Merge pull request #2 from pennlabs/fix/accounts

Fix accounts
pennlabs · Apr 24, 2019 · 3988813 · 3988813
2 parents f24845d + 1249236
commit 3988813
Show file tree

Hide file tree

Showing 8 changed files with 69 additions and 35 deletions.
diff --git a/accounts/admin.py b/accounts/admin.py
diff --git a/accounts/backends.py b/accounts/backends.py
@@ -1,20 +1,28 @@
 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import RemoteUserBackend
 
+from accounts.settings import accounts_settings
+
 
 class LabsUserBackend(RemoteUserBackend):
     def authenticate(self, request, remote_user):
         if not remote_user:
             return
         User = get_user_model()
-        user, created = User.objects.get_or_create(uuid=remote_user)
+        user, created = User.objects.get_or_create(username=remote_user['username'])
         if created:
-            user.username = user.uuid
+            user.first_name = remote_user['first_name']
+            user.last_name = remote_user['last_name']
+            user.email = remote_user['email']
             user.set_unusable_password()
             user.save()
             try:
                 user = self.configure_user(request, user)
             except TypeError:
                 user = self.configure_user(user)
 
+        if accounts_settings.ADMIN_PERMISSION in remote_user['product_permission']:
+            user.is_staff = True
+            user.is_superuser = True
+            user.save()
         return user if self.user_can_authenticate(user) else None
diff --git a/accounts/models.py b/accounts/models.py
diff --git a/accounts/settings.py b/accounts/settings.py
@@ -11,6 +11,7 @@
     'REDIRECT_URI': os.environ.get('LABS_REDIRECT_URI'),
     'SCOPE': ['read', 'introspection'],
     'PLATFORM_URL': 'https://platform.pennlabs.org',
+    'ADMIN_PERMISSION': 'example_admin'
 }
 
 

diff --git a/accounts/views.py b/accounts/views.py
@@ -41,8 +41,8 @@ def get(self, request):
         platform = OAuth2Session(accounts_settings.CLIENT_ID, token=token)
         access_token = token['access_token']
         introspect_url = accounts_settings.PLATFORM_URL + '/accounts/introspect/?token=' + access_token
-        uuid = platform.get(introspect_url).json()['uuid']
-        user = auth.authenticate(remote_user=uuid)
+        user_props = platform.get(introspect_url).json()['user']
+        user = auth.authenticate(request, remote_user=user_props)
         if user:
             auth.login(request, user)
             return redirect(request.session.pop('next'))

diff --git a/tests/settings.py b/tests/settings.py
@@ -65,8 +65,6 @@
 
 STATIC_URL = '/static/'
 
-AUTH_USER_MODEL = 'accounts.User'
-
 AUTHENTICATION_BACKENDS = (
     'accounts.backends.LabsUserBackend',
     'django.contrib.auth.backends.ModelBackend',

diff --git a/tests/test_backends.py b/tests/test_backends.py
@@ -6,22 +6,55 @@
 class BackendTestCase(TestCase):
     def setUp(self):
         self.User = get_user_model()
+        self.remote_user = {
+            'major': 'Major',
+            'school': 'School',
+            'first_name': 'First',
+            'last_name': 'Last',
+            'username': 'user',
+            'email': 'test@test.com',
+            'affiliation': [],
+            'product_permission': []
+        }
 
     def test_invalid_remote_user(self):
         user = auth.authenticate(remote_user=None)
         self.assertIsNone(user)
 
     def test_create_user(self):
-        auth.authenticate(remote_user='00000000000000000000000000000001')
+        auth.authenticate(remote_user=self.remote_user)
         self.assertEqual(len(self.User.objects.all()), 1)
-        self.assertEqual(str(self.User.objects.all()[0].uuid), '00000000-0000-0000-0000-000000000001')
-        self.assertEqual(str(self.User.objects.all()[0]), '00000000000000000000000000000001')
+        user = self.User.objects.all()[0]
+        self.assertEqual(user.username, 'user')
+        self.assertEqual(user.first_name, 'First')
+        self.assertEqual(user.last_name, 'Last')
+        self.assertEqual(user.email, 'test@test.com')
+        self.assertFalse(self.User.objects.all()[0].is_staff)
 
     def test_login_user(self):
         student = self.User.objects.create_user(
-            username='00000000000000000000000000000001',
-            uuid='00000000000000000000000000000001',
+            username='user',
             password='secret'
         )
-        user = auth.authenticate(remote_user='00000000000000000000000000000001')
+        user = auth.authenticate(remote_user=self.remote_user)
         self.assertEqual(user, student)
+        self.assertEqual(len(self.User.objects.all()), 1)
+        self.assertFalse(self.User.objects.all()[0].is_staff)
+
+    def test_login_user_admin(self):
+        self.remote_user['product_permission'] = ['example_admin']
+        student = self.User.objects.create_user(
+            username='user',
+            password='secret'
+        )
+        user = auth.authenticate(remote_user=self.remote_user)
+        self.assertEqual(user, student)
+        self.assertEqual(len(self.User.objects.all()), 1)
+        self.assertTrue(self.User.objects.all()[0].is_staff)
+
+    def test_create_user_admin(self):
+        self.remote_user['product_permission'] = ['example_admin']
+        auth.authenticate(remote_user=self.remote_user)
+        self.assertEqual(len(self.User.objects.all()), 1)
+        self.assertEqual(self.User.objects.all()[0].username, 'user')
+        self.assertTrue(self.User.objects.all()[0].is_staff)
diff --git a/tests/test_views.py b/tests/test_views.py
@@ -19,11 +19,10 @@ def test_invalid_next(self):
 
     def test_authenticated_user(self):
         self.User.objects.create_user(
-            username='00000000000000000000000000000001',
-            uuid='00000000000000000000000000000001',
+            username='user',
             password='secret'
         )
-        self.client.login(username='00000000000000000000000000000001', password='secret')
+        self.client.login(username='user', password='secret')
         redirect = 'https://example.com/'
         response = self.client.get(reverse('accounts:login') + '?next=' + redirect)
         self.assertRedirects(response, redirect, fetch_redirect_response=False)
@@ -50,21 +49,32 @@ def setUp(self):
         session['next'] = self.redirect
         session.save()
         self.User = get_user_model()
+        self.mock_get = {
+            'user': {
+                'major': 'Major',
+                'school': 'School',
+                'first_name': 'First',
+                'last_name': 'Last',
+                'username': 'user',
+                'email': 'test@test.com',
+                'affiliation': [],
+                'product_permission': []
+            }
+        }
 
     def test_active_user(self, mock_fetch_token, mock_get):
         mock_fetch_token.return_value = {'access_token': 'abc'}
-        mock_get.return_value.json.return_value = {'uuid': '00000000000000000000000000000001'}
+        mock_get.return_value.json.return_value = self.mock_get
         response = self.client.get(reverse('accounts:callback'))
         self.assertRedirects(response, self.redirect, fetch_redirect_response=False)
 
     def test_inactive_user(self, mock_fetch_token, mock_get):
         self.User.objects.create_user(
-            username='00000000000000000000000000000001',
-            uuid='00000000000000000000000000000001',
+            username='user',
             password='secret',
             is_active=False
         )
         mock_fetch_token.return_value = {'access_token': 'abc'}
-        mock_get.return_value.json.return_value = {'uuid': '00000000000000000000000000000001'}
+        mock_get.return_value.json.return_value = self.mock_get
         response = self.client.get(reverse('accounts:callback'))
         self.assertEqual(response.status_code, 500)