Add create_userinfo_header, fix issue with disabling middleware (#234)

* Add create_userinfo_header for use in creating authenticated clients for testing.

* Update middleware to completely bypass middleware tasks if it's turned off in settings.

This was continuing to pass the request back to RemoteUserMiddleware - which means it would try to do authentication on its own. Instead, if the flag is set, just return the response like we would if we were actually working.

Author: jkachel

src/apigateway/changelog.d/20250414_152653_jkachel_add_apigateway_test_helper.md

@@ -0,0 +1,42 @@
+<!--
+A new scriv changelog fragment.
+
+Uncomment the section that is right (remove the HTML comment wrapper).
+For top level release notes, leave all the headers commented out.
+-->
+
+<!--
+### Removed
+
+- A bullet item for the Removed category.
+
+-->
+
+### Added
+
+- Added create_userinfo_header to assist with creating test clients.
+
+<!--
+### Changed
+
+- A bullet item for the Changed category.
+
+-->
+<!--
+### Deprecated
+
+- A bullet item for the Deprecated category.
+
+-->
+<!--
+### Fixed
+
+- A bullet item for the Fixed category.
+
+-->
+<!--
+### Security
+
+- A bullet item for the Security category.
+
+-->

src/apigateway/mitol/apigateway/api.py

@@ -81,3 +81,24 @@ def get_username_from_userinfo_header(request: HttpRequest | dict) -> str | None
         return None
 
     return User.objects.get(global_id=user_id).username
+
+
+def create_userinfo_header(user):
+    """
+    Create an X_USERINFO header, so we can fake out auth properly.
+    APIClient has a force_authenticate method that adds the user account to the
+    fake request, but the middleware in apigateway will kick it out because the
+    header won't be there. So, use this to add the header when creating APIClients.
+    Ex: new APIClient(headers=create_userinfo_header(myuser))
+    This will use the model map in reverse. It will only care about the
+    user_fields
+    """
+
+    model_map = settings.MITOL_APIGATEWAY_USERINFO_MODEL_MAP
+    header_name = settings.MITOL_APIGATEWAY_USERINFO_HEADER_NAME.replace("HTTP_", "")
+    header_data = {
+        k: str(getattr(user, model_map["user_fields"][k], None))
+        for k in model_map["user_fields"]
+    }
+
+    return {header_name: base64.b64encode(json.dumps(header_data).encode())}

src/apigateway/mitol/apigateway/middleware.py

@@ -27,7 +27,7 @@ def process_request(self, request):
         log.debug("ApisixUserMiddleware.process_request: started")
 
         if settings.MITOL_APIGATEWAY_DISABLE_MIDDLEWARE:
-            return super().process_request(request)
+            return self.get_response(request)
 
         if request.META.get(settings.MITOL_APIGATEWAY_USERINFO_HEADER_NAME):
             new_header = get_user_id_from_userinfo_header(request)

src/apigateway/mitol/apigateway/settings/__init__.py

@@ -22,8 +22,7 @@
     # Mappings to the user model.
     "user_fields": {
         # Keys are data returned from the API gateway.
-        # Values are tuple of model name (from above) and field name.
-        # The base model is "user".
+        # Values are the user object field name.
         "preferred_username": "username",
         "email": "email",
         "sub": "global_id",

tests/apigateway/test_api.py

@@ -1,5 +1,8 @@
 """Tests for the Apigateway API."""
 
+import base64
+import json
+
 import faker
 import pytest
 from django.conf import settings
@@ -47,3 +50,14 @@ def test_get_username(obj_type):
     decoded = api.get_username_from_userinfo_header(request)
     assert decoded != user_info[settings.MITOL_APIGATEWAY_USERINFO_ID_FIELD]
     assert decoded == user.username
+
+
+def test_create_userinfo_header():
+    """Test that the userinfo header gets created properly."""
+
+    user = SsoUserFactory.create()
+    header_name = settings.MITOL_APIGATEWAY_USERINFO_HEADER_NAME.replace("HTTP_", "")
+    header_data = api.create_userinfo_header(user)
+    result = json.loads(base64.b64decode(header_data[header_name]).decode())
+
+    assert result["sub"] == user.global_id