|
1
|
1 |
|
import json |
|
2
|
|
|
|
|
3
|
1 |
|
from django.core import mail |
|
4
|
|
|
|
|
5
|
1 |
|
from rest_framework import status |
|
6
|
1 |
|
from rest_framework.test import APITestCase, force_authenticate |
|
7
|
|
|
|
|
8
|
1 |
|
from sigma_core.tests.factories import UserFactory, AdminUserFactory, GroupMemberFactory, GroupFactory, ClusterFactory |
|
9
|
1 |
|
from sigma_core.serializers.user import MinimalUserSerializer, UserSerializer, MyUserSerializer |
|
10
|
|
|
from sigma_core.models.user import User |
|
11
|
|
|
from sigma_core.models.group import Group |
|
12
|
1 |
|
from sigma_core.models.group_member import GroupMember |
|
13
|
1 |
|
|
|
14
|
|
|
|
|
15
|
1 |
|
def reload(obj): |
|
16
|
|
|
return obj.__class__.objects.get(pk=obj.pk) |
|
17
|
1 |
|
|
|
18
|
1 |
|
|
|
19
|
1 |
|
class UserTests(APITestCase): |
|
20
|
|
|
@classmethod |
|
21
|
1 |
|
def setUpTestData(self): |
|
22
|
1 |
|
# Summary: 2 clusters, 2 groups, 10 users |
|
23
|
1 |
|
# Cluster #1: users #1 to #5 |
|
24
|
|
|
# Cluster #2: users #5 to #9 |
|
25
|
1 |
|
# Group #1: users #1, #2 and #6 (pending request) |
|
26
|
|
|
# Group #2: users #3, #7 and #8 (invitation not accepted yet) |
|
27
|
1 |
|
# User #1 is admin in cluster #1 |
|
28
|
|
|
# User #6 is admin in cluster #2 |
|
29
|
|
|
# User #10 is Sigma admin |
|
30
|
1 |
|
|
|
31
|
|
|
super(UserTests, self).setUpTestData() |
|
32
|
1 |
|
self.clusters = ClusterFactory.create_batch(2) |
|
33
|
1 |
|
self.users = UserFactory.create_batch(9) |
|
34
|
|
|
self.groups = GroupFactory.create_batch(2) |
|
35
|
|
|
|
|
36
|
|
|
# User #10 is Sigma admin |
|
37
|
|
|
self.users.append(AdminUserFactory()) |
|
38
|
|
|
|
|
39
|
|
|
# Add users in clusters (user #1 is admin in cluster #1 and user #6 is admin in cluster #2) |
|
40
|
|
|
for i in range(5): |
|
41
|
1 |
|
self.clusters[0].cluster_users.add(self.users[i]) |
|
42
|
|
|
GroupMemberFactory(group=self.clusters[0], user=self.users[i], perm_rank=(Group.ADMINISTRATOR_RANK if i == 0 else 1)) |
|
43
|
1 |
|
|
|
44
|
1 |
|
self.clusters[1].cluster_users.add(self.users[4+i]) |
|
45
|
1 |
|
GroupMemberFactory(group=self.clusters[1], user=self.users[4+i], perm_rank=(Group.ADMINISTRATOR_RANK if i == 1 else 1)) |
|
46
|
1 |
|
|
|
47
|
|
|
# Add users in group #1 |
|
48
|
|
|
GroupMemberFactory(group=self.groups[0], user=self.users[0], perm_rank=Group.ADMINISTRATOR_RANK) |
|
49
|
1 |
|
GroupMemberFactory(group=self.groups[0], user=self.users[1], perm_rank=1) |
|
50
|
|
|
GroupMemberFactory(group=self.groups[0], user=self.users[5], perm_rank=0) # pending request |
|
51
|
1 |
|
|
|
52
|
1 |
|
# Add users in group #2 |
|
53
|
|
|
GroupMemberFactory(group=self.groups[1], user=self.users[2], perm_rank=1) |
|
54
|
|
|
GroupMemberFactory(group=self.groups[1], user=self.users[6], perm_rank=1) |
|
55
|
|
|
self.users[7].invited_to_groups.add(self.groups[1]) # User #8 is invited to group #2 |
|
56
|
|
|
|
|
57
|
|
|
self.user_url = '/user/' |
|
58
|
|
|
self.new_user_data = {'lastname': 'Doe', 'firstname': 'John', 'email': '[email protected]', 'password': 'password', 'clusters_ids' : {self.clusters[0].id}} |
|
59
|
|
|
|
|
60
|
1 |
|
#### Model methods test |
|
61
|
|
|
def test_model_user(self): |
|
62
|
1 |
|
try: |
|
63
|
1 |
|
user = User.objects.create_user(email="", lastname="Holmes", firstname="Sherlock") |
|
64
|
1 |
|
except ValueError: |
|
65
|
1 |
|
user = User.objects.create_user(email="[email protected]", lastname="Holmes", firstname="Sherlock") |
|
66
|
1 |
|
|
|
67
|
|
|
self.assertRaises(ValueError, User.objects.create_superuser, email="", lastname="", firstname="", password="pass") |
|
68
|
|
|
user_admin = User.objects.create_superuser(email="[email protected]", lastname="Holmes", firstname="Mycroft", password="pass") |
|
69
|
1 |
|
self.assertTrue(user_admin.is_superuser) |
|
70
|
|
|
|
|
71
|
1 |
|
self.assertEqual(user.email, '[email protected]') |
|
72
|
1 |
|
self.assertEqual(user.get_full_name(), 'Holmes Sherlock') |
|
73
|
|
|
self.assertEqual(user.get_short_name(), '[email protected]') |
|
74
|
1 |
|
self.assertFalse(user.is_sigma_admin()) |
|
75
|
|
|
self.assertEqual(user.__str__(), '[email protected]') |
|
76
|
1 |
|
self.assertTrue(self.users[0].is_in_cluster(self.clusters[0])) |
|
77
|
1 |
|
# Cluster admin |
|
78
|
1 |
|
self.assertTrue(self.users[0].is_cluster_admin(self.clusters[0])) |
|
79
|
1 |
|
self.assertFalse(self.users[1].is_cluster_admin(self.clusters[0])) |
|
80
|
|
|
self.assertTrue(self.users[0].is_admin_of_one_cluster(self.clusters)) |
|
81
|
|
|
self.assertFalse(self.users[1].is_admin_of_one_cluster(self.clusters)) |
|
82
|
1 |
|
# Common cluster |
|
83
|
|
|
self.assertTrue(self.users[0].has_common_cluster(self.users[1])) |
|
84
|
1 |
|
self.assertFalse(self.users[0].has_common_cluster(self.users[5])) |
|
85
|
1 |
|
# Common group |
|
86
|
|
|
self.assertTrue(self.users[2].has_common_group(self.users[6])) |
|
87
|
1 |
|
self.assertFalse(self.users[1].has_common_group(self.users[6])) |
|
88
|
|
|
self.assertTrue(self.users[0].has_common_group(self.users[5])) |
|
89
|
1 |
|
self.assertFalse(self.users[5].has_common_group(self.users[0])) |
|
90
|
1 |
|
# Group membership |
|
91
|
1 |
|
self.assertIsNone(self.users[0].get_group_membership(self.groups[1])) |
|
92
|
|
|
self.assertIsNotNone(self.users[0].get_group_membership(self.groups[0])) |
|
93
|
1 |
|
self.assertIsNotNone(self.users[5].get_group_membership(self.groups[0])) |
|
94
|
|
|
self.assertFalse(self.users[0].is_group_member(self.groups[1])) |
|
95
|
1 |
|
self.assertTrue(self.users[0].is_group_member(self.groups[0])) |
|
96
|
1 |
|
self.assertFalse(self.users[5].is_group_member(self.groups[0])) |
|
97
|
1 |
|
# Group perms |
|
98
|
1 |
|
self.assertTrue(self.users[0].can_invite(self.clusters[0].group_ptr)) |
|
99
|
|
|
self.assertFalse(self.users[1].can_invite(self.clusters[0].group_ptr)) |
|
100
|
|
|
self.assertTrue(self.users[0].can_accept_join_requests(self.groups[0])) |
|
101
|
1 |
|
self.assertTrue(self.users[0].can_modify_group_infos(self.groups[0])) |
|
102
|
|
|
self.assertTrue(self.users[0].has_group_admin_perm(self.groups[0])) |
|
103
|
1 |
|
self.assertFalse(self.users[1].has_group_admin_perm(self.groups[0])) |
|
104
|
1 |
|
self.assertTrue(self.users[7].is_invited_to_group_id(self.groups[1].id)) |
|
105
|
1 |
|
self.assertEqual(len(self.users[0].get_groups_with_confirmed_membership()), 2) |
|
106
|
1 |
|
self.assertTrue(user_admin.can_accept_join_requests(self.groups[0])) |
|
107
|
1 |
|
self.assertTrue(user_admin.has_group_admin_perm(self.groups[0])) |
|
108
|
|
|
|
|
109
|
1 |
|
#### List requests |
|
110
|
|
|
def test_get_users_list_unauthed(self): |
|
111
|
1 |
|
# Client not authenticated |
|
112
|
1 |
|
response = self.client.get(self.user_url) |
|
113
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
114
|
1 |
|
|
|
115
|
1 |
|
def test_get_users_list_user1(self): |
|
116
|
|
|
# Client authenticated: user in cluster #1, can see users in cluster #1 and in his groups |
|
117
|
1 |
|
self.client.force_authenticate(user=self.users[0]) |
|
118
|
|
|
response = self.client.get(self.user_url) |
|
119
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
120
|
1 |
|
self.assertEqual(len(response.data), 6) |
|
121
|
1 |
|
|
|
122
|
1 |
|
def test_get_users_list_user4(self): |
|
123
|
1 |
|
# Client authenticated: user in cluster #1, can see users in cluster #1 |
|
124
|
1 |
|
self.client.force_authenticate(user=self.users[3]) |
|
125
|
|
|
response = self.client.get(self.user_url) |
|
126
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
127
|
1 |
|
self.assertEqual(len(response.data), 5) |
|
128
|
|
|
|
|
129
|
1 |
|
def test_get_users_list_user5(self): |
|
130
|
|
|
# Client authenticated: user in clusters #1 and #2, can see eveybody (except admin user) then |
|
131
|
1 |
|
self.client.force_authenticate(user=self.users[4]) |
|
132
|
1 |
|
response = self.client.get(self.user_url) |
|
133
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
134
|
1 |
|
self.assertEqual(len(response.data), 9) |
|
135
|
1 |
|
|
|
136
|
|
|
def test_get_users_list_user6(self): |
|
137
|
1 |
|
# Client authenticated: user in cluster #2, pending request to group #2 (cannot see members yet) |
|
138
|
|
|
self.client.force_authenticate(user=self.users[5]) |
|
139
|
1 |
|
response = self.client.get(self.user_url) |
|
140
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
141
|
1 |
|
self.assertEqual(len(response.data), 5) |
|
142
|
1 |
|
|
|
143
|
1 |
|
def test_get_users_list_user8(self): |
|
144
|
1 |
|
# Client authenticated: user in cluster #2, invited to group #2 (cannot see members yet) |
|
145
|
|
|
self.client.force_authenticate(user=self.users[7]) |
|
146
|
1 |
|
response = self.client.get(self.user_url) |
|
147
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
148
|
|
|
self.assertEqual(len(response.data), 5) |
|
149
|
1 |
|
|
|
150
|
|
|
def test_get_users_list_admin_user(self): |
|
151
|
1 |
|
# Client authenticated: Sigma admin, can see everyone |
|
152
|
1 |
|
self.client.force_authenticate(user=self.users[9]) |
|
153
|
1 |
|
response = self.client.get(self.user_url) |
|
154
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
155
|
1 |
|
self.assertEqual(len(response.data), 10) |
|
156
|
|
|
|
|
157
|
1 |
|
#### Get requests |
|
158
|
|
|
def test_get_user_unauthed(self): |
|
159
|
1 |
|
# Client is not authenticated |
|
160
|
1 |
|
response = self.client.get(self.user_url) |
|
161
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
162
|
1 |
|
|
|
163
|
1 |
|
def test_get_user_not_found(self): |
|
164
|
1 |
|
# Client authenticated: request inexistant user |
|
165
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
166
|
1 |
|
response = self.client.get(self.user_url + "%d/" % 404) |
|
167
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
168
|
|
|
|
|
169
|
|
View Code Duplication |
def test_get_user_1_req_5(self): |
|
|
|
|
|
|
170
|
|
|
# Client authenticated: request user in same cluster |
|
171
|
1 |
|
self.client.force_authenticate(user=self.users[0]) |
|
172
|
|
|
response = self.client.get(self.user_url + "%d/" % self.users[4].id) |
|
173
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
174
|
1 |
|
self.assertEqual(response.data['lastname'], self.users[4].lastname) |
|
175
|
1 |
|
self.assertEqual(response.data['email'], self.users[4].email) |
|
176
|
1 |
|
self.assertEqual(response.data['clusters_ids'], [c.id for c in self.clusters]) |
|
177
|
|
|
|
|
178
|
1 |
View Code Duplication |
def test_get_user_3_req_7(self): |
|
|
|
|
|
|
179
|
|
|
# Client authenticated: request user in same group |
|
180
|
1 |
|
self.client.force_authenticate(user=self.users[2]) |
|
181
|
1 |
|
response = self.client.get(self.user_url + "%d/" % self.users[6].id) |
|
182
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
183
|
1 |
|
self.assertEqual(response.data['lastname'], self.users[6].lastname) |
|
184
|
|
|
self.assertEqual(response.data['email'], self.users[6].email) |
|
185
|
1 |
|
self.assertEqual(response.data['clusters_ids'], [self.clusters[1].id]) |
|
186
|
|
|
|
|
187
|
1 |
|
def test_get_user_1_req_7(self): |
|
188
|
1 |
|
# Client authenticated: no group in common |
|
189
|
1 |
|
self.client.force_authenticate(user=self.users[0]) |
|
190
|
1 |
|
response = self.client.get(self.user_url + "%d/" % self.users[6].id) |
|
191
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
192
|
|
|
self.assertEqual(response.data['lastname'], self.users[6].lastname) |
|
193
|
1 |
|
self.assertEqual(response.data['clusters_ids'], [self.clusters[1].id]) |
|
194
|
|
|
self.assertNotIn('email', response.data) |
|
195
|
1 |
|
self.assertNotIn('photo', response.data) |
|
196
|
1 |
|
|
|
197
|
|
|
def test_get_user_2_req_6(self): |
|
198
|
1 |
|
# Client authenticated: request user who has pending request into group |
|
199
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
200
|
1 |
|
response = self.client.get(self.user_url + "%d/" % self.users[5].id) |
|
201
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
202
|
|
|
self.assertEqual(response.data['lastname'], self.users[5].lastname) |
|
203
|
1 |
|
self.assertEqual(response.data['clusters_ids'], [self.clusters[1].id]) |
|
204
|
|
|
self.assertIn('email', response.data) |
|
205
|
1 |
|
|
|
206
|
1 |
|
def test_get_user_8_req_3(self): |
|
207
|
1 |
|
# Client authenticated: request a user who is in a group I'm invited |
|
208
|
1 |
|
self.client.force_authenticate(user=self.users[7]) |
|
209
|
1 |
|
response = self.client.get(self.user_url + "%d/" % self.users[2].id) |
|
210
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
211
|
|
|
self.assertEqual(response.data['lastname'], self.users[2].lastname) |
|
212
|
|
|
self.assertEqual(response.data['clusters_ids'], [self.clusters[0].id]) |
|
213
|
|
|
self.assertNotIn('email', response.data) |
|
214
|
|
|
self.assertNotIn('photo', response.data) |
|
215
|
|
|
|
|
216
|
|
|
def test_get_user_3_req_8(self): |
|
217
|
|
|
# Client authenticated: request a user who is invited in a group whose I'm a member |
|
218
|
|
|
self.client.force_authenticate(user=self.users[2]) |
|
219
|
|
|
response = self.client.get(self.user_url + "%d/" % self.users[7].id) |
|
220
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
221
|
|
|
self.assertEqual(response.data['lastname'], self.users[7].lastname) |
|
222
|
|
|
self.assertEqual(response.data['clusters_ids'], [self.clusters[1].id]) |
|
223
|
|
|
self.assertNotIn('email', response.data) |
|
224
|
|
|
self.assertNotIn('photo', response.data) |
|
225
|
|
|
|
|
226
|
|
|
|
|
227
|
|
|
#### "Get my data" requests |
|
228
|
|
|
def test_get_my_data_unauthed(self): |
|
229
|
|
|
# Client is not authenticated |
|
230
|
|
|
response = self.client.get(self.user_url + 'me/') |
|
231
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
232
|
|
|
|
|
233
|
|
|
def test_get_my_data_ok(self): |
|
234
|
|
|
# Client is authenticated |
|
235
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
236
|
|
|
response = self.client.get(self.user_url + 'me/') |
|
237
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
238
|
|
|
self.assertEqual(response.data['id'], self.users[1].id) |
|
239
|
|
|
self.assertIn('invited_to_groups_ids', response.data) |
|
240
|
|
|
|
|
241
|
|
|
#### Create requests |
|
242
|
|
|
def test_create_user_unauthed(self): |
|
243
|
|
|
# Client is not authenticated |
|
244
|
|
|
response = self.client.post(self.user_url, self.new_user_data) |
|
245
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
246
|
|
|
|
|
247
|
|
|
def test_create_user_not_cluster_admin(self): |
|
248
|
|
|
# Client has no permission |
|
249
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
250
|
|
|
response = self.client.post(self.user_url, self.new_user_data) |
|
251
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
252
|
|
|
|
|
253
|
|
View Code Duplication |
def test_create_user_sigma_admin_ok(self): |
|
|
|
|
|
|
254
|
|
|
# Client has permissions |
|
255
|
|
|
self.client.force_authenticate(user=self.users[9]) |
|
256
|
|
|
response = self.client.post(self.user_url, self.new_user_data) |
|
257
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
258
|
|
|
self.assertEqual(response.data['lastname'], self.new_user_data['lastname']) |
|
259
|
|
|
self.assertTrue(GroupMember.objects.filter(user=response.data['id'], group=self.clusters[0].id).exists()) |
|
260
|
|
|
|
|
261
|
|
|
def test_create_user_admin__bad_request1(self): |
|
262
|
|
|
# Client has permissions |
|
263
|
|
|
self.client.force_authenticate(user=self.users[9]) |
|
264
|
|
|
data = self.new_user_data.copy() |
|
265
|
|
|
data['clusters_ids'] = 'Completely wrong' |
|
266
|
|
|
response = self.client.post(self.user_url, data) |
|
267
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
268
|
|
|
|
|
269
|
|
|
def test_create_user_admin__bad_request2(self): |
|
270
|
|
|
# Client has permissions |
|
271
|
|
|
self.client.force_authenticate(user=self.users[9]) |
|
272
|
|
|
data = self.new_user_data.copy() |
|
273
|
|
|
data['clusters_ids'] = {'cluster': 1} |
|
274
|
|
|
response = self.client.post(self.user_url, data) |
|
275
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
276
|
|
|
|
|
277
|
|
|
def test_create_user_admin__bad_request3(self): |
|
278
|
|
|
# Client has permissions |
|
279
|
|
|
self.client.force_authenticate(user=self.users[9]) |
|
280
|
|
|
data = self.new_user_data.copy() |
|
281
|
|
|
data['clusters_ids'] = None |
|
282
|
|
|
response = self.client.post(self.user_url, data) |
|
283
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
284
|
|
|
|
|
285
|
|
View Code Duplication |
def test_create_user_clusteradmin_ok(self): |
|
|
|
|
|
|
286
|
|
|
# Client has permissions |
|
287
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
288
|
|
|
response = self.client.post(self.user_url, self.new_user_data) |
|
289
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
290
|
|
|
self.assertEqual(response.data['lastname'], self.new_user_data['lastname']) |
|
291
|
|
|
self.assertTrue(GroupMember.objects.filter(user=response.data['id'], group=self.clusters[0].id).exists()) |
|
292
|
|
|
|
|
293
|
|
|
def test_create_user_clusteradmin_wrong_cluster(self): |
|
294
|
|
|
# Client has permissions |
|
295
|
|
|
self.client.force_authenticate(user=self.users[4]) |
|
296
|
|
|
response = self.client.post(self.user_url, self.new_user_data) |
|
297
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
298
|
|
|
|
|
299
|
|
|
#### Modification requests |
|
300
|
|
|
def test_get_user_not_found(self): |
|
301
|
|
|
# Client authenticated: request inexistant user |
|
302
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
303
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
304
|
|
|
response = self.client.put(self.user_url + "%d/" % 404, user_data) |
|
305
|
|
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
306
|
|
|
|
|
307
|
|
|
def test_edit_email_wrong_permission(self): |
|
308
|
|
|
# Client wants to change another user's email |
|
309
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
310
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
311
|
|
|
user_data['email'] = "[email protected]" |
|
312
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
313
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
314
|
|
|
|
|
315
|
|
|
def test_edit_is_superuser_no_permission(self): |
|
316
|
|
|
# Client can't set himself as administrator ! |
|
317
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
318
|
|
|
user_data = UserSerializer(self.users[1]).data |
|
319
|
|
|
user_data['is_superuser'] = True |
|
320
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[1].id, user_data) |
|
321
|
|
|
self.assertFalse(self.users[1].is_superuser) |
|
322
|
|
|
|
|
323
|
|
|
def test_edit_email_nonvalid_email(self): |
|
324
|
|
|
# Client wants to change his email with a non valid value |
|
325
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
326
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
327
|
|
|
user_data['email'] = "ThisIsNotAnEmail" |
|
328
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
329
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
330
|
|
|
|
|
331
|
|
View Code Duplication |
def test_edit_email_ok(self): |
|
|
|
|
|
|
332
|
|
|
# Client wants to change his email and succeed in |
|
333
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
334
|
|
|
user_data = UserSerializer(self.users[1]).data |
|
335
|
|
|
old_email = user_data['email'] |
|
336
|
|
|
user_data['email'] = "[email protected]" |
|
337
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[1].id, user_data) |
|
338
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
339
|
|
|
self.assertEqual(reload(self.users[1]).email, user_data['email']) |
|
340
|
|
|
# Guarantee that tests are independant |
|
341
|
|
|
self.users[1].email = old_email |
|
342
|
|
|
self.users[1].save() |
|
343
|
|
|
|
|
344
|
|
|
def test_edit_profile_wrong_permission(self): |
|
345
|
|
|
# Client wants to change another user's phone number |
|
346
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
347
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
348
|
|
|
user_data['phone'] = "0123456789" |
|
349
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
350
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
351
|
|
|
|
|
352
|
|
View Code Duplication |
def test_edit_profile_ok(self): |
|
|
|
|
|
|
353
|
|
|
# Client wants to change his phone number |
|
354
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
355
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
356
|
|
|
old_phone = user_data['phone'] |
|
357
|
|
|
user_data['phone'] = "0123456789" |
|
358
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
359
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
360
|
|
|
self.assertEqual(reload(self.users[0]).phone, user_data['phone']) |
|
361
|
|
|
# Guarantee that tests are independant |
|
362
|
|
|
self.users[0].phone = old_phone |
|
363
|
|
|
self.users[0].save() |
|
364
|
|
|
|
|
365
|
|
|
def test_edit_lastname_oneself(self): |
|
366
|
|
|
# Client wants to change his lastname |
|
367
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
368
|
|
|
user_data = UserSerializer(self.users[1]).data |
|
369
|
|
|
user_data['lastname'] = "Daudet" |
|
370
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[1].id, user_data) |
|
371
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
372
|
|
|
|
|
373
|
|
View Code Duplication |
def test_edit_lastname_oneself_clusteradmin(self): |
|
|
|
|
|
|
374
|
|
|
# Client wants to change his lastname |
|
375
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
376
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
377
|
|
|
old_lastname = user_data['lastname'] |
|
378
|
|
|
user_data['lastname'] = "Daudet" |
|
379
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
380
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
381
|
|
|
self.assertEqual(reload(self.users[0]).lastname, user_data['lastname']) |
|
382
|
|
|
# Guarantee that tests are independant |
|
383
|
|
|
self.users[1].lastname = old_lastname |
|
384
|
|
|
self.users[1].save() |
|
385
|
|
|
|
|
386
|
|
View Code Duplication |
def test_edit_lastname_cluster_admin(self): |
|
|
|
|
|
|
387
|
|
|
# Cluster admin wants to change the lastname of one cluster's member |
|
388
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
389
|
|
|
user_data = UserSerializer(self.users[1]).data |
|
390
|
|
|
old_lastname = user_data['lastname'] |
|
391
|
|
|
user_data['lastname'] = "Daudet" |
|
392
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[1].id, user_data) |
|
393
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
394
|
|
|
self.assertEqual(reload(self.users[1]).lastname, user_data['lastname']) |
|
395
|
|
|
# Guarantee that tests are independant |
|
396
|
|
|
self.users[1].lastname = old_lastname |
|
397
|
|
|
self.users[1].save() |
|
398
|
|
|
|
|
399
|
|
View Code Duplication |
def test_edit_lastname_sigma_admin(self): |
|
|
|
|
|
|
400
|
|
|
# Admin wants to change an user's lastname |
|
401
|
|
|
self.client.force_authenticate(user=self.users[9]) |
|
402
|
|
|
user_data = UserSerializer(self.users[0]).data |
|
403
|
|
|
old_lastname = user_data['lastname'] |
|
404
|
|
|
user_data['lastname'] = "Daudet" |
|
405
|
|
|
response = self.client.put(self.user_url + "%d/" % self.users[0].id, user_data) |
|
406
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
407
|
|
|
self.assertEqual(reload(self.users[0]).lastname, user_data['lastname']) |
|
408
|
|
|
# Guarantee that tests are independant |
|
409
|
|
|
self.users[0].lastname = old_lastname |
|
410
|
|
|
self.users[0].save() |
|
411
|
|
|
|
|
412
|
|
|
#### "Change password" requests |
|
413
|
|
|
def test_change_pwd_wrong_pwd(self): |
|
414
|
|
|
# Client gives a wrong old password |
|
415
|
|
|
self.users[0].set_password('old_pwd') |
|
416
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
417
|
|
|
response = self.client.put(self.user_url + 'change_password/', {'old_password': 'wrong', 'password': 'new_pwd'}) |
|
418
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
419
|
|
|
|
|
420
|
|
|
def test_change_pwd_no_pwd(self): |
|
421
|
|
|
# Client gives no new password |
|
422
|
|
|
self.users[0].set_password('old_pwd') |
|
423
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
424
|
|
|
response = self.client.put(self.user_url + 'change_password/', {'old_password': 'old_pwd', 'password': ''}) |
|
425
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
426
|
|
|
|
|
427
|
|
|
def test_change_pwd_ok(self): |
|
428
|
|
|
# Client successfully changes his password |
|
429
|
|
|
self.users[0].set_password('old_pwd') |
|
430
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
431
|
|
|
response = self.client.put(self.user_url + 'change_password/', {'old_password': 'old_pwd', 'password': 'new_strong_pwd'}) |
|
432
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
433
|
|
|
|
|
434
|
|
|
#### "Reset password" requests |
|
435
|
|
|
def test_reset_pwd_no_email(self): |
|
436
|
|
|
# Client gives no email |
|
437
|
|
|
response = self.client.post(self.user_url + 'reset_password/', {'email': ''}) |
|
438
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
439
|
|
|
|
|
440
|
|
|
def test_reset_pwd_no_user(self): |
|
441
|
|
|
# Client's email is not found |
|
442
|
|
|
response = self.client.post(self.user_url + 'reset_password/', {'email': '[email protected]'}) |
|
443
|
|
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
444
|
|
|
|
|
445
|
|
|
def test_reset_pwd_ok(self): |
|
446
|
|
|
# Client successfully resets his password |
|
447
|
|
|
response = self.client.post(self.user_url + 'reset_password/', {'email': self.users[0].email}) |
|
448
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
449
|
|
|
self.assertEqual(len(mail.outbox), 1) |
|
450
|
|
|
from sigma_core.views.user import reset_mail |
|
451
|
|
|
self.assertEqual(mail.outbox[0].subject, reset_mail['subject']) |
|
452
|
|
|
|
|
453
|
|
|
#### "Add photo" requests |
|
454
|
|
|
def test_addphoto_ok(self): |
|
455
|
|
|
self.client.force_authenticate(user=self.users[0]) |
|
456
|
|
|
with open("sigma_files/test_img.png", "rb") as img: |
|
457
|
|
|
response = self.client.post(self.user_url + "addphoto/", {'file': img}, format='multipart') |
|
458
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
459
|
|
|
|
|
460
|
|
|
#### Deletion requests |
|
461
|
|
|
def test_destroy_user_unauthed(self): |
|
462
|
|
|
# Client is not authenticated |
|
463
|
|
|
response = self.client.delete(self.user_url + "%d/" % self.users[0].id) |
|
464
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
465
|
|
|
|
|
466
|
|
|
def test_destroy_user_wrong_perms(self): |
|
467
|
|
|
# Client wants to delete another user but is not sigma or cluster admin |
|
468
|
|
|
self.client.force_authenticate(user=self.users[1]) |
|
469
|
|
|
response = self.client.delete(self.user_url + "%d/" % self.users[2].id) |
|
470
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
471
|
|
|
|
|
472
|
|
|
# def test_destroy_user_oneself(self): # TODO |
|
473
|
|
|
# # Client wants to delete its own user profile |
|
474
|
|
|
# self.client.force_authenticate(user=self.users[3]) |
|
475
|
|
|
# user_id = self.users[3].id |
|
476
|
|
|
# response = self.client.delete(self.user_url + "%d/" % self.users[3].id) |
|
477
|
|
|
# self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) |
|
478
|
|
|
# self.assertFalse(User.objects.filter(pk=user_id).exists()) |
|
479
|
|
|
# # Guarantee independance of tests |
|
480
|
|
|
# |
|
481
|
|
|
# def test_destroy_user_cluster_admin(self): # TODO |
|
482
|
|
|
# # Client wants to delete a user in a cluster whose he's admin |
|
483
|
|
|
# self.client.force_authenticate(user=self.users[0]) |
|
484
|
|
|
# user_id = self.users[3].id |
|
485
|
|
|
# response = self.client.delete(self.user_url + "%d/" % self.users[3].id) |
|
486
|
|
|
# self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) |
|
487
|
|
|
# # Guarantee independance of tests |
|
488
|
|
|
# |
|
489
|
|
|
# def test_destroy_user_sigma_admin(self): # TODO |
|
490
|
|
|
# # Client is Sigma admin and wants to delete a user |
|
491
|
|
|
# self.client.force_authenticate(user=self.users[-1]) |
|
492
|
|
|
# user_id = self.users[3].id |
|
493
|
|
|
# response = self.client.delete(self.user_url + "%d/" % self.users[3].id) |
|
494
|
|
|
# self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) |
|
495
|
|
|
# # Guarantee independance of tests |
|
496
|
|
|
|
ProjetSigma /
backend
Loading history...
