223 lines
8.8 KiB
Python
223 lines
8.8 KiB
Python
# -*- coding: utf-8 -*-
|
|
#
|
|
# ITerativ GmbH
|
|
# http://www.iterativ.ch/
|
|
#
|
|
# Copyright (c) 2019 ITerativ GmbH. All rights reserved.
|
|
#
|
|
# Created on 2019-10-02
|
|
# @author: chrigu <christian.cueni@iterativ.ch>
|
|
import json
|
|
import os
|
|
from datetime import timedelta, datetime
|
|
from unittest.mock import patch
|
|
|
|
import requests
|
|
from django.contrib.sessions.middleware import SessionMiddleware
|
|
from django.test import TestCase, RequestFactory
|
|
from django.utils import timezone
|
|
from graphene.test import Client
|
|
|
|
from api.schema_public import schema
|
|
from core.factories import UserFactory
|
|
from core.hep_client import HepClient
|
|
from registration.factories import LicenseFactory
|
|
from registration.models import License
|
|
from users.models import Role, MagentoToken, User, SchoolClass
|
|
|
|
TOKEN = 'abcd12345!'
|
|
|
|
## Setup json data
|
|
|
|
def make_orders_valid(order_items):
|
|
for order_item in order_items['items']:
|
|
if 'created_at' in order_item:
|
|
yesterday = datetime.now() - timedelta(1)
|
|
order_item['created_at'] = datetime.strftime(yesterday, '%Y-%m-%d %H:%M:%S')
|
|
|
|
return order_items
|
|
|
|
# Load data
|
|
|
|
dir_path = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
with open('{}/test_data/valid_teacher_orders.json'.format(dir_path), 'r') as file:
|
|
valid_teacher_order_data = file.read()
|
|
|
|
with open('{}/test_data/valid_student_orders.json'.format(dir_path), 'r') as file:
|
|
valid_student_order_data = file.read()
|
|
|
|
with open('{}/test_data/me_data.json'.format(dir_path), 'r') as file:
|
|
me_data = file.read()
|
|
|
|
with open('{}/test_data/email_not_confirmed_me.json'.format(dir_path), 'r') as file:
|
|
not_confirmed_email_me_data = file.read()
|
|
|
|
ME_DATA = json.loads(me_data)
|
|
NOT_CONFIRMED_ME = json.loads(not_confirmed_email_me_data)
|
|
|
|
valid_teacher_order_items = json.loads(valid_teacher_order_data)
|
|
VALID_TEACHERS_ORDERS = make_orders_valid(valid_teacher_order_items)
|
|
|
|
valid_student_order_items = json.loads(valid_student_order_data)
|
|
VALID_STUDENT_ORDERS = make_orders_valid(valid_student_order_items)
|
|
|
|
|
|
## Mocks
|
|
class MockResponse:
|
|
def __init__(self, status_code):
|
|
self.status_code = status_code
|
|
|
|
def json(self):
|
|
return {}
|
|
|
|
|
|
class PasswordResetTests(TestCase):
|
|
def setUp(self):
|
|
self.user = UserFactory(username='aschi@iterativ.ch', email='aschi@iterativ.ch')
|
|
Role.objects.create_default_roles()
|
|
self.teacher_role = Role.objects.get_default_teacher_role()
|
|
|
|
request = RequestFactory().post('/')
|
|
|
|
# adding session
|
|
middleware = SessionMiddleware()
|
|
middleware.process_request(request)
|
|
request.session.save()
|
|
self.client = Client(schema=schema, context_value=request)
|
|
|
|
def make_login_mutation(self, username, password):
|
|
mutation = '''
|
|
mutation Login($input: LoginInput!){
|
|
login(input: $input) {
|
|
success
|
|
errors {
|
|
field
|
|
}
|
|
}
|
|
}
|
|
'''
|
|
|
|
return self.client.execute(mutation, variables={
|
|
'input': {
|
|
'usernameInput': username,
|
|
'passwordInput': password
|
|
}
|
|
})
|
|
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
def test_user_can_login_with_local_user_and_valid_local_license(self, me_mock):
|
|
|
|
self.user.hep_id = ME_DATA['id']
|
|
self.user.save()
|
|
|
|
now = timezone.now()
|
|
expiry_date = now + timedelta(365)
|
|
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
|
|
|
result = self.make_login_mutation(self.user.email, TOKEN)
|
|
|
|
self.assertTrue(result.get('data').get('login').get('success'))
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(HepClient, '_customer_orders', return_value=VALID_TEACHERS_ORDERS)
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
|
def test_teacher_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
|
|
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
|
|
|
user = User.objects.get(email=ME_DATA['email'])
|
|
|
|
user_role_key = user.user_roles.get(user=user).role.key
|
|
self.assertEqual(user_role_key, Role.objects.TEACHER_KEY)
|
|
|
|
license = License.objects.get(licensee=user)
|
|
self.assertEqual(license.for_role.key, Role.objects.TEACHER_KEY)
|
|
|
|
school_class = SchoolClass.objects.get(users__in=[user])
|
|
self.assertIsNotNone(school_class)
|
|
|
|
self.assertTrue(result.get('data').get('login').get('success'))
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(HepClient, '_customer_orders', return_value=VALID_STUDENT_ORDERS)
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
@patch.object(HepClient, 'fetch_admin_token', return_value={'token':'AABBCCDDEE**44566'})
|
|
def test_student_can_login_with_remote_user_and_remote_license(self, order_mock, me_mock, admin_token_mock):
|
|
|
|
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
|
user = User.objects.get(email=ME_DATA['email'])
|
|
|
|
user_role_key = user.user_roles.get(user=user).role.key
|
|
self.assertEqual(user_role_key, Role.objects.STUDENT_KEY)
|
|
|
|
license = License.objects.get(licensee=user)
|
|
self.assertEqual(license.for_role.key, Role.objects.STUDENT_KEY)
|
|
|
|
self.assertTrue(result.get('data').get('login').get('success'))
|
|
self.assertTrue(self.user.is_authenticated)
|
|
|
|
@patch.object(requests, 'post', return_value=MockResponse(401))
|
|
def test_user_with_no_login_cannot_login(self, post_mock):
|
|
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'invalid_credentials')
|
|
|
|
@patch.object(HepClient, 'is_email_verified', return_value=False)
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
def test_user_with_unconfirmed_email_cannot_login(self, me_mock, post_mock):
|
|
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
|
|
|
User.objects.get(email=ME_DATA['email'])
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
|
|
|
|
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
|
def test_user_cannot_login_without_license(self, me_mock, product_mock, admin_token_mock):
|
|
result = self.make_login_mutation(self.user.email, TOKEN)
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license')
|
|
|
|
@patch.object(HepClient, 'myskillbox_product_for_customer', return_value=None)
|
|
@patch.object(HepClient, 'customer_me', return_value=ME_DATA)
|
|
@patch.object(HepClient, 'fetch_admin_token', return_value={'token': 'AABBCCDDEE**44566'})
|
|
def test_user_cannot_login_local_license_invalid(self, product_mock, me_mock, admin_token_mock):
|
|
now = timezone.now()
|
|
expiry_date = now - timedelta(1)
|
|
LicenseFactory(expire_date=expiry_date, licensee=self.user, for_role=self.teacher_role).save()
|
|
|
|
result = self.make_login_mutation(self.user.email, TOKEN)
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'no_valid_license')
|
|
|
|
@patch.object(HepClient, 'customer_me', return_value=NOT_CONFIRMED_ME)
|
|
def test_user_cannot_login_with_unconfirmed_email(self, me_mock):
|
|
result = self.make_login_mutation(self.user.email, TOKEN)
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'email_not_verified')
|
|
|
|
@patch.object(requests, 'get', return_value=MockResponse(500))
|
|
def test_user_gets_notified_if_server_error(self, post_mock):
|
|
result = self.make_login_mutation(ME_DATA['email'], TOKEN)
|
|
|
|
self.assertFalse(result.get('data').get('login').get('success'))
|
|
self.assertEqual(result.get('data').get('login').get('errors')[0].get('field'), 'unknown_error')
|
|
|
|
## can login with license and user
|
|
## can login with no user and license
|
|
# ?can login with no user and local license
|
|
## cannot login without user
|
|
## cannot login with user and not verfied
|
|
## cannot login with user and no license
|
|
## cannot login with user and expired license
|
|
## non 200 error
|
|
# if more than one valid license take correct
|
|
# if mulitple licenses and one correct take one test in own class
|