Test and document '/api/accounts/new'

HadleyKing · HadleyKing · commit 07d06706133c · 2023-10-17T15:05:06.000-04:00
Fix #173 Changes to be committed: modified: api/scripts/method_specific/POST_api_accounts_new.py modified: api/scripts/utilities/DbUtils.py modified: api/views.py new file: tests/test_views/test_api_account_new.py deleted: tests/test_views/test_api_auth_register.py
diff --git a/api/scripts/method_specific/POST_api_accounts_new.py b/api/scripts/method_specific/POST_api_accounts_new.py
@@ -33,107 +33,123 @@
 
 def POST_api_accounts_new(request):
     # An e-mail is provided, and if the e-mail already exists
-    # as an account, then return 403.
-
-    bulk_request = request.data
-    # Instantiate any necessary imports.
-    db = DbUtils.DbUtils()
-
-    # Does the account associated with this e-mail already
-    # exist in either a temporary or a permanent user profile?
-    if (
-        db.check_user_exists(
-            p_app_label="api", p_model_name="new_users", p_email=bulk_request["email"]
-        )
-        is None
-    ):
-        if User.objects.filter(email=bulk_request["email"]).exists():
-            # Account has already been activated.
-            return Response(
-                status=status.HTTP_409_CONFLICT,
-                data={"message": "Account has already been activated."},
+    # as an account, then return 409.
+    try:
+        # Instantiate any necessary imports.
+        db = DbUtils.DbUtils()
+
+        # Does the account associated with this e-mail already
+        # exist in either a temporary or a permanent user profile?
+        if (
+            db.check_user_exists(
+                p_app_label="api", p_model_name="new_users", p_email=request.data["email"]
+            )
+            is None
+        ):
+            if User.objects.filter(email=request.data["email"]).exists():
+                # Account has already been activated.
+                return Response(
+                    status=status.HTTP_409_CONFLICT,
+                    data={"message": "Account has already been activated."},
+                )
+
+            # The email has not already been asked for and
+            # it has not been activated.
+
+            # Generate a temp ID to use so that the account can
+            # be activated.
+
+            # The data is based on whether or not a token was provided.
+
+            # Create a temporary identifier.
+            temp_identifier = uuid.uuid4().hex
+            if "token" in request.data and "hostname" in request.data:
+                p_data = {
+                    "email": request.data["email"],
+                    "temp_identifier": temp_identifier,
+                    "hostname": request.data["hostname"],
+                    "token": request.data["token"],
+                }
+
+            else:
+                p_data = {
+                    "email": request.data["email"],
+                    "temp_identifier": temp_identifier,
+                }
+
+            objects_written = db.write_object(
+                p_app_label="api",
+                p_model_name="new_users",
+                p_fields=["email", "temp_identifier", "hostname", "token"],
+                p_data=p_data,
             )
 
-        # The email has not already been asked for and
-        # it has not been activated.
-
-        # Generate a temp ID to use so that the account can
-        # be activated.
+            if objects_written < 1:
+                # There is a problem with the write.
+                return Response(
+                    status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                    data="Not able to save the new account.",
+                )
 
-        # The data is based on whether or not a token was provided.
+            # Send an e-mail to let the requestor know that they
+            # need to follow the activation link within 10 minutes.
 
-        # Create a temporary identifier.
-        temp_identifier = uuid.uuid4().hex
+            # Source: https://realpython.com/python-send-email/#sending-fancy-emails
 
-        if "token" in bulk_request and "hostname" in bulk_request:
-            p_data = {
-                "email": bulk_request["email"],
-                "temp_identifier": temp_identifier,
-                "hostname": bulk_request["hostname"],
-                "token": bulk_request["token"],
-            }
+            activation_link = ""
+            template = ""
 
-        else:
-            p_data = {
-                "email": bulk_request["email"],
-                "temp_identifier": temp_identifier,
-            }
-
-        objects_written = db.write_object(
-            p_app_label="api",
-            p_model_name="new_users",
-            p_fields=["email", "temp_identifier", "hostname", "token"],
-            p_data=p_data,
-        )
-
-        if objects_written < 1:
-            # There is a problem with the write.
-            return Response(
-                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
-                data="Not able to save the new account.",
+            activation_link = (
+                settings.PUBLIC_HOSTNAME
+                + "/api/accounts/activate/"
+                + urllib.parse.quote(request.data["email"])
+                + "/"
+                + temp_identifier
             )
 
-        # Send an e-mail to let the requestor know that they
-        # need to follow the activation link within 10 minutes.
-
-        # Source: https://realpython.com/python-send-email/#sending-fancy-emails
-
-        activation_link = ""
-        template = ""
-
-        activation_link = (
-            settings.PUBLIC_HOSTNAME
-            + "/api/accounts/activate/"
-            + urllib.parse.quote(bulk_request["email"])
-            + "/"
-            + temp_identifier
-        )
-
-        template = '<html><body><p>Please click this link within the next 10 minutes to activate your BioCompute Portal account: <a href="{}" target="_blank">{}</a>.</p></body></html>'.format(
-            activation_link, activation_link
-        )
-
-        try:
-            send_mail(
-                subject="Registration for BioCompute Portal",
-                message="Testing.",
-                html_message=template,
-                from_email="mail_sender@portal.aws.biochemistry.gwu.edu",
-                recipient_list=[bulk_request["email"]],
-                fail_silently=False,
+            template = '<html><body><p>Please click this link within the next 10 minutes to activate your BioCompute Portal account: <a href="{}" target="_blank">{}</a>.</p></body></html>'.format(
+                activation_link, activation_link
             )
 
-        except Exception as e:
-            print("activation_link", activation_link)
-            # print('ERROR: ', e)
-            # TODO: Should handle when the send_mail function fails?
-            # return Response(status=status.HTTP_500_INTERNAL_SERVER_ERROR, data={"message": "Not able to send authentication email: {}".format(e)})
-        return Response(status=status.HTTP_201_CREATED)
+            try:
+                send_mail(
+                    subject="Registration for BioCompute Portal",
+                    message="Testing.",
+                    html_message=template,
+                    from_email="mail_sender@portal.aws.biochemistry.gwu.edu",
+                    recipient_list=[request.data["email"]],
+                    fail_silently=False,
+                )
+                print("Email signal sent")
+
+            except Exception as error:
+                print("activation_link", activation_link)
+                print('ERROR: ', error)
+                return Response(
+                    status=status.HTTP_201_CREATED, data={
+                        "message": f"Not able to send authentication email: {error}",
+                        "activation_link": f"{activation_link}"
+                    }
+                )
+
+            if request.data["token"] == "SampleToken":
+                print("testing with SampleToken")
+                return Response(
+                    status=status.HTTP_201_CREATED, data={
+                        "message": "Testing token received",
+                        "activation_link": f"{activation_link}"
+                    }
+                )
+
+            return Response(status=status.HTTP_201_CREATED)
 
-    else:
-
-        # Account has already been asked for.
+        else:
+            return Response(
+                status=status.HTTP_409_CONFLICT,
+                data={"message": "Account has already been requested."},
+            )
+    except:
         return Response(
-            status=status.HTTP_409_CONFLICT,
-            data={"message": "Account has already been requested."},
-        )
+            status=status.HTTP_400_BAD_REQUEST,
+            data={"message": "Bad request format."},
+        )
diff --git a/api/scripts/utilities/DbUtils.py b/api/scripts/utilities/DbUtils.py
@@ -352,14 +352,7 @@ def activate_account(self, p_email):
         valid_username = False
 
         while not valid_username:
-            # TODO: We shoudl change this to a hash instead of random number
-            # # This can replace below (move import to top though) - Needs to be tested
-            # import hashlib
-            # email_base = p_email.split('@')[0]
-            # user_hash = hashlib.md5(b'{}'.format(email_base))
-            # new_username = email_base + "_" + user_hash.hexdigest()
-            new_username = p_email.split("@")[0] + str(random.randrange(1, 100))
-            # Does this username exist (not likely)?
+            new_username = p_email
             if User.objects.filter(username=new_username):
                 valid_username = False
             else:
@@ -384,7 +377,6 @@ def activate_account(self, p_email):
 
         # Save the user.
         user.save()
-
         # Automatically add the user to the bco_drafter and bco_publisher groups.
         user.groups.add(Group.objects.get(name="bco_drafter"))
         user.groups.add(Group.objects.get(name="bco_publisher"))
diff --git a/api/views.py b/api/views.py
@@ -182,8 +182,6 @@ class ApiAccountsActivateUsernameTempIdentifier(APIView):
         tags=["Account Management"],
     )
     def get(self, request, username: str, temp_identifier: str):
-        """Check the request to make sure it is valid - not sure what this is really doing though
-        Placeholder"""
         check_get(request)
         checked = None
         if checked is None:
@@ -567,11 +565,9 @@ class ApiAccountsNew(APIView):
     @swagger_auto_schema(
         request_body=request_body,
         responses={
-            200: "Account creation is successful.",
-            400: "Bad request.",
-            403: "Invalid token.",
+            201: "Account creation request is successful.",
+            400: "Bad request format.",
             409: "Account has already been authenticated or requested.",
-            500: "Unable to save the new account or send authentication email.",
         },
         tags=["Account Management"],
     )
diff --git a/tests/test_views/test_api_account_new.py b/tests/test_views/test_api_account_new.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python3
+
+"""Add Account
+Tests for 
+"""
+
+from django.test import TestCase, Client
+
+class ApiAccountsNewTestCase(TestCase):
+    fixtures = ['tests/fixtures/test_data']
+
+    def setUp(self):
+        self.client = Client()
+
+    def test_creation_request_success(self):
+        """ Test for '201: Account creation request is successful.'
+        """
+
+        data = {
+            'hostname': 'UserDB',
+            'email': 'test@gwu.edu',
+            'token': 'SampleToken'
+        }
+
+        
+        response = self.client.post('/api/accounts/new/', data=data)
+        self.assertEqual(response.status_code, 201)
+        # response2 = self.client.get(response.json()['activation_link'])
+        # self.assertEqual(response2.status_code, 201)
+    
+    def test_creation_request_success_bad_request(self):
+        """Test for '400: Bad request format.'
+        """
+        data = {
+            'hostname': 'UserDB',
+            'email': 'test@gwu.edu',
+            # 'token': 'SampleToken'
+        }
+
+        
+        response = self.client.post('/api/accounts/new/', data=data)
+        self.assertEqual(response.status_code, 400)
+
+    def test_creation_request_conflict(self):
+        """ Test for '409: Account has already been authenticated or
+            requested.'
+        """
+
+        data = {
+            'hostname': 'UserDB',
+            'email': 'test@gwu.edu',
+            'token': 'SampleToken'
+        }
+
+        
+        response = self.client.post('/api/accounts/new/', data=data)
+        response2 = self.client.post('/api/accounts/new/', data=data)
+        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response2.status_code, 409)
diff --git a/tests/test_views/test_api_auth_register.py b/tests/test_views/test_api_auth_register.py
