implementation of delete profile for users without usable passwords (shibboleth, allauth social accounts, ..)

[MyPyDavid]

Changes for #599:

Added functionalities for when user.has_usable_password() is False, this holds for users from shibboleth or from allauth social accounts. Did not (need?) to use if settings.SHIBBOLETH for this implementation.

• added optional pop password field in RemoveForm
• refactored delete_user func
• refactored a little bit the remove_user View
• added tests for test coverage

---

• discuss about the implementation
  • do LDAP users have a normal password? so that user.has_usable_password() is True for them @m6121

[coveralls]

Coverage: 90.679% (+0.2%) from 90.469% when pulling c4946bb on feature/599-add-shibboleth-delete-profile into 813df5e on dev-1.10.0.

[m6121]

Hi @MyPyDavid
Phew, good question! Interestingly the current implementation works for LDAP, too. Need to check this branch with LDAP to answer it.

[m6121]

Hi @MyPyDavid, thanks a lot for this contribution. I reviewed your changes and added some minor questions what might be changed. For the LDAP-case this implementation works analogue to the Shibboleth-case, i.e. without prompting for password and only by entering the e-mail address. I am not sure if it is a requirement that we should ask for the password in LDAP-case as it is currently.

[m6121]

Probably, we might add tests that if either the username or the e-mail does not correspond to the same user. Because I think the current implementation in get_user_from_db_or_none() allows to have multiple users with the same e-mail if the username is different.

[MyPyDavid]

yes, I've added a testcase with a loop here:

rdmo/rdmo/accounts/tests/test_utils.py

Line 77 in 02874ae

def test_get_user_from_db_or_none_returns_none_when_wrong_input_was_given(db):

[jochenklar]

In this case it is much nicer to use @pytest.mark.parametrize to create seperate tests for the different users automatically, e.g.

rdmo/rdmo/accounts/tests/test_viewsets.py

Line 36 in 02874ae

@pytest.mark.parametrize('username,password', users)

[MyPyDavid]

I've added a bunch of @pytest.mark.parametrize to the tests.

[m6121]

Same here, should we add tests so that all combinations are tested: Update True/False and Delete True/False? Maybe this is a general question for our tests. I think it would make sense to try to test all combinations in order not to forget something due to the local/default test config.

[MyPyDavid]

yes think so too. In general, I would like to have the option to loop through these different test configs/combinations as well.. I can look into that but don't know if it will be too much for this PR.

[MyPyDavid]

for now, I will keep it so that the settings are set to True/False at the start of each test case. We can keep in mind to refactor/improve the tests with that in another PR but also that the amount of test cases should be kept maintainable.

[MyPyDavid]

I've added now a True/False option with @pytest.mark.parametrize('test_setting', boolean_toggle) to most of the test cases. Then in each test case, only the relevant part is checked in a conditional eg:

   if settings.PROFILE_UPDATE:
        assertTemplateUsed(response, 'profile/profile_update_form.html')
    else:
        assertTemplateUsed(response, 'profile/profile_update_closed.html')

[jochenklar]

Hi @MyPyDavid and @m6121 , thanks a lot. Looks ok to me.

[m6121]

Awesome! Thanks a lot @MyPyDavid for your work on the tests and the implementation. Looks good to me.

[MyPyDavid]

alright! thanks for the review and discussions @m6121 and @jochenklar !

[MyPyDavid]

should we leave this complicated regex:

urls = re.findall(r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', mail.outbox[0].body)  # complicated regex

or this in here?

urls = [i.strip() for i in mail.outbox[0].body.splitlines() if i.strip().startswith('http')]  # simpler alternative

[MyPyDavid]

• keep the regex