Used merchant user IDs to check for access

MarkusH · MarkusH · commit 0ab459e30b5c · 2017-04-25T16:29:19.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,8 @@
   installation requirements as it's required for the added manual ident URLs
   feature.
 
+* Added support to check for access based on `muid` instead of `lptoken`.
+
 ## 5.2.0
 
 * Added constants outlining expiration and duration time bases for purchases
diff --git a/laterpay/__init__.py b/laterpay/__init__.py
@@ -343,7 +343,7 @@ def get_access_url(self):
         """
         return self._access_url
 
-    def get_access_params(self, article_ids, lptoken=None):
+    def get_access_params(self, article_ids, lptoken=None, muid=None):
         """
         Return a params ``dict`` for /access call.
 
@@ -352,6 +352,7 @@ def get_access_params(self, article_ids, lptoken=None):
         :param article_ids: list of article ids or a single article id as a
                             string
         :param lptoken: optional lptoken as `str`
+        :param str muid: merchant defined user ID. Optional.
         """
         if not isinstance(article_ids, (list, tuple)):
             article_ids = [article_ids]
@@ -363,6 +364,13 @@ def get_access_params(self, article_ids, lptoken=None):
             'article_id': article_ids,
         }
 
+        if muid:
+            # TODO: The behavior when lptoken and muid are given is not yet
+            # defined. Thus we'll allow both at the same time for now. It might
+            # be that in the end only one is allowed or one is prefered over
+            # the other.
+            params['muid'] = muid
+
         params['hmac'] = signing.sign(
             secret=self.shared_secret,
             params=params.copy(),
@@ -372,7 +380,7 @@ def get_access_params(self, article_ids, lptoken=None):
 
         return params
 
-    def get_access_data(self, article_ids, lptoken=None):
+    def get_access_data(self, article_ids, lptoken=None, muid=None):
         """
         Perform a request to /access API and return obtained data.
 
@@ -383,8 +391,9 @@ def get_access_data(self, article_ids, lptoken=None):
         :param article_ids: list of article ids or a single article id as a
                             string
         :param lptoken: optional lptoken as `str`
+        :param str muid: merchant defined user ID. Optional.
         """
-        params = self.get_access_params(article_ids=article_ids, lptoken=lptoken)
+        params = self.get_access_params(article_ids=article_ids, lptoken=lptoken, muid=muid)
         url = self.get_access_url()
         headers = self.get_request_headers()
 
diff --git a/tests/test_client.py b/tests/test_client.py
@@ -326,6 +326,7 @@ def test_get_access_data_success(self, time_time_mock, sign_mock):
         data = client.get_access_data(
             ['article-1', 'article-2'],
             lptoken='fake-lptoken',
+            muid='some-user',
         )
 
         self.assertEqual(data, {
@@ -348,6 +349,7 @@ def test_get_access_data_success(self, time_time_mock, sign_mock):
         self.assertEqual(qd['cp'], ['fake-cp-key'])
         self.assertEqual(qd['article_id'], ['article-1', 'article-2'])
         self.assertEqual(qd['hmac'], ['fake-signature'])
+        self.assertEqual(qd['muid'], ['some-user'])
 
         sign_mock.assert_called_once_with(
             secret='fake-shared-secret',
@@ -356,6 +358,7 @@ def test_get_access_data_success(self, time_time_mock, sign_mock):
                 'article_id': ['article-1', 'article-2'],
                 'ts': '123',
                 'lptoken': 'fake-lptoken',
+                'muid': 'some-user',
             },
             url='http://example.net/access',
             method='GET',
@@ -368,13 +371,22 @@ def test_get_access_params(self, time_time_mock, sign_mock):
         sign_mock.return_value = 'fake-signature'
 
         params = self.lp.get_access_params('article-1', lptoken='fake-lptoken')
+        self.assertEqual(params, {
+            'cp': 1,
+            'ts': '123',
+            'lptoken': 'fake-lptoken',
+            'article_id': ['article-1'],
+            'hmac': 'fake-signature',
+        })
 
+        params = self.lp.get_access_params('article-1', lptoken='fake-lptoken', muid='some-user')
         self.assertEqual(params, {
             'cp': '1',
             'ts': '123',
             'lptoken': 'fake-lptoken',
             'article_id': ['article-1'],
             'hmac': 'fake-signature',
+            'muid': 'some-user',
         })
 
     @mock.patch('time.time')
