fix for user registration

core/tests.py

@@ -1,6 +1,8 @@
 import random
 import string
 import json
+import hashlib
+import base64
 
 from django.test import TestCase
 
@@ -13,6 +15,7 @@ from . import models
 from . import factories
 # Create your tests here.
 
+
 class CustomUserViewSetTest(APITestCase):
     """CustomUser viewset tests
     """
@@ -35,13 +38,11 @@ class CustomUserViewSetTest(APITestCase):
     # anon user
     def test_anon_user_can_create_inactive_instance(self):
         """Not logged-in user can create new instance of User but it's inactive
-            TODO: should create inactive user
         """
         data = {
             'email': 'test@email.com',
             'full_name': 'TEST NAME',
-            'password1': 'VENTILADORES1234499.89',
-            'password2': 'VENTILADORES1234499.89',
+            'password': 'VENTILADORES1234499.89',
         }
 
         # Query endpoint
@@ -49,8 +50,14 @@ class CustomUserViewSetTest(APITestCase):
 
         # Assert creation is successful
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        # check for new user instance created
+        self.assertEquals(1, self.model.objects.filter(email=data['email']).count())
+        # assert password has been set
+        new_user =  self.model.objects.get(email=data['email'])
+        self.assertNotEqual('', new_user.password)
         # assert instance is inactive
         info = json.loads(response.content)
+
         self.assertFalse(info['is_active'])
 
     def test_anon_user_cannot_modify_existing_instance(self):
@@ -151,6 +158,25 @@ class CustomUserViewSetTest(APITestCase):
         # Assert access is forbidden
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
+    def test_user_update_password(self):
+        '''Test the modification of PASSWORD field value for an instance of User '''
+        # modify values of alert instance
+        new_password = "updated_super secret password"
+        self.user.set_password(new_password)
+        self.user.save()
+        # get updated intance using PK
+        updated_user = self.model.objects.get(pk=self.user.pk)
+        # assert fields exist, and data matches
+        stored_value = updated_user.__dict__['password']
+        hash_type, iteration, salt, stored_password_hash = stored_value.split('$')
+        new_password_hash = hashlib.pbkdf2_hmac(
+                hash_name='sha256',
+                password=new_password.encode(),
+                salt=salt.encode(),
+                iterations=int(iteration),
+                )
+        self.assertEqual(stored_password_hash, base64.b64encode(new_password_hash).decode())
+
     # admin user
     def test_admin_user_can_create_instance(self):
         """Admin user can create new instance
@@ -163,8 +189,7 @@ class CustomUserViewSetTest(APITestCase):
         data = {
             'email': 'test@email.com',
             'full_name': 'TEST NAME',
-            'password1': 'VENTILADORES1234499.89',
-            'password2': 'VENTILADORES1234499.89',
+            'password': 'VENTILADORES1234499.89',
         }
 
         # Authenticate user