Commit 82668c34 by Matt Drayer Committed by Jonathan Piacenti

mattdrayer/api-userdetailpostfix: Addressed several issues related to updating…

mattdrayer/api-userdetailpostfix: Addressed several issues related to updating user/profile information

FInal fix
parent c907daa4
......@@ -122,4 +122,7 @@ class CourseContentGroupRelationship(TimeStampedModel):
record_active = models.BooleanField(default=True)
class Meta:
"""
Mapping model to enable grouping of course content such as chapters
"""
unique_together = ("course_id", "content_id", "group")
......@@ -123,6 +123,37 @@ class UserPasswordResetTest(TestCase):
)
self._assert_response(response, status=200)
@override_settings(ADVANCED_SECURITY_CONFIG={'MIN_DIFFERENT_STAFF_PASSWORDS_BEFORE_REUSE': 20,
'MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS': 0})
def test_password_reset_not_allowable_reuse_staff_user(self):
"""
Try resetting staff user password with an already-used password
Hits a very specific LOC in the view code
"""
response = self._do_post_request(
self.user_url, 'test2', 'Test.Me64!', email='test@edx.org',
first_name='John', last_name='Doe', secure=True, is_staff=True
)
self._assert_response(response, status=201)
user_id = response.data['id']
pass_reset_url = "%s/%s" % (self.user_url, str(user_id))
response = self._do_post_pass_reset_request(
pass_reset_url, password='Test.Me64#', secure=True
)
self._assert_response(response, status=200)
response = self._do_post_pass_reset_request(
pass_reset_url, password='Test.Me64#', secure=True
)
message = _(
"You are re-using a password that you have used recently. You must "
"have 20 distinct password(s) before reusing a previous password."
)
self._assert_response(response, status=403, message=message)
@override_settings(ADVANCED_SECURITY_CONFIG={'MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS': 1})
def test_is_password_reset_too_frequent(self):
"""
......@@ -202,6 +233,8 @@ class UserPasswordResetTest(TestCase):
post_params['first_name'] = kwargs.get('first_name')
if kwargs.get('last_name'):
post_params['last_name'] = kwargs.get('last_name')
if kwargs.get('is_staff'):
post_params['is_staff'] = kwargs.get('is_staff')
headers = {'X-Edx-Api-Key': TEST_API_KEY, 'Content-Type': 'application/json'}
if kwargs.get('secure', False):
......
......@@ -34,7 +34,8 @@ class SecureClient(Client):
@override_settings(MODULESTORE=TEST_DATA_MIXED_MODULESTORE)
@override_settings(EDX_API_KEY=TEST_API_KEY)
@patch.dict("django.conf.settings.FEATURES", {'ENFORCE_PASSWORD_POLICY': False})
@override_settings(PASSWORD_MIN_LENGTH=4)
@patch.dict("django.conf.settings.FEATURES", {'ENFORCE_PASSWORD_POLICY': True})
class UsersApiTests(TestCase):
""" Test suite for Users API views """
......@@ -144,19 +145,30 @@ class UsersApiTests(TestCase):
def test_user_detail_post(self):
test_uri = '/api/users'
local_username = self.test_username + str(randint(11, 99))
data = {'email': self.test_email, 'username': local_username, 'password':
self.test_password, 'first_name': self.test_first_name, 'last_name': self.test_last_name}
data = {'email': self.test_email,
'username': local_username, 'password':self.test_password,
'first_name': self.test_first_name, 'last_name': self.test_last_name}
response = self.do_post(test_uri, data)
self.assertEqual(response.status_code, 201)
test_uri = test_uri + '/' + str(response.data['id'])
data = {'is_active': False}
auth_data = {'username': local_username, 'password': self.test_password}
self.do_post('/api/sessions', auth_data)
self.assertEqual(response.status_code, 201)
data = {'is_active': False, 'is_staff': True}
response = self.do_post(test_uri, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['is_active'], False)
self.assertEqual(response.data['is_staff'], True)
response = self.do_get(test_uri)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['email'], self.test_email)
self.assertEqual(response.data['username'], local_username)
self.assertEqual(response.data['first_name'], self.test_first_name)
self.assertEqual(response.data['last_name'], self.test_last_name)
self.assertEqual(response.data['full_name'], '{} {}'.format(self.test_first_name, self.test_last_name))
self.assertEqual(response.data['is_active'], False)
def test_user_detail_post_username(self):
def test_user_detail_post_duplicate_username(self):
"""
Create two users, then pass the same first username in request in order to update username of second user.
Must return bad request against username, Already exist!
......@@ -188,6 +200,19 @@ class UsersApiTests(TestCase):
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data['message'], message)
def test_user_detail_post_invalid_password(self):
test_uri = '/api/users'
local_username = self.test_username + str(randint(11, 99))
data = {'email': self.test_email,
'username': local_username, 'password': self.test_password,
'first_name': self.test_first_name, 'last_name': self.test_last_name}
response = self.do_post(test_uri, data)
self.assertEqual(response.status_code, 201)
test_uri = test_uri + '/' + str(response.data['id'])
data = {'password': 'x'}
response = self.do_post(test_uri, data)
self.assertEqual(response.status_code, 400)
def test_user_detail_post_user_profile_added_updated(self):
"""
Create a user, then add the user profile
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment