@@ -358,8 +358,8 @@ class TestAccountsAPI(FilteredQueryCountMixin, CacheIsolationTestCase, UserAPITe
358358 """
359359
360360 ENABLED_CACHES = ['default' ]
361- TOTAL_QUERY_COUNT = 26
362- FULL_RESPONSE_FIELD_COUNT = 29
361+ TOTAL_QUERY_COUNT = 25
362+ FULL_RESPONSE_FIELD_COUNT = 28
363363
364364 def setUp (self ):
365365 super ().setUp ()
@@ -488,19 +488,19 @@ def test_get_account_unknown_user(self, api_client, user):
488488 ("client" , "user" ),
489489 )
490490 @ddt .unpack
491- def test_regsitration_activation_key (self , api_client , user ):
491+ def test_regsitration_activation_key_not_exposed (self , api_client , user ):
492492 """
493- Test that registration activation key has a value .
493+ Test that activation_key is NOT returned in the account API response .
494494
495- UserFactory does not auto-generate registration object for the test users.
496- It is created only for users that signup via email/API. Therefore, activation key has to be tested manually .
495+ The activation_key is a secret used for email verification and must not be
496+ exposed via the API, as doing so allows bypassing email verification .
497497 """
498498 self .create_user_registration (self .user )
499499
500500 client = self .login_client (api_client , user )
501501 response = self .send_get (client )
502502
503- assert response . data [ "activation_key" ] is not None
503+ assert "activation_key" not in response . data
504504
505505 def test_successful_get_account_by_email (self ):
506506 """
@@ -811,12 +811,12 @@ def verify_get_own_information(queries):
811811 assert data ['time_zone' ] is None
812812
813813 self .client .login (username = self .user .username , password = TEST_PASSWORD )
814- verify_get_own_information (self ._get_num_queries (24 ))
814+ verify_get_own_information (self ._get_num_queries (23 ))
815815
816816 # Now make sure that the user can get the same information, even if not active
817817 self .user .is_active = False
818818 self .user .save ()
819- verify_get_own_information (self ._get_num_queries (16 ))
819+ verify_get_own_information (self ._get_num_queries (15 ))
820820
821821 def test_get_account_empty_string (self ):
822822 """
@@ -831,7 +831,7 @@ def test_get_account_empty_string(self):
831831 legacy_profile .save ()
832832
833833 self .client .login (username = self .user .username , password = TEST_PASSWORD )
834- with self .assertNumQueries (self ._get_num_queries (24 ), table_ignorelist = WAFFLE_TABLES ):
834+ with self .assertNumQueries (self ._get_num_queries (23 ), table_ignorelist = WAFFLE_TABLES ):
835835 response = self .send_get (self .client )
836836 for empty_field in ("level_of_education" , "gender" , "country" , "state" , "bio" ,):
837837 assert response .data [empty_field ] is None
0 commit comments