def refresh(request): # refresh_token_credentials = request.query_params.get('refresh_token', None) credentials = request.data refresh_token_credentials = credentials.get('refresh_token', None) if not refresh_token_credentials: raise AuthenticationFailed( "Invalid token name. 'refresh_token' - required") try: payload = jwt.decode(refresh_token_credentials, settings.SECRET_KEY, algorithms=['HS256']) except jwt.InvalidTokenError: raise AuthenticationFailed('Invalid token header') id_ = payload.get('id', None) user = CustomUser.objects.get(pk=id_) if not user: raise AuthenticationFailed('User not found') refresh_token = user.refresh_token if refresh_token != refresh_token_credentials: raise AuthenticationFailed('Token not match') payload = {'id': user.id, 'email': user.email} access_token = create_token(payload, token_type='access') refresh_token = create_token(payload, token_type='refresh') user.refresh_token = refresh_token user.save() return Response(data={'access': access_token, 'refresh': refresh_token})
def post(self, request, *args, **kwargs): uidb64 = self.kwargs.get('uidb64') token = self.kwargs.get('token') if uidb64 is not None and token is not None: uid = force_text(urlsafe_base64_decode(uidb64)) try: user = User.objects.get(uuid=uid) if default_token_generator.check_token( user, token) and user.is_active == False: user.is_active = True user.is_email_verified = True user.save() token = create_token(user) return Response( data={ 'username': user.username, 'token': token, 'first_name': user.first_name, 'last_name': user.last_name }) return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST) except: return Response(data={'message': 'Something Went Wrong'}, status=status.HTTP_400_BAD_REQUEST) return Response(data={'message': 'Token Has Not Been Provided'}, status=status.HTTP_400_BAD_REQUEST)
def test_backend_2(self): url = reverse('users-list') access_token = create_token({'id': -1, 'email': '*****@*****.**'}, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_do_not_allow_to_user_delete_any_user(self): user_id = self.test_user_1.id url = reverse('users-detail', kwargs={'pk': user_id + 1}) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.delete(url, foramt='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_creating_a_new_recommendation_list_with_no_recommendations(self): access_token = create_token( { 'id': self.test_user_1.id, 'email': self.test_user_1.email }, 'access') url = reverse('recommendation_list-list') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) data = {'is_draft': 'true', 'category': 'music', 'header': 'header'} response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_get_user_profile_me(self): url = reverse('users-detail', kwargs={'pk': 'me'}) access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['id'], self.test_user_1.id)
def test_do_not_allow_to_user_to_change_own_email(self): user_id = self.test_user_1.id url = reverse('users-detail', kwargs={'pk': user_id}) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') data = {'email': 'new_email'} self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data, foramt='json') self.assertEqual(self.test_user_1.email, response.data['email']) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_tags_adding_or_updating(self): user_id = self.test_user_1.id url = reverse('recommendation_list-detail', kwargs={'pk': self.recommendation_list_1.id}) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') data = {'tags': [{'name': 'test1'}, {'name': 'test2'}]} self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data=data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_trying_send_text_instead_of_image(self): user_id = self.test_user_1.id url = reverse('users-detail', kwargs={'pk': user_id}) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') im = open('./test_media/avatars/false.rtf', 'rb') data = {'avatar': im} self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data, foramt='multipart') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_user_trying_update_foreign_list(self): url = reverse('recommendation_list-detail', kwargs={'pk': self.recommendation_list_1.id}) data = {'is_draft': 'true'} access_token = create_token( { 'id': self.test_user_2.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data=data) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_get_drafts_me(self): url = reverse('users-drafts', kwargs={'pk': 'me'}) access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(len(response.data), self.test_user_1.lists.filter(is_draft=True).count())
def test_user_can_change_own_avatar(self): user_id = self.test_user_1.id url = reverse('users-detail', kwargs={'pk': user_id}) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') im = open('./test_media/avatars/im2.jpg', 'rb') data = {'avatar': im} self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data, foramt='multipart') self.assertEqual(response.status_code, status.HTTP_200_OK)
def setUp(self) -> None: super().setUp() u = CustomUser.objects.create(username='******', password='******', email='*****@*****.**', first_name='first_name', last_name='last_name') u.refresh_token = create_token({'id': u.id, 'username': u.username, 'email': u.email}, 'refresh') self.test_user = u self.test_user.save()
def login(request): credentials = request.data authorization_serializer = AuthorizationSerializer(data=credentials) authorization_serializer.is_valid(raise_exception=True) username = credentials['username'] password = credentials['password'] user = CustomUser.objects.filter(username=username).first() if not user: raise AuthenticationFailed() if not check_password(password, user.password): raise AuthenticationFailed() payload = {'id': user.id, 'email': user.email} access_token = create_token(payload, token_type='access') refresh_token = create_token(payload, token_type='refresh') user.refresh_token = refresh_token user.save() return Response(data={'access': access_token, 'refresh': refresh_token})
def test_adding_to_favorites(self): url = reverse('recommendation_list-favorites', kwargs={'pk': self.recommendation_list_1.id}) count = Favorites.objects.all().count() access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.post(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(count + 1, Favorites.objects.all().count())
def test_like_unauthorized(self): url = reverse('recommendation_list-like', kwargs={'pk': self.recommendation_list_1.id}) count = self.recommendation_list_1.likes.count() access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.post(url, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(count + 1, self.recommendation_list_1.likes.count())
def test_soring_by_update_date_desc(self): url = reverse('recommendation_list-list') access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.get(url, {'order': '-updated'}, format='json') ordered_by_update = [i['id'] for i in response.data['results']] expected_order = [ self.recommendation_list_2.id, self.recommendation_list_1.id ] self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(ordered_by_update, expected_order)
def test_user_can_change_own_data(self): user_id = self.test_user_1.id url = reverse('users-detail', kwargs={'pk': user_id}) data = { 'username': '******', 'password': '******', 'first_name': 'first_name', 'last_name': 'last_name' } access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_adding_photos_to_recommendations(self): user_id = self.test_user_1.id url = reverse('recommendation_detailing-detail', kwargs={ 'recommendation_list_pk': self.recommendation_list_1.id, 'pk': self.recommendation_1.id }) access_token = create_token({ 'id': user_id, 'email': '*****@*****.**' }, 'access') im = open('./test_media/recommendation_list_images/im2.jpg', 'rb') data = {'photo': im} self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.patch(url, data=data, foramt='multipart') self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_do_not_allow_to_user_add_new_user(self): url = reverse('users-list') data = { 'username': '******', 'password': '******', 'email': '*****@*****.**', 'first_name': 'first_name', 'last_name': 'last_name' } access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) response = self.client.post(url, data, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_creating_a_new_recommendation_list_valid_info(self): user_id = self.test_user_1.id access_token = create_token( { 'id': user_id, 'email': self.test_user_1.email }, 'access') url = reverse('recommendation_list-list') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) data = { 'recommendations': [{ 'text': 'test_text' }], 'is_draft': 'true', 'category': 'music', 'header': 'header' } response = self.client.post(url, data=data, format='json') self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_sorting_by_adding_to_favorites_date_desc(self): url = reverse('users-favorites', kwargs={'pk': self.test_user_2.id}) access_token = create_token( { 'id': self.test_user_1.id, 'email': '*****@*****.**' }, 'access') self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token) Favorites.objects.create( user_id=self.test_user_2.id, recommendation_list_id=self.recommendation_list_1.id) Favorites.objects.create( user_id=self.test_user_2.id, recommendation_list_id=self.recommendation_list_2.id) response = self.client.get(url, {'order': '-create'}, format='json') ordered_by_date = [i['id'] for i in response.data] expected_order = [ self.recommendation_list_2.id, self.recommendation_list_1.id ] self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(ordered_by_date, expected_order)
def post(self, request, *args, **kwargs): uidb64 = self.kwargs.get('uidb64') token = self.kwargs.get('token') if uidb64 is not None and token is not None: try: uid = force_text(urlsafe_base64_decode(uidb64)) user = User.objects.get(uuid=uid) password_reset = PasswordReset.objects.get(user=user, is_used=False) password_reset.is_used = True password_reset.save() if default_token_generator.check_token(user, token): login_token = create_token(user) return Response(data={'token': login_token}) return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST) except PasswordReset.DoesNotExist: return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST) except: return Response(data={'message': 'Something went wrong'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return Response(data={'message': 'Password reset token has not been provided'}, status=status.HTTP_400_BAD_REQUEST)