Add local login tests in backend
This commit is contained in:
Christian Cueni
parent
3c72c9559e
commit
cd24073675
|
|
@ -370,7 +370,7 @@ TASKBASE_SUPERPASSWORD = os.environ.get("TASKBASE_SUPERPASSWORD")
|
|||
TASKBASE_BASEURL = os.environ.get("TASKBASE_BASEURL")
|
||||
|
||||
|
||||
ALLOW_LOCAL_REGISTRATION = False
|
||||
ALLOW_LOCAL_LOGIN = True
|
||||
|
||||
# HEP
|
||||
HEP_ADMIN_USER = "myskillbox"
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class LoginError(graphene.ObjectType):
|
|||
field = graphene.String()
|
||||
|
||||
|
||||
class Login(relay.ClientIDMutation):
|
||||
class LocalLogin(relay.ClientIDMutation):
|
||||
class Input:
|
||||
username_input = graphene.String()
|
||||
password_input = graphene.String()
|
||||
|
|
@ -32,14 +32,16 @@ class Login(relay.ClientIDMutation):
|
|||
|
||||
@classmethod
|
||||
def mutate_and_get_payload(cls, root, info, **kwargs):
|
||||
if settings.ALLOW_LOCAL_REGISTRATION:
|
||||
if settings.ALLOW_LOCAL_LOGIN:
|
||||
password = kwargs.get('password_input')
|
||||
username = kwargs.get('username_input')
|
||||
user = authenticate(username=username, password=password)
|
||||
if user is None:
|
||||
return cls.return_login_message('invalid_credentials')
|
||||
return cls(success=False, errors=[{'field': 'invalid_credentials'}], message='')
|
||||
login(info.context, user)
|
||||
|
||||
return cls(success=True, errors=[], message='')
|
||||
|
||||
return cls(success=False, errors=[{'field': 'not_implemented'}], message='')
|
||||
|
||||
|
||||
|
|
@ -90,6 +92,7 @@ class Login(relay.ClientIDMutation):
|
|||
|
||||
class UserMutations:
|
||||
login = Login.Field()
|
||||
local_login = LocalLogin.Field()
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -7,34 +7,19 @@
|
|||
#
|
||||
# Created on 2019-10-02
|
||||
# @author: chrigu <christian.cueni@iterativ.ch>
|
||||
import json
|
||||
import os
|
||||
from datetime import timedelta
|
||||
from unittest.mock import patch
|
||||
|
||||
import requests
|
||||
from django.contrib.sessions.middleware import SessionMiddleware
|
||||
from django.test import TestCase, RequestFactory
|
||||
from django.utils import timezone
|
||||
from graphene.test import Client
|
||||
|
||||
from api.schema_public import schema
|
||||
from core.factories import UserFactory
|
||||
from core.hep_client import HepClient
|
||||
from core.tests.mock_hep_data_factory import MockResponse, ME_DATA, VALID_STUDENT_ORDERS, VALID_TEACHERS_ORDERS, \
|
||||
NOT_CONFIRMED_ME
|
||||
from registration.factories import LicenseFactory
|
||||
from registration.models import License
|
||||
from users.models import Role, User, SchoolClass
|
||||
|
||||
TOKEN = 'abcd12345!'
|
||||
from users.models import Role
|
||||
|
||||
|
||||
class LoginTests(TestCase):
|
||||
class LocalLoginTests(TestCase):
|
||||
def setUp(self):
|
||||
self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id'])
|
||||
Role.objects.create_default_roles()
|
||||
self.teacher_role = Role.objects.get_default_teacher_role()
|
||||
self.user = UserFactory(username='aschi@iterativ.ch', email='aschi@iterativ.ch')
|
||||
self.teacher_role = Role.objects.create(key=Role.objects.TEACHER_KEY, name="Teacher Role")
|
||||
|
||||
request = RequestFactory().post('/')
|
||||
|
||||
|
|
@ -46,10 +31,9 @@ class LoginTests(TestCase):
|
|||
|
||||
def make_login_mutation(self, username, password):
|
||||
mutation = '''
|
||||
mutation Login($input: LoginInput!){
|
||||
login(input: $input) {
|
||||
mutation LocalLogin($input: LocalLoginInput!){
|
||||
localLogin(input: $input) {
|
||||
success
|
||||
message
|
||||
errors {
|
||||
field
|
||||
}
|
||||
|
|
@ -64,147 +48,20 @@ class LoginTests(TestCase):
|
|||
}
|
||||
})
|
||||
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock):
|
||||
|
||||
self.user.hep_id = ME_DATA['id']
|
||||
def test_user_can_login(self):
|
||||
password = 'test123'
|
||||
self.user.set_password(password)
|
||||
self.user.save()
|
||||
|
||||
now = timezone.now()
|
||||
expiry_date = now + timedelta(365)
|
||||
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
||||
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
result = self.make_login_mutation(self.user.email, password)
|
||||
self.assertTrue(result.get('data').get('localLogin').get('success'))
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
def test_user_can_login_with_updated_email(self, me_mock):
|
||||
|
||||
old_mail = 'aschi@iterativ.ch'
|
||||
|
||||
self.user.hep_id = ME_DATA['id']
|
||||
self.user.email = old_mail
|
||||
self.user.username = old_mail
|
||||
def test_user_cannot_login_with_invalid_password(self):
|
||||
password = 'test123'
|
||||
self.user.set_password(password)
|
||||
self.user.save()
|
||||
|
||||
now = timezone.now()
|
||||
expiry_date = now + timedelta(365)
|
||||
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
||||
result = self.make_login_mutation(self.user.email, 'test1234')
|
||||
self.assertFalse(result.get('data').get('localLogin').get('success'))
|
||||
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
user = User.objects.get(hep_id=self.user.hep_id)
|
||||
|
||||
self.assertEqual(user.username, ME_DATA['email'])
|
||||
self.assertEqual(user.email, ME_DATA['email'])
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock):
|
||||
|
||||
self.user.hep_id = ME_DATA['id']
|
||||
self.user.save()
|
||||
|
||||
now = timezone.now()
|
||||
expiry_date = now + timedelta(365)
|
||||
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
||||
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS)
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
||||
def test_teacher_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
|
||||
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
||||
|
||||
user = User.objects.get(email=ME_DATA['email'])
|
||||
|
||||
user_role_key = user.user_roles.get(user=user).role.key
|
||||
self.assertEqual(user_role_key, Role.objects.TEACHER_KEY)
|
||||
|
||||
license = License.objects.get(licensee=user)
|
||||
self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY)
|
||||
|
||||
school_class = SchoolClass.objects.get(users__in=[user])
|
||||
self.assertIsNotNone(school_class)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS)
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
@patch.object(HepClient, 'fetch_admin_token', return_value={'token':'AABBCCDDEE**44566'})
|
||||
def test_student_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
|
||||
|
||||
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
||||
user = User.objects.get(email=ME_DATA['email'])
|
||||
|
||||
user_role_key = user.user_roles.get(user=user).role.key
|
||||
self.assertEqual(user_role_key, Role.objects.STUDENT_KEY)
|
||||
|
||||
license = License.objects.get(licensee=user)
|
||||
self.assertEqual(license.for_role.key, Role.objects.STUDENT_KEY)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(requests, 'post', return_value=MockResponse(401))
|
||||
def test_user_with_no_login_cannot_login(self, post_mock):
|
||||
result = self.make_login_mutation('some@some.ch', 'some')
|
||||
|
||||
self.assertFalse(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials')
|
||||
|
||||
@patch.object(HepClient, 'is_email_verified', return_value=False)
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock):
|
||||
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
||||
|
||||
User.objects.get(email=ME_DATA['email'])
|
||||
|
||||
self.assertFalse(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
|
||||
|
||||
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
||||
def test_user_can_login_without_license(self, me_mock, product_mock, admin_token_mock):
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
|
||||
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
||||
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
||||
def test_user_can_login_local_license_invalid(self, product_mock, me_mock, admin_token_mock):
|
||||
now = timezone.now()
|
||||
expiry_date = now - timedelta(1)
|
||||
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
||||
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
self.assertTrue(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license')
|
||||
self.assertTrue(self.user.is_authenticated)
|
||||
|
||||
@patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME)
|
||||
def test_user_can_login_with_unconfirmed_email(self, me_mock):
|
||||
result = self.make_login_mutation(self.user.email, TOKEN)
|
||||
|
||||
self.assertFalse(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
|
||||
|
||||
@patch.object(requests, 'get', return_value=MockResponse(500))
|
||||
def test_user_gets_notified_if_server_error(self, post_mock):
|
||||
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
||||
|
||||
self.assertFalse(result.get('data').get('login').get('success'))
|
||||
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'unknown_error')
|
||||
|
|
|
|||
Loading…
Reference in New Issue