From 27b48fe55bd6122890def871ea6749269a1611cd Mon Sep 17 00:00:00 2001 From: Ryan Petrello Date: Fri, 13 Mar 2020 12:53:40 -0400 Subject: [PATCH] make User.last_login read_only=True in its serializer --- awx/api/serializers.py | 3 +++ awx/main/tests/functional/api/test_user.py | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/awx/api/serializers.py b/awx/api/serializers.py index 858aeb4ebf..0fb74f8b09 100644 --- a/awx/api/serializers.py +++ b/awx/api/serializers.py @@ -884,6 +884,9 @@ class UserSerializer(BaseSerializer): fields = ('*', '-name', '-description', '-modified', 'username', 'first_name', 'last_name', 'email', 'is_superuser', 'is_system_auditor', 'password', 'ldap_dn', 'last_login', 'external_account') + extra_kwargs = { + 'last_login': {'read_only': True} + } def to_representation(self, obj): ret = super(UserSerializer, self).to_representation(obj) diff --git a/awx/main/tests/functional/api/test_user.py b/awx/main/tests/functional/api/test_user.py index f0a4ffea84..d91c4fb2d4 100644 --- a/awx/main/tests/functional/api/test_user.py +++ b/awx/main/tests/functional/api/test_user.py @@ -2,6 +2,7 @@ import pytest from django.contrib.sessions.middleware import SessionMiddleware +from awx.main.models import User from awx.api.versioning import reverse @@ -48,3 +49,15 @@ def test_create_delete_create_user(post, delete, admin): response = post(reverse('api:user_list'), EXAMPLE_USER_DATA, admin, middleware=SessionMiddleware()) print(response.data) assert response.status_code == 201 + + +@pytest.mark.django_db +def test_user_cannot_update_last_login(patch, admin): + assert admin.last_login is None + patch( + reverse('api:user_detail', kwargs={'pk': admin.pk}), + {'last_login': '2020-03-13T16:39:47.303016Z'}, + admin, + middleware=SessionMiddleware() + ) + assert User.objects.get(pk=admin.pk).last_login is None