From 03bbb4df4e7a6a6b0bbccfabe8a28b380d12bd80 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Mon, 17 Jun 2024 10:57:17 -0500
Subject: Use the form's json attribute to retrieve sent data

The system uses JSON as the default communication format, so we use
the form's json attribute to get any data sent.
---
 gn_auth/auth/authorisation/data/views.py             |  8 ++++----
 gn_auth/auth/authorisation/resources/groups/views.py | 16 ++++++++--------
 gn_auth/auth/authorisation/resources/views.py        | 10 +++++-----
 gn_auth/auth/authorisation/users/views.py            |  8 ++++----
 4 files changed, 21 insertions(+), 21 deletions(-)

(limited to 'gn_auth/auth/authorisation')

diff --git a/gn_auth/auth/authorisation/data/views.py b/gn_auth/auth/authorisation/data/views.py
index 83f4e4b..86dafe5 100644
--- a/gn_auth/auth/authorisation/data/views.py
+++ b/gn_auth/auth/authorisation/data/views.py
@@ -186,16 +186,16 @@ def __search_mrna__():
 def __request_key__(key: str, default: Any = ""):
     if bool(request.json):
         return request.json.get(#type: ignore[union-attr]
-            key, request.args.get(key, request.form.get(key, default)))
-    return request.args.get(key, request.form.get(key, default))
+            key, request.args.get(key, request.json.get(key, default)))
+    return request.args.get(key, request.json.get(key, default))
 
 def __request_key_list__(key: str, default: tuple[Any, ...] = tuple()):
     if bool(request.json):
         return (request.json.get(key,[])#type: ignore[union-attr]
-                or request.args.getlist(key) or request.form.getlist(key)
+                or request.args.getlist(key) or request.json.getlist(key)
                 or list(default))
     return (request.args.getlist(key)
-            or request.form.getlist(key) or list(default))
+            or request.json.getlist(key) or list(default))
 
 def __search_genotypes__():
     query = __request_key__("query", "")
diff --git a/gn_auth/auth/authorisation/resources/groups/views.py b/gn_auth/auth/authorisation/resources/groups/views.py
index ef6bb0d..beb2b42 100644
--- a/gn_auth/auth/authorisation/resources/groups/views.py
+++ b/gn_auth/auth/authorisation/resources/groups/views.py
@@ -50,7 +50,7 @@ def list_groups():
 def create_group():
     """Create a new group."""
     with require_oauth.acquire("profile group") as the_token:
-        group_name=request.form.get("group_name", "").strip()
+        group_name=request.json.get("group_name", "").strip()
         if not bool(group_name):
             raise GroupCreationError("Could not create the group.")
 
@@ -58,7 +58,7 @@ def create_group():
         with db.connection(db_uri) as conn:
             user = the_token.user
             new_group = _create_group(
-                conn, group_name, user, request.form.get("group_description"))
+                conn, group_name, user, request.json.get("group_description"))
             return jsonify({
                 **asdict(new_group), "group_leader": asdict(user)
             })
@@ -107,7 +107,7 @@ def request_to_join(group_id: uuid.UUID) -> Response:
             }
 
     with require_oauth.acquire("profile group") as the_token:
-        form = request.form
+        form = request.json
         results = with_db_connection(partial(
             __request__, user=the_token.user, group_id=group_id, message=form.get(
                 "message", "I hereby request that you add me to your group.")))
@@ -126,7 +126,7 @@ def list_join_requests() -> Response:
 def accept_join_requests() -> Response:
     """Accept a join request."""
     with require_oauth.acquire("profile group") as the_token:
-        form = request.form
+        form = request.json
         request_id = uuid.UUID(form.get("request_id"))
         return jsonify(with_db_connection(partial(
             accept_reject_join_request, request_id=request_id,
@@ -137,7 +137,7 @@ def accept_join_requests() -> Response:
 def reject_join_requests() -> Response:
     """Reject a join request."""
     with require_oauth.acquire("profile group") as the_token:
-        form = request.form
+        form = request.json
         request_id = uuid.UUID(form.get("request_id"))
         return jsonify(with_db_connection(partial(
             accept_reject_join_request, request_id=request_id,
@@ -268,7 +268,7 @@ def unlinked_data(resource_type: str) -> Response:
 def link_data() -> Response:
     """Link selected data to specified group."""
     with require_oauth.acquire("profile group resource") as _the_token:
-        form = request.form
+        form = request.json
         group_id = uuid.UUID(form["group_id"])
         dataset_ids = form.getlist("dataset_ids")
         dataset_type = form.get("dataset_type")
@@ -322,7 +322,7 @@ def create_group_role():
                       oauth2_scope="profile group role")
         def __create__(conn: db.DbConnection) -> GroupRole:
             ## TODO: Check user cannot assign any privilege they don't have.
-            form = request.form
+            form = request.json
             role_name = form.get("role_name", "").strip()
             privileges_ids = form.getlist("privileges[]")
             if len(role_name) == 0:
@@ -374,7 +374,7 @@ def __add_remove_priv_to_from_role__(conn: db.DbConnection,
         raise AuthorisationError(
             "You need to be a member of a group to edit roles.")
     try:
-        privilege_id = request.form.get("privilege_id", "")
+        privilege_id = request.json.get("privilege_id", "")
         assert bool(privilege_id), "Privilege to add must be provided."
         privileges = privileges_by_ids(conn, (privilege_id,))
         if len(privileges) == 0:
diff --git a/gn_auth/auth/authorisation/resources/views.py b/gn_auth/auth/authorisation/resources/views.py
index a98f404..4583346 100644
--- a/gn_auth/auth/authorisation/resources/views.py
+++ b/gn_auth/auth/authorisation/resources/views.py
@@ -53,7 +53,7 @@ def list_resource_categories() -> Response:
 def create_resource() -> Response:
     """Create a new resource"""
     with require_oauth.acquire("profile group resource") as the_token:
-        form = request.form
+        form = request.json
         resource_name = form.get("resource_name")
         resource_category_id = UUID(form.get("resource_category"))
         db_uri = app.config["AUTH_DB"]
@@ -126,7 +126,7 @@ def view_resource_data(resource_id: UUID) -> Response:
 def link_data():
     """Link group data to a specific resource."""
     try:
-        form = request.form
+        form = request.json
         assert "resource_id" in form, "Resource ID not provided."
         assert "data_link_id" in form, "Data Link ID not provided."
         assert "dataset_type" in form, "Dataset type not specified"
@@ -150,7 +150,7 @@ def link_data():
 def unlink_data():
     """Unlink data bound to a specific resource."""
     try:
-        form = request.form
+        form = request.json
         assert "resource_id" in form, "Resource ID not provided."
         assert "data_link_id" in form, "Data Link ID not provided."
 
@@ -239,7 +239,7 @@ def assign_role_to_user(resource_id: UUID) -> Response:
     """Assign a role on the specified resource to a user."""
     with require_oauth.acquire("profile group resource role") as the_token:
         try:
-            form = request.form
+            form = request.json
             group_role_id = form.get("group_role_id", "")
             user_email = form.get("user_email", "")
             assert bool(group_role_id), "The role must be provided."
@@ -264,7 +264,7 @@ def unassign_role_to_user(resource_id: UUID) -> Response:
     """Unassign a role on the specified resource from a user."""
     with require_oauth.acquire("profile group resource role") as the_token:
         try:
-            form = request.form
+            form = request.json
             group_role_id = form.get("group_role_id", "")
             user_id = form.get("user_id", "")
             assert bool(group_role_id), "The role must be provided."
diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py
index 1d3b128..cc70d76 100644
--- a/gn_auth/auth/authorisation/users/views.py
+++ b/gn_auth/auth/authorisation/users/views.py
@@ -166,7 +166,7 @@ def register_user() -> Response:
         __assert_not_logged_in__(conn)
 
         try:
-            form = request.form
+            form = request.json
             email = validate_email(form.get("email", "").strip(),
                                    check_deliverability=True)
             password = validate_password(
@@ -204,7 +204,7 @@ def delete_verification_code(cursor, code: str):
 @users.route("/verify", methods=["GET", "POST"])
 def verify_user():
     """Verify users are not bots."""
-    form = request.form
+    form = request.json
     loginuri = redirect(url_for(
         "oauth2.auth.authorise",
         response_type=(request.args.get("response_type")
@@ -308,7 +308,7 @@ def list_all_users() -> Response:
 @users.route("/handle-unverified", methods=["POST"])
 def handle_unverified():
     """Handle case where user tries to login but is unverified"""
-    form = request.form
+    form = request.json
     # TODO: Maybe have a GN2_URI setting here?
     #       or pass the client_id here?
     return render_template(
@@ -321,7 +321,7 @@ def handle_unverified():
 @users.route("/send-verification", methods=["POST"])
 def send_verification_code():
     """Send verification code email."""
-    form = request.form
+    form = request.json
     with (db.connection(current_app.config["AUTH_DB"]) as conn,
           db.cursor(conn) as cursor):
         user = user_by_email(conn, form["user_email"])
-- 
cgit v1.2.3