From 820782d0a58de6ae799723bd2426c8ca2daf12e9 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Wed, 15 Feb 2017 08:57:25 +0100
Subject: [PATCH 2/2] return explicite errors (#14967)

---
 mandayejs/views.py     | 20 +++++++++++----
 tests/test_archimed.py | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 5 deletions(-)
 create mode 100644 tests/test_archimed.py

diff --git a/mandayejs/views.py b/mandayejs/views.py
index 04368ac..1698280 100644
--- a/mandayejs/views.py
+++ b/mandayejs/views.py
@@ -20,8 +20,6 @@ import logging
 import requests
 
 from django.contrib.auth.models import User
-from django.shortcuts import get_object_or_404
-
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.response import Response
@@ -41,8 +39,19 @@ class ArchimedAccountDetails(APIView):
             app_settings.SITE_WS_ENDPOINT['account_details'])
 
         username = kwargs['username']
-        user = get_object_or_404(User, username=username)
-        credentials = get_object_or_404(UserCredentials, user=user)
+
+        try:
+            user = User.objects.get(username=username)
+        except (User.DoesNotExist,):
+            return Response({'message': 'User %s does not exist' % username,
+                            'success': False}, status=status.HTTP_404_NOT_FOUND)
+
+        try:
+            credentials = UserCredentials.objects.get(user=user)
+        except (UserCredentials.DoesNotExist,):
+            return Response({
+                'message': 'User %s is not associated' % username,
+                'success': False}, status=status.HTTP_404_NOT_FOUND)
 
         login_url = request.build_absolute_uri(
             '/DEFAULT/Ermes/Recherche/logon.svc/logon')
@@ -53,7 +62,8 @@ class ArchimedAccountDetails(APIView):
             response = session.post(login_url, data=login_info, verify=False)
             logger.debug("Archimed login response {}".format(response.json()))
             if not response.json()['success']:
-                return Response('Authentication failed', status=status.HTTP_401_UNAUTHORIZED)
+                return Response({'message': 'Authentication failed',
+                                'success': False}, status=status.HTTP_401_UNAUTHORIZED)
 
             content = {
                 'codeConfig': '',
diff --git a/tests/test_archimed.py b/tests/test_archimed.py
new file mode 100644
index 0000000..4214235
--- /dev/null
+++ b/tests/test_archimed.py
@@ -0,0 +1,69 @@
+import os
+import json
+
+import pytest
+import mock
+from rest_framework.test import APIClient as Client
+
+from mandayejs.applications import Archimed
+from utils import create_user, create_credentials
+
+pytestmark = pytest.mark.django_db
+
+
+def get_base_dir(filename):
+    return file(os.path.join(os.path.dirname(__file__), 'data', filename)).read()
+
+
+class MokcedRequestsResponse(mock.Mock):
+
+    def json(self):
+        return json.loads(self.content)
+
+
+MOCKED_RESPONSES_LIST = [
+    MokcedRequestsResponse(content=get_base_dir('archimed_auth_failure_response.json')),
+    MokcedRequestsResponse(content=get_base_dir('archimed_auth_success_response.json')),
+    MokcedRequestsResponse(content=get_base_dir('archimed_account_detail_response.json'))
+]
+
+
+@mock.patch('mandayejs.views.requests.Session.post')
+@mock.patch('mandayejs.applications.get_app_settings')
+def test_archimed_ws(mocked_get_app_settings, mocked_requests_post):
+    mocked_get_app_settings.return_value = Archimed
+    mocked_requests_post.side_effect = MOCKED_RESPONSES_LIST
+
+    user = create_user(username='kevin', password='kevin')
+
+    # test with invalid username
+    client = Client()
+    client.login(username='kevin', password='kevin')
+    response = client.get('/_mandaye/ws/account/whatever/')
+    assert response.status_code == 404
+    assert response.data['message'] == 'User whatever does not exist'
+    assert response.data['success'] is False
+
+    # test with unlinked user
+    client = Client()
+    client.login(username='kevin', password='kevin')
+    response = client.get('/_mandaye/ws/account/kevin/')
+    assert response.status_code == 404
+    assert response.data['message'] == 'User kevin is not associated'
+    assert response.data['success'] is False
+
+    create_credentials(user, {'carte': 'kevin', 'code': 'whatever'})
+    # test with wrong credentials
+    client = Client()
+    client.login(username='kevin', password='kevin')
+    response = client.get('/_mandaye/ws/account/kevin/')
+    assert response.status_code == 401
+    assert response.data['message'] == 'Authentication failed'
+    assert response.data['success'] is False
+
+    # test with good credentials
+    client.login(username='kevin', password='kevin')
+    response = client.get('/_mandaye/ws/account/kevin/')
+    assert response.status_code == 200
+    assert response.data['message'] == 'Whatever is whatever'
+    assert response.data['success'] is True
-- 
2.11.0