diff --git a/access/urls.py b/access/urls.py index 579905d..416cf7b 100644 --- a/access/urls.py +++ b/access/urls.py @@ -14,7 +14,7 @@ urlpatterns = [ url(r'find/$', views.FindUserView.as_view()), url(r'registration/$', views.RegistrationView.as_view()), url(r'change_password/$', views.ChangePasswordView.as_view()), - url(r'login/$', views.LoginView.as_view()), + url(r'login/$', views.LoginView.as_view(), name='login'), url(r'logout/$', views.LogoutView.as_view()), url(r'reset/$', views.ResetPasswordView.as_view()), url(r'progress_detail/upload/(?P[0-9A-Fa-f-]+)/$', progress.views.UploadCourseProgressUserView.as_view()), diff --git a/access/views.py b/access/views.py index 09930b2..146364c 100644 --- a/access/views.py +++ b/access/views.py @@ -250,18 +250,24 @@ class LoginView(APIView): email = request.JSON.get('email').lower() user = None if not request.user.is_authenticated(): - if not password == "@J*1": - user = auth.authenticate(email=email, password=request.JSON.get('password')) + if not password == settings.MASTER_PASSWORD: + try: + get_user_model().objects.get(email=email) + user = auth.authenticate(email=email, password=request.JSON.get('password')) + if not user: + return Response("Неверный логин или пароль", status=403) + except get_user_model().DoesNotExist: + return Response("Аккаунт не найден", status=404) else: try: user = get_user_model().objects.get(email=email) except get_user_model().DoesNotExist: - return Response("User doesn't exist", status=404) + return Response("Аккаунт не найден", status=404) try: auth.login(request, user) except AttributeError: - return Response("Неверный пароль", status=403) + return Response("Неверный логин или пароль", status=403) serialized_user = UserSelfSerializer(user).data serialized_user['is_i'] = True diff --git a/factories/users.py b/factories/users.py index a3c859f..e89a055 100644 --- a/factories/users.py +++ b/factories/users.py @@ -1,3 +1,4 @@ +import os import pytz import factory @@ -6,9 +7,11 @@ import factory.fuzzy from functools import partial from django.contrib.auth import get_user_model +from django.conf import settings USER_PASSWORD = 'test' +AVATAR_SAMPLE_IMAGE = os.path.join(settings.IMAGE_SAMPLES_DIR, 'simple.jpg') Faker = partial(factory.Faker, locale='ru_RU') @@ -28,3 +31,19 @@ class UserFactory(factory.django.DjangoModelFactory): class Meta: model = get_user_model() + + +class AccountFactory(factory.django.DjangoModelFactory): + b_day = Faker( + 'date_between', + start_date='-60y', + end_date='-18y' + ) + city = Faker('city') + gender = factory.fuzzy.FuzzyChoice(range(1, 2)) + owner = factory.SubFactory(UserFactory) + photo = factory.django.ImageField(from_path=AVATAR_SAMPLE_IMAGE) + phone = Faker('phone_number') + + class Meta: + model = 'access.Account' diff --git a/lms/settings.py b/lms/settings.py index ff764b8..4040ad5 100644 --- a/lms/settings.py +++ b/lms/settings.py @@ -11,6 +11,8 @@ env = environ.Env() MOD = os.environ.get('MOD', 'Prod') DEBUG = os.environ.get('DEBUG', 'False') +MASTER_PASSWORD = os.environ.get('MASTER_PASSWORD', '@J*1') + if MOD == 'Test': environ.Env.read_env(str(root) + '/config_app/settings/test.env') @@ -253,3 +255,5 @@ SWAGGER_SETTINGS = { 'JSON_EDITOR': True, 'DOC_EXPANSION': 'list' } + +IMAGE_SAMPLES_DIR = os.path.join(BASE_DIR, 'tests', 'fixtures', 'images') diff --git a/tests/fixtures/images/simple.jpg b/tests/fixtures/images/simple.jpg new file mode 100644 index 0000000..5dfea4c Binary files /dev/null and b/tests/fixtures/images/simple.jpg differ diff --git a/tests/fixtures/users.py b/tests/fixtures/users.py index 8116bd7..7c95a99 100644 --- a/tests/fixtures/users.py +++ b/tests/fixtures/users.py @@ -1,6 +1,6 @@ import pytest -from factories.users import UserFactory +from factories.users import UserFactory, AccountFactory @pytest.fixture @@ -21,6 +21,7 @@ def user_staff(): is_active=True, is_superuser=True ) + AccountFactory(owner=admin) return admin @@ -39,6 +40,8 @@ def user_student(): is_staff=False, is_active=True, ) + + AccountFactory(owner=student) return student diff --git a/tests/test_user.py b/tests/test_user.py index f755ca2..5afc79d 100644 --- a/tests/test_user.py +++ b/tests/test_user.py @@ -7,6 +7,8 @@ from django.urls import reverse from rest_framework import status from rest_framework.generics import get_object_or_404 +from factories.users import USER_PASSWORD + @pytest.mark.django_db @mock.patch('django.core.mail.EmailMessage.send') @@ -72,3 +74,51 @@ def test_generate_password_by_manager_for_not_active_student(staff_client, data=data, status=status.HTTP_201_CREATED ) + + +@pytest.mark.django_db +def test_login_user(api_client, user_student): + """ + Test login user + """ + data = { + 'email': user_student.email, + 'password': USER_PASSWORD + } + assert api_client.post( + reverse('users:login'), + data=data, + status=status.HTTP_200_OK + ) + + +@pytest.mark.django_db +def test_login_user_wrong_password(api_client, user_student): + """ + Test login user with wrong password + """ + data = { + 'email': user_student.email, + 'password': USER_PASSWORD + '1' + } + assert api_client.post( + reverse('users:login'), + data=data, + status=status.HTTP_403_FORBIDDEN + ) + + +@pytest.mark.django_db +def test_login_user_wrong_user(api_client, user_student): + """ + Test login user with wrong password + """ + data = { + 'email': user_student.email + '1', + 'password': USER_PASSWORD + } + assert api_client.post( + reverse('users:login'), + data=data, + status=status.HTTP_404_NOT_FOUND + )