add SODARUserSerializer auth_type field (#1501)

CHANGELOG.rst

@@ -32,6 +32,7 @@ Added
     - ``ProjectModifyPluginMixin.perform_project_delete()`` method (#1090)
     - ``ProjectDestroyAPIView`` REST API view (#1090)
     - ``ProjectSerializer`` ``children`` field (#1552)
+    - ``SODARUserSerializer`` ``auth_type`` field (#1501)
 
 Changed
 -------

docs/source/app_projectroles_api_rest.rst

@@ -190,3 +190,5 @@ v1.1
     * Add ``children`` field
 - ``RoleAssignmentOwnerTransferAPIView``
     * Allow empty value for ``old_owner_role``
+- ``CurrentUserRetrieveAPIView``
+    * Add ``auth_type`` field

docs/source/major_changes.rst

@@ -99,6 +99,7 @@ REST API View Changes
     * ``ProjectRetrieveAPIView``: Add ``children`` field
     * ``RoleAssignmentOwnerTransferAPIView``: Allow empty value for
       ``old_owner_role``
+    * ``CurrentUserRetrieveAPIView``: Add ``auth_type`` field
 - Sodarcache API
     * Current version: ``2.0`` (breaking changes)
     * Allowed versions: ``2.0`` (support for previous versions dropped)

projectroles/serializers.py

@@ -150,6 +150,7 @@ class SODARUserSerializer(SODARModelSerializer):
     """Serializer for the user model used in SODAR Core based sites"""
 
     additional_emails = serializers.SerializerMethodField()
+    auth_type = serializers.SerializerMethodField()
 
     class Meta:
         model = User
@@ -159,6 +160,7 @@ class Meta:
             'email',
             'additional_emails',
             'is_superuser',
+            'auth_type',
             'sodar_uuid',
         ]
 
@@ -170,6 +172,19 @@ def get_additional_emails(self, obj):
             ).order_by('email')
         ]
 
+    def get_auth_type(self, obj):
+        return obj.get_auth_type()
+
+    def to_representation(self, instance):
+        """Override to_representation() to handle version differences"""
+        ret = super().to_representation(instance)
+        # Omit auth_type from <1.1
+        if 'request' in self.context and parse_version(
+            self.context['request'].version
+        ) < parse_version('1.1'):
+            ret.pop('auth_type', None)
+        return ret
+
 
 # Projectroles Serializers -----------------------------------------------------
 

projectroles/tests/test_views_api.py

@@ -7,6 +7,7 @@
 from knox.models import AuthToken
 
 from django.conf import settings
+from django.contrib.auth.models import Group
 from django.core import mail
 from django.forms.models import model_to_dict
 from django.test import override_settings
@@ -27,6 +28,8 @@
     AppSetting,
     SODARUserAdditionalEmail,
     SODAR_CONSTANTS,
+    AUTH_TYPE_LDAP,
+    AUTH_TYPE_LOCAL,
     CAT_DELIMITER,
 )
 from projectroles.plugins import get_backend_api
@@ -117,6 +120,7 @@ def get_serialized_user(cls, user):
         ).order_by('email')
         return {
             'additional_emails': [e.email for e in add_emails],
+            'auth_type': user.get_auth_type(),
             'email': user.email,
             'is_superuser': user.is_superuser,
             'name': user.name,
@@ -3388,6 +3392,8 @@ def setUp(self):
         super().setUp()
         # Create additional users
         self.user_ldap = self.make_user('user_ldap@' + LDAP_DOMAIN)
+        group, _ = Group.objects.get_or_create(name=LDAP_DOMAIN.lower())
+        group.user_set.add(self.user_ldap)
         self.url = reverse('projectroles:api_user_current')
 
     def test_get(self):
@@ -3403,9 +3409,11 @@ def test_get(self):
             'email': self.user_ldap.email,
             'additional_emails': [],
             'is_superuser': False,
+            'auth_type': AUTH_TYPE_LDAP,
             'sodar_uuid': str(self.user_ldap.sodar_uuid),
         }
         self.assertEqual(response_data, expected)
+        self.assertIn('auth_type', response_data)
 
     def test_get_superuser(self):
         """Test GET as superuser"""
@@ -3418,12 +3426,13 @@ def test_get_superuser(self):
             'email': self.user.email,
             'additional_emails': [],
             'is_superuser': True,
+            'auth_type': AUTH_TYPE_LOCAL,
             'sodar_uuid': str(self.user.sodar_uuid),
         }
         self.assertEqual(response_data, expected)
 
     def test_get_additional_email(self):
-        """Test CurrentUserRetrieveAPIView GET with additional email"""
+        """Test GET with additional email"""
         self.make_email(self.user_ldap, ADD_EMAIL)
         response = self.request_knox(
             self.url, token=self.get_token(self.user_ldap)
@@ -3436,10 +3445,20 @@ def test_get_additional_email(self):
             'email': self.user_ldap.email,
             'additional_emails': [ADD_EMAIL],
             'is_superuser': False,
+            'auth_type': AUTH_TYPE_LDAP,
             'sodar_uuid': str(self.user_ldap.sodar_uuid),
         }
         self.assertEqual(response_data, expected)
 
+    def test_get_v1_0(self):
+        """Test GET with version 1.0"""
+        response = self.request_knox(
+            self.url, token=self.get_token(self.user_ldap), version='1.0'
+        )
+        self.assertEqual(response.status_code, 200)
+        response_data = json.loads(response.content)
+        self.assertNotIn('auth_type', response_data)
+
 
 class TestAPIVersioning(ProjectrolesAPIViewTestBase):
     """Tests for REST API view versioning using ProjectRetrieveAPIView"""

projectroles/views_api.py

@@ -1364,11 +1364,16 @@ class CurrentUserRetrieveAPIView(
     For current user:
 
     - ``additional_emails``: Additional verified email addresses for user (list of strings)
+    - ``auth_type``: User authentication type (string)
     - ``email``: Email address of the user (string)
     - ``is_superuser``: Superuser status (boolean)
     - ``name``: Full name of the user (string)
     - ``sodar_uuid``: User UUID (string)
     - ``username``: Username of the user (string)
+
+    **Version Changes**:
+
+    - ``1.1``: Add ``auth_type`` field
     """
 
     permission_classes = [IsAuthenticated]