
-            }
-
-            user_mock.force_non_verified_phone.return_value = None
-            user_mock.add_user_id_to_external_provider_user.return_value = None
-            user_mock.delete_external_provider_id_cognito_user.return_value = True
-            user_mock.has_user_id.return_value = True
-            user_mock.add_user_profile.return_value = None
-            user_mock.get_cognito_user_info.side_effect = RecordNotFoundError('Record Not Found')
-
             response = MeExternalProviderUserCreate(event=event, context="", dynamodb=dynamodb).main()
             self.assertEqual(response['statusCode'], 200)
             self.assertEqual(
@@ -237,3 +229,22 @@ def test_invalid_yahoo_user_id(self):
 
         response = MeExternalProviderUserCreate(event=event, context="", dynamodb=dynamodb).main()
         self.assertEqual(response['statusCode'], 400)
+
+    def test_main_ng_not_target_user(self):
+        event = {
+            'body': {
+                'user_id': 'username01',
+            },
+            'requestContext': {
+                'authorizer': {
+                    'claims': {
+                        'cognito:username': 'username01',
+                    }
+                }
+            }
+        }
+
+        event['body'] = json.dumps(event['body'])
+
+        response = MeExternalProviderUserCreate(event=event, context="", dynamodb=dynamodb).main()
+        self.assertEqual(response['statusCode'], 400)