feat(amazon-sp): validate credentials on save

frappe · Feb 28, 2022 · 3119501 · 3119501
1 parent f8ac70b
commit 3119501
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 18 deletions.
diff --git a/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_repository.py b/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_repository.py
@@ -536,6 +536,29 @@ def get_report_document(self, report_id):
 
 
 # Helper functions
+def validate_credentials(credentials):
+	api = sp_api.SPAPI(
+		iam_arn=credentials.get("iam_arn"),
+		client_id=credentials.get("client_id"),
+		client_secret=credentials.get_password("client_secret"),
+		refresh_token=credentials.get("refresh_token"),
+		aws_access_key=credentials.get("aws_access_key"),
+		aws_secret_key=credentials.get_password("aws_secret_key"),
+		country_code=credentials.get("country"),
+	)
+
+	try:
+		# validate client_id, client_secret and refresh_token.
+		api.get_access_token()
+
+		# validate aws_access_key, aws_secret_key, region and iam_arn.
+		api.get_auth()
+
+	except sp_api.SPAPIError as e:
+		msg = f"<b>Error:</b> {e.error}<br/><b>Error Description:</b> {e.error_description}"
+		frappe.throw(msg)
+
+
 def get_orders(created_after):
 	amazon_repository = AmazonRepository()
 	return amazon_repository.get_orders(created_after)

diff --git a/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_sp_api.py b/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_sp_api.py
@@ -253,27 +253,32 @@ def get_access_token(self) -> str:
 		raise exception
 
 	def get_auth(self) -> AWSSigV4:
-		client = boto3.client(
-			"sts",
-			aws_access_key_id=self.aws_access_key,
-			aws_secret_access_key=self.aws_secret_key,
-			region_name=self.region,
-		)
+		try:
+			client = boto3.client(
+				"sts",
+				aws_access_key_id=self.aws_access_key,
+				aws_secret_access_key=self.aws_secret_key,
+				region_name=self.region,
+			)
 
-		response = client.assume_role(RoleArn=self.iam_arn, RoleSessionName="SellingPartnerAPI")
+			response = client.assume_role(RoleArn=self.iam_arn, RoleSessionName="SellingPartnerAPI")
 
-		credentials = response["Credentials"]
-		access_key_id = credentials["AccessKeyId"]
-		secret_access_key = credentials["SecretAccessKey"]
-		session_token = credentials["SessionToken"]
+			credentials = response["Credentials"]
+			access_key_id = credentials["AccessKeyId"]
+			secret_access_key = credentials["SecretAccessKey"]
+			session_token = credentials["SessionToken"]
 
-		return AWSSigV4(
-			service="execute-api",
-			aws_access_key_id=access_key_id,
-			aws_secret_access_key=secret_access_key,
-			aws_session_token=session_token,
-			region=self.region,
-		)
+			return AWSSigV4(
+				service="execute-api",
+				aws_access_key_id=access_key_id,
+				aws_secret_access_key=secret_access_key,
+				aws_session_token=session_token,
+				region=self.region,
+			)
+		except Exception as e:
+			raise SPAPIError(
+				error="invalid_aws_credentials", error_description=e
+			)
 
 	def get_headers(self) -> dict:
 		return {"x-amz-access-token": self.get_access_token()}

diff --git a/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_sp_api_settings.py b/ecommerce_integrations/amazon/doctype/amazon_sp_api_settings/amazon_sp_api_settings.py
@@ -8,6 +8,7 @@
 from frappe.model.document import Document
 
 from ecommerce_integrations.amazon.doctype.amazon_sp_api_settings.amazon_repository import (
+	validate_credentials,
 	get_orders,
 	get_products_details,
 )
@@ -16,6 +17,7 @@
 class AmazonSPAPISettings(Document):
 	def validate(self):
 		if self.enable_amazon == 1:
+			validate_credentials(self)
 			setup_custom_fields()
 		else:
 			self.enable_sync = 0