Refactor user_profile to use blueprints

fixes #1989, fixes #2059 This migrates the code for the user profile resource to use blueprints. It also fixes an issue where the PUT operation allowed malicious injection attacks on our database.
PolicyEngine · Dec 23, 2024 · 8fd9c30 · 8fd9c30
1 parent 89f516b
commit 8fd9c30
Show file tree

Hide file tree

Showing 7 changed files with 228 additions and 249 deletions.
diff --git a/changelog_entry.yaml b/changelog_entry.yaml
@@ -0,0 +1,6 @@
+- bump: patch
+  changes:
+    changed:
+      - updated the user_profile endpoints to use blueprints instead of endpoints.
+    fixed:
+      - updated the user profile endpoint to resist injection attacks on update.
diff --git a/policyengine_api/api.py b/policyengine_api/api.py
@@ -21,6 +21,7 @@
 )
 from policyengine_api.routes.tracer_analysis_routes import tracer_analysis_bp
 from policyengine_api.routes.metadata_routes import metadata_bp
+from policyengine_api.routes.user_profile_routes import user_profile_bp
 
 from .endpoints import (
     get_home,
@@ -32,9 +33,6 @@
     set_user_policy,
     get_user_policy,
     update_user_policy,
-    set_user_profile,
-    get_user_profile,
-    update_user_profile,
     get_simulations,
 )
 
@@ -100,11 +98,7 @@
     get_user_policy
 )
 
-app.route("/<country_id>/user-profile", methods=["POST"])(set_user_profile)
-
-app.route("/<country_id>/user-profile", methods=["GET"])(get_user_profile)
-
-app.route("/<country_id>/user-profile", methods=["PUT"])(update_user_profile)
+app.register_blueprint(user_profile_bp)
 
 app.route("/simulations", methods=["GET"])(get_simulations)
 

diff --git a/policyengine_api/endpoints/__init__.py b/policyengine_api/endpoints/__init__.py
@@ -12,9 +12,4 @@
     update_user_policy,
 )
 
-from .user_profile import (
-    set_user_profile,
-    get_user_profile,
-    update_user_profile,
-)
 from .simulation import get_simulations
diff --git a/policyengine_api/endpoints/user_profile.py b/policyengine_api/endpoints/user_profile.py