mattdrayer/api-userdetailpostfix: Addressed several issues related to updating…

mattdrayer/api-userdetailpostfix: Addressed several issues related to updating user/profile information

FInal fix

lms/djangoapps/api_manager/models.py

@@ -122,4 +122,7 @@ class CourseContentGroupRelationship(TimeStampedModel):
     record_active = models.BooleanField(default=True)
 
     class Meta:
+        """
+        Mapping model to enable grouping of course content such as chapters
+        """
         unique_together = ("course_id", "content_id", "group")

lms/djangoapps/api_manager/users/test_user_password_reset.py

@@ -123,6 +123,37 @@ class UserPasswordResetTest(TestCase):
         )
         self._assert_response(response, status=200)
 
+    @override_settings(ADVANCED_SECURITY_CONFIG={'MIN_DIFFERENT_STAFF_PASSWORDS_BEFORE_REUSE': 20,
+                                                 'MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS': 0})
+    def test_password_reset_not_allowable_reuse_staff_user(self):
+        """
+        Try resetting staff user password with an already-used password
+        Hits a very specific LOC in the view code
+        """
+        response = self._do_post_request(
+            self.user_url, 'test2', 'Test.Me64!', email='test@edx.org',
+            first_name='John', last_name='Doe', secure=True, is_staff=True
+        )
+        self._assert_response(response, status=201)
+        user_id = response.data['id']
+
+        pass_reset_url = "%s/%s" % (self.user_url, str(user_id))
+
+        response = self._do_post_pass_reset_request(
+            pass_reset_url, password='Test.Me64#', secure=True
+        )
+        self._assert_response(response, status=200)
+
+        response = self._do_post_pass_reset_request(
+            pass_reset_url, password='Test.Me64#', secure=True
+        )
+        message = _(
+            "You are re-using a password that you have used recently. You must "
+            "have 20 distinct password(s) before reusing a previous password."
+        )
+        self._assert_response(response, status=403, message=message)
+
+
     @override_settings(ADVANCED_SECURITY_CONFIG={'MIN_TIME_IN_DAYS_BETWEEN_ALLOWED_RESETS': 1})
     def test_is_password_reset_too_frequent(self):
         """
@@ -202,6 +233,8 @@ class UserPasswordResetTest(TestCase):
             post_params['first_name'] = kwargs.get('first_name')
         if kwargs.get('last_name'):
             post_params['last_name'] = kwargs.get('last_name')
+        if kwargs.get('is_staff'):
+            post_params['is_staff'] = kwargs.get('is_staff')
 
         headers = {'X-Edx-Api-Key': TEST_API_KEY, 'Content-Type': 'application/json'}
         if kwargs.get('secure', False):

lms/djangoapps/api_manager/users/tests.py

@@ -34,7 +34,8 @@ class SecureClient(Client):
 
 @override_settings(MODULESTORE=TEST_DATA_MIXED_MODULESTORE)
 @override_settings(EDX_API_KEY=TEST_API_KEY)
-@patch.dict("django.conf.settings.FEATURES", {'ENFORCE_PASSWORD_POLICY': False})
+@override_settings(PASSWORD_MIN_LENGTH=4)
+@patch.dict("django.conf.settings.FEATURES", {'ENFORCE_PASSWORD_POLICY': True})
 class UsersApiTests(TestCase):
 
     """ Test suite for Users API views """
@@ -144,19 +145,30 @@ class UsersApiTests(TestCase):
     def test_user_detail_post(self):
         test_uri = '/api/users'
         local_username = self.test_username + str(randint(11, 99))
-        data = {'email': self.test_email, 'username': local_username, 'password':
-                self.test_password, 'first_name': self.test_first_name, 'last_name': self.test_last_name}
+        data = {'email': self.test_email,
+                'username': local_username, 'password':self.test_password,
+                'first_name': self.test_first_name, 'last_name': self.test_last_name}
         response = self.do_post(test_uri, data)
+        self.assertEqual(response.status_code, 201)
         test_uri = test_uri + '/' + str(response.data['id'])
-        data = {'is_active': False}
+        auth_data = {'username': local_username, 'password': self.test_password}
+        self.do_post('/api/sessions', auth_data)
+        self.assertEqual(response.status_code, 201)
+        data = {'is_active': False, 'is_staff': True}
         response = self.do_post(test_uri, data)
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.data['is_active'], False)
+        self.assertEqual(response.data['is_staff'], True)
         response = self.do_get(test_uri)
         self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.data['email'], self.test_email)
+        self.assertEqual(response.data['username'], local_username)
+        self.assertEqual(response.data['first_name'], self.test_first_name)
+        self.assertEqual(response.data['last_name'], self.test_last_name)
+        self.assertEqual(response.data['full_name'], '{} {}'.format(self.test_first_name, self.test_last_name))
         self.assertEqual(response.data['is_active'], False)
 
-    def test_user_detail_post_username(self):
+    def test_user_detail_post_duplicate_username(self):
         """
         Create two users, then pass the same first username in request in order to update username of second user.
         Must return bad request against username, Already exist!
@@ -188,6 +200,19 @@ class UsersApiTests(TestCase):
         self.assertEqual(response.status_code, 400)
         self.assertEqual(response.data['message'], message)
 
+    def test_user_detail_post_invalid_password(self):
+        test_uri = '/api/users'
+        local_username = self.test_username + str(randint(11, 99))
+        data = {'email': self.test_email,
+                'username': local_username, 'password': self.test_password,
+                'first_name': self.test_first_name, 'last_name': self.test_last_name}
+        response = self.do_post(test_uri, data)
+        self.assertEqual(response.status_code, 201)
+        test_uri = test_uri + '/' + str(response.data['id'])
+        data = {'password': 'x'}
+        response = self.do_post(test_uri, data)
+        self.assertEqual(response.status_code, 400)
+
     def test_user_detail_post_user_profile_added_updated(self):
         """
         Create a user, then add the user profile