kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merged with diegos changes

Browse Source
This commit is contained in:
Sam
2021-02-04 12:13:12 +00:00
parent a61f11465c
commit 8d359cdb71
5 changed files with 55 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
core/serializers.py
View File

@@ -4,25 +4,13 @@ from rest_framework import serializers
from . import models
class CustomTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
# The default result (access/refresh tokens)
data = super(CustomTokenObtainPairSerializer, self).validate(attrs)
# Add extra responses here
data['user'] = {}
data['user']['id'] = self.user.id
data['user']['email'] = self.user.email
data['user']['role'] = self.user.role
return data
class CustomUserSerializer(serializers.ModelSerializer):
password = serializers.CharField(write_only=True, required=True, style={'input_type': 'password'})
class Meta:
model = models.CustomUser
fields = ('id', 'email', 'full_name', 'role', 'password', 'is_active', 'notify')
class CustomUserAdminSerializer(serializers.ModelSerializer):
password = serializers.CharField(write_only=True, required=False, style={'input_type': 'password'})
class Meta:

59
core/tests.py
View File

@@ -329,7 +329,7 @@ class UpdateUserViewTest(APITestCase):
def setUp(self):
"""Tests setup
"""
self.endpoint = '/api/v1/user/change_password/'
self.endpoint = '/api/v1/users/'
self.factory = factories.CustomUserFactory
self.model = models.CustomUser
# create regular user
@@ -338,6 +338,11 @@ class UpdateUserViewTest(APITestCase):
self.user = self.factory(email=self.reg_email, is_active=True)
self.user.set_password(self.password)
self.user.save()
# create admin user
self.admin_email = f"admin_user@mail.com"
self.admin_user = self.factory(email=self.admin_email, is_staff=True, is_active=True)
self.admin_user.set_password(self.password)
self.admin_user.save()
def test_auth_user_can_modify_own_instance(self):
"""Regular user can modify own instance
@@ -355,32 +360,62 @@ class UpdateUserViewTest(APITestCase):
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
# Query endpoint
url = f'/api/v1/user/update/{self.user.pk}/'
url = f'{self.endpoint}{self.user.pk}/'
response = self.client.put(url, data=data, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_auth_user_cannot_modify_random_instance(self):
"""Regular user can modify own instance
"""Regular user cannot modify randnom instance
"""
# Create instance
instance = self.factory()
data = {
"email": "new_email@mail.com",
"full_name": "New Full Name",
'provider': 'PROVIDER',
}
# Authenticate
token = get_tokens_for_user(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
# Query endpoint
url = f'/api/v1/user/update/{instance.pk}/'
response = self.client.put(url, data=data, format='json')
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data={}, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_anon_user_cannot_modify_random_instance(self):
"""anon user cannot modify instance
"""
# Create instance
instance = self.factory()
# Query endpoint
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data={}, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_admin_user_can_modify_random_instance(self):
"""Regular user cannot modify randnom instance
"""
# Create instance
instance = self.factory()
# Authenticate
token = get_tokens_for_user(self.admin_user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
data = {
"email": "new_email@mail.com",
"full_name": "New Full Name",
'provider': 'PROVIDER',
'notify': True,
}
# Query endpoint
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data=data, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_200_OK)
class LoadCoopManagerTestCase(APITestCase):
@@ -394,7 +429,9 @@ class LoadCoopManagerTestCase(APITestCase):
# create admin user
self.admin_email = f"admin_user@mail.com"
self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
self.admin_user = self.user_factory(email=self.admin_email, password=self.password, is_staff=True, is_active=True)
self.admin_user = self.user_factory(email=self.admin_email, is_staff=True, is_active=True)
self.admin_user.set_password(self.password)
self.admin_user.save()
# create regular user
self.reg_email = f"user@mail.com"
self.user = self.user_factory(email=self.reg_email, is_active=True)

9
core/views.py
View File

@@ -15,7 +15,6 @@ from rest_framework.response import Response
from rest_framework.permissions import IsAdminUser, IsAuthenticated
from rest_framework.generics import UpdateAPIView
from rest_framework.decorators import api_view, permission_classes
from rest_framework_simplejwt.views import TokenObtainPairView
from companies.models import Company
from history.models import HistorySync
@@ -38,12 +37,6 @@ logging.basicConfig(
)
class CustomTokenObtainPairView(TokenObtainPairView):
serializer_class = core_serializers.CustomTokenObtainPairSerializer
class CustomUserViewSet(viewsets.ModelViewSet):
model = models.CustomUser
@@ -60,7 +53,7 @@ class CustomUserViewSet(viewsets.ModelViewSet):
def get_permissions(self):
if self.action in ['retrieve', 'update', 'partial_update', 'destroy'] and self.request.user.is_anonymous is False:
return [YourOwnUserPermissions(), ]
return [YourOwnUserPermissions(), ]
return super(CustomUserViewSet, self).get_permissions()
def create(self, request):