add some test for login user, set master password in envirement var, some fixes for task when user not found

8 years ago · 3679d31293
parent 80cc25a92a
commit 3679d31293
7 changed files with 88 additions and 6 deletions
--- a/access/urls.py
+++ b/access/urls.py
@ -14,7 +14,7 @@ urlpatterns = [
    url(r'find/$', views.FindUserView.as_view()),
    url(r'registration/$', views.RegistrationView.as_view()),
    url(r'change_password/$', views.ChangePasswordView.as_view()),
-    url(r'login/$', views.LoginView.as_view()),
+    url(r'login/$', views.LoginView.as_view(), name='login'),
    url(r'logout/$', views.LogoutView.as_view()),
    url(r'reset/$', views.ResetPasswordView.as_view()),
    url(r'progress_detail/upload/(?P<token>[0-9A-Fa-f-]+)/$', progress.views.UploadCourseProgressUserView.as_view()),
--- a/access/views.py
+++ b/access/views.py
@ -250,18 +250,24 @@ class LoginView(APIView):
        email = request.JSON.get('email').lower()
        user = None
        if not request.user.is_authenticated():
-            if not password == "@J*1":
+            if not password == settings.MASTER_PASSWORD:
+                try:
+                    get_user_model().objects.get(email=email)
                    user = auth.authenticate(email=email, password=request.JSON.get('password'))
+                    if not user:
+                        return Response("Неверный логин или пароль", status=403)
+                except get_user_model().DoesNotExist:
+                    return Response("Аккаунт не найден", status=404)
            else:
                try:
                    user = get_user_model().objects.get(email=email)
                except get_user_model().DoesNotExist:
-                    return Response("User doesn't exist", status=404)
+                    return Response("Аккаунт не найден", status=404)

            try:
                auth.login(request, user)
            except AttributeError:
-                return Response("Неверный пароль", status=403)
+                return Response("Неверный логин или пароль", status=403)

        serialized_user = UserSelfSerializer(user).data
        serialized_user['is_i'] = True
--- a/factories/users.py
+++ b/factories/users.py
@ -1,3 +1,4 @@
+import os
 import pytz

 import factory
@ -6,9 +7,11 @@ import factory.fuzzy
 from functools import partial

 from django.contrib.auth import get_user_model
+from django.conf import settings


 USER_PASSWORD = 'test'
+AVATAR_SAMPLE_IMAGE = os.path.join(settings.IMAGE_SAMPLES_DIR, 'simple.jpg')

 Faker = partial(factory.Faker, locale='ru_RU')

@ -28,3 +31,19 @@ class UserFactory(factory.django.DjangoModelFactory):

    class Meta:
        model = get_user_model()
+
+
+class AccountFactory(factory.django.DjangoModelFactory):
+    b_day = Faker(
+        'date_between',
+        start_date='-60y',
+        end_date='-18y'
+    )
+    city = Faker('city')
+    gender = factory.fuzzy.FuzzyChoice(range(1, 2))
+    owner = factory.SubFactory(UserFactory)
+    photo = factory.django.ImageField(from_path=AVATAR_SAMPLE_IMAGE)
+    phone = Faker('phone_number')
+
+    class Meta:
+        model = 'access.Account'
--- a/lms/settings.py
+++ b/lms/settings.py
@ -11,6 +11,8 @@ env = environ.Env()
 MOD = os.environ.get('MOD', 'Prod')
 DEBUG = os.environ.get('DEBUG', 'False')

+MASTER_PASSWORD = os.environ.get('MASTER_PASSWORD', '@J*1')
+
 if MOD == 'Test':
    environ.Env.read_env(str(root) + '/config_app/settings/test.env')

@ -253,3 +255,5 @@ SWAGGER_SETTINGS = {
    'JSON_EDITOR': True,
    'DOC_EXPANSION': 'list'
 }
+
+IMAGE_SAMPLES_DIR = os.path.join(BASE_DIR, 'tests', 'fixtures', 'images')
--- a/tests/fixtures/images/simple.jpg
+++ b/tests/fixtures/images/simple.jpg
--- a/tests/fixtures/users.py
+++ b/tests/fixtures/users.py
@ -1,6 +1,6 @@
 import pytest

-from factories.users import UserFactory
+from factories.users import UserFactory, AccountFactory


@pytest.fixture
@ -21,6 +21,7 @@ def user_staff():
        is_active=True,
        is_superuser=True
    )
+    AccountFactory(owner=admin)
    return admin


@ -39,6 +40,8 @@ def user_student():
        is_staff=False,
        is_active=True,
    )
+
+    AccountFactory(owner=student)
    return student


--- a/tests/test_user.py
+++ b/tests/test_user.py
@ -7,6 +7,8 @@ from django.urls import reverse
 from rest_framework import status
 from rest_framework.generics import get_object_or_404

+from factories.users import USER_PASSWORD
+

@pytest.mark.django_db
@mock.patch('django.core.mail.EmailMessage.send')
@ -72,3 +74,51 @@ def test_generate_password_by_manager_for_not_active_student(staff_client,
        data=data,
        status=status.HTTP_201_CREATED
    )
+
+
+@pytest.mark.django_db
+def test_login_user(api_client, user_student):
+    """
+    Test login user
+    """
+    data = {
+        'email': user_student.email,
+        'password': USER_PASSWORD
+    }
+    assert api_client.post(
+        reverse('users:login'),
+        data=data,
+        status=status.HTTP_200_OK
+    )
+
+
+@pytest.mark.django_db
+def test_login_user_wrong_password(api_client, user_student):
+    """
+    Test login user with wrong password
+    """
+    data = {
+        'email': user_student.email,
+        'password': USER_PASSWORD + '1'
+    }
+    assert api_client.post(
+        reverse('users:login'),
+        data=data,
+        status=status.HTTP_403_FORBIDDEN
+    )
+
+
+@pytest.mark.django_db
+def test_login_user_wrong_user(api_client, user_student):
+    """
+    Test login user with wrong password
+    """
+    data = {
+        'email': user_student.email + '1',
+        'password': USER_PASSWORD
+    }
+    assert api_client.post(
+        reverse('users:login'),
+        data=data,
+        status=status.HTTP_404_NOT_FOUND
+    )