From a95f87126e80cce2c28e356708b883b09b9c9b6f Mon Sep 17 00:00:00 2001
From: Muhamad Adhytia Wana Putra Rahmadhan <muhamad.adhytia@ui.ac.id>
Date: Wed, 24 Mar 2021 21:43:42 +0700
Subject: [PATCH] Resolve sonarqube code smell and security issues
---
.gitlab-ci.yml | 2 +-
accounts/tests.py | 21 ++++++++++++++-------
hello_world/admin.py | 3 ---
hello_world/models.py | 3 ---
hello_world/views.py | 5 +----
requirements.txt | 3 ++-
walkiddie_backend/settings.py | 18 ++++++++++++------
7 files changed, 30 insertions(+), 25 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b628f52..239b8b4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,7 +9,7 @@ lint:
stage: lint
script:
- pip install -r requirements.txt
- - pylint walkiddie_backend hello_world
+ - pylint walkiddie_backend hello_world accounts
allow_failure: true
Test:
diff --git a/accounts/tests.py b/accounts/tests.py
index aeab5ff..6bc4e62 100644
--- a/accounts/tests.py
+++ b/accounts/tests.py
@@ -1,21 +1,28 @@
import json
from django.test import TestCase
+import environ
from accounts.models import UserAccount
-
class AccountsTest(TestCase):
+ def setUp(self):
+ super().setUp()
+ self.user_email = "adhytiawanaputra@gmail.com"
+ env = environ.Env()
+ environ.Env.read_env()
+ self.password = env('PASSWORD_UNIT_TEST')
+
# Positive test
def test_create_account_is_correct(self):
- user = UserAccount(email="adhytiawanaputra@gmail.com",
+ user = UserAccount(email=self.user_email,
first_name="Adhytia", last_name="Wana", role="Investor")
self.assertEqual(user.get_full_name(), "Adhytia Wana")
self.assertEqual(user.get_short_name(), "Adhytia")
self.assertEqual(user.get_role(), "Investor")
- self.assertEqual(str(user), "adhytiawanaputra@gmail.com")
+ self.assertEqual(str(user), self.user_email)
# Negative test
def test_create_account_is_wrong(self):
- user = UserAccount(email="adhytiawanaputra@gmail.com",
+ user = UserAccount(email=self.user_email,
first_name="Adhytia", last_name="Wana", role="Investor")
self.assertNotEqual(user.get_full_name(), "Adhytia")
self.assertNotEqual(user.get_short_name(), "Wana")
@@ -24,12 +31,12 @@ class AccountsTest(TestCase):
def test_post_create_account(self):
data = {
- "email": "adhytiawanaputra@gmail.com",
+ "email": self.user_email,
"first_name": "Adhytia",
"last_name": "Wana",
"role": "Investor",
- "password": "5t4r3e2w1q",
- "re_password": "5t4r3e2w1q"
+ "password": self.password,
+ "re_password": self.password
}
response = self.client.post('/auth/users/', data, format='json')
diff --git a/hello_world/admin.py b/hello_world/admin.py
index 4185d36..e69de29 100644
--- a/hello_world/admin.py
+++ b/hello_world/admin.py
@@ -1,3 +0,0 @@
-# from django.contrib import admin
-
-# Register your models here.
diff --git a/hello_world/models.py b/hello_world/models.py
index 0b4331b..e69de29 100644
--- a/hello_world/models.py
+++ b/hello_world/models.py
@@ -1,3 +0,0 @@
-# from django.db import models
-
-# Create your models here.
diff --git a/hello_world/views.py b/hello_world/views.py
index 6d0c4c7..79bd51a 100644
--- a/hello_world/views.py
+++ b/hello_world/views.py
@@ -1,7 +1,4 @@
-# from django.shortcuts import render
from django.http import JsonResponse
-# Create your views here.
def hello_world(request):
- return JsonResponse({'string':'Hello World!'})
-
\ No newline at end of file
+ return JsonResponse({'string': 'Hello World!'})
diff --git a/requirements.txt b/requirements.txt
index 6f973d1..a665c39 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -34,4 +34,5 @@ social-auth-app-django==4.0.0
social-auth-core==3.3.3
urllib3==1.26.2
whitenoise==4.1.4
-dj-database-url==0.4.2
\ No newline at end of file
+dj-database-url==0.4.2
+django-environ==0.4.5
\ No newline at end of file
diff --git a/walkiddie_backend/settings.py b/walkiddie_backend/settings.py
index bba3ac6..955d42b 100644
--- a/walkiddie_backend/settings.py
+++ b/walkiddie_backend/settings.py
@@ -13,20 +13,26 @@ https://docs.djangoproject.com/en/3.1/ref/settings/
from pathlib import Path
import os
import dj_database_url
+import environ
+
+# Initialise environment variables
+env = environ.Env()
+environ.Env.read_env()
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
PRODUCTION = os.environ.get('DATABASE_URL') is not None
+ACCOUNT_SERIALIZER = 'accounts.serializers.UserCreateSerializer'
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.1/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '4znq=gdi^d@js7(%piz(_!=14aej#0^f&mg#hptsm+s*vic6vq'
+SECRET_KEY = env('SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
ALLOWED_HOSTS = [
'walkiddie-toys-backend.herokuapp.com',
@@ -107,7 +113,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'pplnarai2021@gmail.com'
-EMAIL_HOST_PASSWORD = 'woinflzirugwydva'
+EMAIL_HOST_PASSWORD = env('EMAIL_HOST_PASSWORD')
EMAIL_USE_TLS = True
# Password validation
@@ -176,9 +182,9 @@ DJOSER = {
'ACTIVATION_URL': 'activate/{uid}/{token}',
'SEND_ACTIVATION_EMAIL': True,
'SERIALIZERS': {
- 'user_create': 'accounts.serializers.UserCreateSerializer',
- 'user': 'accounts.serializers.UserCreateSerializer',
- 'current_user': 'accounts.serializers.UserCreateSerializer',
+ 'user_create': ACCOUNT_SERIALIZER,
+ 'user': ACCOUNT_SERIALIZER,
+ 'current_user': ACCOUNT_SERIALIZER,
'user_delete': 'djoser.serializers.UserDeleteSerializer',
}
}
--
GitLab