Merge pull request #14601 from edx/noraiz/ECOM-6939

ECOM-6939 Fixed social auth false password-validation error
2017-03-08 22:15:46 +05:00
parent b168b04a20 1c0ccb2f61
commit b69b586401
4 changed files with 82 additions and 11 deletions
--- a/openedx/core/djangoapps/user_api/helpers.py
+++ b/openedx/core/djangoapps/user_api/helpers.py
@@ -117,7 +117,7 @@ class InvalidFieldError(Exception):
 class FormDescription(object):
    """Generate a JSON representation of a form. """

-    ALLOWED_TYPES = ["text", "email", "select", "textarea", "checkbox", "password"]
+    ALLOWED_TYPES = ["text", "email", "select", "textarea", "checkbox", "password", "hidden"]

    ALLOWED_RESTRICTIONS = {
        "text": ["min_length", "max_length"],
--- a/openedx/core/djangoapps/user_api/tests/test_views.py
+++ b/openedx/core/djangoapps/user_api/tests/test_views.py
@@ -951,6 +951,17 @@ class RegistrationViewTest(ThirdPartyAuthTestMixin, UserAPITestCase):
                    "required": False,
                }
            )
+            # social_auth_provider should be present
+            # with value `Google`(we are setting up google provider for this test).
+            self._assert_reg_field(
+                no_extra_fields_setting,
+                {
+                    "name": "social_auth_provider",
+                    "type": "hidden",
+                    "required": False,
+                    "defaultValue": "Google"
+                }
+            )

            # Email should be filled in
            self._assert_reg_field(
@@ -1784,6 +1795,7 @@ class ThirdPartyRegistrationTestMixin(ThirdPartyOAuthTestMixin, CacheIsolationTe
            "username": user.username if user else "test_username",
            "name": user.first_name if user else "test name",
            "email": user.email if user else "test@test.com",
+
        }

    def _assert_existing_user_error(self, response):
@@ -1805,6 +1817,15 @@ class ThirdPartyRegistrationTestMixin(ThirdPartyOAuthTestMixin, CacheIsolationTe
        )
        self.assertNotIn("partial_pipeline", self.client.session)

+    def _assert_third_party_session_expired_error(self, response, expected_error_message):
+        """Assert that given response is an error due to third party session expiry"""
+        self.assertEqual(response.status_code, 400)
+        response_json = json.loads(response.content)
+        self.assertEqual(
+            response_json,
+            {"session_expired": [{"user_message": expected_error_message}]}
+        )
+
    def _verify_user_existence(self, user_exists, social_link_exists, user_is_active=None, username=None):
        """Verifies whether the user object exists."""
        users = User.objects.filter(username=(username if username else "test_username"))
@@ -1879,6 +1900,32 @@ class ThirdPartyRegistrationTestMixin(ThirdPartyOAuthTestMixin, CacheIsolationTe
        )
        self._verify_user_existence(user_exists=False, social_link_exists=False)

+    def test_expired_pipeline(self):
+
+        """
+        Test that there is an error and account is not created
+        when request is made for account creation using third (Google, Facebook etc) party with pipeline
+        getting expired using browser (not mobile application).
+
+        NOTE: We are NOT using actual pipeline here so pipeline is always expired in this environment.
+        we don't have to explicitly expire pipeline.
+
+        """
+
+        data = self.data()
+        # provider is sent along request when request is made from mobile application
+        data.pop("provider")
+        # to identify that request is made using browser
+        data.update({"social_auth_provider": "Google"})
+        response = self.client.post(self.url, data)
+        # NO partial_pipeline in session means pipeline is expired
+        self.assertNotIn("partial_pipeline", self.client.session)
+        self._assert_third_party_session_expired_error(
+            response,
+            u"Registration using {provider} has timed out.".format(provider="Google")
+        )
+        self._verify_user_existence(user_exists=False, social_link_exists=False)
+

@skipUnless(settings.FEATURES.get("ENABLE_THIRD_PARTY_AUTH"), "third party auth not enabled")
 class TestFacebookRegistrationView(
--- a/openedx/core/djangoapps/user_api/views.py
+++ b/openedx/core/djangoapps/user_api/views.py
@@ -887,6 +887,14 @@ class RegistrationView(APIView):
                        instructions="",
                        restrictions={}
                    )
+                    # used to identify that request is running third party social auth
+                    form_desc.add_field(
+                        "social_auth_provider",
+                        field_type="hidden",
+                        label="",
+                        default=current_provider.name if current_provider.name else "Third Party",
+                        required=False,
+                    )


 class PasswordResetView(APIView):