def test_data_is_valid___object_is_created(self, file_description): user = fake_user() response = self.app.post( reverse('data-file-list', kwargs={'version': 'v1'}), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, params=json.dumps({ 'file_description': file_description, }), content_type='application/json', ) model = DataFile.objects.first() self.assertEqual(201, response.status_code) self.assertEqual(model.file_description, file_description)
def test_user_is_authenticated_object_does_not_exist___response_is_404( self): user = fake_user() portfolio = fake_portfolio() response = self.app.get(reverse('portfolio-detail', kwargs={ 'version': 'v1', 'pk': portfolio.pk + 1 }), expect_errors=True, headers={ 'Authorization': 'Bearer {}'.format( AccessToken.for_user(user)) }) self.assertEqual(404, response.status_code)
def test_reinsurance_info_file_is_not_a_valid_format___response_is_400( self): with TemporaryDirectory() as d: with override_settings(MEDIA_ROOT=d): user = fake_user() portfolio = fake_portfolio() response = self.app.post( portfolio.get_absolute_reinsurance_info_file_url(), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, upload_files=(('file', 'file.tar', b'content'), ), expect_errors=True, ) self.assertEqual(400, response.status_code)
def test_supplier_id_is_missing___response_is_400(self, supplier_id, version_id): user = fake_user() response = self.app.post( reverse('analysis-model-list', kwargs={'version': 'v1'}), expect_errors=True, headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, params=json.dumps({ 'supplier_id': supplier_id, 'version_id': version_id, }), content_type='application/json', ) self.assertEqual(400, response.status_code) self.assertFalse(AnalysisModel.objects.exists())
def get_jwt_token(request): serializer = CheckAuthKeySerializer(data=request.data) if serializer.is_valid(): email = serializer.data.get('email') auth_code = serializer.data.get('auth_code') user = get_object_or_404(User, email=email) if check_password(auth_code, user.auth_code): token = AccessToken.for_user(user) refresh_token = RefreshToken.for_user(user) return Response( { 'token': f'{token}', 'refresh_token': f'{refresh_token}' }, status=status.HTTP_200_OK) return Response({'confirmation_code': 'Wrong auth code'}, status=status.HTTP_400_BAD_REQUEST) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): serializer = StudentSerializer(data=request.data) if serializer.is_valid(): try: user = serializer.save(is_teacher=True) except IntegrityError as e: return Response(data="Username exists!") refresh = RefreshToken.for_user(user) access = AccessToken.for_user(user) res = { "username": str(user), "refresh": str(refresh), "access": str(access) } return Response(data=res, status=status.HTTP_201_CREATED) else: return Response(data="Enter valid data.", status=status.HTTP_400_BAD_REQUEST)
def test_cleaned_name_is_empty___response_is_400(self, name): user = fake_user() model = fake_analysis_model() portfolio = fake_portfolio() response = self.app.post(portfolio.get_absolute_create_analysis_url(), expect_errors=True, headers={ 'Authorization': 'Bearer {}'.format( AccessToken.for_user(user)) }, params=json.dumps({ 'name': name, 'model': model.pk }), content_type='application/json') self.assertEqual(400, response.status_code)
def create_user(username, password, group='rider'): # user = get_user_model().objects.create_user( # username=username, # password=password, # group='rider' # ) # Create user. user = get_user_model().objects.create_user(username=username, password=password) # Create user group. user_group, _ = Group.objects.get_or_create(name=group) # new user.groups.add(user_group) user.save() # Create access token. access = AccessToken.for_user(user) return user, access
def get_test_user(user_info=TEST_USER, manual_user=None): # user credentilas username = user_info['username'] email = user_info['email'] # use custom credentilas if manual_user: username = manual_user email = f"{username}@gmail.com" # Create user user = get_user_model().objects.create_user( username, email, password=user_info['password'], ) access = AccessToken.for_user(user) return user, access
def test_model_does_exist___response_is_200(self): user = fake_user() analysis = fake_analysis() model = fake_analysis_model() response = self.app.patch( analysis.get_absolute_url(), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, params=json.dumps({'model': model.pk}), content_type='application/json', expect_errors=True, ) analysis.refresh_from_db() self.assertEqual(200, response.status_code) self.assertEqual(analysis.model, model)
def test_input_generation_traceback_file_is_present___file_can_be_retrieved( self, file_content): with TemporaryDirectory() as d: with override_settings(MEDIA_ROOT=d): user = fake_user() analysis = fake_analysis( input_generation_traceback_file=fake_related_file( file=file_content, content_type='text/plain')) response = self.app.get( analysis.get_absolute_input_generation_traceback_file_url( ), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, ) self.assertEqual(response.body, file_content) self.assertEqual(response.content_type, 'text/plain')
def get_token(request): data = { 'email': request.data['email'], 'confirmation_code': request.data['confirmation_code'] } serializer = GetTokenSerializer(data=data) if serializer.is_valid(raise_exception=True): user = get_object_or_404(YamUser, email=data['email']) if default_token_generator.check_token( user, data['confirmation_code']): access_token = AccessToken.for_user(user) return Response(data={'token': str(access_token)}, status=status.HTTP_200_OK) return Response( data={'confirmation_code': 'wrong code'}, status=status.HTTP_400_BAD_REQUEST )
def post(self, request, format=None): UserModel = User serializer = self.serializer_class(data=request.data) try: if serializer.is_valid(raise_exception=True): return_dic = serializer.validated_data try: created = UserModel.objects.create(**return_dic) user_collection = UserCollection.objects.create( user=created) access = AccessToken.for_user(created) tokens = { 'access_token': str(access.get('jti')), } return Response(data=tokens, status=status.HTTP_201_CREATED) except Exception as e: return Response(e.args, status=status.HTTP_500_INTERNAL_SERVER_ERROR) except Exception as e: return Response(e.args, status=e.status_code)
def obtain_auth_token(request): serializer = ObtainTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) email = serializer.validated_data.get('email') user = get_object_or_404(User, email=email) confirmation_code = serializer.validated_data.get('confirmation_code') if not token_generator.check_token(user, confirmation_code): content = { 'confirmation_code': ['No active account found with the given credentials'] } return Response(content, status=status.HTTP_400_BAD_REQUEST) user.is_active = True user.save() return Response({'token': str(AccessToken.for_user(user))})
def access_token_obtain(request): serializer = AccessTokenObtainSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = get_object_or_404( User, email=serializer.data["email"], ) if not default_token_generator.check_token( user, serializer.data["confirmation_code"], ): raise AuthenticationFailed("Confirmation code is invalid.") access = AccessToken.for_user(user) data = { "token": str(access), } return Response(data)
def test_portfolio_does_not_have_location_file_set___response_is_400(self): user = fake_user() model = fake_analysis_model() portfolio = fake_portfolio() response = self.app.post( portfolio.get_absolute_create_analysis_url(), expect_errors=True, headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, params=json.dumps({ 'name': 'name', 'model': model.pk }), content_type='application/json', ) self.assertEqual(400, response.status_code) self.assertIn('"location_file" must not be null', response.json['portfolio'])
def test_location_file_invalid_uploaded___parquet_exception_raised(self): content_type = 'text/csv' file_content = b'\xf2hb\xca\xd2\xe6\xf3\xb0\xc1\xc7' with TemporaryDirectory() as d: with override_settings(MEDIA_ROOT=d, PORTFOLIO_PARQUET_STORAGE=True): user = fake_user() portfolio = fake_portfolio() response = self.app.post( portfolio.get_absolute_location_file_url(), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, upload_files=(('file', 'file{}'.format( mimetypes.guess_extension(content_type)), file_content), ), expect_errors=True) self.assertEqual(400, response.status_code)
def create_user(username='******', password='******', group='rider'): # Create user user = get_user_model().objects.create_user(username=username, password=password) # Create user group user_group, _ = Group.objects.get_or_create(name=group) print('\nuser_group:', user_group) user.groups.add(user_group) user.save() # Create access token access = AccessToken.for_user(user) print('user', user) print('user.id', user.id) print('user.groups.first().pk', user.groups.first().pk) print('access', access) return user, access
def post(self, request, *args, **kwargs): confirmation = ConfirmationSerializer(data=request.data) confirmation.is_valid(raise_exception=True) email = confirmation.validated_data['email'] confirmation_code = confirmation.data.get('confirmation_code') username = email.split('@')[0] user = get_object_or_404(User, email=email, username=username) if not default_token_generator.check_token(user, confirmation_code): exceptions.AuthenticationFailed('confirmation_code is not valid') serialized_user = UserSerializer(user).data access_token = AccessToken.for_user(user) response = Response() response.data = { 'access_token': f'{access_token}', 'user': serialized_user, } return response
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data, context={'request': request}) if serializer.is_valid(): email = serializer.validated_data['email'] password = serializer.validated_data['password'] try: get_user = User.objects.get(email=email) user_auth = authenticate(email=email, password=password) access_token = AccessToken.for_user(user_auth) refresh_token = RefreshToken.for_user(user_auth) if user_auth: login(request, user_auth) return Response({ 'message': 'Login successful', 'email': get_user.email, 'last_login': get_user.last_login, 'is_candidate': get_user.is_candidate, 'is_employee': get_user.is_employee, 'is_active': get_user.is_active, 'access_token': str(access_token), 'refresh_token': str(refresh_token), 'status': status.HTTP_200_OK }) else: return Response({ 'message': 'User not found', 'status': status.HTTP_404_NOT_FOUND }) except User.DoesNotExist: return Response({ 'message': 'User not found', 'status': status.HTTP_404_NOT_FOUND }) else: return Response({ 'message': 'Invalid Request', 'status': status.HTTP_403_FORBIDDEN })
def test_data_is_valid___object_is_created(self, supplier_id, model_id, version_id): user = fake_user() response = self.app.post( reverse('analysis-model-list', kwargs={'version': 'v1'}), headers={ 'Authorization': 'Bearer {}'.format(AccessToken.for_user(user)) }, params=json.dumps({ 'supplier_id': supplier_id, 'model_id': model_id, 'version_id': version_id, }), content_type='application/json', ) model = AnalysisModel.objects.first() self.assertEqual(201, response.status_code) self.assertEqual(model.supplier_id, supplier_id) self.assertEqual(model.version_id, version_id) self.assertEqual(model.model_id, model_id)
def request_recover(request): email = request.data.get('email', '') base_link = request.data.get('link', reverse('reset-password', request=request)) serializer = RecoverFormSerializer(data=request.data) serializer.is_valid(raise_exception=True) unit_time = '1 dia' try: user = User.objects.get(email=email) token = AccessToken.for_user(user) link = base_link + '?token=' + str(token) format_message = {'email': email, 'link': link, 'unit_time': unit_time} user.email_user(subject, message.format(**format_message), html_message=html_message.format(**format_message)) except User.DoesNotExist: pass return Response({'detail': 'Email will be sent if it is a valid user.'})
def GetJWTToken(request): """ - Getting JWT if confirmation_code is valid. - The confirmation code can be used only once, after which it becomes invalid. """ serializer = UserTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) email = serializer.validated_data['email'] confirmation_code = serializer.validated_data['confirmation_code'] user = get_object_or_404(User, email=email) if (user.confirmation_code == confirmation_code and not user.is_code_expired): token = AccessToken.for_user(user) user.is_code_expired = True user.save() return Response({'token': str(token)}, status=status.HTTP_200_OK) return Response('confirmation code or email is not valid', status=status.HTTP_200_OK)
def post(self, request): try: if (request.user.is_student): return Response("Students are not allowed to visit this.") serializers = StudentSerializer(data=request.data) if serializers.is_valid(): try: user = serializers.save(is_student=True) except IntegrityError as e: return Response(data="Username exists!") refresh = RefreshToken.for_user(user) access = AccessToken.for_user(user) res = { "username": str(user), "refresh": str(refresh), "access": str(access) } return Response(data=res, status=status.HTTP_201_CREATED) else: return Response(data="Enter valid data.", status=status.HTTP_400_BAD_REQUEST) except: return Response("Invalid request")
def exchange_token(request, backend): """Accept the Google OAuth Token from client flow and authenticate user.""" serializer = SocialSerializer(data=request.data) if not serializer.is_valid(raise_exception=True): # validate access_token return try: user = request.backend.do_auth( serializer.validated_data["access_token"]) except (HTTPError, AuthForbidden) as e: return Response({"detail": str(e)}, status=status.HTTP_403_FORBIDDEN) token = AccessToken.for_user(user) # serialize user data to be sent back to client for serializer in user_serializers: if serializer.Meta.model is type(user): token["role"] = user.__class__.__name__ token["user"] = serializer(user).data del token["user"]['email'] # already sent in token break else: return Response( status=status.HTTP_400_BAD_REQUEST) # Unknown User type return Response({"token": str(token)})
def get(self, request, *args, **kwargs): temp_token = kwargs.get('token') try: if self.check_availability(temp_token): user = User.objects.get(auth_temp_token__token=temp_token) refresh_token = RefreshToken.for_user(user) access_token = AccessToken.for_user(user) user_serializer = UserSerializer(user) return Response(user_serializer.data, headers={ 'refresh': refresh_token, 'access': access_token }, status=status.HTTP_200_OK) else: return Response( {'detail': 'Token is not active or time expired'}, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: return Response(data={'detail': 'User does not exist'}, status=status.HTTP_400_BAD_REQUEST) except TempToken.DoesNotExist: return Response(data={'detail': 'Token is invalid'}, status=status.HTTP_400_BAD_REQUEST)
def setUp(self): self.user, self.password = create_test_user() self.user.role = self.user.ROLE_EDITOR self.user.save() self.token = str(AccessToken.for_user(self.user)) self.token_header = 'JWT %s' % self.token
def authorize(self, user, **additional_headers): token = AccessToken.for_user(user) self.client.credentials( HTTP_AUTHORIZATION=f"{api_settings.AUTH_HEADER_TYPES[0]} {token}", **additional_headers)
def auth_headers(user): token = AccessToken.for_user(user) return {'HTTP_AUTHORIZATION': f'Bearer {token}'}
def setUp(self): self.email = "*****@*****.**" self.password = "******" self.user = self.create(email=self.email, password=self.password) self.access_token = str(AccessToken.for_user(self.user))