From a2f634a677c357ebdeb13b11004cf99816cd2905 Mon Sep 17 00:00:00 2001 From: Christian Cueni Date: Thu, 30 Jan 2020 06:47:38 +0100 Subject: [PATCH] Use token --- server/users/mutations_public.py | 9 +++++--- server/users/tests/test_login.py | 38 ++++++++------------------------ 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py index bd2c5238..995f7c6e 100644 --- a/server/users/mutations_public.py +++ b/server/users/mutations_public.py @@ -34,9 +34,9 @@ class Login(relay.ClientIDMutation): def mutate_and_get_payload(cls, root, info, **kwargs): username = kwargs.get('username_input') - password = kwargs.get('password_input') if settings.USE_LOCAL_REGISTRATION: + password = kwargs.get('password_input') user = authenticate(username=username, password=password) if user is None: return cls.return_login_error('invalid_credentials') @@ -44,8 +44,10 @@ class Login(relay.ClientIDMutation): else: hep_client = HepClient() + token = kwargs.get('token') + try: - token = hep_client.customer_token(username, password) + hep_client.customer_me(token) except HepClientUnauthorizedException: return cls.return_login_error('invalid_credentials') except HepClientException: @@ -56,8 +58,9 @@ class Login(relay.ClientIDMutation): except User.DoesNotExist: user = User.objects.create_user_from_hep(token) + #is this needed? magento_token, created = MagentoToken.objects.get_or_create(user=user) - magento_token.token = token['token'] + magento_token.token = token magento_token.save() try: diff --git a/server/users/tests/test_login.py b/server/users/tests/test_login.py index 0d8a46d7..9453d579 100644 --- a/server/users/tests/test_login.py +++ b/server/users/tests/test_login.py @@ -25,7 +25,7 @@ from registration.factories import LicenseFactory from registration.models import License from users.models import Role, MagentoToken, User, SchoolClass -FAKE_TOKEN = 'abcd12345!' +TOKEN = 'abcd12345!' ## Setup json data @@ -102,8 +102,8 @@ class PasswordResetTests(TestCase): } }) - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) - def test_user_can_login_with_local_user_and_valid_local_license(self, token_mock): + @patch.object(HepClient, 'customer_me', return_value=ME_DATA) + def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock): now = timezone.now() expiry_date = now + timedelta(365) @@ -111,21 +111,15 @@ class PasswordResetTests(TestCase): result = self.make_login_mutation(self.user.email, 'test123') - token = MagentoToken.objects.get(user=self.user) - self.assertEqual(token.token, FAKE_TOKEN) - self.assertTrue(result.get('data').get('login').get('success')) self.assertTrue(self.user.is_authenticated) - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) @patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) - def test_teacher_can_login_with_local_user_and_remote_license(self, order_mock, token_mock, me_token): + def test_teacher_can_login_with_local_user_and_remote_license(self, order_mock, me_token): result = self.make_login_mutation(ME_DATA['email'], 'test123') user = User.objects.get(email=ME_DATA['email']) - token = MagentoToken.objects.get(user=user) - self.assertEqual(token.token, FAKE_TOKEN) user_role_key = user.user_roles.get(user=user).role.key self.assertEqual(user_role_key, Role.objects.TEACHER_KEY) @@ -139,15 +133,12 @@ class PasswordResetTests(TestCase): self.assertTrue(result.get('data').get('login').get('success')) self.assertTrue(self.user.is_authenticated) - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) @patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) - def test_student_can_login_with_local_user_and_remote_license(self, order_mock, token_mock, me_token): + def test_student_can_login_with_local_user_and_remote_license(self, order_mock, me_token): result = self.make_login_mutation(ME_DATA['email'], 'test123') user = User.objects.get(email=ME_DATA['email']) - token = MagentoToken.objects.get(user=user) - self.assertEqual(token.token, FAKE_TOKEN) user_role_key = user.user_roles.get(user=user).role.key self.assertEqual(user_role_key, Role.objects.STUDENT_KEY) @@ -165,47 +156,36 @@ class PasswordResetTests(TestCase): self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials') - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) @patch.object(HepClient, 'is_email_verified', return_value=False) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) - def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock, token_mock): + def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock): result = self.make_login_mutation(ME_DATA['email'], 'test123') user = User.objects.get(email=ME_DATA['email']) - token = MagentoToken.objects.get(user=user) - self.assertEqual(token.token, FAKE_TOKEN) self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified') - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) @patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) - def test_user_cannot_login_without_license(self, me_mock, product_mock, token_mock): + def test_user_cannot_login_without_license(self, me_mock, product_mock): result = self.make_login_mutation(self.user.email, 'test123') - token = MagentoToken.objects.get(user=self.user) - self.assertEqual(token.token, FAKE_TOKEN) - self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license') - @patch.object(HepClient, 'customer_token', return_value={'token': FAKE_TOKEN}) @patch.object(HepClient, 'customer_me', return_value=ME_DATA) - def test_user_cannot_login_local_license_invalid(self, me_mock, token_mock): + def test_user_cannot_login_local_license_invalid(self, me_mock): now = timezone.now() expiry_date = now - timedelta(1) LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() result = self.make_login_mutation(self.user.email, 'test123') - token = MagentoToken.objects.get(user=self.user) - self.assertEqual(token.token, FAKE_TOKEN) - self.assertFalse(result.get('data').get('login').get('success')) self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license') - @patch.object(requests, 'post', return_value=MockResponse(500)) + @patch.object(requests, 'get', return_value=MockResponse(500)) def test_user_gets_notified_if_server_error(self, post_mock): result = self.make_login_mutation(ME_DATA['email'], 'test123')