SN-1938 Validate user id

Inbal Tako · Inbal Tako · commit 1d2525e32bec · 2020-08-24T13:21:50.000+03:00
diff --git a/securenative/context/context_builder.py b/securenative/context/context_builder.py
diff --git a/securenative/context/securenative_context.py b/securenative/context/securenative_context.py
@@ -1,3 +1,7 @@
+from securenative.utils.request_utils import RequestUtils
+from securenative.utils.utils import Utils
+
+
 class SecureNativeContext(object):
 
     def __init__(self, client_token=None, ip=None, remote_ip=None, headers=None, url=None, method=None, body=None):
@@ -8,3 +12,22 @@ def __init__(self, client_token=None, ip=None, remote_ip=None, headers=None, url
         self.url = url
         self.method = method
         self.body = body
+
+    @staticmethod
+    def from_http_request(request):
+        try:
+            client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
+        except Exception:
+            client_token = None
+
+        try:
+            headers = dict(request.headers)
+        except Exception:
+            headers = None
+
+        if Utils.is_null_or_empty(client_token):
+            client_token = RequestUtils.get_secure_header_from_request(headers)
+
+        return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request),
+                                   RequestUtils.get_remote_ip_from_request(request), headers, request.url,
+                                   request.method, request.body)
diff --git a/securenative/event_options_builder.py b/securenative/event_options_builder.py
diff --git a/securenative/models/event_options.py b/securenative/models/event_options.py
@@ -1,7 +1,15 @@
+from securenative.exceptions.securenative_invalid_options_exception import SecureNativeInvalidOptionsException
+
+
 class EventOptions(object):
+    MAX_PROPERTIES_SIZE = 10
 
     def __init__(self, event, user_id, user_traits=None,
                  context=None, properties=None, timestamp=None):
+        if properties is not None and len(properties) > self.MAX_PROPERTIES_SIZE:
+            raise SecureNativeInvalidOptionsException(
+                "You can have only up to {} custom properties", self.MAX_PROPERTIES_SIZE)
+
         self.event = event
         self.user_id = user_id
         self.user_traits = user_traits
diff --git a/securenative/securenative.py b/securenative/securenative.py
@@ -1,7 +1,6 @@
 from securenative.api_manager import ApiManager
 from securenative.config.configuration_builder import ConfigurationBuilder
 from securenative.config.configuration_manager import ConfigurationManager
-from securenative.context.context_builder import ContextBuilder
 from securenative.event_manager import EventManager
 from securenative.exceptions.securenative_config_exception import SecureNativeConfigException
 from securenative.exceptions.securenative_sdk_Illegal_state_exception import SecureNativeSDKIllegalStateException
@@ -67,14 +66,6 @@ def get_instance(cls):
     def get_options(self):
         return self._options
 
-    @staticmethod
-    def config_builder():
-        return ConfigurationBuilder.default_config_builder()
-
-    @staticmethod
-    def context_builder():
-        return ContextBuilder.default_context_builder()
-
     def track(self, event_options):
         return self._api_manager.track(event_options)
 
diff --git a/tests/api_manager_test.py b/tests/api_manager_test.py
@@ -4,11 +4,10 @@
 
 from securenative.api_manager import ApiManager
 from securenative.config.configuration_manager import ConfigurationManager
-from securenative.context.context_builder import ContextBuilder
+from securenative.context.securenative_context import SecureNativeContext
 from securenative.enums.event_types import EventTypes
 from securenative.enums.risk_level import RiskLevel
 from securenative.event_manager import EventManager
-from securenative.event_options_builder import EventOptionsBuilder
 from securenative.exceptions.securenative_invalid_options_exception import SecureNativeInvalidOptionsException
 from securenative.models.event_options import EventOptions
 from securenative.models.user_traits import UserTraits
@@ -18,12 +17,8 @@
 class ApiManagerTest(unittest.TestCase):
 
     def setUp(self):
-        self.context = ContextBuilder(). \
-            with_ip("127.0.0.1"). \
-            with_headers(
-            {
-                "user-agent": "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405"
-            }).build()
+        self.context = SecureNativeContext(ip="127.0.0.1", headers={
+            "user-agent": "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405"})
 
         self.event_options = EventOptions(EventTypes.LOG_IN, "USER_ID",
                                           UserTraits("USER_NAME", "USER_EMAIL", "+12012673412"), context=self.context,
@@ -77,8 +72,7 @@ def test_securenative_invalid_options_exception(self):
 
         try:
             with self.assertRaises(SecureNativeInvalidOptionsException):
-                api_manager.track(EventOptionsBuilder(
-                    EventTypes.LOG_IN).with_properties(properties).build())
+                api_manager.track(EventOptions(EventTypes.LOG_IN, "User-ID"))
         finally:
             event_manager.stop_event_persist()
 
diff --git a/tests/context_builder_test.py b/tests/context_builder_test.py
@@ -2,7 +2,7 @@
 
 import requests_mock
 
-from securenative.context.context_builder import ContextBuilder
+from securenative.context.securenative_context import SecureNativeContext
 
 
 class ContextBuilderTest(unittest.TestCase):
@@ -21,7 +21,7 @@ def test_create_context_from_request(self):
             request.headers = {
                 "x-securenative": "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"}
 
-            context = ContextBuilder.from_http_request(request).build()
+            context = SecureNativeContext.from_http_request(request)
 
             self.assertEqual(context.client_token,
                              "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a")
@@ -45,9 +45,9 @@ def test_create_context_from_request_with_cookie(self):
                 "REMOTE_ADDR": "51.68.201.122"
             }
             request.cookies = {"_sn":
-                                     "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"}
+                                   "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"}
 
-            context = ContextBuilder.from_http_request(request).build()
+            context = SecureNativeContext.from_http_request(request)
 
             self.assertEqual(context.client_token,
                              "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a")
@@ -58,7 +58,7 @@ def test_create_context_from_request_with_cookie(self):
             self.assertIsNone(context.body)
 
     def test_create_default_context_builder(self):
-        context = ContextBuilder.default_context_builder().build()
+        context = SecureNativeContext()
 
         self.assertIsNone(context.client_token)
         self.assertIsNone(context.ip)
@@ -69,15 +69,8 @@ def test_create_default_context_builder(self):
         self.assertIsNone(context.body)
 
     def test_create_custom_context_with_context_builder(self):
-        context = ContextBuilder.default_context_builder(). \
-            with_url("/some-url"). \
-            with_client_token("SECRET_TOKEN"). \
-            with_ip("10.0.0.0"). \
-            with_body("{ \"name\": \"YOUR_NAME\" }"). \
-            with_method("Get"). \
-            with_remote_ip("10.0.0.1"). \
-            with_headers({"header1": "value1"}). \
-            build()
+        context = SecureNativeContext("SECRET_TOKEN", "10.0.0.0", "10.0.0.1", {"header1": "value1"}, "/some-url", "Get",
+                                      "{ \"name\": \"YOUR_NAME\" }")
 
         self.assertEqual(context.url, "/some-url")
         self.assertEqual(context.client_token, "SECRET_TOKEN")
