216 lines
8.9 KiB
Python
216 lines
8.9 KiB
Python
import time
|
|
from datetime import timedelta
|
|
from unittest.mock import patch
|
|
|
|
import requests
|
|
from authlib.integrations.django_client import DjangoRemoteApp
|
|
from django.contrib.auth.models import AnonymousUser
|
|
from django.contrib.sessions.middleware import SessionMiddleware
|
|
from django.test import TestCase, RequestFactory
|
|
from django.utils import timezone
|
|
|
|
from core.factories import UserFactory
|
|
from oauth.hep_client import HepClient
|
|
from oauth.user_signup_login_handler import EMAIL_NOT_VERIFIED, NO_VALID_LICENSE, UNKNOWN_ERROR
|
|
from oauth.views import authorize
|
|
from users.tests.mock_hep_data_factory import MockResponse, ME_DATA, VALID_STUDENT_ORDERS, VALID_TEACHERS_ORDERS
|
|
from users.factories import LicenseFactory
|
|
from users.models import Role, User, SchoolClass, License, UserData
|
|
|
|
IN_A_HOUR = timezone.now() + timedelta(hours=1)
|
|
IN_A_HOUR_UNIX = time.mktime(IN_A_HOUR.timetuple())
|
|
|
|
TOKEN = {
|
|
'token_type': 'hep',
|
|
'access_token': '123456',
|
|
'refresh_token': 'abcdqwer',
|
|
'expires_at': IN_A_HOUR_UNIX,
|
|
}
|
|
|
|
NEW_ME_DATA = ME_DATA.copy()
|
|
NEW_ME_DATA['email'] = 'stiller@has.ch'
|
|
NEW_ME_DATA['id'] = 99
|
|
|
|
|
|
class LoginTests(TestCase):
|
|
def setUp(self):
|
|
self.user = UserFactory(username=ME_DATA['id'], email=ME_DATA['id'])
|
|
Role.objects.create_default_roles()
|
|
self.teacher_role = Role.objects.get_default_teacher_role()
|
|
|
|
self.factory = RequestFactory()
|
|
|
|
def _login(self, url):
|
|
request = self.factory.get(url)
|
|
middleware = SessionMiddleware()
|
|
middleware.process_request(request)
|
|
request.session.save()
|
|
request.user = AnonymousUser()
|
|
|
|
return authorize(request)
|
|
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_user_data_is_synced_on_login(self, user_mock, authorize_mock):
|
|
|
|
old_mail = 'aschi@iterativ.ch'
|
|
|
|
self.user.hep_id = ME_DATA['id']
|
|
self.user.email = old_mail
|
|
self.user.username = old_mail
|
|
self.user.save()
|
|
|
|
now = timezone.now()
|
|
expiry_date = now + timedelta(365)
|
|
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
|
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
user = User.objects.get(hep_id=self.user.hep_id)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, '/login-success?state=success')
|
|
self.assertEqual(user.username, ME_DATA['email'])
|
|
self.assertEqual(user.email, ME_DATA['email'])
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=VALID_TEACHERS_ORDERS)
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_teacher_can_login_with_valid_license(self, user_mock, authorize_mock, orders_mock):
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
user = User.objects.get(email=ME_DATA['email'])
|
|
|
|
user_role_key = user.user_roles.get(user=user).role.key
|
|
self.assertEqual(user_role_key, Role.objects.TEACHER_KEY)
|
|
|
|
license = License.objects.get(licensee=user)
|
|
self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY)
|
|
|
|
school_class = SchoolClass.objects.get(users__in=[user])
|
|
self.assertIsNotNone(school_class)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, '/login-success?state=success')
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
try:
|
|
UserData.objects.get(user=user)
|
|
self.fail('LoginTests.test_teacher_can_login_with_valid_license: Userdata should not exist')
|
|
except:
|
|
pass
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=VALID_STUDENT_ORDERS)
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_student_can_login_with_valid_license(self, user_mock, authorize_mock, orders_mock):
|
|
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
user = User.objects.get(email=ME_DATA['email'])
|
|
|
|
user_role_key = user.user_roles.get(user=user).role.key
|
|
self.assertEqual(user_role_key, Role.objects.STUDENT_KEY)
|
|
|
|
license = License.objects.get(licensee=user)
|
|
self.assertEqual(license.for_role.key, Role.objects.STUDENT_KEY)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, '/login-success?state=success')
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=VALID_STUDENT_ORDERS)
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_user_with_unconfirmed_email_cannot_login(self, user_mock, authorize_mock, verified_mock):
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
User.objects.get(email=ME_DATA['email'])
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, f'/login-success?state={EMAIL_NOT_VERIFIED}')
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=[])
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_user_can_login_without_license(self, me_mock, product_mock, verified_mock):
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, f'/login-success?state={NO_VALID_LICENSE}')
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=[])
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=ME_DATA)
|
|
def test_user_can_login_local_license_invalid(self, me_mock, product_mock, verified_mock):
|
|
now = timezone.now()
|
|
expiry_date = now - timedelta(1)
|
|
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
|
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, f'/login-success?state={NO_VALID_LICENSE}')
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(requests, 'get', return_value=MockResponse(500))
|
|
def test_user_gets_notified_if_server_error(self, post_mock):
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, f'/login-success?state={UNKNOWN_ERROR}')
|
|
|
|
|
|
def test_user_data_is_synced_on_login(self, user_mock, authorize_mock):
|
|
|
|
old_mail = 'aschi@iterativ.ch'
|
|
|
|
self.user.hep_id = ME_DATA['id']
|
|
self.user.email = old_mail
|
|
self.user.username = old_mail
|
|
self.user.save()
|
|
|
|
now = timezone.now()
|
|
expiry_date = now + timedelta(365)
|
|
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
|
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
user = User.objects.get(hep_id=self.user.hep_id)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, '/login-success?state=success')
|
|
self.assertEqual(user.username, ME_DATA['email'])
|
|
self.assertEqual(user.email, ME_DATA['email'])
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
|
|
@patch.object(HepClient, 'fetch_eorders', return_value=VALID_TEACHERS_ORDERS)
|
|
@patch.object(DjangoRemoteApp, 'authorize_access_token', return_value=TOKEN)
|
|
@patch.object(HepClient, 'user_details', return_value=NEW_ME_DATA)
|
|
def new_user_is_created_in_system_after_login(self, user_mock, authorize_mock, orders_mock):
|
|
response = self._login('/api/oauth/authorize?code=1234')
|
|
|
|
try:
|
|
user = User.objects.get(email=NEW_ME_DATA['email'])
|
|
except:
|
|
self.fail('LoginTests.new_user_is_created_in_system_after_login: User was not created')
|
|
|
|
user_role_key = user.user_roles.get(user=user).role.key
|
|
self.assertEqual(user_role_key, Role.objects.TEACHER_KEY)
|
|
|
|
license = License.objects.get(licensee=user)
|
|
self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY)
|
|
|
|
school_class = SchoolClass.objects.get(users__in=[user])
|
|
self.assertIsNotNone(school_class)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
self.assertEqual(response.url, '/login-success?state=success')
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
try:
|
|
UserData.objects.get(user=user)
|
|
self.fail('LoginTests.test_teacher_can_login_with_valid_license: Userdata should not exist')
|
|
except:
|
|
pass
|