[fc] Repository: plone.restapi

Branch: refs/heads/main Date: 2024-11-20T15:21:35-08:00 Author: Mikel Larreategi (erral) <mlarreategi@codesyntax.com> Commit: plone/plone.restapi@4c0991c additional tests (#1840) * additional tests * changelog * return a 400 Bad request when trying to change the username to an existing one Files changed: A news/1840.internal M src/plone/restapi/services/users/update.py M src/plone/restapi/tests/test_services_users.py
plone · Nov 20, 2024 · 4fc1d8a · 4fc1d8a
1 parent 8e5ccd0
commit 4fc1d8a
Showing 1 changed file with 11 additions and 8 deletions.
diff --git a/last_commit.txt b/last_commit.txt
@@ -2,19 +2,22 @@ Repository: plone.restapi
 
 
 Branch: refs/heads/main
-Date: 2024-11-20T15:19:55-08:00
+Date: 2024-11-20T15:21:35-08:00
 Author: Mikel Larreategi (erral) <mlarreategi@codesyntax.com>
-Commit: https://github.com/plone/plone.restapi/commit/64783c323b326012dded38c45a836e8948ed9601
+Commit: https://github.com/plone/plone.restapi/commit/4c0991caa6a47cb84ecf7aa22763751dc753fb56
 
-fix tests (#1844)
+additional tests (#1840)
 
-* fix tests
+* additional tests
 
-* changelog
+* changelog
+
+* return a 400 Bad request when trying to change the username to an existing one
 
 Files changed:
-A news/1844.bugfix
-M src/plone/restapi/tests/test_serializer_summary.py
+A news/1840.internal
+M src/plone/restapi/services/users/update.py
+M src/plone/restapi/tests/test_services_users.py
 
-b'diff --git a/news/1844.bugfix b/news/1844.bugfix\nnew file mode 100644\nindex 000000000..2cee040a3\n--- /dev/null\n+++ b/news/1844.bugfix\n@@ -0,0 +1,2 @@\n+Fix tests after #1839 and plone.app.event#411\n+[erral]\ndiff --git a/src/plone/restapi/tests/test_serializer_summary.py b/src/plone/restapi/tests/test_serializer_summary.py\nindex 794579241..9a7b7db45 100644\n--- a/src/plone/restapi/tests/test_serializer_summary.py\n+++ b/src/plone/restapi/tests/test_serializer_summary.py\n@@ -273,7 +273,10 @@ def test_dx_event_with_recurrence_new_version(self):\n         tomorrow_str = tomorrow.strftime("%Y-%m-%d")\n         ot = OccurrenceTraverser(self.event, self.request)\n         ocurrence = ot.publishTraverse(self.request, tomorrow_str)\n+        self.request.form["metadata_fields"] = ["start"]\n         summary = getMultiAdapter((ocurrence, self.request), ISerializeToJsonSummary)()\n-\n-        self.assertEqual(summary["start"], tomorrow_str)\n-        self.assertEqual(summary["Title"], ocurrence.Title())\n+        self.assertEqual(\n+            datetime.fromisoformat(summary["start"]).date().isoformat(),\n+            tomorrow.date().isoformat(),\n+        )\n+        self.assertEqual(summary["title"], ocurrence.Title())\n'
+b'diff --git a/news/1840.internal b/news/1840.internal\nnew file mode 100644\nindex 000000000..468f80444\n--- /dev/null\n+++ b/news/1840.internal\n@@ -0,0 +1,2 @@\n+Additional tests to login name changes\n+[erral]\ndiff --git a/src/plone/restapi/services/users/update.py b/src/plone/restapi/services/users/update.py\nindex 3d7d3b724..e2fdb1960 100644\n--- a/src/plone/restapi/services/users/update.py\n+++ b/src/plone/restapi/services/users/update.py\n@@ -107,7 +107,20 @@ def reply(self):\n             if security.use_email_as_login and "email" in user_settings_to_update:\n                 value = user_settings_to_update["email"]\n                 pas = getToolByName(self.context, "acl_users")\n-                pas.updateLoginName(user.getId(), value)\n+\n+                try:\n+                    pas.updateLoginName(user.getId(), value)\n+                except ValueError:\n+                    return self._error(\n+                        400,\n+                        "Bad request",\n+                        _(\n+                            "Cannot update login name of user to \'${new_email}\'.",\n+                            mapping={\n+                                "new_email": value,\n+                            },\n+                        ),\n+                    )\n \n             roles = user_settings_to_update.get("roles", {})\n             if roles:\n@@ -149,7 +162,17 @@ def reply(self):\n \n             if security.use_email_as_login and "email" in user_settings_to_update:\n                 value = user_settings_to_update["email"]\n-                set_own_login_name(user, value)\n+                try:\n+                    set_own_login_name(user, value)\n+                except ValueError:\n+                    return self._error(\n+                        400,\n+                        "Bad request",\n+                        _(\n+                            "Cannot update login name of user to \'${new_email}\'.",\n+                            mapping={"new_email": value},\n+                        ),\n+                    )\n \n         else:\n             if self._is_anonymous:\ndiff --git a/src/plone/restapi/tests/test_services_users.py b/src/plone/restapi/tests/test_services_users.py\nindex 3d8032076..2352f62af 100644\n--- a/src/plone/restapi/tests/test_services_users.py\n+++ b/src/plone/restapi/tests/test_services_users.py\n@@ -1663,3 +1663,139 @@ def test_user_changes_email_when_login_with_email_and_uuid_userids(self):\n             },\n         )\n         self.assertTrue(new_login_with_new_email_response.ok)\n+\n+    def test_manager_changes_email_to_existing_when_login_with_email(self):\n+        """test that when login with email is enabled and a manager tries to change a user\'s email\n+        to a previously existing one\n+        """\n+        # enable use_email_as_login\n+        security_settings = getAdapter(self.portal, ISecuritySchema)\n+        security_settings.use_email_as_login = True\n+        transaction.commit()\n+\n+        # Create user 1\n+        response = self.api_session.post(\n+            "/@users",\n+            json={\n+                "email": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(response.ok)\n+        userid = response.json()["id"]\n+\n+        # Create user 2\n+        response = self.api_session.post(\n+            "/@users",\n+            json={\n+                "email": "second@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(response.ok)\n+\n+        transaction.commit()\n+\n+        # Log in\n+        anon_response = self.anon_api_session.post(\n+            "/@login",\n+            json={\n+                "login": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(anon_response.ok)\n+\n+        # try to change the email to an existing one, it should fail\n+        email_change_response = self.api_session.patch(\n+            f"/@users/{userid}",\n+            json={\n+                "email": "second@example.com",\n+            },\n+        )\n+        self.assertFalse(email_change_response.ok)\n+        self.assertEqual(email_change_response.status_code, 400)\n+        email_change_response_json = email_change_response.json()\n+        self.assertEqual(\n+            email_change_response_json.get("error", {}).get("message"),\n+            "Cannot update login name of user to \'second@example.com\'.",\n+        )\n+\n+        # Email was not changed, so log in with the old one\n+        new_login_with_old_email_response = self.anon_api_session.post(\n+            "/@login",\n+            json={\n+                "login": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(new_login_with_old_email_response.ok)\n+\n+    def test_user_changes_email_to_existing_one_when_login_with_email(self):\n+        """test that when login with email is enabled and the user changes their email\n+        they can log in with the new email\n+        """\n+        # enable use_email_as_login\n+        security_settings = getAdapter(self.portal, ISecuritySchema)\n+        security_settings.use_email_as_login = True\n+        transaction.commit()\n+\n+        # Create user 1\n+        response = self.api_session.post(\n+            "/@users",\n+            json={\n+                "email": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(response.ok)\n+        userid = response.json()["id"]\n+\n+        # Create user 2\n+        response = self.api_session.post(\n+            "/@users",\n+            json={\n+                "email": "second@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(response.ok)\n+        transaction.commit()\n+\n+        # log in with email\n+        anon_response = self.anon_api_session.post(\n+            "/@login",\n+            json={\n+                "login": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(anon_response.ok)\n+        auth_token = anon_response.json().get("token")\n+\n+        user_api_session = RelativeSession(self.portal_url, test=self)\n+        user_api_session.headers.update({"Accept": "application/json"})\n+        user_api_session.headers.update({"Authorization": f"Bearer {auth_token}"})\n+\n+        # try to change e-mail to an existing one, it should fail\n+        email_change_response = user_api_session.patch(\n+            f"/@users/{userid}",\n+            json={"email": "second@example.com"},\n+        )\n+\n+        self.assertEqual(email_change_response.status_code, 400)\n+        email_change_response_json = email_change_response.json()\n+        self.assertEqual(\n+            email_change_response_json.get("error", {}).get("message"),\n+            "Cannot update login name of user to \'second@example.com\'.",\n+        )\n+\n+        # email was not changed, so log in with the old one\n+        new_login_with_old_email_response = self.anon_api_session.post(\n+            "/@login",\n+            json={\n+                "login": "howard.zinn@example.com",\n+                "password": TEST_USER_PASSWORD,\n+            },\n+        )\n+        self.assertTrue(new_login_with_old_email_response.ok)\n'