From 01abc66e591781fe6170ad163afbec66f2d2a2d2 Mon Sep 17 00:00:00 2001
From: Marie PUPO JEAMMET <marie.jeammet@beta.gouv.fr>
Date: Fri, 20 Sep 2024 16:31:41 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(dimail)=20allow=20la=20regie=20to=20r?=
 =?UTF-8?q?equest=20a=20token=20for=20another=20user?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

allow la regie to request a token for another dimail user,
to better track who created/modified which ressource.
---
 CHANGELOG.md                                     |  2 +-
 src/backend/mailbox_manager/api/serializers.py   |  2 +-
 .../api/mailboxes/test_api_mailboxes_create.py   | 11 ++++++++---
 src/backend/mailbox_manager/utils/dimail.py      | 16 ++++++++++++----
 4 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27373fb..58e038a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,7 @@ and this project adheres to
 
 - ✨(domains) add endpoint to list and retrieve domain accesses #404
 - 🍱(dev) embark dimail-api as container #366
-
+- ✨(dimail) allow la regie to request a token for another user #416 
 
 ### Changed
 
diff --git a/src/backend/mailbox_manager/api/serializers.py b/src/backend/mailbox_manager/api/serializers.py
index 60372df..0d60e3e 100644
--- a/src/backend/mailbox_manager/api/serializers.py
+++ b/src/backend/mailbox_manager/api/serializers.py
@@ -22,7 +22,7 @@ class MailboxSerializer(serializers.ModelSerializer):
         Override create function to fire a request on mailbox creation.
         """
         client = DimailAPIClient()
-        client.send_mailbox_request(validated_data)
+        client.send_mailbox_request(validated_data, self.context["request"].user.sub)
         return models.Mailbox.objects.create(**validated_data)
 
 
diff --git a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
index d4d932d..c540e85 100644
--- a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
+++ b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
@@ -496,7 +496,8 @@ def test_api_mailboxes__handling_dimail_unexpected_error():
 @mock.patch.object(Logger, "info")
 def test_api_mailboxes__send_correct_logger_infos(mock_info, mock_error):
     """
-    Upon requesting mailbox creation, things are correctly logged
+    Upon requesting mailbox creation, la régie should impersonate
+    querying user in dimail and log things correctly.
     """
     access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.OWNER)
 
@@ -536,6 +537,9 @@ def test_api_mailboxes__send_correct_logger_infos(mock_info, mock_error):
         )
         assert response.status_code == status.HTTP_201_CREATED
 
+        # user sub is sent to payload as a parameter
+        assert rsps.calls[0].request.params == {"username": access.user.sub}
+
     # Logger
     assert not mock_error.called
     assert mock_info.call_count == 3
@@ -543,6 +547,7 @@ def test_api_mailboxes__send_correct_logger_infos(mock_info, mock_error):
         "Token succesfully granted by mail-provisioning API.",
     )
     assert mock_info.call_args_list[1][0] == (
-        "Mailbox successfully created on domain %s",
-        access.domain.name,
+        "Mailbox successfully created on domain %s by user %s",
+        str(access.domain),
+        access.user.sub,
     )
diff --git a/src/backend/mailbox_manager/utils/dimail.py b/src/backend/mailbox_manager/utils/dimail.py
index 60d260c..d38fad9 100644
--- a/src/backend/mailbox_manager/utils/dimail.py
+++ b/src/backend/mailbox_manager/utils/dimail.py
@@ -31,16 +31,23 @@ class DimailAPIClient:
     API_URL = settings.MAIL_PROVISIONING_API_URL
     API_CREDENTIALS = settings.MAIL_PROVISIONING_API_CREDENTIALS
 
-    def get_headers(self):
+    def get_headers(self, user_sub=None):
         """
         Build headers dictionary. Requires MAIL_PROVISIONING_API_CREDENTIALS setting,
         to get a token from dimail /token/ endpoint.
+        If provided, request user' sub is used for la regie to log in as this user,
+        thus allowing for more precise logs.
         """
         headers = {"Content-Type": "application/json"}
+        params = None
+
+        if user_sub:
+            params = {"username": str(user_sub)}
 
         response = requests.get(
             f"{self.API_URL}/token/",
             headers={"Authorization": f"Basic {self.API_CREDENTIALS}"},
+            params=params,
             timeout=20,
         )
 
@@ -60,7 +67,7 @@ class DimailAPIClient:
 
         return self.pass_dimail_unexpected_response(response)
 
-    def send_mailbox_request(self, mailbox):
+    def send_mailbox_request(self, mailbox, user_sub=None):
         """Send a CREATE mailbox request to mail provisioning API."""
 
         payload = {
@@ -68,7 +75,7 @@ class DimailAPIClient:
             "surName": mailbox["last_name"],
             "displayName": f"{mailbox['first_name']} {mailbox['last_name']}",
         }
-        headers = self.get_headers()
+        headers = self.get_headers(user_sub)
 
         try:
             response = session.post(
@@ -92,8 +99,9 @@ class DimailAPIClient:
             # from OX servers but their prod is not ready.
             # In the meantime, we log mailbox info (including password !)
             logger.info(
-                "Mailbox successfully created on domain %s",
+                "Mailbox successfully created on domain %s by user %s",
                 str(mailbox["domain"]),
+                user_sub,
                 extra=extra,
             )
             return response