Fix #1039: setting to enforce email signup verification

api/tests/users/oauth/test_views.py

@@ -289,6 +289,14 @@ def test_token_view_post(api_client, factories):
     with pytest.raises(grant.DoesNotExist):
         grant.refresh_from_db()
 
+    token = payload["access_token"]
+
+    # Now check we can use the token for auth
+    response = api_client.get(
+        reverse("api:v1:users:users-me"), HTTP_AUTHORIZATION="Bearer {}".format(token)
+    )
+    assert response.status_code == 200
+
 
 def test_revoke_view_post(logged_in_client, factories):
     token = factories["users.AccessToken"]()
@@ -361,3 +369,26 @@ def test_grant_delete(factories, logged_in_api_client, mocker, now):
 
     for t in to_keep:
         t.refresh_from_db()
+
+
+@pytest.mark.parametrize(
+    "setting_value, verified_email, expected_status_code",
+    [
+        ("mandatory", False, 401),
+        ("mandatory", True, 200),
+        ("optional", True, 200),
+        ("optional", False, 200),
+    ],
+)
+def test_token_auth(
+    setting_value, verified_email, expected_status_code, api_client, factories, settings
+):
+
+    user = factories["users.User"](verified_email=verified_email)
+    token = factories["users.AccessToken"](user=user)
+    settings.ACCOUNT_EMAIL_VERIFICATION = setting_value
+    response = api_client.get(
+        reverse("api:v1:users:users-me"),
+        HTTP_AUTHORIZATION="Bearer {}".format(token.token),
+    )
+    assert response.status_code == expected_status_code

api/tests/users/test_models.py

@@ -239,3 +239,24 @@ def test_creating_user_set_support_display_date(
     user = factories["users.User"]()
 
     assert getattr(user, field) == expected
+
+
+def test_get_by_natural_key_annotates_primary_email_verified_no_email(factories):
+    user = factories["users.User"]()
+    user = models.User.objects.get_by_natural_key(user.username)
+
+    assert user.has_verified_primary_email is None
+
+
+def test_get_by_natural_key_annotates_primary_email_verified_true(factories):
+    user = factories["users.User"](verified_email=True)
+    user = models.User.objects.get_by_natural_key(user.username)
+
+    assert user.has_verified_primary_email is True
+
+
+def test_get_by_natural_key_annotates_primary_email_verified_false(factories):
+    user = factories["users.User"](verified_email=False)
+    user = models.User.objects.get_by_natural_key(user.username)
+
+    assert user.has_verified_primary_email is False

api/tests/users/test_views.py

@@ -477,3 +477,37 @@ def test_signup_with_approval_enabled_validation_error(
     }
     response = api_client.post(url, data, format="json")
     assert response.status_code == 400
+
+
+def test_user_login_jwt(factories, api_client):
+    user = factories["users.User"]()
+    data = {
+        "username": user.username,
+        "password": "test",
+    }
+    url = reverse("api:v1:token")
+    response = api_client.post(url, data)
+    assert response.status_code == 200
+
+
+@pytest.mark.parametrize(
+    "setting_value, verified_email, expected_status_code",
+    [
+        ("mandatory", False, 400),
+        ("mandatory", True, 200),
+        ("optional", False, 200),
+        ("optional", True, 200),
+    ],
+)
+def test_user_login_jwt_honor_email_verification(
+    setting_value, verified_email, expected_status_code, settings, factories, api_client
+):
+    settings.ACCOUNT_EMAIL_VERIFICATION = setting_value
+    user = factories["users.User"](verified_email=verified_email)
+    data = {
+        "username": user.username,
+        "password": "test",
+    }
+    url = reverse("api:v1:token")
+    response = api_client.post(url, data)
+    assert response.status_code == expected_status_code