Fix tests

Flagsmith · Aug 6, 2024 · b7a8c9e · b7a8c9e
1 parent aa8098b
commit b7a8c9e
Show file tree

Hide file tree

Showing 6 changed files with 77 additions and 38 deletions.
diff --git a/api/custom_auth/oauth/serializers.py b/api/custom_auth/oauth/serializers.py
@@ -6,13 +6,10 @@
 from django.db.models import F
 from rest_framework import serializers
 from rest_framework.authtoken.models import Token
-from rest_framework.exceptions import PermissionDenied
 
-from organisations.invites.models import Invite
 from users.auth_type import AuthType
 from users.models import SignUpType
 
-from ..constants import USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE
 from ..serializers import InviteLinkValidationMixin
 from .github import GithubUser
 from .google import get_user_info
@@ -86,12 +83,10 @@ def _get_user(self, user_data: dict):
 
         if not existing_user:
             sign_up_type = self.validated_data.get("sign_up_type")
-            if not (
-                settings.ALLOW_REGISTRATION_WITHOUT_INVITE
-                or sign_up_type == SignUpType.INVITE_LINK.value
-                or Invite.objects.filter(email=email).exists()
-            ):
-                raise PermissionDenied(USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE)
+            if not settings.ALLOW_REGISTRATION_WITHOUT_INVITE:
+                self._validate_registration_invite(
+                    {"email": email, **self.validated_data}
+                )
 
             return UserModel.objects.create(
                 **user_data, email=email.lower(), sign_up_type=sign_up_type

diff --git a/api/custom_auth/serializers.py b/api/custom_auth/serializers.py
@@ -28,14 +28,6 @@ class Meta:
 class InviteLinkValidationMixin:
     invite_hash = serializers.CharField(required=False, write_only=True)
 
-    def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
-        attrs = super().validate(attrs)
-
-        if not settings.ALLOW_REGISTRATION_WITHOUT_INVITE:
-            self._validate_registration_invite(attrs)
-
-        return attrs
-
     def _validate_registration_invite(self, attrs: dict[str, Any]) -> None:
         valid = False
 
@@ -88,6 +80,9 @@ def validate(self, attrs):
                 self.context.get("request"), email=email, raise_exception=True
             )
 
+        if not settings.ALLOW_REGISTRATION_WITHOUT_INVITE:
+            self._validate_registration_invite(attrs)
+
         attrs["email"] = email.lower()
         return attrs
 

diff --git a/api/tests/integration/custom_auth/end_to_end/test_custom_auth_integration.py b/api/tests/integration/custom_auth/end_to_end/test_custom_auth_integration.py
@@ -12,7 +12,7 @@
 
 from organisations.invites.models import Invite
 from organisations.models import Organisation
-from users.models import FFAdminUser
+from users.models import FFAdminUser, SignUpType
 
 
 def test_register_and_login_workflows(db: None, api_client: APIClient) -> None:
@@ -124,6 +124,7 @@ def test_can_register_with_invite_if_registration_disabled_without_invite(
         "password": password,
         "first_name": "test",
         "last_name": "register",
+        "sign_up_type": SignUpType.INVITE_EMAIL.value,
     }
     Invite.objects.create(email=email, organisation=organisation)
 

diff --git a/api/tests/unit/custom_auth/oauth/test_unit_oauth_serializers.py b/api/tests/unit/custom_auth/oauth/test_unit_oauth_serializers.py
@@ -1,5 +1,7 @@
+from typing import Type
 from unittest import mock
 
+import pytest
 from django.test import RequestFactory
 from django.utils import timezone
 from pytest_django.fixtures import SettingsWrapper
@@ -11,6 +13,7 @@
     GoogleLoginSerializer,
     OAuthLoginSerializer,
 )
+from organisations.invites.models import InviteLink
 from users.models import FFAdminUser, SignUpType
 
 
@@ -128,7 +131,11 @@ def test_OAuthLoginSerializer_calls_is_authentication_method_valid_correctly_if_
 
 
 def test_OAuthLoginSerializer_allows_registration_if_sign_up_type_is_invite_link(
-    settings: SettingsWrapper, rf: RequestFactory, mocker: MockerFixture, db: None
+    settings: SettingsWrapper,
+    rf: RequestFactory,
+    mocker: MockerFixture,
+    db: None,
+    invite_link: InviteLink,
 ):
     # Given
     settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
@@ -140,6 +147,7 @@ def test_OAuthLoginSerializer_allows_registration_if_sign_up_type_is_invite_link
         data={
             "access_token": "some_token",
             "sign_up_type": SignUpType.INVITE_LINK.value,
+            "invite_hash": invite_link.hash,
         },
         context={"request": request},
     )
@@ -153,3 +161,38 @@ def test_OAuthLoginSerializer_allows_registration_if_sign_up_type_is_invite_link
 
     # Then
     assert user
+
+
+@pytest.mark.parametrize(
+    "serializer_class", (GithubLoginSerializer, GithubLoginSerializer)
+)
+def test_OAuthLoginSerializer_allows_login_if_allow_registration_without_invite_is_false(
+    settings: SettingsWrapper,
+    rf: RequestFactory,
+    mocker: MockerFixture,
+    admin_user: FFAdminUser,
+    serializer_class: Type[OAuthLoginSerializer],
+):
+    # Given
+    settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
+
+    request = rf.post("/api/v1/auth/users/")
+
+    serializer = serializer_class(
+        data={"access_token": "some_token"},
+        context={"request": request},
+    )
+    # monkey patch the get_user_info method to return the mock user data
+    serializer.get_user_info = lambda: {
+        "email": admin_user.email,
+        "github_user_id": "abc123",
+        "google_user_id": "abc123",
+    }
+
+    serializer.is_valid(raise_exception=True)
+
+    # When
+    user = serializer.save()
+
+    # Then
+    assert user
diff --git a/api/tests/unit/custom_auth/oauth/test_unit_oauth_views.py b/api/tests/unit/custom_auth/oauth/test_unit_oauth_views.py
@@ -9,6 +9,7 @@
 
 from organisations.invites.models import Invite
 from organisations.models import Organisation
+from users.models import SignUpType
 
 
 @mock.patch("custom_auth.oauth.serializers.get_user_info")
@@ -66,7 +67,13 @@ def test_can_register_with_google_with_invite_if_registration_disabled(
     Invite.objects.create(organisation=organisation, email=email)
 
     # When
-    response = client.post(url, data={"access_token": "some-token"})
+    response = client.post(
+        url,
+        data={
+            "access_token": "some-token",
+            "sign_up_type": SignUpType.INVITE_EMAIL.value,
+        },
+    )
 
     # Then
     assert response.status_code == status.HTTP_200_OK
@@ -89,7 +96,13 @@ def test_can_register_with_github_with_invite_if_registration_disabled(
     Invite.objects.create(organisation=organisation, email=email)
 
     # When
-    response = client.post(url, data={"access_token": "some-token"})
+    response = client.post(
+        url,
+        data={
+            "access_token": "some-token",
+            "sign_up_type": SignUpType.INVITE_EMAIL.value,
+        },
+    )
 
     # Then
     assert response.status_code == status.HTTP_200_OK

diff --git a/api/tests/unit/custom_auth/test_unit_custom_auth_serializer.py b/api/tests/unit/custom_auth/test_unit_custom_auth_serializer.py
@@ -2,15 +2,11 @@
 from django.test import RequestFactory
 from pytest_django.fixtures import SettingsWrapper
 from rest_framework.exceptions import PermissionDenied
-from rest_framework.serializers import ModelSerializer
 
 from custom_auth.constants import (
     USER_REGISTRATION_WITHOUT_INVITE_ERROR_MESSAGE,
 )
-from custom_auth.serializers import (
-    CustomUserCreateSerializer,
-    InviteLinkValidationMixin,
-)
+from custom_auth.serializers import CustomUserCreateSerializer
 from organisations.invites.models import InviteLink
 from users.models import FFAdminUser, SignUpType
 
@@ -113,12 +109,12 @@ def test_invite_link_validation_mixin_validate_fails_if_invite_link_hash_not_pro
     # Given
     settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
 
-    class TestSerializer(InviteLinkValidationMixin, ModelSerializer):
-        class Meta:
-            model = FFAdminUser
-            fields = ("sign_up_type",)
-
-    serializer = TestSerializer(data={"sign_up_type": SignUpType.INVITE_LINK.value})
+    serializer = CustomUserCreateSerializer(
+        data={
+            **user_dict,
+            "sign_up_type": SignUpType.INVITE_LINK.value,
+        }
+    )
 
     # When
     with pytest.raises(PermissionDenied) as exc_info:
@@ -135,13 +131,9 @@ def test_invite_link_validation_mixin_validate_fails_if_invite_link_hash_not_val
     # Given
     settings.ALLOW_REGISTRATION_WITHOUT_INVITE = False
 
-    class TestSerializer(InviteLinkValidationMixin, ModelSerializer):
-        class Meta:
-            model = FFAdminUser
-            fields = ("sign_up_type",)
-
-    serializer = TestSerializer(
+    serializer = CustomUserCreateSerializer(
         data={
+            **user_dict,
             "sign_up_type": SignUpType.INVITE_LINK.value,
             "invite_hash": "invalid-hash",
         }