From d4e8aca8251365eaef40f682b9bed589f896fbb5 Mon Sep 17 00:00:00 2001 From: Christian Cueni Date: Wed, 12 May 2021 14:55:12 +0200 Subject: [PATCH] Remove login --- server/oauth/tests/test_login.py | 32 ++- server/oauth/views.py | 6 + server/users/mutations_public.py | 40 ---- server/users/tests/test_login.py | 348 ++++++++++--------------------- 4 files changed, 150 insertions(+), 276 deletions(-) diff --git a/server/oauth/tests/test_login.py b/server/oauth/tests/test_login.py index 2fee3dbc..7e5554ec 100644 --- a/server/oauth/tests/test_login.py +++ b/server/oauth/tests/test_login.py @@ -187,7 +187,7 @@ class LoginTests(TestCase): @patch.object(HepClient, 'fetch_eorders', return_value=VALID_TEACHERS_ORDERS) @patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN) @patch.object(HepClient, 'user_details', return_value=NEW_ME_DATA) - def new_user_is_created_in_system_after_login(self, user_mock, authorize_mock, orders_mock): + def new_user_is_created_in_system_after_login_with_valid_license(self, user_mock, authorize_mock, orders_mock): response = self._login('/api/oauth/authorize?code=1234') try: @@ -213,3 +213,33 @@ class LoginTests(TestCase): self.fail('LoginTests.test_teacher_can_login_with_valid_license: Userdata should not exist') except: pass + + @patch.object(HepClient, 'fetch_eorders', return_value=[]) + @patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN) + @patch.object(HepClient, 'user_details', return_value=NEW_ME_DATA) + def new_user_is_created_in_system_after_login(self, user_mock, authorize_mock, orders_mock): + response = self._login('/api/oauth/authorize?code=1234') + + try: + user = User.objects.get(email=NEW_ME_DATA['email']) + except: + self.fail('LoginTests.new_user_is_created_in_system_after_login: User was not created') + + user_role_key = user.user_roles.get(user=user).role.key + self.assertEqual(user_role_key, Role.objects.TEACHER_KEY) + + license = License.objects.get(licensee=user) + self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY) + + school_class = SchoolClass.objects.get(users__in=[user]) + self.assertIsNotNone(school_class) + + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, f'/login-success?state={NO_VALID_LICENSE}') + self.assertTrue(self.user.is_authenticated) + + try: + UserData.objects.get(user=user) + self.fail('LoginTests.test_teacher_can_login_with_valid_license: Userdata should not exist') + except: + pass diff --git a/server/oauth/views.py b/server/oauth/views.py index 2dc6491a..0ffc8c16 100644 --- a/server/oauth/views.py +++ b/server/oauth/views.py @@ -36,3 +36,9 @@ def authorize(request): # return status_msg # return cls.return_login_message(status_msg) return redirect(f'/login-success?state=success') + + + # def return_login_message(cls, message): + # # if message == EMAIL_NOT_VERIFIED or message == UNKNOWN_ERROR or message == 'invalid_credentials': + # # raise Exception(message) + # return cls(success=True, message=message) diff --git a/server/users/mutations_public.py b/server/users/mutations_public.py index 4960c138..98000e73 100644 --- a/server/users/mutations_public.py +++ b/server/users/mutations_public.py @@ -29,47 +29,7 @@ class BetaLogin(relay.ClientIDMutation): raise Exception('not_implemented') -class Login(relay.ClientIDMutation): - class Input: - token_input = graphene.String() - - success = graphene.Boolean() - message = graphene.String() - - @classmethod - def mutate_and_get_payload(cls, root, info, **kwargs): - - # hep_client = HepClient() - # token = kwargs.get('token_input') - # - # try: - # user_data = hep_client.customer_me(token) - # except HepClientUnauthorizedException: - # return cls.return_login_message('invalid_credentials') - # except HepClientException: - # return cls.return_login_message(UNKNOWN_ERROR) - # - # # use in auth - # user, status_msg = handle_user_and_verify_products(user_data) - # user.sync_with_hep_data(user_data) - # - # if user and status_msg != EMAIL_NOT_VERIFIED: - # login(info.context, user) - # - # if status_msg: - # return cls.return_login_message(status_msg) - - return cls(success=True, message='success') - - @classmethod - def return_login_message(cls, message): - # if message == EMAIL_NOT_VERIFIED or message == UNKNOWN_ERROR or message == 'invalid_credentials': - # raise Exception(message) - return cls(success=True, message=message) - - class UserMutations: - login = Login.Field() beta_login = BetaLogin.Field() diff --git a/server/users/tests/test_login.py b/server/users/tests/test_login.py index 5d1291f2..6b32cbe8 100644 --- a/server/users/tests/test_login.py +++ b/server/users/tests/test_login.py @@ -1,237 +1,115 @@ -# from datetime import timedelta -# from unittest.mock import patch -# -# import requests -# from django.conf import settings -# from django.contrib.sessions.middleware import SessionMiddleware -# from django.test import TestCase, RequestFactory -# from django.utils import timezone -# from graphene.test import Client -# -# from api.schema_public import schema -# from core.factories import UserFactory -# from core.hep_client import HepClient -# from core.tests.mock_hep_data_factory import MockResponse, ME_DATA, VALID_STUDENT_ORDERS, VALID_TEACHERS_ORDERS, \ -# NOT_CONFIRMED_ME -# from users.factories import LicenseFactory -# from users.models import Role, User, SchoolClass, License, UserData -# -# TOKEN = 'abcd12345!' -# -# MYSKILLBOX_GROUP_ID_ME_DATA = ME_DATA.copy() -# MYSKILLBOX_GROUP_ID_ME_DATA['group_id'] = settings.HEP_MYSKILLBOX_GROUP_ID +from datetime import timedelta +from unittest.mock import patch + +import requests +from django.conf import settings +from django.contrib.sessions.middleware import SessionMiddleware +from django.test import TestCase, RequestFactory +from django.utils import timezone +from graphene.test import Client + +from api.schema_public import schema +from core.factories import UserFactory +from core.tests.mock_hep_data_factory import MockResponse, ME_DATA, VALID_STUDENT_ORDERS, VALID_TEACHERS_ORDERS, \ + NOT_CONFIRMED_ME +from users.factories import LicenseFactory +from users.models import Role, User, SchoolClass, License, UserData + +TOKEN = 'abcd12345!' + +MYSKILLBOX_GROUP_ID_ME_DATA = ME_DATA.copy() +MYSKILLBOX_GROUP_ID_ME_DATA['group_id'] = settings.HEP_MYSKILLBOX_GROUP_ID -# class LoginTests(TestCase): -# def setUp(self): -# self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id']) -# Role.objects.create_default_roles() -# self.teacher_role = Role.objects.get_default_teacher_role() -# -# request = RequestFactory().post('/') -# -# # adding session -# middleware = SessionMiddleware() -# middleware.process_request(request) -# request.session.save() -# self.client = Client(schema=schema, context_value=request) -# -# def make_login_mutation(self, token): -# mutation = ''' -# mutation Login($input: LoginInput!){ -# login(input: $input) { -# success -# message -# } -# } -# ''' -# -# return self.client.execute(mutation, variables={ -# 'input': { -# 'tokenInput': token -# } -# }) -# -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock): -# -# self.user.hep_id = ME_DATA['id'] -# self.user.save() -# -# now = timezone.now() -# expiry_date = now + timedelta(100) -# LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() -# -# result = self.make_login_mutation(TOKEN) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# reloaded_user = User.objects.get(pk=self.user.id) -# self.assertEqual(reloaded_user.license_expiry_date, expiry_date.date()) -# -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# def test_user_can_login_with_local_user_and_valid_local_licenses(self, me_mock): -# -# self.user.hep_id = ME_DATA['id'] -# self.user.save() -# -# now = timezone.now() -# expiry_date1 = now + timedelta(100) -# expiry_date2 = now + timedelta(110) -# -# LicenseFactory(expire_date=expiry_date1, licensee=self.user, for_role=self.teacher_role).save() -# LicenseFactory(expire_date=expiry_date2, licensee=self.user, for_role=self.teacher_role).save() -# -# result = self.make_login_mutation(TOKEN) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# reloaded_user = User.objects.get(pk=self.user.id) -# self.assertEqual(reloaded_user.license_expiry_date, expiry_date2.date()) -# -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# def test_user_data_is_synced_on_login(self, me_mock): -# -# old_mail = 'aschi@iterativ.ch' -# -# self.user.hep_id = ME_DATA['id'] -# self.user.email = old_mail -# self.user.username = old_mail -# self.user.save() -# -# now = timezone.now() -# expiry_date = now + timedelta(365) -# LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() -# -# result = self.make_login_mutation(TOKEN) -# -# user = User.objects.get(hep_id=self.user.hep_id) -# -# self.assertEqual(user.username, ME_DATA['email']) -# self.assertEqual(user.email, ME_DATA['email']) -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# def test_user_can_login_with_local_user_and_valid_local_licenses(self, me_mock): -# -# self.user.hep_id = ME_DATA['id'] -# self.user.save() -# -# now = timezone.now() -# expiry_date1 = now + timedelta(365) -# expiry_date2 = now + timedelta(366) -# -# LicenseFactory(expire_date=expiry_date1, licensee=self.user, for_role=self.teacher_role).save() -# LicenseFactory(expire_date=expiry_date2, licensee=self.user, for_role=self.teacher_role).save() -# -# result = self.make_login_mutation(TOKEN) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# @patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS) -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# @patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'}) -# def test_teacher_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock): -# result = self.make_login_mutation(TOKEN) -# -# user = User.objects.get(email=ME_DATA['email']) -# -# user_role_key = user.user_roles.get(user=user).role.key -# self.assertEqual(user_role_key, Role.objects.TEACHER_KEY) -# -# license = License.objects.get(licensee=user) -# self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY) -# -# school_class = SchoolClass.objects.get(users__in=[user]) -# self.assertIsNotNone(school_class) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# try: -# UserData.objects.get(user=user) -# self.fail('LoginTests.test_teacher_can_login_with_remote_user_and_remote_license: Userdata should not exist') -# except: -# pass -# -# @patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS) -# @patch.object(HepClient, 'customer_me', return_value=MYSKILLBOX_GROUP_ID_ME_DATA) -# @patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'}) -# def test_teacher_can_login_with_remote_user_and_remote_license_with_myskillbox_group_id(self, order_mock, me_mock, admin_token_mock): -# self.make_login_mutation(TOKEN) -# user = User.objects.get(email=MYSKILLBOX_GROUP_ID_ME_DATA['email']) -# try: -# UserData.objects.get(user=user) -# except: -# self.fail('LoginTests.test_teacher_can_login_with_remote_user_and_remote_license: Userdata should exist') -# -# @patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS) -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# @patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'}) -# def test_student_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock): -# -# result = self.make_login_mutation(TOKEN) -# user = User.objects.get(email=ME_DATA['email']) -# -# user_role_key = user.user_roles.get(user=user).role.key -# self.assertEqual(user_role_key, Role.objects.STUDENT_KEY) -# -# license = License.objects.get(licensee=user) -# self.assertEqual(license.for_role.key, Role.objects.STUDENT_KEY) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertTrue(self.user.is_authenticated) -# -# @patch.object(requests, 'post', return_value=MockResponse(401)) -# def test_user_with_no_login_cannot_login(self, post_mock): -# result = self.make_login_mutation('some') -# -# self.assertEqual(result.get('errors')[0].get('message'), 'invalid_credentials') -# -# @patch.object(HepClient, 'is_email_verified', return_value=False) -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock): -# result = self.make_login_mutation(TOKEN) -# -# User.objects.get(email=ME_DATA['email']) -# self.assertEqual(result.get('errors')[0].get('message'), 'email_not_verified') -# -# @patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None) -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# @patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'}) -# def test_user_can_login_without_license(self, me_mock, product_mock, admin_token_mock): -# result = self.make_login_mutation(TOKEN) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license') -# self.assertTrue(self.user.is_authenticated) -# -# @patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None) -# @patch.object(HepClient, 'customer_me', return_value=ME_DATA) -# @patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'}) -# def test_user_can_login_local_license_invalid(self, product_mock, me_mock, admin_token_mock): -# now = timezone.now() -# expiry_date = now - timedelta(1) -# LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() -# -# result = self.make_login_mutation(TOKEN) -# -# self.assertTrue(result.get('data').get('login').get('success')) -# self.assertEqual(result.get('data').get('login').get('message'), 'no_valid_license') -# self.assertTrue(self.user.is_authenticated) -# -# @patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME) -# def test_user_can_login_with_unconfirmed_email(self, me_mock): -# result = self.make_login_mutation(TOKEN) -# -# self.assertEqual(result.get('errors')[0].get('message'), 'email_not_verified') -# -# @patch.object(requests, 'get', return_value=MockResponse(500)) -# def test_user_gets_notified_if_server_error(self, post_mock): -# result = self.make_login_mutation(TOKEN) -# -# self.assertEqual(result.get('errors')[0].get('message'), 'unknown_error') +class LoginTests(TestCase): + def setUp(self): + self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id']) + Role.objects.create_default_roles() + self.teacher_role = Role.objects.get_default_teacher_role() + + request = RequestFactory().post('/') + + # adding session + middleware = SessionMiddleware() + middleware.process_request(request) + request.session.save() + self.client = Client(schema=schema, context_value=request) + + def make_login_mutation(self, token): + mutation = ''' + mutation Login($input: LoginInput!){ + login(input: $input) { + success + message + } + } + ''' + + return self.client.execute(mutation, variables={ + 'input': { + 'tokenInput': token + } + }) + + @patch.object(HepClient, 'customer_me', return_value=ME_DATA) + def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock): + + self.user.hep_id = ME_DATA['id'] + self.user.save() + + now = timezone.now() + expiry_date = now + timedelta(100) + LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save() + + result = self.make_login_mutation(TOKEN) + + self.assertTrue(result.get('data').get('login').get('success')) + self.assertTrue(self.user.is_authenticated) + + reloaded_user = User.objects.get(pk=self.user.id) + self.assertEqual(reloaded_user.license_expiry_date, expiry_date.date()) + + @patch.object(HepClient, 'customer_me', return_value=ME_DATA) + def test_user_can_login_with_local_user_and_valid_local_licenses(self, me_mock): + + self.user.hep_id = ME_DATA['id'] + self.user.save() + + now = timezone.now() + expiry_date1 = now + timedelta(100) + expiry_date2 = now + timedelta(110) + + LicenseFactory(expire_date=expiry_date1, licensee=self.user, for_role=self.teacher_role).save() + LicenseFactory(expire_date=expiry_date2, licensee=self.user, for_role=self.teacher_role).save() + + result = self.make_login_mutation(TOKEN) + + self.assertTrue(result.get('data').get('login').get('success')) + self.assertTrue(self.user.is_authenticated) + + reloaded_user = User.objects.get(pk=self.user.id) + self.assertEqual(reloaded_user.license_expiry_date, expiry_date2.date()) + + @patch.object(HepClient, 'customer_me', return_value=ME_DATA) + def test_user_can_login_with_local_user_and_valid_local_licenses(self, me_mock): + + self.user.hep_id = ME_DATA['id'] + self.user.save() + + now = timezone.now() + expiry_date1 = now + timedelta(365) + expiry_date2 = now + timedelta(366) + + LicenseFactory(expire_date=expiry_date1, licensee=self.user, for_role=self.teacher_role).save() + LicenseFactory(expire_date=expiry_date2, licensee=self.user, for_role=self.teacher_role).save() + + result = self.make_login_mutation(TOKEN) + + self.assertTrue(result.get('data').get('login').get('success')) + self.assertTrue(self.user.is_authenticated) + + @patch.object(requests, 'post', return_value=MockResponse(401)) + def test_user_with_no_login_cannot_login(self, post_mock): + result = self.make_login_mutation('some') + + self.assertEqual(result.get('errors')[0].get('message'), 'invalid_credentials')