44 lines
2.1 KiB
Python
44 lines
2.1 KiB
Python
|
from odoo import Command
|
||
|
from odoo.http import Request
|
||
|
from odoo.tests.common import HttpCase, tagged
|
||
|
|
||
|
|
||
|
@tagged('-at_install', 'post_install')
|
||
|
class TestUsersHttp(HttpCase):
|
||
|
|
||
|
def test_deactivate_portal_user(self):
|
||
|
# Create a portal user with data which should be removed on deactivation
|
||
|
login = 'portal_user'
|
||
|
portal_user = self.env['res.users'].create({
|
||
|
'name': login,
|
||
|
'login': login,
|
||
|
'password': login,
|
||
|
'groups_id': [Command.set([self.env.ref('base.group_portal').id])],
|
||
|
})
|
||
|
self.env['res.users.apikeys'].with_user(portal_user)._generate(None, 'Portal API Key')
|
||
|
self.assertTrue(portal_user.api_key_ids)
|
||
|
|
||
|
# Request the deactivation of the portal account as portal through the route meant for this purpose
|
||
|
self.authenticate(login, login)
|
||
|
self.url_open('/my/deactivate_account', data={
|
||
|
'validation': login,
|
||
|
'password': login,
|
||
|
'csrf_token': Request.csrf_token(self)
|
||
|
})
|
||
|
|
||
|
# Assert the user is disabled, correctly renamed, the critical data is well removed.
|
||
|
self.assertFalse(portal_user.active)
|
||
|
self.assertTrue(portal_user.login.startswith('__deleted_user_'))
|
||
|
self.env.cr.execute('SELECT password FROM res_users WHERE id = %s', [portal_user.id])
|
||
|
[hashed] = self.env.cr.fetchone()
|
||
|
# Assert the password is an empty string. In `check_credentials`, an empty string as password is invalid
|
||
|
# so you are not able to login with an empty password.
|
||
|
self.assertTrue(self.env['res.users']._crypt_context().verify('', hashed))
|
||
|
self.assertFalse(portal_user.api_key_ids)
|
||
|
# Assert the deletion of the account is added to the deletion processing queue.
|
||
|
self.assertTrue(self.env['res.users.deletion'].search([('user_id', '=', portal_user.id)]))
|
||
|
# Run the cron processing the deletion queue
|
||
|
self.env.ref('base.ir_cron_res_users_deletion').method_direct_trigger()
|
||
|
# Assert the account is completely deleted
|
||
|
self.assertFalse(portal_user.exists())
|