Allow users with expired license to access the private API

server/assignments/tests/test_read_only.py

@@ -1,4 +1,4 @@
-from datetime import timedelta, datetime
+from datetime import timedelta, date
 
 from graphql_relay import to_global_id
 
@@ -11,7 +11,7 @@ from users.models import User
 class AssignmentReadOnlyTestCase(SkillboxTestCase):
     def setUp(self) -> None:
         self.createDefault()
-        yesterday = datetime.now() - timedelta(days=1)
+        yesterday = date.today() - timedelta(days=1)
 
         self.student1.license_expiry_date = yesterday
         self.student1.save()

server/core/tests/test_middleware.py

@@ -18,7 +18,7 @@ class MiddlewareTestCase(TestCase):
 
         self.assertTrue(is_private_api_call_allowed(user, body))
 
-    def test_user_without_valid_license_cannot_see_private_api(self):
+    def test_user_with_expired_license_can_see_private_api(self):
 
         yesterday = timezone.now() - timedelta(1)
         user = UserFactory(username='aschiman@ch.ch', hep_id=23)
@@ -26,6 +26,14 @@ class MiddlewareTestCase(TestCase):
 
         body = b'"{mutation {\\n addRoom}"'
 
+        self.assertTrue(is_private_api_call_allowed(user, body))
+
+    def test_user_without_valid_license_cannot_see_private_api(self):
+        user = UserFactory(username='aschiman@ch.ch', hep_id=23)
+        user.license_expiry_date = None
+
+        body = b'"{mutation {\\n addRoom}"'
+
         self.assertFalse(is_private_api_call_allowed(user, body))
 
     def test_logout_is_allowed_without_valid_license(self):

server/core/utils.py

@@ -44,7 +44,7 @@ def is_private_api_call_allowed(user, body):
     license_expiry = user.license_expiry_date
 
     # all other resources are denied if the license is not valid
-    if license_expiry is None or license_expiry < timezone.now().date():
+    if license_expiry is None:
         return False
 
     return True

server/users/models.py

@@ -1,7 +1,7 @@
 import random
 import re
 import string
-from datetime import datetime
+from datetime import date
 
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import AbstractUser, Permission
@@ -126,7 +126,7 @@ class User(AbstractUser):
     def get_license_status(self):
         if self.license_expiry_date is None:
             return User.LICENSE_NONE
-        if self.license_expiry_date >= datetime.now():
+        if self.license_expiry_date >= date.today():
             return User.LICENSE_VALID
         return User.LICENSE_EXPIRED
 

server/users/tests/test_license_expired.py

@@ -1,4 +1,4 @@
-from datetime import timedelta, datetime
+from datetime import timedelta, date
 
 from core.factories import UserFactory
 from core.tests.base_test import SkillboxTestCase
@@ -10,15 +10,12 @@ class LicenseExpiredTestCase(SkillboxTestCase):
         self.user = UserFactory(username='some_user')
 
     def test_license_expired(self):
-
+        self.user.license_expiry_date = date.today() - timedelta(days=1)
-        now = datetime.now()
-        self.user.license_expiry_date = now - timedelta(days=1)
         self.user.save()
         self.assertTrue(self.user.get_license_status(), User.LICENSE_EXPIRED)
 
     def test_license_valid(self):
-        now = datetime.now()
+        self.user.license_expiry_date = date.today() + timedelta(days=1)
-        self.user.license_expiry_date = now + timedelta(days=1)
         self.user.save()
         self.assertTrue(self.user.get_license_status(), User.LICENSE_VALID)