Add plan text password for student creation in API; add an according …

…unit test for it as well (#129)

server/api/users/tests.py

@@ -120,6 +120,16 @@ def test_create_student(self):
 
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
 
+    def test_create_student_plain_text(self):
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {self.access_token}')
+        response = self.client.post(
+            '/api/users/students/', self.student_data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        response_content = response.content.decode()
+        self.assertIn('password', response_content)
+        self.assertIn('password2', response_content)
+
 
 class TeacherAPITestCase(APITestCase):
 

server/api/users/views.py

@@ -74,22 +74,18 @@ def create(self, request, *args, **kwargs):
         if hasattr(request.user, "teacher"):
             # teacher can only create students for their school
             for student in data:
-                student["school_id"] = request.user.teacher.school.id
-
+                student["school_id"] = self.request.user.teacher.school.id
             serializer = self.get_serializer(data=data, many=True)
             serializer.is_valid(raise_exception=True)
             self.perform_create(serializer)
-            for i, student in enumerate(serializer.data):
-                student["password"] = request.data[i]["password"]
+            self.set_passwords(serializer.data, data)
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         elif self.request.user.is_staff:
             # allow bulk creation of students by admin
             serializer = self.get_serializer(data=data, many=True)
             serializer.is_valid(raise_exception=True)
             self.perform_create(serializer)
-            for i, student in enumerate(serializer.data):
-                student["password"] = request.data[i]["password"]
-            return Response(serializer.data, status=status.HTTP_201_CREATED)
+            self.set_passwords(serializer.data, data)
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         else:
             return Response(
@@ -115,6 +111,13 @@ def update(self, request, *args, **kwargs):
                 status=status.HTTP_400_BAD_REQUEST
             )
 
+    def set_passwords(self, serialized_data, original_data) -> None:
+        """
+        Sets the plan text passwords for the students when they are created.
+        """
+        for item, student_data in zip(serialized_data, original_data):
+            item["password"] = student_data["password"]
+
 
 @permission_classes([IsAuthenticated])
 class TeacherViewSet(viewsets.ModelViewSet):