Tests for malformed auth tokens

incuna · Nov 28, 2014 · 75fefb9 · 75fefb9
1 parent 108c77e
commit 75fefb9
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 12 deletions.
diff --git a/user_management/api/serializers.py b/user_management/api/serializers.py
@@ -33,19 +33,11 @@ def validate(self, attrs):
         username = attrs.get('username')
         password = attrs.get('password')
 
-        if not (username and password):
-            msg = _('Must include "username" and "password"')
-            raise serializers.ValidationError(msg)
-
         user = authenticate(username=username, password=password)
         if not user:
             msg = _('Unable to log in with provided credentials.')
             raise serializers.ValidationError(msg)
 
-        if not user.is_active:
-            msg = _('User account has not been verified, please check your email.')
-            raise serializers.ValidationError(msg)
-
         attrs['user'] = user
         return attrs
 

diff --git a/user_management/api/tests/test_views.py b/user_management/api/tests/test_views.py
@@ -33,8 +33,7 @@ def tearDown(self):
     def test_post(self):
         username = 'Test@example.com'
         password = 'myepicstrongpassword'
-        UserFactory.create(
-            email=username.lower(), password=password, is_active=True)
+        UserFactory.create(email=username.lower(), password=password)
 
         data = {'username': username, 'password': password}
         request = self.create_request('post', auth=False, data=data)
@@ -70,6 +69,26 @@ def test_delete_no_token(self):
         response = self.view_class.as_view()(request)
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
+    def test_delete_invalid_token(self):
+        # token is incomplete
+        auth = 'Token'
+        request = self.create_request(
+            'delete',
+            HTTP_AUTHORIZATION=auth,
+        )
+        response = self.view_class.as_view()(request)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_delete_spacious_token(self):
+        # token has too many whitespaces
+        auth = 'Token yolo jimmy'
+        request = self.create_request(
+            'delete',
+            HTTP_AUTHORIZATION=auth,
+        )
+        response = self.view_class.as_view()(request)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
     def test_user_auth_method_not_allowed(self):
         """Ensure GET requests are not allowed."""
         auth_url = reverse('user_management_api:auth')

diff --git a/user_management/models/tests/factories.py b/user_management/models/tests/factories.py
@@ -7,8 +7,9 @@
 
 class UserFactory(factory.DjangoModelFactory):
     FACTORY_FOR = get_user_model()
-    name = factory.Sequence(lambda i: 'Test User {}'.format(i))
-    email = factory.Sequence(lambda i: 'email{}@example.com'.format(i))
+
+    name = factory.Sequence('Test User {}'.format)
+    email = factory.Sequence('email{}@example.com'.format)
     is_active = True
 
     @factory.post_generation