def test_serializer_not_valid_by_missing_password(self):
test_data = {
'first_name': 'INVALID_DATA',
'last_name': 'INVALID_DATA',
'email': '*****@*****.**',
}
user_serializer = BaseUserSerializer(data=test_data)
self.assertFalse(user_serializer.is_valid())
def test_serializer_not_valid_by_missing_email(self):
test_data = {
'first_name': 'INVALID_DATA',
'last_name': 'INVALID_DATA',
'password': '******'
}
user_serializer = BaseUserSerializer(data=test_data)
self.assertFalse(user_serializer.is_valid())
def test_serializer_response(self):
user_serializer = BaseUserSerializer(self.user)
expected_response = {
'first_name': 'Test',
'last_name': 'User',
'email': '*****@*****.**',
'is_active': True,
'auth_token': Token.objects.get(user=self.user).key
}
self.assertDictEqual(user_serializer.data, expected_response)
def test_serializer_valid_creation(self):
test_data = {
'first_name': 'Test',
'last_name': 'User',
'email': '*****@*****.**',
'password': '******'
}
user_serializer = BaseUserSerializer(data=test_data)
if user_serializer.is_valid(raise_exception=True):
new_user = user_serializer.save()
expected_response = {
'first_name': 'Test',
'last_name': 'User',
'email': '*****@*****.**',
'is_active': True,
'auth_token': Token.objects.get(user=new_user).key
}
self.assertDictEqual(user_serializer.data, expected_response)
user_obj = User.objects.get(email=test_data['email'])
self.assertEqual(new_user, user_obj)
def get_access_by_key(request):
print('ACCESS')
"""
Required Fields: key, expected_group
- - Required Field Documentation - -
key is a string which refers to the access model
expected_group is a secure parameter. There are different access types.
The access validation for each access type should be done by the different
frontend urls.
That means that it should not be possible to validate an account activation
access from a password forgotten URL. It should only be possible to validate
the account activation key from a section where account activation
is expected.
- - Validation & Success - -
Invalid Response can be created by
- missing data
- invalid expected keys
- outdated keys
Success Events:
- user gets authenticated
- key gets delete XX <- Get not deleted anymore
- response gets a session cookie
successfull Response:
- Baseuserserializer with user data and token
- session cookie
"""
# # #
# Entry Data Validation
#
if 'key' not in request.data or 'expected_group' not in request.data:
data = {'err': 'Missing request data'}
return Response(data, status=status.HTTP_400_BAD_REQUEST)
#
# ./Entry Data Validation
# # #
# # #
# Query Validation
#
try:
access = TemporaryAccess.objects.get(key=request.data['key'])
except TemporaryAccess.DoesNotExist:
data = {'err': 'Invalid access key!'}
return Response(data, status=status.HTTP_404_NOT_FOUND)
if not access.is_valid:
access.delete()
data = {'err': 'Outdated access key!'}
return Response(data, status=status.HTTP_406_NOT_ACCEPTABLE)
if request.data['expected_group'] != access.group:
data = {'err': 'Invalid access key!'}
return Response(data, status=status.HTTP_406_NOT_ACCEPTABLE)
#
# ./Query Validation
# # #
if access.group == 'a':
user = access.user
user.account_activated_by_key = True
user.save()
# # #
# Authentication + Cookie
#
auth.authenticate(request, user=access.user)
auth.login(request._request, access.user)
# #
# >> AccessKey get deleted
# access.delete()
data = {'user': BaseUserSerializer(access.user).data}
response = Response(data, status=status.HTTP_200_OK)
max_age = int(settings.ENV['SESSION_COOKIE_VALIDATION_TIME'])
expires = datetime.datetime.utcnow() + datetime.timedelta(minutes=max_age)
response.set_cookie(key='sessionid',
value=request.session.session_key,
expires=expires.strftime("%a, %d-%b-%Y %H:%M:%S UTC"),
httponly=True,
samesite='lax',
path='/')
return response