Test reset: allow anyone to reset test users and fully init accounts.

This commit is contained in:
Tom Hacohen 2020-06-03 17:22:10 +03:00
parent 29145f2215
commit 119479d22b

View File

@ -681,8 +681,6 @@ class AuthenticationViewSet(viewsets.ViewSet):
class TestAuthenticationViewSet(viewsets.ViewSet): class TestAuthenticationViewSet(viewsets.ViewSet):
authentication_classes = BaseViewSet.authentication_classes
permission_classes = BaseViewSet.permission_classes
allowed_methods = ['POST'] allowed_methods = ['POST']
def list(self, request): def list(self, request):
@ -694,13 +692,22 @@ class TestAuthenticationViewSet(viewsets.ViewSet):
if not settings.DEBUG: if not settings.DEBUG:
return HttpResponseBadRequest("Only allowed in debug mode.") return HttpResponseBadRequest("Only allowed in debug mode.")
# Only allow local users, for extra safety user = get_object_or_404(User.objects.all(), username=request.data.get('user').get('username'))
if not getattr(request.user, User.EMAIL_FIELD).endswith('@localhost'):
# Only allow test users for extra safety
if not getattr(user, User.USERNAME_FIELD).startswith('test_user'):
return HttpResponseBadRequest("Endpoint not allowed for user.") return HttpResponseBadRequest("Endpoint not allowed for user.")
if hasattr(user, 'userinfo'):
user.userinfo.delete()
serializer = AuthenticationSignupSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
serializer.save()
# Delete all of the journal data for this user for a clear test env # Delete all of the journal data for this user for a clear test env
request.user.collection_set.all().delete() user.collection_set.all().delete()
request.user.incoming_invitations.all().delete() user.incoming_invitations.all().delete()
# FIXME: also delete chunk files!!! # FIXME: also delete chunk files!!!