Skip to content

Commit

Permalink
Escape datetime and ObjectId values in test privacy results (#5567)
Browse files Browse the repository at this point in the history
  • Loading branch information
galvana authored and eastandwestwind committed Dec 6, 2024
1 parent d3ddb71 commit 8612a45
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 6 deletions.
9 changes: 8 additions & 1 deletion src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import csv
import io
import json
from collections import defaultdict
from datetime import datetime
from typing import (
Expand Down Expand Up @@ -148,6 +149,7 @@
from fides.api.util.enums import ColumnSort
from fides.api.util.fuzzy_search_utils import get_decrypted_identities_automaton
from fides.api.util.logger import Pii
from fides.api.util.storage_util import storage_json_encoder
from fides.common.api.scope_registry import (
PRIVACY_REQUEST_CALLBACK_RESUME,
PRIVACY_REQUEST_CREATE,
Expand Down Expand Up @@ -2657,8 +2659,13 @@ def get_test_privacy_request_results(
)
privacy_request.save(db=db)

# Escape datetime and ObjectId values
raw_data = privacy_request.get_raw_access_results()
escaped_json = json.dumps(raw_data, indent=2, default=storage_json_encoder)
escaped_data = json.loads(escaped_json)

return {
"privacy_request_id": privacy_request.id,
"status": privacy_request.status,
"results": privacy_request.get_raw_access_results(),
"results": escaped_data,
}
51 changes: 46 additions & 5 deletions tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
Original file line number Diff line number Diff line change
Expand Up @@ -8364,8 +8364,7 @@ def test_get_access_results_contributor_but_disabled(
assert response.status_code == 403


@pytest.mark.integration_external
@pytest.mark.integration_postgres
@pytest.mark.integration
class TestPrivacyRequestFilteredResults:
@pytest.fixture(scope="function")
def default_access_policy(self, db) -> None:
Expand Down Expand Up @@ -8427,15 +8426,18 @@ def test_filtered_results_with_roles(
)
assert response.status_code == expected_status

@pytest.mark.integration_postgres
@pytest.mark.usefixtures("default_access_policy", "postgres_integration_db")
def test_filtered_results(
def test_filtered_results_postgres(
self,
connection_config,
dataset_config,
postgres_example_test_dataset_config,
api_client: TestClient,
generate_auth_header,
) -> None:
dataset_url = get_connection_dataset_url(connection_config, dataset_config)
dataset_url = get_connection_dataset_url(
connection_config, postgres_example_test_dataset_config
)
auth_header = generate_auth_header(scopes=[DATASET_TEST])
response = api_client.post(
dataset_url + "/test",
Expand All @@ -8459,3 +8461,42 @@ def test_filtered_results(
"status",
"results",
}

@pytest.mark.integration_mongo
@pytest.mark.usefixtures("default_access_policy")
def test_filtered_results_mongo(
self,
mongo_connection_config,
mongo_dataset_config,
api_client: TestClient,
generate_auth_header,
) -> None:
dataset_url = get_connection_dataset_url(
mongo_connection_config, mongo_dataset_config
)
auth_header = generate_auth_header(scopes=[DATASET_TEST])
response = api_client.post(
dataset_url + "/test",
headers=auth_header,
json={
"email": "[email protected]",
"postgres_example_test_dataset:customer:id": 1,
},
)
assert response.status_code == HTTP_200_OK

privacy_request_id = response.json()["privacy_request_id"]
url = V1_URL_PREFIX + PRIVACY_REQUEST_FILTERED_RESULTS.format(
privacy_request_id=privacy_request_id
)
auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ_ACCESS_RESULTS])
response = api_client.get(
url,
headers=auth_header,
)
assert response.status_code == HTTP_200_OK
assert set(response.json().keys()) == {
"privacy_request_id",
"status",
"results",
}

0 comments on commit 8612a45

Please sign in to comment.