diff --git a/server/core/hep_client.py b/server/core/hep_client.py index 1499ab5f..1cca39bd 100644 --- a/server/core/hep_client.py +++ b/server/core/hep_client.py @@ -70,8 +70,8 @@ class HepClient: data={'customerEmail': email, 'websiteId': self.WEBSITE_ID}) return response.json() - def is_email_verified(self, email): - return True + def is_email_verified(self, user_data): + return 'confirmation' not in user_data def customer_verify_email(self, confirmation_key): response = self._call('/rest/V1/customers/me', method='put', data={'confirmationKey': confirmation_key}) diff --git a/server/users/managers.py b/server/users/managers.py index 7bc24278..5b489747 100644 --- a/server/users/managers.py +++ b/server/users/managers.py @@ -99,12 +99,11 @@ class UserManager(DjangoUserManager): user.save() return user - def create_user_from_hep(self, token): - hep_client = HepClient() - me_data = hep_client.customer_me(token) + def create_user_from_hep(self, user_data): user = self.user = self._create_user_with_random_password_no_save( - me_data['firstname'], me_data['lastname'], me_data['email']) + user_data['firstname'], user_data['lastname'], user_data['email']) - user.hep_id = me_data['id'] + user.hep_id = user_data['id'] + user.hep_gruop_id = user_data['group_id'] user.save() return user diff --git a/server/users/migrations/0012_user_hep_group_id.py b/server/users/migrations/0012_user_hep_group_id.py new file mode 100644 index 00000000..b2e624d7 --- /dev/null +++ b/server/users/migrations/0012_user_hep_group_id.py @@ -0,0 +1,18 @@ +# Generated by Django 2.0.6 on 2020-01-30 05:50 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0011_user_hep_id'), + ] + + operations = [ + migrations.AddField( + model_name='user', + name='hep_group_id', + field=models.PositiveIntegerField(null=True), + ), + ] diff --git a/server/users/models.py b/server/users/models.py index 24da0250..c70bc8c8 100644 --- a/server/users/models.py +++ b/server/users/models.py @@ -16,6 +16,7 @@ class User(AbstractUser): avatar_url = models.CharField(max_length=254, blank=True, default='') email = models.EmailField(_('email address'), unique=True) hep_id = models.PositiveIntegerField(null=True, blank=False) + hep_group_id = models.PositiveIntegerField(null=True, blank=False) objects = UserManager() diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py index 995f7c6e..05ca4047 100644 --- a/server/users/mutations_public.py +++ b/server/users/mutations_public.py @@ -47,7 +47,7 @@ class Login(relay.ClientIDMutation): token = kwargs.get('token') try: - hep_client.customer_me(token) + user_data = hep_client.customer_me(token) except HepClientUnauthorizedException: return cls.return_login_error('invalid_credentials') except HepClientException: @@ -56,15 +56,15 @@ class Login(relay.ClientIDMutation): try: user = User.objects.get(email=username) except User.DoesNotExist: - user = User.objects.create_user_from_hep(token) + user = User.objects.create_user_from_hep(user_data) - #is this needed? + #todo is this needed? magento_token, created = MagentoToken.objects.get_or_create(user=user) magento_token.token = token magento_token.save() try: - if not hep_client.is_email_verified(username): + if not hep_client.is_email_verified(user_data): return cls.return_login_error('email_not_verified') except HepClientException: return cls.return_login_error('unknown_error') diff --git a/server/users/tests/test_data/email_not_confirmed_me.json b/server/users/tests/test_data/email_not_confirmed_me.json new file mode 100644 index 00000000..d9590f6b --- /dev/null +++ b/server/users/tests/test_data/email_not_confirmed_me.json @@ -0,0 +1,41 @@ +{ + "id": 49124, + "group_id": 1, + "default_billing": "47579", + "default_shipping": "47579", + "confirmation": "41b58ba6598a618095e8c70625d7f052", + "created_at": "2018-07-19 15:05:27", + "updated_at": "2019-11-26 17:04:29", + "created_in": "hep verlag", + "email": "1heptest19072018@mailinator.com", + "firstname": "Test", + "lastname": "Test", + "prefix": "Frau", + "gender": 2, + "store_id": 1, + "website_id": 1, + "addresses": [ + { + "id": 47579, + "customer_id": 49124, + "region": { + "region_code": null, + "region": null, + "region_id": 0 + }, + "region_id": 0, + "country_id": "CH", + "street": [ + "Test" + ], + "telephone": "", + "postcode": "0000", + "city": "Test", + "firstname": "Test", + "lastname": "Test", + "prefix": "Frau", + "default_shipping": true, + "default_billing": true + } + ] +} diff --git a/server/users/tests/test_data/me_data.json b/server/users/tests/test_data/me_data.json index d9590f6b..111c8d94 100644 --- a/server/users/tests/test_data/me_data.json +++ b/server/users/tests/test_data/me_data.json @@ -3,7 +3,6 @@ "group_id": 1, "default_billing": "47579", "default_shipping": "47579", - "confirmation": "41b58ba6598a618095e8c70625d7f052", "created_at": "2018-07-19 15:05:27", "updated_at": "2019-11-26 17:04:29", "created_in": "hep verlag", diff --git a/server/users/tests/test_login.py b/server/users/tests/test_login.py index 9453d579..20943c32 100644 --- a/server/users/tests/test_login.py +++ b/server/users/tests/test_login.py @@ -51,7 +51,11 @@ with open('{}/test_data/valid_student_orders.json'.format(dir_path), 'r') as fil with open('{}/test_data/me_data.json'.format(dir_path), 'r') as file: me_data = file.read() +with open('{}/test_data/email_not_confirmed_me.json'.format(dir_path), 'r') as file: + not_confirmed_email_me_data = file.read() + ME_DATA = json.loads(me_data) +NOT_CONFIRMED_ME = json.loads(not_confirmed_email_me_data) valid_teacher_order_items = json.loads(valid_teacher_order_data) VALID_TEACHERS_ORDERS = make_orders_valid(valid_teacher_order_items) @@ -109,7 +113,7 @@ class PasswordResetTests(TestCase): expiry_date = now + timedelta(365) LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() - result = self.make_login_mutation(self.user.email, 'test123') + result = self.make_login_mutation(self.user.email, TOKEN) self.assertTrue(result.get('data').get('login').get('success')) self.assertTrue(self.user.is_authenticated) @@ -117,7 +121,7 @@ class PasswordResetTests(TestCase): @patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) def test_teacher_can_login_with_local_user_and_remote_license(self, order_mock, me_token): - result = self.make_login_mutation(ME_DATA['email'], 'test123') + result = self.make_login_mutation(ME_DATA['email'], TOKEN) user = User.objects.get(email=ME_DATA['email']) @@ -136,7 +140,7 @@ class PasswordResetTests(TestCase): @patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) def test_student_can_login_with_local_user_and_remote_license(self, order_mock, me_token): - result = self.make_login_mutation(ME_DATA['email'], 'test123') + result = self.make_login_mutation(ME_DATA['email'], TOKEN) user = User.objects.get(email=ME_DATA['email']) @@ -151,7 +155,7 @@ class PasswordResetTests(TestCase): @patch.object(requests, 'post', return_value=MockResponse(401)) def test_user_with_no_login_cannot_login(self, post_mock): - result = self.make_login_mutation(ME_DATA['email'], 'test123') + result = self.make_login_mutation(ME_DATA['email'], TOKEN) self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials') @@ -159,7 +163,7 @@ class PasswordResetTests(TestCase): @patch.object(HepClient, 'is_email_verified', return_value=False) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock): - result = self.make_login_mutation(ME_DATA['email'], 'test123') + result = self.make_login_mutation(ME_DATA['email'], TOKEN) user = User.objects.get(email=ME_DATA['email']) @@ -169,7 +173,7 @@ class PasswordResetTests(TestCase): @patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) def test_user_cannot_login_without_license(self, me_mock, product_mock): - result = self.make_login_mutation(self.user.email, 'test123') + result = self.make_login_mutation(self.user.email, TOKEN) self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license') @@ -180,14 +184,21 @@ class PasswordResetTests(TestCase): expiry_date = now - timedelta(1) LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() - result = self.make_login_mutation(self.user.email, 'test123') + result = self.make_login_mutation(self.user.email, TOKEN) self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license') + @patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME) + def test_user_cannot_login_with_unconfirmed_email(self, me_mock): + result = self.make_login_mutation(self.user.email, TOKEN) + + self.assertFalse(result.get('data').get('login').get('success')) + self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified') + @patch.object(requests, 'get', return_value=MockResponse(500)) def test_user_gets_notified_if_server_error(self, post_mock): - result = self.make_login_mutation(ME_DATA['email'], 'test123') + result = self.make_login_mutation(ME_DATA['email'], TOKEN) self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'unknown_error')