add method for generate new password to students

8 years ago · b92e6d0435
parent 6ca8139a68
commit b92e6d0435
11 changed files with 177 additions and 6 deletions
--- a/access/serializers.py
+++ b/access/serializers.py
@ -1,5 +1,6 @@
 from django.contrib.auth import get_user_model
 from rest_framework import serializers
+from rest_framework.generics import get_object_or_404

 from access.models.other import Account
 from achievements.serialers import DiplomaSerializer, AchievementsSerializer
@ -101,3 +102,28 @@ class UserSearchSerializer(serializers.ModelSerializer):
    @staticmethod
    def get_last_request(self):
        return self.useractivity.last_request
+
+
+class UserEmailSerializer(serializers.Serializer):
+    """
+    Serializer for set new password to the student in admin area by manager.
+    """
+    email = serializers.EmailField()
+
+    def __init__(self, *args, **kwargs):
+        super(UserEmailSerializer, self).__init__(*args, **kwargs)
+        self.user = None
+        self.password = None
+
+    def validate_email(self, email):
+        self.user = get_object_or_404(get_user_model(), email=email)
+        if not self.user.is_active:
+            raise serializers.ValidationError('Учетная запись еще не активирована.')
+        if not self.user:
+            raise serializers.ValidationError('Email не зарегистрирован.')
+        return email
+
+    def save(self):
+        self.password = get_user_model().objects.make_random_password()
+        self.user.set_password(self.password)
+        self.user.save()
--- a/access/urls.py
+++ b/access/urls.py
@ -18,4 +18,9 @@ urlpatterns = [
    url(r'logout/$', views.LogoutView.as_view()),
    url(r'reset/$', views.ResetPasswordView.as_view()),
    url(r'progress_detail/upload/(?P<token>[0-9A-Fa-f-]+)/$', progress.views.UploadCourseProgressUserView.as_view()),
-]
+    url(
+        r'management/password/$',
+        views.ManagementPassword.as_view(),
+        name='management-password'
+        )
+]
--- a/access/views.py
+++ b/access/views.py
@ -1,6 +1,7 @@
 import datetime
 import random
 import string
+import logging

 from django.contrib import auth
 from django.conf import settings
@ -8,15 +9,21 @@ from django.contrib.auth import get_user_model
 from django.core.mail import send_mail
 from django.db.models import Q
 from django.shortcuts import redirect
+
 from rest_framework.renderers import JSONRenderer
 from rest_framework.response import Response
 from rest_framework.views import APIView
+from rest_framework import permissions, generics, status

 from access.models.other import Invite, ResetPassword, Account
-from access.serializers import UserSelfSerializer, UserSearchSerializer
+from access.serializers import (UserSelfSerializer, UserSearchSerializer,
+                                UserEmailSerializer)
 from lms.tools import decode_base64


+logger = logging.getLogger(__name__)
+
+
 class TeacherListView(APIView):
    renderer_classes = (JSONRenderer,)
    status_code = 200
@ -283,3 +290,33 @@ class MinUserView(APIView):
            return Response(UserSearchSerializer(get_user_model().objects.get(out_key=out_key)).data, status=200)
        except get_user_model().DoesNotExist:
            return Response("User not found", status=404)
+
+
+class ManagementPassword(generics.GenericAPIView):
+    permission_classes = (permissions.IsAuthenticated, permissions.IsAdminUser)
+    serializer_class = UserEmailSerializer
+
+    def post(self, request):
+        """
+        Set password to the student in admin area by manager
+        ---
+        Generate new password to the student and send email with new password
+        """
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        logger.info(f'set password: {serializer.password} to the '
+                    f'student with email: {serializer.user.email}')
+        send_mail(
+            subject='Установлен новый пароль',
+            message=f'Ваш новый пароль {serializer.password} '
+                    f'(в последствии вы сможите сменить его в личном кабинете).',
+            from_email='robo@skillbox.ru',
+            recipient_list=[serializer.user.email],
+        )
+        logger.info(f'send email to {serializer.user.email} '
+                    f'with new password')
+        return Response(
+            data={'message': 'Письмо с новым паролем отправлено на email студента.'},
+            status=status.HTTP_201_CREATED
+        )
--- a/api_v1/urls.py
+++ b/api_v1/urls.py
@ -5,7 +5,7 @@ schema_view = get_swagger_view(title='Skillbox LMS API')

 urlpatterns = [
    url(r'courses/', include('courses.urls')),
-    url(r'users/', include('access.urls')),
+    url(r'users/', include('access.urls', namespace='users')),
    url(r'library/', include('library.urls')),
    url(r'finance/', include('finance.urls')),
    url(r'storage/', include('storage.urls')),
--- a/lms/settings.py
+++ b/lms/settings.py
@ -232,6 +232,16 @@ LOGGING = {
    },
 }

+# Configure loggers for all local apps
+LOCAL_APPS_LOGGERS = {}
+for app in apps:
+    LOCAL_APPS_LOGGERS[app] = {
+        'handlers': ['console'],
+        'level': 'DEBUG',
+        'propagate': True,
+    }
+LOGGING['loggers'].update(LOCAL_APPS_LOGGERS)
+
 SWAGGER_SETTINGS = {
    'USE_SESSION_AUTH': True,
    'LOGIN_URL': 'admin:login',
--- a/pytest.ini
+++ b/pytest.ini
@ -2,7 +2,8 @@
 DJANGO_SETTINGS_MODULE = lms.settings
 norecursedirs = env/* docs/* misc/* static/*

-addopts = --flake8 -vvs
+;addopts = --flake8 -vvs
+addopts = -vvs

 python_files =
    test_*.py
--- a/requirements.txt
+++ b/requirements.txt
@ -50,6 +50,8 @@ pytest-sugar==0.9.1
 pytest-django==3.1.2
 coverage==4.5.1
 pytest-cov==2.5.1
+mock==2.0.0
+pytest-mock==1.7.0
 # factories
 Faker==0.8.11
 factory-boy==2.10.0
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -0,0 +1,28 @@
+import pytest
+from tests.client import BetterAPIClient
+
+pytest_plugins = [
+    'tests.fixtures.users',
+]
+
+@pytest.fixture
+def api_client():
+    """Anonymous client for REST API."""
+    client = BetterAPIClient()
+    return client
+
+
+@pytest.fixture
+def staff_client(user_staff):
+    """Authorized as staff client for REST API."""
+    client = BetterAPIClient()
+    client.force_authenticate(user=user_staff)
+    return client
+
+
+@pytest.fixture
+def student_client(user_student):
+    """Authorized as staff client for REST API."""
+    client = BetterAPIClient()
+    client.force_authenticate(user=user_student)
+    return client
--- a/tests/fixtures/init.py
+++ b/tests/fixtures/init.py
--- a/tests/fixtures/users.py
+++ b/tests/fixtures/users.py
@ -4,11 +4,12 @@ from factories.users import UserFactory


@pytest.fixture
-def user_admin():
+def user_staff():
    """
-    Create user as administration with data:
+    Create user as staff with data:
    email = 'admin@example.com'
    password = 'test'
+    is_staff=True
    is_active = True
    is_superuser = True
    """
@ -16,7 +17,26 @@ def user_admin():
        last_name='Иванов',
        first_name='Иван',
        email='admin@example.com',
+        is_staff=True,
        is_active=True,
        is_superuser=True
    )
    return admin
+
+
+@pytest.fixture
+def user_student():
+    """
+    Create user as student with data:
+    email = 'student@example.com'
+    password = 'test'
+    is_active = True
+    """
+    student = UserFactory(
+        last_name='Иванов',
+        first_name='Иван',
+        email='student@example.com',
+        is_staff=False,
+        is_active=True,
+    )
+    return student
--- a/tests/test_user.py
+++ b/tests/test_user.py
@ -0,0 +1,42 @@
+import mock
+import pytest
+
+from django.contrib.auth import get_user_model
+from django.urls import reverse
+
+from rest_framework import status
+from rest_framework.generics import get_object_or_404
+
+
+@pytest.mark.django_db
+@mock.patch('django.core.mail.send_mail')
+def test_generate_password_by_manager(mocked_send_mail, staff_client,
+                                      student_client, user_student):
+    """
+    Test generate new password from admin area by manager
+    """
+    assert staff_client.get(
+        reverse('users:management-password'),
+        status=status.HTTP_405_METHOD_NOT_ALLOWED
+    )
+    assert student_client.get(
+        reverse('users:management-password'),
+        status=status.HTTP_403_FORBIDDEN
+    )
+    data = {
+        'email': user_student.email,
+    }
+    assert staff_client.post(
+        reverse('users:management-password'),
+        data=data,
+        status=status.HTTP_201_CREATED
+    )
+    test_user = get_object_or_404(get_user_model(), email=user_student.email)
+    assert not test_user.check_password('test')
+    assert mocked_send_mail.call_count == 1
+    assert student_client.post(
+        reverse('users:management-password'),
+        data=data,
+        status=status.HTTP_403_FORBIDDEN
+    )
+