ramon
/
skillbox
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects 1 Releases 1 Wiki Activity

Split token and local login

This commit is contained in:
Christian Cueni 2020-02-18 14:36:49 +01:00
parent 42d16caafc
commit 3c72c9559e
9 changed files with 276 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
client/cypress/fixtures/schema_public.json
View File

@ -1,4 +1,5 @@
{
"__schema": {
"queryType": {
"name": "Query"
@ -357,17 +358,7 @@
"fields": null,
"inputFields": [
{
"name": "usernameInput",
"description": null,
"type": {
"kind": "SCALAR",
"name": "String",
"ofType": null
},
"defaultValue": null
},
{
"name": "passwordInput",
"name": "tokenInput",
"description": null,
"type": {
"kind": "SCALAR",

9
client/src/graphql/gql/mutations/loginLocal.gql Normal file
View File

@ -0,0 +1,9 @@
mutation Login($input: LoginInput!) {
login(input: $input) {
success
message
errors {
field
}
}
}

2
client/src/main.js
View File

@ -165,7 +165,7 @@ router.beforeEach(async (to, from, next) => {
return;
}
if (to.name !== 'licenseActivation' && await redirectUsersWithoutValidLicense()) {
if (to.name !== 'licenseActivation' && loginRequired(to) && await redirectUsersWithoutValidLicense()) {
next({name: 'licenseActivation'})
return;
}

3
client/src/pages/login.vue
View File

@ -76,8 +76,7 @@ export default {
mutation: LOGIN_MUTATION,
variables: {
input: {
usernameInput: that.helloEmail,
passwordInput: token
tokenInput: token
}
},
update(

3
server/core/settings.py
View File

@ -370,8 +370,7 @@ TASKBASE_SUPERPASSWORD = os.environ.get("TASKBASE_SUPERPASSWORD")
TASKBASE_BASEURL = os.environ.get("TASKBASE_BASEURL")
USE_LOCAL_REGISTRATION = False
ALLOW_LOCAL_REGISTRATION = False
# HEP
HEP_ADMIN_USER = "myskillbox"

2
server/core/tests/mock_data/valid_student_orders.json
View File

@ -99,7 +99,7 @@
"row_invoiced": 0,
"row_total": 44.88,
"row_total_incl_tax": 46,
"sku": "123-4-5678-9012-3",
"sku": "978-3-0355-0708-9",
"store_id": 1,
"tax_amount": 1.12,
"tax_invoiced": 0,

57
server/users/mutations_public.py
View File

@ -32,40 +32,51 @@ class Login(relay.ClientIDMutation):
@classmethod
def mutate_and_get_payload(cls, root, info, **kwargs):
username = kwargs.get('username_input')
if settings.USE_LOCAL_REGISTRATION:
if settings.ALLOW_LOCAL_REGISTRATION:
password = kwargs.get('password_input')
username = kwargs.get('username_input')
user = authenticate(username=username, password=password)
if user is None:
return cls.return_login_message('invalid_credentials')
login(info.context, user)
else:
hep_client = HepClient()
token = kwargs.get('password_input')
return cls(success=False, errors=[{'field': 'not_implemented'}], message='')
try:
user_data = hep_client.customer_me(token)
except HepClientUnauthorizedException:
return cls.return_login_message('invalid_credentials')
except HepClientException:
return cls.return_login_message(UNKNOWN_ERROR)
user, status_msg = handle_user_and_verify_products(user_data)
class Login(relay.ClientIDMutation):
class Input:
token_input = graphene.String()
# sync email if user changed it on hep account
if user.email != user_data['email']:
user.email = user_data['email']
user.username = user_data['email']
user.save()
success = graphene.Boolean()
message = graphene.String()
errors = graphene.List(LoginError) # todo: change for consistency
if user and status_msg != EMAIL_NOT_VERIFIED:
login(info.context, user)
@classmethod
def mutate_and_get_payload(cls, root, info, **kwargs):
if status_msg:
return cls.return_login_message(status_msg)
hep_client = HepClient()
token = kwargs.get('token_input')
try:
user_data = hep_client.customer_me(token)
except HepClientUnauthorizedException:
return cls.return_login_message('invalid_credentials')
except HepClientException:
return cls.return_login_message(UNKNOWN_ERROR)
user, status_msg = handle_user_and_verify_products(user_data)
# sync email if user changed it on hep account
if user.email != user_data['email']:
user.email = user_data['email']
user.username = user_data['email']
user.save()
if user and status_msg != EMAIL_NOT_VERIFIED:
login(info.context, user)
if status_msg:
return cls.return_login_message(status_msg)
return cls(success=True, errors=[], message='success')

210
server/users/tests/test_local_login.py Normal file
View File

@ -0,0 +1,210 @@
# -*- coding: utf-8 -*-
#
# ITerativ GmbH
# http://www.iterativ.ch/
#
# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
#
# Created on 2019-10-02
# @author: chrigu <christian.cueni@iterativ.ch>
import json
import os
from datetime import timedelta
from unittest.mock import patch
import requests
from django.contrib.sessions.middleware import SessionMiddleware
from django.test import TestCase, RequestFactory
from django.utils import timezone
from graphene.test import Client
from api.schema_public import schema
from core.factories import UserFactory
from core.hep_client import HepClient
from core.tests.mock_hep_data_factory import MockResponse, ME_DATA, VALID_STUDENT_ORDERS, VALID_TEACHERS_ORDERS, \
NOT_CONFIRMED_ME
from registration.factories import LicenseFactory
from registration.models import License
from users.models import Role, User, SchoolClass
TOKEN = 'abcd12345!'
class LoginTests(TestCase):
def setUp(self):
self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id'])
Role.objects.create_default_roles()
self.teacher_role = Role.objects.get_default_teacher_role()
request = RequestFactory().post('/')
# adding session
middleware = SessionMiddleware()
middleware.process_request(request)
request.session.save()
self.client = Client(schema=schema, context_value=request)
def make_login_mutation(self, username, password):
mutation = '''
mutation Login($input: LoginInput!){
login(input: $input) {
success
message
errors {
field
}
}
}
'''
return self.client.execute(mutation, variables={
'input': {
'usernameInput': username,
'passwordInput': password
}
})
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock):
self.user.hep_id = ME_DATA['id']
self.user.save()
now = timezone.now()
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
def test_user_can_login_with_updated_email(self, me_mock):
old_mail = 'aschi@iterativ.ch'
self.user.hep_id = ME_DATA['id']
self.user.email = old_mail
self.user.username = old_mail
self.user.save()
now = timezone.now()
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
user = User.objects.get(hep_id=self.user.hep_id)
self.assertEqual(user.username, ME_DATA['email'])
self.assertEqual(user.email, ME_DATA['email'])
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock):
self.user.hep_id = ME_DATA['id']
self.user.save()
now = timezone.now()
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_teacher_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
user = User.objects.get(email=ME_DATA['email'])
user_role_key = user.user_roles.get(user=user).role.key
self.assertEqual(user_role_key, Role.objects.TEACHER_KEY)
license = License.objects.get(licensee=user)
self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY)
school_class = SchoolClass.objects.get(users__in=[user])
self.assertIsNotNone(school_class)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token':'AABBCCDDEE**44566'})
def test_student_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
user = User.objects.get(email=ME_DATA['email'])
user_role_key = user.user_roles.get(user=user).role.key
self.assertEqual(user_role_key, Role.objects.STUDENT_KEY)
license = License.objects.get(licensee=user)
self.assertEqual(license.for_role.key, Role.objects.STUDENT_KEY)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@patch.object(requests, 'post', return_value=MockResponse(401))
def test_user_with_no_login_cannot_login(self, post_mock):
result = self.make_login_mutation('some@some.ch', 'some')
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials')
@patch.object(HepClient, 'is_email_verified', return_value=False)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
User.objects.get(email=ME_DATA['email'])
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_user_can_login_without_license(self, me_mock, product_mock, admin_token_mock):
result = self.make_login_mutation(self.user.email, TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_user_can_login_local_license_invalid(self, product_mock, me_mock, admin_token_mock):
now = timezone.now()
expiry_date = now - timedelta(1)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
self.assertTrue(self.user.is_authenticated)
@patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME)
def test_user_can_login_with_unconfirmed_email(self, me_mock):
result = self.make_login_mutation(self.user.email, TOKEN)
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
@patch.object(requests, 'get', return_value=MockResponse(500))
def test_user_gets_notified_if_server_error(self, post_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'unknown_error')

35
server/users/tests/test_login.py
View File

@ -9,12 +9,12 @@
# @author: chrigu <christian.cueni@iterativ.ch>
import json
import os
from datetime import timedelta, datetime
from datetime import timedelta
from unittest.mock import patch
import requests
from django.contrib.sessions.middleware import SessionMiddleware
from django.test import TestCase, RequestFactory, override_settings
from django.test import TestCase, RequestFactory
from django.utils import timezone
from graphene.test import Client
@ -30,7 +30,7 @@ from users.models import Role, User, SchoolClass
TOKEN = 'abcd12345!'
class PasswordResetTests(TestCase):
class LoginTests(TestCase):
def setUp(self):
self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id'])
Role.objects.create_default_roles()
@ -44,7 +44,7 @@ class PasswordResetTests(TestCase):
request.session.save()
self.client = Client(schema=schema, context_value=request)
def make_login_mutation(self, username, password):
def make_login_mutation(self, token):
mutation = '''
mutation Login($input: LoginInput!){
login(input: $input) {
@ -59,8 +59,7 @@ class PasswordResetTests(TestCase):
return self.client.execute(mutation, variables={
'input': {
'usernameInput': username,
'passwordInput': password
'tokenInput': token
}
})
@ -74,7 +73,7 @@ class PasswordResetTests(TestCase):
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@ -93,7 +92,7 @@ class PasswordResetTests(TestCase):
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
user = User.objects.get(hep_id=self.user.hep_id)
@ -112,7 +111,7 @@ class PasswordResetTests(TestCase):
expiry_date = now + timedelta(365)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertTrue(self.user.is_authenticated)
@ -121,7 +120,7 @@ class PasswordResetTests(TestCase):
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_teacher_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
result = self.make_login_mutation(TOKEN)
user = User.objects.get(email=ME_DATA['email'])
@ -139,10 +138,10 @@ class PasswordResetTests(TestCase):
@patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token':'AABBCCDDEE**44566'})
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_student_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
result = self.make_login_mutation(TOKEN)
user = User.objects.get(email=ME_DATA['email'])
user_role_key = user.user_roles.get(user=user).role.key
@ -156,7 +155,7 @@ class PasswordResetTests(TestCase):
@patch.object(requests, 'post', return_value=MockResponse(401))
def test_user_with_no_login_cannot_login(self, post_mock):
result = self.make_login_mutation('some@some.ch', 'some')
result = self.make_login_mutation('some')
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials')
@ -164,7 +163,7 @@ class PasswordResetTests(TestCase):
@patch.object(HepClient, 'is_email_verified', return_value=False)
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
result = self.make_login_mutation(TOKEN)
User.objects.get(email=ME_DATA['email'])
@ -175,7 +174,7 @@ class PasswordResetTests(TestCase):
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
def test_user_can_login_without_license(self, me_mock, product_mock, admin_token_mock):
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
@ -189,7 +188,7 @@ class PasswordResetTests(TestCase):
expiry_date = now - timedelta(1)
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertTrue(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
@ -197,14 +196,14 @@ class PasswordResetTests(TestCase):
@patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME)
def test_user_can_login_with_unconfirmed_email(self, me_mock):
result = self.make_login_mutation(self.user.email, TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
@patch.object(requests, 'get', return_value=MockResponse(500))
def test_user_gets_notified_if_server_error(self, post_mock):
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
result = self.make_login_mutation(TOKEN)
self.assertFalse(result.get('data').get('login').get('success'))
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'unknown_error')