[BB2-975] Fix creds delivery template "fetch" and "download" generate…

…d URI issue (#1007) * add trace for debugging creds delivery error. * fix fetch / download urls.
CMSgov · Jan 25, 2022 · 18f3d52 · 18f3d52
1 parent efe0268
commit 18f3d52
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 38 deletions.
diff --git a/apps/creds/templates/get_creds.html b/apps/creds/templates/get_creds.html
@@ -7,7 +7,8 @@
 {% endblock %}
 
 {% block bannerDescription %}
-The Blue Button 2.0 API Prod Access Credentialing allows you to obtain the OAUTH2.0 app credentials for your application.
+The Blue Button 2.0 API Prod Access Credentialing allows you to obtain the OAUTH2.0 app credentials for your
+application.
 {% endblock %}
 
 {% block Content %}
@@ -22,33 +23,39 @@ <h2>Organization: {{ org_name }}</h2>
             <h2>Application: {{ app_name }}</h2>
             <br />
 
-            <a href="{{fetch_creds_link}}/?action=fetch" class="ds-c-button ds-u-margin-y--2 ds-c-button--primary ds-u-color--white">Fetch Credentials</a>
+            <a href="/creds/{{creds_req_id}}/?action=fetch"
+                class="ds-c-button ds-u-margin-y--2 ds-c-button--primary ds-u-color--white">Fetch Credentials</a>
             <br />
 
-            <a href="{{fetch_creds_link}}/?action=download" class="ds-c-button ds-u-margin-y--2 ds-c-button--primary ds-u-color--white">Download Credentials</a>
+            <a href="/creds/{{creds_req_id}}/?action=download"
+                class="ds-c-button ds-u-margin-y--2 ds-c-button--primary ds-u-color--white">Download Credentials</a>
             <br />
 
             {% if fetch == "fetch" %}
 
-                <!-- App Credential Section -->
-                <h2 class="ds-u-margin-bottom--2">App Credentials</h2>
-            
-                <div class="bb-c-card sandbox-app-card">
+            <!-- App Credential Section -->
+            <h2 class="ds-u-margin-bottom--2">App Credentials</h2>
+
+            <div class="bb-c-card sandbox-app-card">
                 <!-- Application Credentials -->
                 <form class="app-credentials">
-                    <span class="copy-confirmation" id="confirm-id-{{ client_id }}" aria-live="assertive" aria-role="alert">ID Copied to Clipboard</span>
-                    <span class="copy-confirmation" id="confirm-secret-{{ client_id }}" aria-live="assertive" aria-role="alert">Secret Copied to Clipboard</span>
+                    <span class="copy-confirmation" id="confirm-id-{{ client_id }}" aria-live="assertive"
+                        aria-role="alert">ID Copied to Clipboard</span>
+                    <span class="copy-confirmation" id="confirm-secret-{{ client_id }}" aria-live="assertive"
+                        aria-role="alert">Secret Copied to Clipboard</span>
                     <a class="app-credentials-toggle" id="{{ client_id }}" tabindex="0">Show/Hide Credentials</a>
                     <label for"id-{{ application.client_id }}">Client ID</label>
-                    <input type="password" value="{{ client_id }}" id="id-{{ client_id }}" onclick="copyCredential(this.id)" />
+                    <input type="password" value="{{ client_id }}" id="id-{{ client_id }}"
+                        onclick="copyCredential(this.id)" />
                     <label for"secret-{{ application.client_secret }}">Client Secret</label>
-                    <input type="password" value="{{ client_secret }}" id="secret-{{ client_id }}" onclick="copyCredential(this.id)" />
+                    <input type="password" value="{{ client_secret }}" id="secret-{{ client_id }}"
+                        onclick="copyCredential(this.id)" />
                 </form>
-                </div>
+            </div>
 
-			{% endif %}
+            {% endif %}
         </div>
     </div>
 </div>
-    
-{% endblock %}
+
+{% endblock %}
diff --git a/apps/creds/utils.py b/apps/creds/utils.py
@@ -19,22 +19,27 @@ def get_creds_by_id(creds_request_id: str):
 
 
 def get_creds_by_obj(creds_req: CredentialingReqest):
-    creds_dict = {"user_name": None,
-                  "org_name": None,
-                  "app_id": None,
-                  "app_name": None,
-                  "client_id": None,
-                  "client_secret": None}
+    creds_dict = {
+        "user_name": None,
+        "org_name": None,
+        "app_id": None,
+        "app_name": None,
+        "client_id": None,
+        "client_secret": None,
+    }
     if creds_req:
 
         app = Application.objects.get(pk=creds_req.application_id)
 
         if app:
-            creds_dict.update({
-                "app_id": app.id,
-                "app_name": app.name,
-                "client_id": app.client_id,
-                "client_secret": app.client_secret, })
+            creds_dict.update(
+                {
+                    "app_id": app.id,
+                    "app_name": app.name,
+                    "client_id": app.client_id,
+                    "client_secret": app.client_secret,
+                }
+            )
 
             user = User.objects.get(pk=app.user_id)
 

diff --git a/apps/creds/views.py b/apps/creds/views.py
@@ -8,7 +8,7 @@
 from rest_framework import exceptions, status
 from rest_framework.views import APIView
 
-from apps.creds.utils import get_creds_by_obj, get_url
+from apps.creds.utils import get_creds_by_obj
 from .models import CredentialingReqest
 
 Application = get_application_model()
@@ -19,20 +19,22 @@ def get(self, request, *args, **kwargs):
         logger = logging.getLogger(logging.AUDIT_CREDS_REQUEST_LOGGER, request)
 
         creds_req_id = kwargs.get("prod_cred_req_id")
-
         creds_req = self._get_creds_req(creds_req_id)
 
         # check if expired
         if self._is_expired(creds_req):
-            raise exceptions.PermissionDenied("Generated credentialing request expired.", code=status.HTTP_403_FORBIDDEN)
+            raise exceptions.PermissionDenied(
+                "Generated credentialing request expired.",
+                code=status.HTTP_403_FORBIDDEN,
+            )
 
         creds_dict = get_creds_by_obj(creds_req)
         # fetch creds request and update visits count and relevant timestamps
         creds_req.visits_count = creds_req.visits_count + 1
         creds_req.last_visit = datetime.datetime.now(datetime.timezone.utc)
 
-        ctx = {"fetch_creds_link": get_url(creds_req_id)}
-        ctx.update(creds_dict)
+        ctx = creds_dict
+        ctx.update({"creds_req_id": creds_req_id})
 
         log_dict = {
             "type": "credentials request",
@@ -50,8 +52,10 @@ def get(self, request, *args, **kwargs):
                 log_dict.update(action=action)
             else:
                 # already fetched, fetch again forbidden
-                raise exceptions.PermissionDenied("Credentials already fetched (download), doing it again not allowed.",
-                                                  code=status.HTTP_403_FORBIDDEN)
+                raise exceptions.PermissionDenied(
+                    "Credentials already fetched (download), doing it again not allowed.",
+                    code=status.HTTP_403_FORBIDDEN,
+                )
         else:
             # do not give out creds yet if not a fetch request
             if "client_id" in ctx:
@@ -65,20 +69,28 @@ def get(self, request, *args, **kwargs):
 
         if action == "download":
             response = JsonResponse(creds_dict)
-            response['Content-Disposition'] = 'attachment; filename="{}.json"'.format(creds_req_id)
+            response["Content-Disposition"] = 'attachment; filename="{}.json"'.format(
+                creds_req_id
+            )
             return response
         else:
-            return render(request, 'get_creds.html', ctx)
+            return render(request, "get_creds.html", ctx)
 
     def _is_expired(self, creds_req):
-        t_elapsed_since_created = datetime.datetime.now(datetime.timezone.utc) - creds_req.created_at
-        return t_elapsed_since_created.seconds > settings.CREDENTIALS_REQUEST_URL_TTL * 60
+        t_elapsed_since_created = (
+            datetime.datetime.now(datetime.timezone.utc) - creds_req.created_at
+        )
+        return (
+            t_elapsed_since_created.seconds > settings.CREDENTIALS_REQUEST_URL_TTL * 60
+        )
 
     def _get_creds_req(self, id):
 
         if not id:
             # bad request
-            raise exceptions.ValidationError("Credentialing request ID missing.", code=status.HTTP_400_BAD_REQUEST)
+            raise exceptions.ValidationError(
+                "Credentialing request ID missing.", code=status.HTTP_400_BAD_REQUEST
+            )
 
         creds_req = None