fix: custom http header should starts with X- (#16)

* fix: authuser models

* fix: custom http header should starts with X-

authuser/admin.py

@@ -1 +1,6 @@
-# admin.site.register(User, UserAdmin)
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+
+from .models import User
+
+admin.site.register(User, UserAdmin)

authuser/migrations/0002_rename_is_admin_user_is_staff_and_more.py

@@ -0,0 +1,22 @@
+# Generated by Django 4.1.7 on 2023-12-28 07:58
+from django.db import migrations
+from django.db import models
+
+
+class Migration(migrations.Migration):
+ dependencies = [
+ ("authuser", "0001_initial"),
+ ]
+
+ operations = [
+ migrations.RenameField(
+ model_name="user",
+ old_name="is_admin",
+ new_name="is_staff",
+ ),
+ migrations.AlterField(
+ model_name="user",
+ name="is_superuser",
+ field=models.BooleanField(default=False),
+ ),
+ ]

authuser/models.py

@@ -38,7 +38,8 @@ def create_superuser(self, email, password, **extra_fields):
 class User(AbstractBaseUser, PermissionsMixin):
  email = models.EmailField(unique=True, max_length=255, blank=False)
  is_active = models.BooleanField(default=True)
- is_admin = models.BooleanField(default=False)
+ is_staff = models.BooleanField(default=False)
+ is_superuser = models.BooleanField(default=False)
 
  objects = UserManager()
 

authuser/tests.py

@@ -1 +1,29 @@
-# Create your tests here.
+import pytest
+from django.contrib.auth.models import User as DjangoUser
+from django.test import TestCase
+
+from .models import User
+
+
+class UserManagerTestCase(TestCase):
+ def test_create_user(self):
+ user = User.objects.create_user("[email protected]", "password")
+
+ self.assertTrue(isinstance(user, User))
+
+ def test_create_user_no_email(self):
+ with pytest.raises(ValueError) as excinfo:
+ User.objects.create_user("")
+
+ assert str(excinfo.value) == "The given email must be set"
+
+ def test_create_super_user(self):
+ user = User.objects.create_superuser("[email protected]", "password")
+
+ self.assertTrue(isinstance(user, User))
+
+ @pytest.mark.xfail
+ def test_create_user_django(self):
+ user = DjangoUser.objects.create_user("[email protected]", "password")
+
+ self.assertTrue(isinstance(user, User))

drf_passwordless_jwt/tests.py

@@ -56,6 +56,20 @@ def test_invalid_email(self):
  )
  self.assertEqual(len(mail.outbox), 0)
 
+ @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
+ @override_settings(EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend")
+ def test_obtain_jwt_test_account(self):
+ response = self.client.post(
+ reverse("auth_email_token"),
+ {"email": "[email protected]"},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_200_OK)
+ json = response.json()
+ self.assertEqual(list(json.keys()), ["detail"])
+ self.assertEqual(json["detail"], "test account email '[email protected]' available")
+
  @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
  def test_auth_jwt_token(self):
  response = self.client.post(
@@ -102,6 +116,19 @@ def test_verify_jwt_token(self):
  self.assertEqual(list(json.keys()), ["email", "exp"])
  self.assertEqual(json["email"], "[email protected]")
 
+ @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
+ def test_verify_jwt_token_test_account(self):
+ response = self.client.post(
+ reverse("verify_jwt_token"),
+ {"email": "[email protected]", "token": "anything"},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_200_OK)
+ json = response.json()
+ self.assertEqual(list(json.keys()), ["email", "exp"])
+ self.assertEqual(json["email"], "[email protected]")
+
  def test_invalid_jwt_token(self):
  response = self.client.post(
  reverse("verify_jwt_token"),
@@ -144,6 +171,20 @@ def test_verify_jwt_token_header(self):
  self.assertEqual(list(json.keys()), ["email", "exp"])
  self.assertEqual(json["email"], "[email protected]")
 
+ @patch.dict(os.environ, {"EMAIL_TEST_ACCOUNT_a_at_a_com": "123456"})
+ def test_verify_jwt_token_header_test_account(self):
+ response = self.client.post(
+ reverse("verify_jwt_token_header"),
+ HTTP_AUTHORIZATION="Bearer anything",
+ HTTP_X_EMAIL="[email protected]",
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_200_OK)
+ json = response.json()
+ self.assertEqual(list(json.keys()), ["email", "exp"])
+ self.assertEqual(json["email"], "[email protected]")
+
  def test_invalid_jwt_token_header(self):
  response = self.client.post(
  reverse("verify_jwt_token_header"),
@@ -169,3 +210,23 @@ def test_missing_jwt_token_header(self):
  )
 
  self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+ @override_settings(EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend")
+ def test_obtain_jwt(self):
+ response = self.client.post(
+ reverse("auth_email_token"),
+ {"email": "[email protected]"},
+ format="json",
+ )
+ msg = mail.outbox[0]
+ token = msg.body.split()[-1]
+ response = self.client.post(
+ reverse("auth_jwt_token"),
+ {"email": "[email protected]", "token": token},
+ format="json",
+ )
+
+ self.assertEqual(response.status_code, status.HTTP_200_OK)
+ json = response.json()
+ self.assertEqual(set(json.keys()), {"email", "token"})
+ self.assertEqual(json["email"], "[email protected]")

drf_passwordless_jwt/views.py

@@ -108,7 +108,7 @@ def post(self, request, *args, **kwargs):
  data={"error": "Invalid Authorization header format"},
  )
 
- email = request.headers.get("email")
+ email = request.headers.get("x-email")
  if email and exists_test_account(email):
  return Response(
  {