Skip to content

Commit 6a33726

Browse files
ktyagiapphelix2uktyagiapphelix2u
committed
fix: redacting user retirement data in lms
1 parent 83e52e1 commit 6a33726

File tree

1 file changed

+32
-27
lines changed

1 file changed

+32
-27
lines changed

openedx/core/djangoapps/user_api/accounts/tests/test_retirement_views.py

Lines changed: 32 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -1080,6 +1080,34 @@ def cleanup_and_assert_status(self, data=None, expected_status=status.HTTP_204_N
10801080
assert response.status_code == expected_status
10811081
return response
10821082

1083+
def _assert_redacted_update_delete_queries(self, queries, redacted_username, redacted_email, redacted_name):
1084+
"""
1085+
Helper method to verify UPDATE and DELETE queries contain correct field-value assignments.
1086+
1087+
Args:
1088+
queries: List of captured query dicts from CaptureQueriesContext
1089+
redacted_username: Expected redacted username value
1090+
redacted_email: Expected redacted email value
1091+
redacted_name: Expected redacted name value
1092+
"""
1093+
update_queries = [q for q in queries if 'UPDATE' in q['sql'] and 'user_api_userretirementstatus' in q['sql']]
1094+
delete_queries = [q for q in queries if 'DELETE' in q['sql'] and 'user_api_userretirementstatus' in q['sql']]
1095+
1096+
# Should have 9 UPDATE and 9 DELETE queries
1097+
assert len(update_queries) == 9, f"Expected 9 UPDATE queries, found {len(update_queries)}"
1098+
assert len(delete_queries) == 9, f"Expected 9 DELETE queries, found {len(delete_queries)}"
1099+
1100+
# Verify UPDATE queries contain the redacted values
1101+
for update_query in update_queries:
1102+
sql = update_query['sql'].upper()
1103+
sql_lower = update_query['sql']
1104+
# Check that SET clause contains the redacted values
1105+
assert redacted_username in sql_lower, f"UPDATE query missing redacted username '{redacted_username}': {sql_lower}"
1106+
assert redacted_email in sql_lower, f"UPDATE query missing redacted email '{redacted_email}': {sql_lower}"
1107+
assert redacted_name in sql_lower, f"UPDATE query missing redacted name '{redacted_name}': {sql_lower}"
1108+
# Verify it's an UPDATE on the correct table
1109+
assert 'original_username' in sql_lower or 'original_email' in sql_lower, f"UPDATE query doesn't appear to update retirement fields: {sql_lower}"
1110+
10831111
def test_simple_success(self):
10841112
"""
10851113
Test basic cleanup with default redacted values.
@@ -1106,22 +1134,8 @@ def test_redaction_before_deletion(self):
11061134
retirements = UserRetirementStatus.objects.all()
11071135
assert retirements.count() == 0
11081136

1109-
# Verify UPDATE queries exist with default 'redacted' value
1110-
queries = context.captured_queries
1111-
update_queries = [q for q in queries if 'UPDATE' in q['sql'] and 'user_api_userretirementstatus' in q['sql']]
1112-
delete_queries = [q for q in queries if 'DELETE' in q['sql'] and 'user_api_userretirementstatus' in q['sql']]
1113-
1114-
# Should have 9 UPDATE and 9 DELETE queries
1115-
assert len(update_queries) == 9, f"Expected 9 UPDATE queries, found {len(update_queries)}"
1116-
assert len(delete_queries) == 9, f"Expected 9 DELETE queries, found {len(delete_queries)}"
1117-
1118-
# Verify UPDATE queries contain the redacted values
1119-
for update_query in update_queries:
1120-
sql = update_query['sql']
1121-
assert "'redacted'" in sql, f"UPDATE query missing 'redacted' value: {sql}"
1122-
assert 'original_username' in sql, f"UPDATE query missing original_username field: {sql}"
1123-
assert 'original_email' in sql, f"UPDATE query missing original_email field: {sql}"
1124-
assert 'original_name' in sql, f"UPDATE query missing original_name field: {sql}"
1137+
# Verify UPDATE and DELETE queries with default 'redacted' value
1138+
self._assert_redacted_update_delete_queries(context.captured_queries, 'redacted', 'redacted', 'redacted')
11251139

11261140
def test_custom_redacted_values(self):
11271141
"""Test that custom redacted values are applied before deletion."""
@@ -1143,17 +1157,8 @@ def test_custom_redacted_values(self):
11431157
retirements = UserRetirementStatus.objects.all()
11441158
assert retirements.count() == 0
11451159

1146-
# Verify UPDATE queries contain the custom redacted values
1147-
queries = context.captured_queries
1148-
update_queries = [q for q in queries if 'UPDATE' in q['sql'] and 'user_api_userretirementstatus' in q['sql']]
1149-
1150-
assert len(update_queries) == 9, f"Expected 9 UPDATE queries, found {len(update_queries)}"
1151-
1152-
for update_query in update_queries:
1153-
sql = update_query['sql']
1154-
assert custom_username in sql, f"UPDATE query missing custom username '{custom_username}': {sql}"
1155-
assert custom_email in sql, f"UPDATE query missing custom email '{custom_email}': {sql}"
1156-
assert custom_name in sql, f"UPDATE query missing custom name '{custom_name}': {sql}"
1160+
# Verify UPDATE and DELETE queries with custom redacted values
1161+
self._assert_redacted_update_delete_queries(context.captured_queries, custom_username, custom_email, custom_name)
11571162

11581163
def test_leaves_other_users(self):
11591164
remaining_usernames = []

0 commit comments

Comments
 (0)