stash

2023-12-11 22:18:33 +01:00 · 2023-12-11 22:18:33 +01:00 · ba427c7a84
commit ba427c7a84
parent 6aaa522a6b
25 changed files with 274 additions and 236 deletions
--- a/core/authentication/api_v2.py
+++ b/core/authentication/api_v2.py
@ -1,57 +1,85 @@
-from rest_framework import routers, viewsets, serializers
+from rest_framework import routers, viewsets, serializers, permissions
 from rest_framework.decorators import api_view, permission_classes, authentication_classes
 from rest_framework.response import Response
-from rest_framework.authentication import BasicAuthentication
-from django.contrib.auth.models import User
+from django.contrib.auth import login
 from django.urls import path
+from django.dispatch import receiver
+from django.db.models.signals import post_save
+from knox.models import AuthToken
+from knox.views import LoginView as KnoxLoginView
+from rest_framework.authtoken.serializers import AuthTokenSerializer
+
+from authentication.models import ExtendedUser


 class UserSerializer(serializers.ModelSerializer):
    class Meta:
-        model = User
+        model = ExtendedUser
        fields = ('id', 'username', 'email', 'first_name', 'last_name')


-class RegisterUserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = User
-        fields = ('username', 'password', 'email')
-        extra_kwargs = {
-            'password': {'write_only': True},
-        }
+@receiver(post_save, sender=ExtendedUser)
+def create_auth_token(sender, instance=None, created=False, **kwargs):
+    if created:
+        AuthToken.objects.create(user=instance)


 class UserViewSet(viewsets.ModelViewSet):
-    queryset = User.objects.all()
+    queryset = ExtendedUser.objects.all()
    serializer_class = UserSerializer
-    authentication_classes = [BasicAuthentication]
-    permission_classes = []


-@api_view(['GET'])
-@permission_classes([])
-@authentication_classes([BasicAuthentication])
-def token(request):
-    return Response({
-        'token': request.user.auth_token.key
-    })
+@api_view(['POST'])
+def selfUser(request):
+    serializer = UserSerializer(request.user)
+    return Response(serializer.data, status=200)


@api_view(['POST'])
@permission_classes([])
@authentication_classes([])
 def registerUser(request):
-    serializer = RegisterUserSerializer(data=request.data)
-    if serializer.is_valid():
-        user = serializer.save()
+    try:
+        username = request.data.get('username')
+        password = request.data.get('password')
+        email = request.data.get('email')
+
+        errors = {}
+        if not username:
+            errors['username'] = 'Username is required'
+        if not password:
+            errors['password'] = 'Password is required'
+        if not email:
+            errors['email'] = 'Email is required'
+        if ExtendedUser.objects.filter(email=email).exists():
+            errors['email'] = 'Email already exists'
+        if ExtendedUser.objects.filter(username=username).exists():
+            errors['username'] = 'Username already exists'
+        if errors:
+            return Response({'errors': errors}, status=400)
+        user = ExtendedUser.objects.create_user(username, email, password)
        return Response({'username': user.username, 'email': user.email}, status=201)
-    return Response(serializer.errors, status=400)
+    except Exception as e:
+        return Response({'errors': str(e)}, status=400)
+
+
+class LoginView(KnoxLoginView):
+    permission_classes = (permissions.AllowAny,)
+    authentication_classes = ()
+
+    def post(self, request, format=None):
+        serializer = AuthTokenSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = serializer.validated_data['user']
+        login(request, user)
+        return super(LoginView, self).post(request, format=None)


 router = routers.SimpleRouter()
 router.register(r'users', UserViewSet, basename='users')

 urlpatterns = router.urls + [
-    path('token/', token),
+    path('self/', selfUser),
+    path('login/', LoginView.as_view()),
    path('register/', registerUser),
 ]
--- a/core/authentication/migrations/0002_groups.py
+++ b/core/authentication/migrations/0002_groups.py
@ -1,35 +0,0 @@
-# Generated by Django 4.2.7 on 2023-11-26 00:16
-
-from django.conf import settings
-from django.db import migrations
-from django.contrib.auth.models import Permission, Group
-
-
-class Migration(migrations.Migration):
-    initial = True
-
-    dependencies = [
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-        ('authentication', '0001_initial'),
-        ('inventory', '0003_alter_item_options'),
-        ('tickets', '0003_alter_issuethread_options'),
-    ]
-
-    def create_groups(apps, schema_editor):
-        admins = Group.objects.create(name='Admin')
-        orga = Group.objects.create(name='Orga')
-        team = Group.objects.create(name='Team')
-        users = Group.objects.create(name='User')
-        admins.permissions.add(*Permission.objects.all())
-        users.permissions.add(*Permission.objects.filter(codename__in=
-                                                         ['view_item', 'add_item', 'change_item', 'match_item']))
-        team.permissions.add(*Permission.objects.filter(codename__in=
-                                                        ['delete_item', 'view_issuethread', 'add_issuethread',
-                                                         'change_issuethread', 'delete_issuethread', 'send_mail']),
-                             *users.permissions.all())
-        orga.permissions.add(*Permission.objects.filter(codename__in=['add_event']),
-                             *team.permissions.all())
-
-    operations = [
-        migrations.RunPython(create_groups),
-    ]
--- a/core/authentication/tests/v2/test_permissions.py
+++ b/core/authentication/tests/v2/test_permissions.py
@ -0,0 +1,34 @@
+from django.test import TestCase
+from django.contrib.auth.models import Permission
+
+from authentication.models import EventPermission, ExtendedUser
+from inventory.models import Event
+
+
+class PermissionsTestCase(TestCase):
+    def setUp(self):
+        super().setUp()
+        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
+        event1 = Event.objects.create(slug='testevent1', name='testevent1')
+        event2 = Event.objects.create(slug='testevent2', name='testevent2')
+        permission1 = Permission.objects.get(codename='view_event')
+        EventPermission.objects.create(user=self.user, permission=permission1, event=event1)
+        EventPermission.objects.create(user=self.user, permission=permission1, event=event2)
+
+    def test_user_permissions(self):
+        """
+        Test that a user can only access their own data.
+        """
+        self.client.force_login(self.user)
+        response = self.client.get('/api/2/users/')
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.json()), 2)
+        self.assertEqual(response.json()[0]['username'], 'testuser')
+        self.assertEqual(response.json()[0]['email'], 'test')
+        self.assertEqual(response.json()[0]['first_name'], '')
+        self.assertEqual(response.json()[0]['last_name'], '')
+        self.assertEqual(response.json()[0]['id'], 1)
+        self.assertEqual(response.json()[1]['username'], 'testuser')
+        self.assertEqual(response.json()[1]['email'], 'test')
+        self.assertEqual(response.json()[1]['first_name'], '')
+        self.assertEqual(response.json()[1]['last_name'], '')
--- a/core/authentication/tests/v2/test_users.py
+++ b/core/authentication/tests/v2/test_users.py
@ -1,18 +1,93 @@
 from django.test import TestCase, Client

+from knox.models import AuthToken
+
+from authentication.models import ExtendedUser
 from core import settings

-client = Client()

+class UserApiTest(TestCase):

-class IssueApiTest(TestCase):
+    def setUp(self):
+        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
+        self.user.save()
+        self.token = AuthToken.objects.create(user=self.user)
+        self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})

-    def test_issues(self):
-        response = client.get('/api/2/users/')
+    def test_users(self):
+        response = self.client.get('/api/2/users/')
        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(len(response.json()), 2)
        self.assertEqual(response.json()[0]['username'], settings.LEGACY_USER_NAME)
        self.assertEqual(response.json()[0]['email'], 'mail@' + settings.MAIL_DOMAIN)
        self.assertEqual(response.json()[0]['first_name'], '')
        self.assertEqual(response.json()[0]['last_name'], '')
        self.assertEqual(response.json()[0]['id'], 1)
+        self.assertEqual(response.json()[1]['username'], 'testuser')
+        self.assertEqual(response.json()[1]['email'], 'test')
+        self.assertEqual(response.json()[1]['first_name'], '')
+        self.assertEqual(response.json()[1]['last_name'], '')
+
+    def test_self_user(self):
+        response = self.client.post('/api/2/self/')
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json()['username'], 'testuser')
+        self.assertEqual(response.json()['email'], 'test')
+        self.assertEqual(response.json()['first_name'], '')
+        self.assertEqual(response.json()['last_name'], '')
+
+    def test_register_user(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test2'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.json()['username'], 'testuser2')
+        self.assertEqual(response.json()['email'], 'test2')
+        self.assertEqual(len(ExtendedUser.objects.all()), 3)
+        self.assertEqual(ExtendedUser.objects.get(username='testuser2').email, 'test2')
+        self.assertTrue(ExtendedUser.objects.get(username='testuser2').check_password('test'))
+
+    def test_register_user_duplicate(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'username': 'testuser', 'password': 'test', 'email': 'test2'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json()['errors']['username'], 'Username already exists')
+        self.assertEqual(len(ExtendedUser.objects.all()), 2)
+
+    def test_register_user_no_username(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'password': 'test', 'email': 'test2'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json()['errors']['username'], 'Username is required')
+        self.assertEqual(len(ExtendedUser.objects.all()), 2)
+
+    def test_register_user_no_password(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'email': 'test2'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json()['errors']['password'], 'Password is required')
+        self.assertEqual(len(ExtendedUser.objects.all()), 2)
+
+    def test_register_user_no_email(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json()['errors']['email'], 'Email is required')
+        self.assertEqual(len(ExtendedUser.objects.all()), 2)
+
+    def test_register_user_duplicate_email(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test'},
+                                  content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+        self.assertEqual(response.json()['errors']['email'], 'Email already exists')
+        self.assertEqual(len(ExtendedUser.objects.all()), 2)
+
+    def test_get_token(self):
+        anonymous = Client()
+        response = anonymous.post('/api/2/login/', {'username': 'testuser', 'password': 'test'},
+                                  content_type='application/json')