Features: 1) Add setup for generating authorization tokens in DRFCoreViewsTests; 2) Simplify user handling in JWT mutations using validated serializer data.

Fixes: 1) Correct redundant user lookup in JWT mutations.

Extra: 1) Add TODO comments for HTTP method tests in both DRF and Graphene test modules; 2) Minor cleanup in test files.

engine/core/tests/test_drf.py

@@ -1,8 +1,33 @@
 from django.test import TestCase
 from rest_framework.test import APIClient
 
+from engine.vibes_auth.models import User
+from engine.vibes_auth.serializers import TokenObtainPairSerializer
+
 
 class DRFCoreViewsTests(TestCase):
     def setUp(self):
         super().setUp()
         self.client = APIClient()
+        self.superuser_password = "Str0ngPass!word1"
+        self.superuser = User.objects.create(
+            email="test-superuser@email.com",
+            password=self.superuser_password,
+            is_active=True,
+            is_verified=True,
+            is_superuser=True,
+            is_staff=True,
+        )
+        self.user_password = "Str0ngPass!word2"
+        self.user = User.objects.create(
+            email="test-superuser@email.com", password=self.user_password, is_active=True, is_verified=True
+        )
+
+    def _get_authorization_token(self, user):
+        serializer = TokenObtainPairSerializer(
+            data={"email": user.email, "password": self.superuser_password if user.is_superuser else self.user_password}
+        )
+        serializer.is_valid(raise_exception=True)
+        return serializer.validated_data["access_token"]
+
+# TODO: create tests for every possible HTTP method in core module with DRF stack

engine/core/tests/test_graphene.py

@@ -13,3 +13,6 @@ class GraphQLCoreTests(TestCase):
         response = self.client.post(url, data=payload, content_type="application/json")
         self.assertEqual(response.status_code, 200, response.json())
         return response.json()
+
+
+# TODO: create tests for every possible HTTP method in core module with Graphene stack

engine/vibes_auth/graphene/mutations.py

@@ -204,9 +204,8 @@ class ObtainJSONWebToken(BaseMutation):
         serializer = TokenObtainPairSerializer(data={"email": email, "password": password})
         try:
             serializer.is_valid(raise_exception=True)
-            user = User.objects.get(email=email)
             return ObtainJSONWebToken(
-                user=user,
+                user=serializer.validated_data["user"],
                 refresh_token=serializer.validated_data["refresh"],
                 access_token=serializer.validated_data["access"],
             )
@@ -227,9 +226,9 @@ class RefreshJSONWebToken(BaseMutation):
         try:
             serializer.is_valid(raise_exception=True)
             return RefreshJSONWebToken(
+                user=serializer.validated_data["user"],
                 access_token=serializer.validated_data["access"],
                 refresh_token=serializer.validated_data["refresh"],
-                user=User.objects.get(uuid=serializer.validated_data["user"]["uuid"]),
             )
         except Exception as e:
             raise PermissionDenied(f"invalid refresh token provided: {e!s}") from e
@@ -247,10 +246,8 @@ class VerifyJSONWebToken(BaseMutation):
         serializer = TokenVerifySerializer(data={"token": token})
         with suppress(Exception):
             serializer.is_valid(raise_exception=True)
-            user_uuid = serializer.validated_data["user"]["uuid"]
-            user = User.objects.get(pk=user_uuid)
             # noinspection PyTypeChecker
-            return VerifyJSONWebToken(token_is_valid=True, user=user)
+            return VerifyJSONWebToken(token_is_valid=True, user=serializer.validated_data["user"])
         detail = traceback.format_exc() if settings.DEBUG else ""
         # noinspection PyTypeChecker
         return VerifyJSONWebToken(token_is_valid=False, user=None, detail=detail)