def test_data_is_valid___object_is_created(self, file_description):
user = fake_user()
response = self.app.post(
reverse('data-file-list', kwargs={'version': 'v1'}),
headers={
'Authorization': 'Bearer {}'.format(AccessToken.for_user(user))
},
params=json.dumps({
'file_description': file_description,
}),
content_type='application/json',
)
model = DataFile.objects.first()
self.assertEqual(201, response.status_code)
self.assertEqual(model.file_description, file_description)
def test_user_is_authenticated_object_does_not_exist___response_is_404(
self):
user = fake_user()
portfolio = fake_portfolio()
response = self.app.get(reverse('portfolio-detail',
kwargs={
'version': 'v1',
'pk': portfolio.pk + 1
}),
expect_errors=True,
headers={
'Authorization':
'Bearer {}'.format(
AccessToken.for_user(user))
})
self.assertEqual(404, response.status_code)
def test_reinsurance_info_file_is_not_a_valid_format___response_is_400(
self):
with TemporaryDirectory() as d:
with override_settings(MEDIA_ROOT=d):
user = fake_user()
portfolio = fake_portfolio()
response = self.app.post(
portfolio.get_absolute_reinsurance_info_file_url(),
headers={
'Authorization':
'Bearer {}'.format(AccessToken.for_user(user))
},
upload_files=(('file', 'file.tar', b'content'), ),
expect_errors=True,
)
self.assertEqual(400, response.status_code)
def test_supplier_id_is_missing___response_is_400(self, supplier_id, version_id):
user = fake_user()
response = self.app.post(
reverse('analysis-model-list', kwargs={'version': 'v1'}),
expect_errors=True,
headers={
'Authorization': 'Bearer {}'.format(AccessToken.for_user(user))
},
params=json.dumps({
'supplier_id': supplier_id,
'version_id': version_id,
}),
content_type='application/json',
)
self.assertEqual(400, response.status_code)
self.assertFalse(AnalysisModel.objects.exists())
def get_jwt_token(request):
serializer = CheckAuthKeySerializer(data=request.data)
if serializer.is_valid():
email = serializer.data.get('email')
auth_code = serializer.data.get('auth_code')
user = get_object_or_404(User, email=email)
if check_password(auth_code, user.auth_code):
token = AccessToken.for_user(user)
refresh_token = RefreshToken.for_user(user)
return Response(
{
'token': f'{token}',
'refresh_token': f'{refresh_token}'
},
status=status.HTTP_200_OK)
return Response({'confirmation_code': 'Wrong auth code'},
status=status.HTTP_400_BAD_REQUEST)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
serializer = StudentSerializer(data=request.data)
if serializer.is_valid():
try:
user = serializer.save(is_teacher=True)
except IntegrityError as e:
return Response(data="Username exists!")
refresh = RefreshToken.for_user(user)
access = AccessToken.for_user(user)
res = {
"username": str(user),
"refresh": str(refresh),
"access": str(access)
}
return Response(data=res, status=status.HTTP_201_CREATED)
else:
return Response(data="Enter valid data.",
status=status.HTTP_400_BAD_REQUEST)
def test_cleaned_name_is_empty___response_is_400(self, name):
user = fake_user()
model = fake_analysis_model()
portfolio = fake_portfolio()
response = self.app.post(portfolio.get_absolute_create_analysis_url(),
expect_errors=True,
headers={
'Authorization':
'Bearer {}'.format(
AccessToken.for_user(user))
},
params=json.dumps({
'name': name,
'model': model.pk
}),
content_type='application/json')
self.assertEqual(400, response.status_code)
def create_user(username, password, group='rider'):
# user = get_user_model().objects.create_user(
# username=username,
# password=password,
# group='rider'
# )
# Create user.
user = get_user_model().objects.create_user(username=username,
password=password)
# Create user group.
user_group, _ = Group.objects.get_or_create(name=group) # new
user.groups.add(user_group)
user.save()
# Create access token.
access = AccessToken.for_user(user)
return user, access
def get_test_user(user_info=TEST_USER, manual_user=None):
# user credentilas
username = user_info['username']
email = user_info['email']
# use custom credentilas
if manual_user:
username = manual_user
email = f"{username}@gmail.com"
# Create user
user = get_user_model().objects.create_user(
username,
email,
password=user_info['password'],
)
access = AccessToken.for_user(user)
return user, access
def test_model_does_exist___response_is_200(self):
user = fake_user()
analysis = fake_analysis()
model = fake_analysis_model()
response = self.app.patch(
analysis.get_absolute_url(),
headers={
'Authorization': 'Bearer {}'.format(AccessToken.for_user(user))
},
params=json.dumps({'model': model.pk}),
content_type='application/json',
expect_errors=True,
)
analysis.refresh_from_db()
self.assertEqual(200, response.status_code)
self.assertEqual(analysis.model, model)
def test_input_generation_traceback_file_is_present___file_can_be_retrieved(
self, file_content):
with TemporaryDirectory() as d:
with override_settings(MEDIA_ROOT=d):
user = fake_user()
analysis = fake_analysis(
input_generation_traceback_file=fake_related_file(
file=file_content, content_type='text/plain'))
response = self.app.get(
analysis.get_absolute_input_generation_traceback_file_url(
),
headers={
'Authorization':
'Bearer {}'.format(AccessToken.for_user(user))
},
)
self.assertEqual(response.body, file_content)
self.assertEqual(response.content_type, 'text/plain')
def get_token(request):
data = {
'email': request.data['email'],
'confirmation_code': request.data['confirmation_code']
}
serializer = GetTokenSerializer(data=data)
if serializer.is_valid(raise_exception=True):
user = get_object_or_404(YamUser, email=data['email'])
if default_token_generator.check_token(
user,
data['confirmation_code']):
access_token = AccessToken.for_user(user)
return Response(data={'token': str(access_token)},
status=status.HTTP_200_OK)
return Response(
data={'confirmation_code': 'wrong code'},
status=status.HTTP_400_BAD_REQUEST
)
def post(self, request, format=None):
UserModel = User
serializer = self.serializer_class(data=request.data)
try:
if serializer.is_valid(raise_exception=True):
return_dic = serializer.validated_data
try:
created = UserModel.objects.create(**return_dic)
user_collection = UserCollection.objects.create(
user=created)
access = AccessToken.for_user(created)
tokens = {
'access_token': str(access.get('jti')),
}
return Response(data=tokens, status=status.HTTP_201_CREATED)
except Exception as e:
return Response(e.args, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except Exception as e:
return Response(e.args, status=e.status_code)
def obtain_auth_token(request):
serializer = ObtainTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
email = serializer.validated_data.get('email')
user = get_object_or_404(User, email=email)
confirmation_code = serializer.validated_data.get('confirmation_code')
if not token_generator.check_token(user, confirmation_code):
content = {
'confirmation_code':
['No active account found with the given credentials']
}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
user.is_active = True
user.save()
return Response({'token': str(AccessToken.for_user(user))})
def access_token_obtain(request):
serializer = AccessTokenObtainSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = get_object_or_404(
User,
email=serializer.data["email"],
)
if not default_token_generator.check_token(
user,
serializer.data["confirmation_code"],
):
raise AuthenticationFailed("Confirmation code is invalid.")
access = AccessToken.for_user(user)
data = {
"token": str(access),
}
return Response(data)
def test_portfolio_does_not_have_location_file_set___response_is_400(self):
user = fake_user()
model = fake_analysis_model()
portfolio = fake_portfolio()
response = self.app.post(
portfolio.get_absolute_create_analysis_url(),
expect_errors=True,
headers={
'Authorization': 'Bearer {}'.format(AccessToken.for_user(user))
},
params=json.dumps({
'name': 'name',
'model': model.pk
}),
content_type='application/json',
)
self.assertEqual(400, response.status_code)
self.assertIn('"location_file" must not be null',
response.json['portfolio'])
def test_location_file_invalid_uploaded___parquet_exception_raised(self):
content_type = 'text/csv'
file_content = b'\xf2hb\xca\xd2\xe6\xf3\xb0\xc1\xc7'
with TemporaryDirectory() as d:
with override_settings(MEDIA_ROOT=d,
PORTFOLIO_PARQUET_STORAGE=True):
user = fake_user()
portfolio = fake_portfolio()
response = self.app.post(
portfolio.get_absolute_location_file_url(),
headers={
'Authorization':
'Bearer {}'.format(AccessToken.for_user(user))
},
upload_files=(('file', 'file{}'.format(
mimetypes.guess_extension(content_type)),
file_content), ),
expect_errors=True)
self.assertEqual(400, response.status_code)
def create_user(username='******',
password='******',
group='rider'):
# Create user
user = get_user_model().objects.create_user(username=username,
password=password)
# Create user group
user_group, _ = Group.objects.get_or_create(name=group)
print('\nuser_group:', user_group)
user.groups.add(user_group)
user.save()
# Create access token
access = AccessToken.for_user(user)
print('user', user)
print('user.id', user.id)
print('user.groups.first().pk', user.groups.first().pk)
print('access', access)
return user, access
def post(self, request, *args, **kwargs):
confirmation = ConfirmationSerializer(data=request.data)
confirmation.is_valid(raise_exception=True)
email = confirmation.validated_data['email']
confirmation_code = confirmation.data.get('confirmation_code')
username = email.split('@')[0]
user = get_object_or_404(User, email=email, username=username)
if not default_token_generator.check_token(user, confirmation_code):
exceptions.AuthenticationFailed('confirmation_code is not valid')
serialized_user = UserSerializer(user).data
access_token = AccessToken.for_user(user)
response = Response()
response.data = {
'access_token': f'{access_token}',
'user': serialized_user,
}
return response
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data,
context={'request': request})
if serializer.is_valid():
email = serializer.validated_data['email']
password = serializer.validated_data['password']
try:
get_user = User.objects.get(email=email)
user_auth = authenticate(email=email, password=password)
access_token = AccessToken.for_user(user_auth)
refresh_token = RefreshToken.for_user(user_auth)
if user_auth:
login(request, user_auth)
return Response({
'message': 'Login successful',
'email': get_user.email,
'last_login': get_user.last_login,
'is_candidate': get_user.is_candidate,
'is_employee': get_user.is_employee,
'is_active': get_user.is_active,
'access_token': str(access_token),
'refresh_token': str(refresh_token),
'status': status.HTTP_200_OK
})
else:
return Response({
'message': 'User not found',
'status': status.HTTP_404_NOT_FOUND
})
except User.DoesNotExist:
return Response({
'message': 'User not found',
'status': status.HTTP_404_NOT_FOUND
})
else:
return Response({
'message': 'Invalid Request',
'status': status.HTTP_403_FORBIDDEN
})
def test_data_is_valid___object_is_created(self, supplier_id, model_id,
version_id):
user = fake_user()
response = self.app.post(
reverse('analysis-model-list', kwargs={'version': 'v1'}),
headers={
'Authorization': 'Bearer {}'.format(AccessToken.for_user(user))
},
params=json.dumps({
'supplier_id': supplier_id,
'model_id': model_id,
'version_id': version_id,
}),
content_type='application/json',
)
model = AnalysisModel.objects.first()
self.assertEqual(201, response.status_code)
self.assertEqual(model.supplier_id, supplier_id)
self.assertEqual(model.version_id, version_id)
self.assertEqual(model.model_id, model_id)
def request_recover(request):
email = request.data.get('email', '')
base_link = request.data.get('link',
reverse('reset-password', request=request))
serializer = RecoverFormSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
unit_time = '1 dia'
try:
user = User.objects.get(email=email)
token = AccessToken.for_user(user)
link = base_link + '?token=' + str(token)
format_message = {'email': email, 'link': link, 'unit_time': unit_time}
user.email_user(subject,
message.format(**format_message),
html_message=html_message.format(**format_message))
except User.DoesNotExist:
pass
return Response({'detail': 'Email will be sent if it is a valid user.'})
def GetJWTToken(request):
"""
- Getting JWT if confirmation_code is valid.
- The confirmation code can be used only once,
after which it becomes invalid.
"""
serializer = UserTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
email = serializer.validated_data['email']
confirmation_code = serializer.validated_data['confirmation_code']
user = get_object_or_404(User, email=email)
if (user.confirmation_code == confirmation_code
and not user.is_code_expired):
token = AccessToken.for_user(user)
user.is_code_expired = True
user.save()
return Response({'token': str(token)}, status=status.HTTP_200_OK)
return Response('confirmation code or email is not valid',
status=status.HTTP_200_OK)
def post(self, request):
try:
if (request.user.is_student):
return Response("Students are not allowed to visit this.")
serializers = StudentSerializer(data=request.data)
if serializers.is_valid():
try:
user = serializers.save(is_student=True)
except IntegrityError as e:
return Response(data="Username exists!")
refresh = RefreshToken.for_user(user)
access = AccessToken.for_user(user)
res = {
"username": str(user),
"refresh": str(refresh),
"access": str(access)
}
return Response(data=res, status=status.HTTP_201_CREATED)
else:
return Response(data="Enter valid data.",
status=status.HTTP_400_BAD_REQUEST)
except:
return Response("Invalid request")
def exchange_token(request, backend):
"""Accept the Google OAuth Token from client flow and authenticate user."""
serializer = SocialSerializer(data=request.data)
if not serializer.is_valid(raise_exception=True): # validate access_token
return
try:
user = request.backend.do_auth(
serializer.validated_data["access_token"])
except (HTTPError, AuthForbidden) as e:
return Response({"detail": str(e)}, status=status.HTTP_403_FORBIDDEN)
token = AccessToken.for_user(user)
# serialize user data to be sent back to client
for serializer in user_serializers:
if serializer.Meta.model is type(user):
token["role"] = user.__class__.__name__
token["user"] = serializer(user).data
del token["user"]['email'] # already sent in token
break
else:
return Response(
status=status.HTTP_400_BAD_REQUEST) # Unknown User type
return Response({"token": str(token)})
def get(self, request, *args, **kwargs):
temp_token = kwargs.get('token')
try:
if self.check_availability(temp_token):
user = User.objects.get(auth_temp_token__token=temp_token)
refresh_token = RefreshToken.for_user(user)
access_token = AccessToken.for_user(user)
user_serializer = UserSerializer(user)
return Response(user_serializer.data,
headers={
'refresh': refresh_token,
'access': access_token
},
status=status.HTTP_200_OK)
else:
return Response(
{'detail': 'Token is not active or time expired'},
status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
return Response(data={'detail': 'User does not exist'},
status=status.HTTP_400_BAD_REQUEST)
except TempToken.DoesNotExist:
return Response(data={'detail': 'Token is invalid'},
status=status.HTTP_400_BAD_REQUEST)
def setUp(self):
self.user, self.password = create_test_user()
self.user.role = self.user.ROLE_EDITOR
self.user.save()
self.token = str(AccessToken.for_user(self.user))
self.token_header = 'JWT %s' % self.token
def authorize(self, user, **additional_headers):
token = AccessToken.for_user(user)
self.client.credentials(
HTTP_AUTHORIZATION=f"{api_settings.AUTH_HEADER_TYPES[0]} {token}",
**additional_headers)
def auth_headers(user):
token = AccessToken.for_user(user)
return {'HTTP_AUTHORIZATION': f'Bearer {token}'}
def setUp(self):
self.email = "*****@*****.**"
self.password = "******"
self.user = self.create(email=self.email, password=self.password)
self.access_token = str(AccessToken.for_user(self.user))
