add user to get-token response

8b02fd40 · florimondmanca · 5b74cbbc · 8b02fd40 · 8b02fd40 · 8b02fd40
Commit 8b02fd40 authored Feb 24, 2018 by florimondmanca
--- a/oser_backend/api/auth.py
+++ b/oser_backend/api/auth.py
+"""API authentication."""
+
+from rest_framework.authtoken.views import ObtainAuthToken
+from rest_framework.authtoken.models import Token
+from rest_framework.response import Response
+from users.serializers import UserSerializer
+
+
+class ObtainAuthTokenUser(ObtainAuthToken):
+    """Custom obtain_auth_token view to return token AND user."""
+
+    def post(self, request, *args, **kwargs):
+        serializer = self.serializer_class(data=request.data,
+                                           context={'request': request})
+        serializer.is_valid(raise_exception=True)
+        user = serializer.validated_data['user']
+        token, created = Token.objects.get_or_create(user=user)
+        user_serializer = UserSerializer(user, context={'request': request})
+        return Response({'token': token.key, 'user': user_serializer.data})
+
+
+obtain_auth_token = ObtainAuthTokenUser.as_view()
--- a/oser_backend/api/urls.py
+++ b/oser_backend/api/urls.py
 """API routers."""
+from django.conf.urls import url
+from django.urls import include
 from rest_framework import routers

-from users import views as users_views
-from tutoring import views as tutoring_views
+from api.auth import obtain_auth_token
 from showcase_site import views as showcase_site_views
+from tutoring import views as tutoring_views
+from users import views as users_views
 from visits import views as visits_views

 app_name = 'api'

 # Register API routes here

-urlpatterns = []
+urlpatterns = [
+    url(r'^auth/', include('rest_framework.urls',
+                           namespace='rest_framework')),
+    url(r'^auth/get-token/$', obtain_auth_token, name='get-auth-token'),
+]

 router = routers.DefaultRouter()


--- a/oser_backend/oser_backend/urls.py
+++ b/oser_backend/oser_backend/urls.py
@@ -20,16 +20,12 @@ from django.conf.urls.static import static
 from django.contrib import admin
 from django.views.generic import RedirectView
 from rest_framework.documentation import include_docs_urls
-from rest_framework.authtoken.views import obtain_auth_token


 urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^api/', include('api.urls')),
-    url(r'^api/docs/', include_docs_urls(title='OSER_CS API', public=False)),
-    url(r'^api/auth/', include('rest_framework.urls',
-                               namespace='rest_framework')),
-    url(r'^api/auth/get-token/$', obtain_auth_token, name='get-auth-token'),
+    url(r'^api/docs/', include_docs_urls(title='OSER_CS API', public=True)),
    url(r'^$', RedirectView.as_view(url='api/docs/', permanent=True),
        name='index'),
    url(r'^markdownx/', include('markdownx.urls')),

--- a/oser_backend/tests/test_api/test_auth.py
+++ b/oser_backend/tests/test_api/test_auth.py
@@ -3,6 +3,7 @@
 from rest_framework.test import APITestCase, RequestsClient
 from rest_framework import status
 from tests.factory import UserFactory
+from users.serializers import UserSerializer


 class TestTokenAuth(APITestCase):
@@ -40,6 +41,16 @@ class TestTokenAuth(APITestCase):
        token = response.json().get('token')
        self.assertIsNotNone(token)

+    def test_response_contains_user(self):
+        """Test response from auth token view also returns user."""
+        response = self.perform_get_token()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        user = response.json().get('user')
+        self.assertIsNotNone(user)
+        # try to pass the returned user data through a UserSerializer
+        serializer = UserSerializer(data=user)
+        self.assertTrue(serializer.is_valid())
+
    def test_request_using_token(self):
        """Test once authenticated, the token can be used in the API."""
        token_response = self.perform_get_token()

--- a/oser_backend/tests/test_api/test_visit_participant_api.py
+++ b/oser_backend/tests/test_api/test_visit_participant_api.py
 """VisitParticipant API tests."""

+from django.test import TestCase
 from rest_framework import status
 from tests.factory import VisitParticipantFactory
 from tests.factory import VisitFactory, StudentFactory
 from tests.utils import HyperlinkedAPITestCase
+from visits.serializers import VisitParticipantWriteSerializer


 class VisitParticipantEndpointsTest(HyperlinkedAPITestCase):
    """Test access to the VisitParticipants endpoints."""

    factory = VisitParticipantFactory
+    serializer_class = VisitParticipantWriteSerializer

    @classmethod
    def setUpClass(cls):
@@ -37,3 +40,28 @@ class VisitParticipantEndpointsTest(HyperlinkedAPITestCase):
    def test_retrieve_authentication_required(self):
        self.assertRequiresAuth(
            self.perform_retrieve, expected_status_code=status.HTTP_200_OK)
+
+    def perform_create(self):
+        url = '/api/visit-participants/'
+        obj = self.factory.build()
+        data = self.serialize(obj, 'post', url)
+        response = self.client.post(url, data, format='json')
+        return response
+
+    def test_create_authentication_required(self):
+        self.assertRequiresAuth(
+            self.perform_create, expected_status_code=status.HTTP_201_CREATED)
+
+
+class WriteSerializerTest(TestCase):
+    """Test the write serializer for VisitParticipant."""
+
+    def test_id_fields_sources_are_defined(self):
+        """Test that student and visit fields define a source parameter.
+
+        This is mostly a regression test. Without it, serialization will
+        fail.
+        """
+        serializer = VisitParticipantWriteSerializer()
+        self.assertEqual(serializer.fields['student_id'].source, 'student')
+        self.assertEqual(serializer.fields['visit_id'].source, 'visit')
--- a/oser_backend/visits/serializers.py
+++ b/oser_backend/visits/serializers.py
@@ -52,16 +52,18 @@ class VisitParticipantReadSerializer(serializers.HyperlinkedModelSerializer):
 class VisitParticipantWriteSerializer(serializers.HyperlinkedModelSerializer):
    """Writable serializer for visit participants."""

-    student = serializers.PrimaryKeyRelatedField(
-        write_only=True,
-        queryset=Student.objects.all())
-    visit = serializers.PrimaryKeyRelatedField(
-        write_only=True,
-        queryset=Visit.objects.all())
+    student_id = serializers.PrimaryKeyRelatedField(
+        source='student',
+        queryset=Student.objects.all(),
+        help_text='Identifier for the student')
+    visit_id = serializers.PrimaryKeyRelatedField(
+        source='visit',
+        queryset=Visit.objects.all(),
+        help_text='Identifier for the visit')

    class Meta:  # noqa
        model = VisitParticipant
-        fields = ('id', 'student', 'visit', 'present')
+        fields = ('id', 'student_id', 'visit_id', 'present')


 class VisitParticipantDetailSerializer(serializers.ModelSerializer):