Return persisted identities in get_request_status view (#860)

ethyca · Jul 13, 2022 · 7929220 · 7929220
1 parent f54e07f
commit 7929220
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 29 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -29,11 +29,11 @@ The types of changes are:
 * Adds exact match identity search to the privacy request status endpoint [#765](https://github.com/ethyca/fidesops/pull/847/)
 
 ### Changed
-* Changed wording on Admin UI login page [#774](https://github.com/ethyca/fidesops/pull/774)
-* Fixed typos in Admin UI [#774](https://github.com/ethyca/fidesops/pull/774)
 * Update clipboard icon in Admin UI [#838](https://github.com/ethyca/fidesops/pull/838)
 * Stop masking uvicorn logs by default [#831](https://github.com/ethyca/fidesops/pull/831)
 * Bump fideslib to handle base64 encoded password [#820](https://github.com/ethyca/fidesops/pull/820)
+* Return identity data from application DB, instead of cache [#860](https://github.com/ethyca/fidesops/pull/860)
+* Update admin ui to be served from the root route `/` [#720](https://github.com/ethyca/fidesops/pull/720)
 
 ### Developer Experience
 * Replace user authentication routes with fideslib routes [#811](https://github.com/ethyca/fidesops/pull/811)
@@ -43,6 +43,8 @@ The types of changes are:
 * Backend UI deployment [#827](https://github.com/ethyca/fidesops/pull/827)
 * Fix publish_docs CI action [#818](https://github.com/ethyca/fidesops/pull/818)
 * Reorganize docs and standardize formatting [#858](https://github.com/ethyca/fidesops/pull/858)
+* Changed wording on Admin UI login page [#774](https://github.com/ethyca/fidesops/pull/774)
+* Fixed typos in Admin UI [#774](https://github.com/ethyca/fidesops/pull/774)
 
 ### Fixed
 * Resolve issue with MyPy seeing files in fidesops as missing imports [#719](https://github.com/ethyca/fidesops/pull/719)
@@ -53,11 +55,6 @@ The types of changes are:
 * [User Management] Refactored New and Edit user pages to reduce duplicate code [#839]https://github.com/ethyca/fidesops/pull/839
 * Fix error when there are no scopes in `ClientDetail` [#830](https://github.com/ethyca/fidesops/pull/830)
 
-### Docs
-* Backend UI deployment [#827](https://github.com/ethyca/fidesops/pull/827)
-* Fix publish_docs CI action [#818](https://github.com/ethyca/fidesops/pull/818)
-* Bump fideslib to handle base64 encoded password [#820](https://github.com/ethyca/fidesops/pull/820)
-* Stop masking uvicorn logs by default [#831](https://github.com/ethyca/fidesops/pull/831)
 
 ## [1.6.1](https://github.com/ethyca/fidesops/compare/1.6.0...1.6.1)
 

diff --git a/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py b/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py
@@ -255,7 +255,7 @@ def privacy_request_csv_download(
         csv_file.writerow(
             [
                 pr.created_at,
-                pr.get_cached_identity_data(),
+                pr.get_persisted_identity().dict(),
                 pr.policy.key if pr.policy else None,
                 pr.status.value if pr.status else None,
                 pr.reviewed_by,
@@ -509,7 +509,7 @@ def get_request_status(
         # Conditionally include the cached identity data in the response if
         # it is explicitly requested
         for item in paginated.items:  # type: ignore
-            item.identity = item.get_cached_identity_data()
+            item.identity = item.get_persisted_identity().dict()
             attach_resume_instructions(item)
     else:
         for item in paginated.items:  # type: ignore
@@ -635,6 +635,8 @@ def resume_privacy_request(
 ) -> PrivacyRequestResponse:
     """Resume running a privacy request after it was paused by a Pre-Execution webhook"""
     privacy_request = get_privacy_request_or_error(db, privacy_request_id)
+    # We don't want to persist derived identities because they have not been provided
+    # by the end user
     privacy_request.cache_identity(webhook_callback.derived_identity)  # type: ignore
 
     if privacy_request.status != PrivacyRequestStatus.paused:

diff --git a/src/fidesops/models/privacy_request.py b/src/fidesops/models/privacy_request.py
@@ -482,6 +482,8 @@ def trigger_policy_webhook(self, webhook: WebhookTypes) -> None:
             logger.info(
                 f"Updating known identities on privacy request {self.id} from webhook {webhook.key}."
             )
+            # Don't persist derived identities because they aren't provided directly
+            # by the end user
             self.cache_identity(response_body.derived_identity)
 
         # Pause execution if instructed

diff --git a/src/fidesops/schemas/privacy_request.py b/src/fidesops/schemas/privacy_request.py
@@ -135,7 +135,7 @@ class PrivacyRequestResponse(BaseSchema):
     # as it is an API response field, and we don't want to reveal any more
     # about our PII structure than is explicitly stored in the cache on request
     # creation.
-    identity: Optional[Dict[str, str]]
+    identity: Optional[Dict[str, Optional[str]]]
     policy: PolicySchema
     stopped_collection_details: Optional[StoppedCollectionDetails] = None
     resume_endpoint: Optional[str]

diff --git a/tests/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/api/v1/endpoints/test_privacy_request_endpoints.py
@@ -640,7 +640,7 @@ def test_get_privacy_requests_with_identity(
         assert resp["items"][0]["id"] == succeeded_privacy_request.id
         assert (
             resp["items"][0]["identity"]
-            == succeeded_privacy_request.get_cached_identity_data()
+            == succeeded_privacy_request.get_persisted_identity()
         )
 
         assert resp["items"][0]["policy"]["key"] == privacy_request.policy.key
@@ -710,22 +710,25 @@ def test_filter_privacy_requests_by_internal_id(
         api_client,
         url,
         generate_auth_header,
-        privacy_request,
+        policy,
     ):
+        data = [
+            {
+                "requested_at": "2021-08-30T16:09:37.359Z",
+                "policy_key": policy.key,
+                "identity": {"email": "[email protected]"},
+                "id": "test_internal_id_1",
+            }
+        ]
+        resp = api_client.post(url, json=data)
+        assert resp.status_code == 200
+        response_data = resp.json()["succeeded"]
+        assert len(response_data) == 1
+        privacy_request = PrivacyRequest.get(db=db, object_id=response_data[0]["id"])
         auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ])
-        new_request_id = "test_internal_id_1"
         response = api_client.get(
-            url + f"?request_id={new_request_id}", headers=auth_header
-        )
-        assert response.status_code == status.HTTP_200_OK
-        resp = response.json()
-        assert len(resp["items"]) == 0
-
-        privacy_request.id = new_request_id
-        privacy_request.save(db)
-
-        response = api_client.get(
-            url + f"?request_id={new_request_id}", headers=auth_header
+            url + f"?request_id={privacy_request.id}",
+            headers=auth_header,
         )
         assert response.status_code == status.HTTP_200_OK
         resp = response.json()
@@ -1080,8 +1083,13 @@ def test_get_privacy_requests_csv_format(
         privacy_request.status = PrivacyRequestStatus.approved
         privacy_request.reviewed_by = user.id
         privacy_request.reviewed_at = reviewed_at
+        TEST_EMAIL = "[email protected]"
+        TEST_PHONE = "+1 234 567 8910"
         privacy_request.cache_identity(
-            {"email": "[email protected]", "phone_number": "111-111-1111"}
+            {
+                "email": TEST_EMAIL,
+                "phone_number": TEST_PHONE,
+            }
         )
         privacy_request.save(db)
 
@@ -1102,8 +1110,8 @@ def test_get_privacy_requests_csv_format(
         first_row = next(csv_file)
         assert parse(first_row["Time received"], ignoretz=True) == created_at
         assert ast.literal_eval(first_row["Subject identity"]) == {
-            "email": "[email protected]",
-            "phone_number": "111-111-1111",
+            "email": TEST_EMAIL,
+            "phone_number": TEST_PHONE,
         }
         assert first_row["Policy key"] == "example_access_request_policy"
         assert first_row["Request status"] == "approved"

diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
@@ -32,6 +32,7 @@
 )
 from fidesops.models.privacy_request import PrivacyRequest, PrivacyRequestStatus
 from fidesops.models.storage import ResponseFormat, StorageConfig
+from fidesops.schemas.redis_cache import PrivacyRequestIdentity
 from fidesops.schemas.storage.storage import (
     FileNaming,
     StorageDetails,
@@ -772,10 +773,18 @@ def _create_privacy_request_for_policy(
             microsecond=393185,
             tzinfo=timezone.utc,
         )
-    return PrivacyRequest.create(
+    pr = PrivacyRequest.create(
         db=db,
         data=data,
     )
+    pr.persist_identity(
+        db=db,
+        identity=PrivacyRequestIdentity(
+            email="[email protected]",
+            phone_number="+1 234 567 8910",
+        ),
+    )
+    return pr
 
 
 @pytest.fixture(scope="function")
@@ -839,7 +848,12 @@ def succeeded_privacy_request(cache, db: Session, policy: Policy) -> PrivacyRequ
             "client_id": policy.client_id,
         },
     )
-    pr.cache_identity({"email": "[email protected]"})
+    identity_kwargs = {"email": "[email protected]"}
+    pr.cache_identity(identity_kwargs)
+    pr.persist_identity(
+        db=db,
+        identity=PrivacyRequestIdentity(**identity_kwargs),
+    )
     yield pr
     pr.delete(db)