MTES-MCT · vjousse · Jul 1, 2024 · May 6, 2024 · Jul 1, 2024 · Jul 1, 2024
diff --git a/.env.sample b/.env.sample
@@ -3,7 +3,6 @@ [email protected],[email protected]
 [email protected]
 DJANGO_DEBUG=True
 DJANGO_SECRET_KEY=please-change-this
-DJANGO_BYPASS_AUTH=False
 EMAIL_HOST_PASSWORD=please-change-this
 EMAIL_HOST_USER=please-change-this
 ENABLE_FOOD_SECTION=True

diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -81,6 +81,4 @@ jobs:
       run: npm run test:client
 
     - name: Run server tests
-      env:
-        DJANGO_BYPASS_AUTH: True
       run: pipenv run backend/update.sh && npm run test:server-ci && npm run test:backend
diff --git a/.github/workflows/score_history.yml b/.github/workflows/score_history.yml
@@ -90,7 +90,6 @@ jobs:
           GITHUB_REF_NAME: ${{ github.ref_name }}
           LAST_COMMIT_HASH: ${{ github.sha }}
           SCALINGO_POSTGRESQL_SCORE_URL: ${{ secrets.SCALINGO_POSTGRESQL_TUNNEL_SCORE_URL }}
-          DJANGO_BYPASS_AUTH: True
           NODE_ENV: "test"
           SCALINGO_REGION: ${{ secrets.SCALINGO_REGION }}
           SCALINGO_APP: ecobalyse

diff --git a/.proxyrc.json b/.proxyrc.json
@@ -6,7 +6,7 @@
     "target": "http://127.0.0.1:8002/"
   },
   "/processes/": {
-    "target": "http://127.0.0.1:8002/"
+    "target": "http://127.0.0.1:8001/"
   },
   "/admin/": {
     "target": "http://127.0.0.1:8002/"

diff --git a/Pipfile.lock b/Pipfile.lock
diff --git a/backend/authentication/tests.py b/backend/authentication/tests.py
@@ -1,12 +1,38 @@
-import json
-
 from django.contrib.auth import get_user_model
 from django.core import mail
 from django.test import TestCase
 from django.urls import reverse
 
+from .models import EcobalyseUser
+
 
 class DjangoAuthenticationTests(TestCase):
+    def test_unauthenticated_user_should_not_access_profile(self):
+        response = self.client.get(
+            reverse("profile"),
+            content_type="application/json",
+        )
+
+        assert response.status_code == 401
+
+    def test_authenticated_user_should_access_profile(self):
+        test_user = EcobalyseUser.objects.get_or_create(email="[email protected]")[0]
+        self.client.force_login(test_user)
+        response = self.client.get(
+            reverse("profile"),
+            content_type="application/json",
+        )
+        assert response.status_code == 200
+
+        assert response.json() == {
+            "email": "[email protected]",
+            "first_name": "",
+            "last_name": "",
+            "organization": "",
+            "terms_of_use": False,
+            "token": str(test_user.token),
+        }
+
     def test_register_post(self):
         # invalid mail
         response = self.client.post(
@@ -21,7 +47,7 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
+        assert response.status_code == 200
         self.assertContains(response, "Saisissez une adresse de courriel valide")
 
         # missing first name
@@ -37,7 +63,7 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
+        assert response.status_code == 200
         self.assertContains(response, "Ce champ est obligatoire")
 
         # missing last name
@@ -53,7 +79,7 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
+        assert response.status_code == 200
         self.assertContains(response, "Ce champ est obligatoire")
 
         # don't accept terms of use
@@ -69,7 +95,7 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
+        assert response.status_code == 200
         self.assertContains(response, "Ce champ est obligatoire")
 
         # missing organization is OK
@@ -85,27 +111,27 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(json.loads(response.content).get("success"), True)
+        assert response.status_code == 200
+        assert response.json().get("success")
 
         with self.assertLogs(logger="mailauth.backends", level="ERROR") as cm:
             # wrong json login url
             response = self.client.get("/accounts/login/invalid-token?next=/")
-            self.assertEqual(response.status_code, 302)
+            assert response.status_code == 302
 
-            self.assertIn("BadSignature", " ".join(cm.output))
+            assert "BadSignature" in " ".join(cm.output)
 
         # right json login url (it's transmitted through reading the outbox)
-        self.assertEqual(len(mail.outbox), 1)
+        assert len(mail.outbox) == 1
         login_url = "/" + "/".join(
             [x for x in mail.outbox[0].body.split("\n") if "http" in x][0].split("/")[
                 3:
             ]
         )
         response = self.client.get(login_url)
         # a successful login should redirect to the "next" url
-        self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, "/")
+        assert response.status_code == 302
+        assert response.url == "/"
 
         # try to login again
         response = self.client.post(
@@ -116,75 +142,69 @@ def test_register_post(self):
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(json.loads(response.content).get("success"), True)
+        assert response.status_code == 200
+        assert response.json().get("success")
+
         login_url = "/" + "/".join(
             [x for x in mail.outbox[0].body.split("\n") if "http" in x][0].split("/")[
                 3:
             ]
         )
         response = self.client.get(login_url)
         # a successful login should redirect to the "next" url
-        self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, "/")
+        assert response.status_code == 302
+        assert response.url == "/"
+
         # get json profile
         response = self.client.get(reverse("profile"))
-        jsonresp = json.loads(response.content)
-        self.assertEqual(
-            list(jsonresp.keys()),
-            [
-                "email",
-                "first_name",
-                "last_name",
-                "organization",
-                "terms_of_use",
-                "token",
-            ],
-        )
-        self.assertEqual(
-            list(jsonresp.values())[:5], ["[email protected]", "John", "Doe", "", True]
-        )
+        created_user = EcobalyseUser.objects.get(email="[email protected]")
+
+        assert response.json() == {
+            "email": "[email protected]",
+            "first_name": "John",
+            "last_name": "Doe",
+            "organization": "",
+            "terms_of_use": True,
+            "token": str(created_user.token),
+        }
 
     def test_as_admin(self):
         # create an admin
-        get_user_model().objects.create_superuser(
+        super_user = get_user_model().objects.create_superuser(
             "[email protected]", terms_of_use=True
         )
 
         # login as admin
         response = self.client.post(
             reverse("login"),
             {
-                "email": "[email protected]",
+                "email": super_user.email,
                 "next": "/",
             },
             content_type="application/json",
         )
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(json.loads(response.content).get("success"), True)
+        assert response.status_code == 200
+        assert response.json().get("success")
+
         login_url = "/" + "/".join(
             [x for x in mail.outbox[0].body.split("\n") if "http" in x][0].split("/")[
                 3:
             ]
         )
         response = self.client.get(login_url)
         # a successful login should redirect to the "next" url
-        self.assertEqual(response.status_code, 302)
-        self.assertEqual(response.url, "/")
+        assert response.status_code == 302
+        assert response.url == "/"
+
         # get json profile
         response = self.client.get(reverse("profile"))
-        jsonresp = json.loads(response.content)
-        self.assertEqual(
-            list(jsonresp.keys()),
-            [
-                "email",
-                "first_name",
-                "last_name",
-                "organization",
-                "terms_of_use",
-                "token",
-            ],
-        )
-        self.assertEqual(
-            list(jsonresp.values())[:5], ["[email protected]", "", "", "", True]
-        )
+        response = self.client.get(reverse("profile"))
+
+        assert response.json() == {
+            "email": super_user.email,
+            "first_name": "",
+            "last_name": "",
+            "organization": "",
+            "terms_of_use": True,
+            "token": str(super_user.token),
+        }