Merge branch 'master' into ajones/bb2-2665-update-local-selenium-test…

…-for-new-perm-screens
CMSgov · Sep 27, 2023 · 980a620 · 980a620
2 parents 5916f62 + 4aca016
commit 980a620
Show file tree

Hide file tree

Showing 23 changed files with 46 additions and 248 deletions.
diff --git a/apps/authorization/tests/test_data_access_grant.py b/apps/authorization/tests/test_data_access_grant.py
@@ -137,7 +137,6 @@ def test_thirteen_month_app_type_without_switch_limit_data_access(self):
 
         # 7. Test has_expired() false for RESEARCH_STUDY type
         test_app.data_access_type = "RESEARCH_STUDY"
-        test_app.end_date = datetime(2030, 1, 15, 0, 0, 0, 0, pytz.UTC)
         test_app.save()
         self.assertEqual(dag.has_expired(), False)
 
@@ -184,7 +183,6 @@ def test_thirteen_month_app_type_with_switch_limit_data_access(self):
 
         # 7. Test has_expired() false for RESEARCH_STUDY type
         test_app.data_access_type = "RESEARCH_STUDY"
-        test_app.end_date = datetime(2030, 1, 15, 0, 0, 0, 0, pytz.UTC)
         test_app.save()
         self.assertEqual(dag.has_expired(), False)
 

diff --git a/apps/authorization/tests/test_data_access_grant_permissions.py b/apps/authorization/tests/test_data_access_grant_permissions.py
@@ -350,10 +350,8 @@ def test_research_study_app_type_without_flag_limit_data_access(self):
             app_username="devuser1",
             app_user_organization="org1",
             app_data_access_type="RESEARCH_STUDY",
-            app_end_date=datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC),
         )
         self.assertEqual(app.data_access_type, "RESEARCH_STUDY")
-        self.assertEqual(app.end_date, datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC))
 
         #     Test grant exists.
         self.assertTrue(
@@ -403,10 +401,6 @@ def test_research_study_app_type_without_flag_limit_data_access(self):
         app.active = True
         app.save()
 
-        # 8. Test with RESEARCH_STUDY application end_date IS NOT expired (response_code=200)
-        app.end_date = datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC)
-        app.save()
-
         self._assert_call_all_fhir_endpoints(
             access_token=ac["access_token"], expected_response_code=200
         )
@@ -420,7 +414,6 @@ def test_research_study_app_type_without_flag_limit_data_access(self):
 
         # 10. Test with RESEARCH_STUDY application end_date IS expired w/o feature flag (response_code=200)
         app.data_access_type = "RESEARCH_STUDY"
-        app.end_date = datetime(1999, 1, 15, 0, 0, 0, 0, pytz.UTC)
         app.save()
 
         self._assert_call_all_fhir_endpoints(
@@ -455,10 +448,8 @@ def test_research_study_app_type_with_flag_limit_data_access(self):
             app_username="devuser1",
             app_user_organization="org1",
             app_data_access_type="RESEARCH_STUDY",
-            app_end_date=datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC),
         )
         self.assertEqual(app.data_access_type, "RESEARCH_STUDY")
-        self.assertEqual(app.end_date, datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC))
 
         #     Test grant exists.
         self.assertTrue(
@@ -508,9 +499,8 @@ def test_research_study_app_type_with_flag_limit_data_access(self):
         app.active = True
         app.save()
 
-        # 8. Test with RESEARCH_STUDY application end_date IS NOT expired (response_code=200)
+        # 8. Re-test with RESEARCH_STUDY active (response_code=200)
         app.data_access_type = "RESEARCH_STUDY"
-        app.end_date = datetime(2199, 1, 15, 0, 0, 0, 0, pytz.UTC)
         app.save()
 
         self._assert_call_all_fhir_endpoints(
@@ -524,26 +514,6 @@ def test_research_study_app_type_with_flag_limit_data_access(self):
             expected_response_code=200,
         )
 
-        # 10. Test with RESEARCH_STUDY application end_date IS expired (response_code=401)
-        app.data_access_type = "RESEARCH_STUDY"
-        app.end_date = datetime(1999, 1, 15, 0, 0, 0, 0, pytz.UTC)
-        app.save()
-
-        self._assert_call_all_fhir_endpoints(
-            access_token=ac["access_token"],
-            expected_response_code=401,
-            expected_response_detail_mesg=settings.APPLICATION_RESEARCH_STUDY_ENDED_MESG,
-        )
-
-        # 11. Test app expired token refresh (response_code=401)
-        ac = self._assert_call_token_refresh_endpoint(
-            application=app,
-            refresh_token=ac["refresh_token"],
-            expected_response_code=401,
-            expected_response_error_mesg="invalid_client",
-            expected_response_error_description_mesg=settings.APPLICATION_RESEARCH_STUDY_ENDED_MESG,
-        )
-
     @override_flag("limit_data_access", active=False)
     def test_one_time_app_type_without_flag_limit_data_access(self):
         """

diff --git a/apps/creds/utils.py b/apps/creds/utils.py
@@ -32,7 +32,7 @@ def get_app_creds(creds_request_id: string):
     creds_dict.update(
         {
             "client_id": app.client_id,
-            "client_secret": app.client_secret,
+            "client_secret_plain": app.client_secret_plain,
         }
     )
 

diff --git a/apps/dot_ext/admin.py b/apps/dot_ext/admin.py
@@ -4,7 +4,6 @@
 from oauth2_provider.models import get_application_model
 from .forms import CreateNewApplicationForm, CustomRegisterApplicationForm
 from .models import ApplicationLabel, AuthFlowUuid
-from .utils import is_data_access_type_valid
 
 Application = get_application_model()
 
@@ -51,7 +50,6 @@ class Meta:
         model = MyApplication
         fields = (
             "data_access_type",
-            "end_date",
             "client_id",
             "user",
             "client_type",
@@ -82,19 +80,6 @@ class Meta:
             "last_active",
         )
 
-    def clean(self):
-        # Validate data access type and end_date
-        data_access_type = self.cleaned_data.get("data_access_type")
-        end_date = self.cleaned_data.get("end_date")
-        user = self.cleaned_data.get("user")
-
-        is_valid, mesg = is_data_access_type_valid(user, data_access_type, end_date)
-
-        if not is_valid:
-            raise forms.ValidationError(mesg)
-
-        return self.cleaned_data
-
     def clean_agree(self):
         return self.cleaned_data.get("agree")
 
@@ -105,7 +90,6 @@ class MyApplicationAdmin(admin.ModelAdmin):
     list_display = (
         "name",
         "get_data_access_type",
-        "get_end_date",
         "user",
         "client_id",
         "require_demographic_scopes",
@@ -117,7 +101,6 @@ class MyApplicationAdmin(admin.ModelAdmin):
     )
     list_filter = (
         "data_access_type",
-        "end_date",
         "require_demographic_scopes",
         "active",
         "skip_authorization",
@@ -142,10 +125,6 @@ def get_data_access_type(self, obj):
         return obj.data_access_type
     get_data_access_type.short_description = "Data Access Type"
 
-    def get_end_date(self, obj):
-        return obj.end_date
-    get_end_date.short_description = "Data Access End Date"
-
 
 @admin.register(CreateNewApplication)
 class CreateNewApplicationAdmin(admin.ModelAdmin):

diff --git a/apps/dot_ext/loggers.py b/apps/dot_ext/loggers.py
@@ -18,7 +18,7 @@
 
 # List of value keys that are being tracked via request.session
 SESSION_AUTH_FLOW_TRACE_KEYS = ['auth_uuid', 'auth_client_id', 'auth_grant_type', 'auth_app_id',
-                                'auth_app_name', 'auth_app_data_access_type', 'auth_app_end_date',
+                                'auth_app_name', 'auth_app_data_access_type',
                                 'auth_pkce_method', 'auth_crosswalk_action',
                                 'auth_share_demographic_scopes', 'auth_require_demographic_scopes']
 
@@ -82,7 +82,6 @@ def create_session_auth_flow_trace(request):
                               "auth_app_id": str(application.id),
                               "auth_app_name": application.name,
                               "auth_app_data_access_type": application.data_access_type,
-                              "auth_app_end_date": str(application.end_date) if application.end_date else "",
                               "auth_require_demographic_scopes": str(application.require_demographic_scopes),
                               "auth_client_id": application.client_id,
                               "auth_pkce_method": auth_pkce_method,
@@ -103,7 +102,6 @@ def create_session_auth_flow_trace(request):
                               "auth_app_id": "",
                               "auth_app_name": "",
                               "auth_app_data_access_type": "",
-                              "auth_app_end_date": "",
                               "auth_require_demographic_scopes": "",
                               "auth_client_id": "",
                               "auth_pkce_method": "",
@@ -169,7 +167,6 @@ def set_session_values_from_auth_flow_uuid(request, auth_flow_uuid):
             request.session['auth_app_id'] = str(application.id)
             request.session['auth_app_name'] = application.name
             request.session['auth_app_data_access_type'] = application.data_access_type
-            request.session['auth_app_end_date'] = str(application.end_date) if application.end_date else ""
             request.session['auth_require_demographic_scopes'] = str(application.require_demographic_scopes)
             request.session['auth_client_id'] = application.client_id
         except Application.DoesNotExist:

diff --git a/apps/dot_ext/migrations/0006_auto_20230921_1021.py b/apps/dot_ext/migrations/0006_auto_20230921_1021.py
@@ -0,0 +1,22 @@
+# Generated by Django 3.2.20 on 2023-09-21 10:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dot_ext', '0005_alter_application_client_secret'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='application',
+            name='end_date',
+        ),
+        migrations.AlterField(
+            model_name='application',
+            name='data_access_type',
+            field=models.CharField(choices=[('ONE_TIME', 'ONE_TIME - No refresh token needed.'), ('RESEARCH_STUDY', 'RESEARCH_STUDY - No expiration.'), ('THIRTEEN_MONTH', 'THIRTEEN_MONTH - Access expires in 13-months.')], default='ONE_TIME', max_length=16, null=True, verbose_name='Data Access Type:'),
+        ),
+    ]
diff --git a/apps/dot_ext/models.py b/apps/dot_ext/models.py
@@ -1,6 +1,5 @@
 import hashlib
 import itertools
-import pytz
 import sys
 import time
 import uuid
@@ -34,10 +33,7 @@
 from apps.capabilities.models import ProtectedCapability
 from apps.authorization.models import DataAccessGrant
 
-from .utils import is_data_access_type_valid
-
 TEN_HOURS = "for 10 hours"
-RESEARCH_STUDY = "until the end of the research study on "
 
 
 class Application(AbstractApplication):
@@ -150,7 +146,7 @@ class Application(AbstractApplication):
     # Type choices related to data access limits.
     APPLICATION_TYPE_CHOICES = (
         ("ONE_TIME", "ONE_TIME - No refresh token needed."),
-        ("RESEARCH_STUDY", "RESEARCH_STUDY - Expires on end_date."),
+        ("RESEARCH_STUDY", "RESEARCH_STUDY - No expiration."),
         ("THIRTEEN_MONTH", "THIRTEEN_MONTH - Access expires in 13-months."),
     )
 
@@ -161,15 +157,11 @@ class Application(AbstractApplication):
                                         null=True,
                                         verbose_name="Data Access Type:")
 
-    # Application end_date related to data access limits.
-    end_date = models.DateTimeField(null=True, blank=True,
-                                    verbose_name="RESEARCH_STUDY End Date:")
-
     def access_end_date_mesg(self):
         if self.has_one_time_only_data_access():
             return TEN_HOURS
-        elif self.data_access_type == "RESEARCH_STUDY":
-            return RESEARCH_STUDY + self.end_date.strftime("%B %d, %Y")
+        elif "RESEARCH_STUDY" in self.data_access_type:
+            return "no end date."
         else:
             end_date = datetime.now() + relativedelta(months=+13)
             return "until " + end_date.strftime("%B %d, %Y")
@@ -225,25 +217,12 @@ def store_media_file(self, file, filename):
                     uri = settings.MEDIA_URL + file_path
         return uri
 
-    # Has the research study expired?
-    def has_research_study_expired(self):
-        flag = get_waffle_flag_model().get("limit_data_access")
-        # if id is None, flag is empty and method can't be called.
-        if flag.id is not None and flag.is_active_for_user(self.user):
-            if self.data_access_type == "RESEARCH_STUDY":
-                if self.end_date:
-                    if self.end_date < datetime.now().replace(tzinfo=pytz.UTC):
-                        return True
-
-        return False
-
     # Has one time only type data access?
     def has_one_time_only_data_access(self):
-        flag = get_waffle_flag_model().get("limit_data_access")
-        if flag.id is not None and flag.is_active_for_user(self.user):
-            if self.data_access_type == "ONE_TIME":
+        if self.data_access_type == "ONE_TIME":
+            flag = get_waffle_flag_model().get("limit_data_access")
+            if flag.id is not None and flag.is_active_for_user(self.user):
                 return True
-
         return False
 
     # Save override to restrict invalid field combos.
@@ -252,11 +231,6 @@ def save(self, *args, **kwargs):
         if not (self.data_access_type in itertools.chain(*self.APPLICATION_TYPE_CHOICES)):
             raise ValueError("Invalid data_access_type: " + self.data_access_type)
 
-        is_valid, mesg = is_data_access_type_valid(self.user, self.data_access_type, self.end_date)
-
-        if not is_valid:
-            raise ValueError(mesg)
-
         flag = get_waffle_flag_model().get("limit_data_access")
         if flag.id is not None and flag.is_active_for_user(self.user):
             # Check if data_access_type is changed