fixed password update not working

2021-02-01 14:13:58 +00:00
parent ca89ac73f2
commit ec584b7aab
4 changed files with 67 additions and 9 deletions
--- a/README.md
+++ b/README.md
@@ -40,6 +40,23 @@ To load initial location data use: `python manage.py addgeo`
 ## Endpoints
 ### Authentication
 Implemented using `djangorestframework-simplejwt`
 New token pair endpoint: `/api/v1/token/`
 Response:
 ```json
 {
    "refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYxMjI3MTcwNSwianRpIjoiZDU4YTgzYzFkYzFkNDI5MTljMGQ0NzcxNzljNzUxYTQiLCJ1c2VyX2lkIjo4fQ.yln80W5lONSyHwwqF4qBBHteqLuRfdLLWuaQANr_vxc",
    "access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjEyMTg4OTA1LCJqdGkiOiIzNGIxMzM3NmU4MWI0OWY5YjU3ZmUxM2M5NThmZWZkYiIsInVzZXJfaWQiOjh9.aRDCUvKj7LCvixjPLC9ghy0h7rfRwR6Lo3A7HX4kSHE"
 }
 ```
 Refresh expired token endpoint: `/api/v1/token/refresh/`
 ### Users
 Endpoint url: `/api/v1/users/`
--- a/back_latienda/urls.py
+++ b/back_latienda/urls.py
@@ -27,6 +27,5 @@ urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/v1/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
    path('api/v1/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
    path('api/v1/token/verify/', TokenVerifyView.as_view(), name='token_verify'),
    path('api/v1/', include(router.urls)),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
--- a/core/tests.py
+++ b/core/tests.py
@@ -26,12 +26,8 @@ class CustomUserViewSetTest(APITestCase):
        self.endpoint = '/api/v1/users/'
        self.factory = factories.CustomUserFactory
        self.model = models.CustomUser
        # create admin user
        self.admin_email = f"admin_user@mail.com"
        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
        self.user = self.factory(email=self.admin_email, password=self.password, is_active=True)
        # create regular user
-        self.reg_email = f"regular_user@mail.com"
+        self.reg_email = f"user@mail.com"
        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
        self.user = self.factory(email=self.reg_email, password=self.password, is_active=True)
@@ -129,7 +125,20 @@ class CustomUserViewSetTest(APITestCase):
        response = self.client.put(url, data=data, format='json')
        # Assert forbidden code
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        # assert new password hash properly updated
        # assert fields exist, and data matches
        updated_user = self.model.objects.get(pk=self.user.id)
        stored_value = updated_user.__dict__['password']
        hash_type, iteration, salt, stored_password_hash = stored_value.split('$')
        new_password_hash = hashlib.pbkdf2_hmac(
                hash_name='sha256',
                password=data['password'].encode(),
                salt=salt.encode(),
                iterations=int(iteration),
                )
        self.assertEqual(stored_password_hash, base64.b64encode(new_password_hash).decode())
    def test_regular_user_cannot_modify_existing_instance(self):
        """Regular user cannot modify existing instance
--- a/core/views.py
+++ b/core/views.py
@@ -1,5 +1,6 @@
 from django.shortcuts import render, get_object_or_404
 from django.http import HttpResponse
 from django.contrib.auth import get_user_model
 from rest_framework import status
 from rest_framework import viewsets
@@ -12,13 +13,17 @@ from . import serializers
 from back_latienda.permissions import CustomUserPermissions
 # Create your views here.
 User = get_user_model()
 class CustomUserViewSet(viewsets.ModelViewSet):
-    model = models.CustomUser
+    model = User
    serializer_class = serializers.CustomUserReadSerializer
    write_serializer_class =serializers.CustomUserWriteSerializer
    model_name = 'custom_user'
-    queryset = models.CustomUser.objects.all()
+    queryset = User.objects.all()
    permission_classes = [CustomUserPermissions,]
    def create(self, request):
@@ -45,6 +50,34 @@ class CustomUserViewSet(viewsets.ModelViewSet):
        except Exception as e:
            return Response(str(e), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
    def update(self, request, pk):
        """
        Update CustomUser Instance
        """
        try:
            serializer = self.write_serializer_class(
                data=request.data,
            )
            if serializer.is_valid():
                # save model instance data
                password = serializer.validated_data.pop('password')
                instance = get_object_or_404(User, pk=pk)
                for key, value in serializer.validated_data.items():
                    instance.__dict__[key] = value
                instance.set_password(password)
                instance.save()
                return Response(self.serializer_class(
                    instance, many=False, context={'request': request}).data,
                                status=status.HTTP_201_CREATED)
            else:
                return Response(
                    serializer.errors, status=status.HTTP_406_NOT_ACCEPTABLE)
        except Exception as e:
            return Response(str(e), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
    def get_object(self):
        obj = get_object_or_404(self.get_queryset(), pk=self.kwargs["pk"])
        self.check_object_permissions(self.request, obj)