Fix #1039: setting to enforce email signup verification

2025-10-05 10:19:26 +02:00 · 2020-04-01 14:34:56 +02:00 · 2020-04-01 14:34:56 +02:00 · 93f2c9f83c
commit 93f2c9f83c
parent 67857d931c
16 changed files with 365 additions and 30 deletions
--- a/api/tests/users/oauth/test_views.py
+++ b/api/tests/users/oauth/test_views.py
@ -289,6 +289,14 @@ def test_token_view_post(api_client, factories):
    with pytest.raises(grant.DoesNotExist):
        grant.refresh_from_db()

+    token = payload["access_token"]
+
+    # Now check we can use the token for auth
+    response = api_client.get(
+        reverse("api:v1:users:users-me"), HTTP_AUTHORIZATION="Bearer {}".format(token)
+    )
+    assert response.status_code == 200
+

 def test_revoke_view_post(logged_in_client, factories):
    token = factories["users.AccessToken"]()
@ -361,3 +369,26 @@ def test_grant_delete(factories, logged_in_api_client, mocker, now):

    for t in to_keep:
        t.refresh_from_db()
+
+
+@pytest.mark.parametrize(
+    "setting_value, verified_email, expected_status_code",
+    [
+        ("mandatory", False, 401),
+        ("mandatory", True, 200),
+        ("optional", True, 200),
+        ("optional", False, 200),
+    ],
+)
+def test_token_auth(
+    setting_value, verified_email, expected_status_code, api_client, factories, settings
+):
+
+    user = factories["users.User"](verified_email=verified_email)
+    token = factories["users.AccessToken"](user=user)
+    settings.ACCOUNT_EMAIL_VERIFICATION = setting_value
+    response = api_client.get(
+        reverse("api:v1:users:users-me"),
+        HTTP_AUTHORIZATION="Bearer {}".format(token.token),
+    )
+    assert response.status_code == expected_status_code