|
1
|
1 |
|
import json |
|
2
|
|
|
|
|
3
|
1 |
|
from django.core import mail |
|
4
|
|
|
|
|
5
|
1 |
|
from rest_framework import status |
|
6
|
1 |
|
from rest_framework.test import APITestCase, force_authenticate |
|
7
|
|
|
|
|
8
|
1 |
|
from sigma_core.tests.factories import UserFactory, AdminUserFactory, GroupMemberFactory, GroupFactory |
|
9
|
1 |
|
from sigma_core.serializers.user import DetailedUserSerializer as UserSerializer |
|
10
|
|
|
from sigma_core.models.group import Group |
|
11
|
|
|
from sigma_core.models.group_member import GroupMember |
|
12
|
1 |
|
|
|
13
|
1 |
|
class UserTests(APITestCase): |
|
14
|
|
|
@classmethod |
|
15
|
1 |
|
def setUpTestData(self): |
|
16
|
|
|
super(UserTests, self).setUpTestData() |
|
17
|
1 |
|
|
|
18
|
1 |
|
self.user = UserFactory() |
|
19
|
1 |
|
self.user2 = UserFactory() |
|
20
|
|
|
self.user3 = UserFactory() |
|
21
|
1 |
|
self.group23 = GroupFactory() |
|
22
|
1 |
|
GroupMemberFactory(group=self.group23, user=self.user2, perm_rank=0) |
|
23
|
1 |
|
GroupMemberFactory(group=self.group23, user=self.user3, perm_rank=1) |
|
24
|
|
|
self.admin_user = AdminUserFactory() |
|
25
|
1 |
|
|
|
26
|
|
|
serializer = UserSerializer(self.user) |
|
27
|
1 |
|
self.user_data = serializer.data |
|
28
|
|
|
self.user_url = '/user/%d/' % self.user.id |
|
29
|
|
|
|
|
30
|
1 |
|
self.users_list = [self.user, self.user2, self.admin_user] |
|
31
|
|
|
self.users_list_for_user3 = [self.user2, self.user3] |
|
32
|
1 |
|
|
|
33
|
1 |
|
self.new_user_data = {'lastname': 'Doe', 'firstname': 'John', 'email': '[email protected]', 'password': 'password'} |
|
34
|
|
|
|
|
35
|
|
|
#### List requests |
|
36
|
|
|
def test_get_users_list_unauthed(self): |
|
37
|
|
|
# Client not authenticated |
|
38
|
|
|
response = self.client.get('/user/') |
|
39
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
40
|
|
|
|
|
41
|
1 |
|
# def test_get_users_list_forbidden(self): |
|
42
|
|
|
# # Client authenticated but has no permission |
|
43
|
1 |
|
# self.client.force_authenticate(user=self.user) |
|
44
|
1 |
|
# response = self.client.get('/user/') |
|
45
|
1 |
|
# self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
46
|
1 |
|
|
|
47
|
|
|
def test_get_users_list_ok(self): |
|
48
|
|
|
# Client has permissions |
|
49
|
1 |
|
self.client.force_authenticate(user=self.user3) |
|
50
|
|
|
response = self.client.get('/user/') |
|
51
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
52
|
1 |
|
self.assertEqual(len(response.data), len(self.users_list_for_user3)) |
|
53
|
|
|
|
|
54
|
|
|
#### Get requests |
|
55
|
|
|
def test_get_user_unauthed(self): |
|
56
|
|
|
# Client is not authenticated |
|
57
|
|
|
response = self.client.get(self.user_url) |
|
58
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
59
|
|
|
|
|
60
|
1 |
|
def test_get_user_forbidden_no_common_group(self): |
|
61
|
|
|
# Client authenticated but has no group in common |
|
62
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
63
|
1 |
|
response = self.client.get("/user/%d/" % self.user3.id) |
|
64
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
65
|
1 |
|
|
|
66
|
1 |
|
def test_get_user_forbidden_common_group_not_accepted(self): |
|
67
|
|
|
# Client authenticated, group in common, but not accepted in this Group |
|
68
|
|
|
self.client.force_authenticate(user=self.user2) |
|
69
|
1 |
|
response = self.client.get("/user/%d/" % self.user3.id) |
|
70
|
|
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
71
|
1 |
|
|
|
72
|
1 |
|
def test_get_user_ok_same_group(self): |
|
73
|
|
|
self.client.force_authenticate(user=self.user3) |
|
74
|
1 |
|
response = self.client.get("/user/%d/" % self.user2.id) |
|
75
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
76
|
1 |
|
|
|
77
|
1 |
|
def test_get_user_ok(self): |
|
78
|
1 |
|
# Client has permissions |
|
79
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
80
|
|
|
response = self.client.get(self.user_url) |
|
81
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
82
|
1 |
|
response.data.pop('permissions', None) # Workaround because DRY rest permissions needs a request |
|
83
|
|
|
self.assertEqual(response.data, self.user_data) |
|
84
|
1 |
|
|
|
85
|
1 |
|
#### "Get my data" requests |
|
86
|
|
|
def test_get_my_data_unauthed(self): |
|
87
|
1 |
|
# Client is not authenticated |
|
88
|
|
|
response = self.client.get('/user/me/') |
|
89
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
90
|
1 |
|
|
|
91
|
1 |
|
def test_get_my_data_ok(self): |
|
92
|
|
|
# Client is authenticated |
|
93
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
94
|
|
|
response = self.client.get('/user/me/') |
|
95
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
96
|
1 |
|
self.assertEqual(response.data['id'], self.user.id) |
|
97
|
1 |
|
|
|
98
|
1 |
|
#### Create requests |
|
99
|
|
|
def test_create_user_unauthed(self): |
|
100
|
|
|
# Client is not authenticated |
|
101
|
1 |
|
response = self.client.post('/user/', self.new_user_data) |
|
102
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
103
|
1 |
|
|
|
104
|
1 |
|
def test_create_user_forbidden(self): |
|
105
|
1 |
|
# Client has no permission |
|
106
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
107
|
1 |
|
response = self.client.post('/user/', self.new_user_data) |
|
108
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
109
|
1 |
|
|
|
110
|
|
|
def test_create_user_ok(self): |
|
111
|
1 |
|
# Client has permissions |
|
112
|
1 |
|
self.client.force_authenticate(user=self.admin_user) |
|
113
|
1 |
|
response = self.client.post('/user/', self.new_user_data) |
|
114
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
115
|
1 |
|
self.assertEqual(response.data['lastname'], self.new_user_data['lastname']) |
|
116
|
|
|
|
|
117
|
1 |
|
#### Modification requests |
|
118
|
|
|
def test_edit_email_wrong_permission(self): |
|
119
|
1 |
|
# Client wants to change another user's email |
|
120
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
121
|
1 |
|
user_data = UserSerializer(self.user2).data |
|
122
|
1 |
|
user_data['email'] = "[email protected]" |
|
123
|
1 |
|
response = self.client.put("/user/%d/" % self.user2.id, user_data) |
|
124
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
125
|
|
|
|
|
126
|
1 |
|
def test_edit_is_superuser_no_permission(self): |
|
127
|
1 |
|
# Client can't set himself as administrator ! |
|
128
|
|
|
self.client.force_authenticate(user=self.user) |
|
129
|
1 |
|
user_data = UserSerializer(self.user).data |
|
130
|
|
|
user_data['is_superuser'] = True |
|
131
|
1 |
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
132
|
1 |
|
self.assertFalse(self.user.is_superuser); |
|
133
|
1 |
|
|
|
134
|
1 |
|
def test_edit_email_nonvalid_email(self): |
|
135
|
1 |
|
# Client wants to change his email with a non valid value |
|
136
|
|
|
self.client.force_authenticate(user=self.user) |
|
137
|
1 |
|
user_data = self.user_data.copy() |
|
138
|
|
|
user_data['email'] = "ThisIsNotAnEmail" |
|
139
|
1 |
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
140
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
141
|
1 |
|
|
|
142
|
1 |
|
def test_edit_email_ok(self): |
|
|
|
|
|
|
143
|
1 |
|
# Client wants to change his email and succeed in |
|
144
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
145
|
|
|
user_data = self.user_data.copy() |
|
146
|
1 |
|
user_data['email'] = "[email protected]" |
|
147
|
1 |
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
148
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
149
|
1 |
|
self.assertEqual(response.data['email'], user_data['email']) |
|
150
|
|
|
# Guarantee that tests are independant |
|
151
|
1 |
|
self.user.email = self.user_data['email'] |
|
152
|
1 |
|
self.user.save() |
|
153
|
1 |
|
|
|
154
|
1 |
|
def test_edit_profile_wrong_permission(self): |
|
155
|
1 |
|
# Client wants to change another user's phone number |
|
156
|
|
|
self.client.force_authenticate(user=self.user) |
|
157
|
1 |
|
user_data = UserSerializer(self.user2).data |
|
158
|
|
|
user_data['phone'] = "0123456789" |
|
159
|
1 |
|
response = self.client.put("/user/%d/" % self.user2.id, user_data) |
|
160
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
161
|
1 |
|
|
|
162
|
1 |
|
def test_edit_profile_ok(self): |
|
|
|
|
|
|
163
|
1 |
|
# Client wants to change his phone number |
|
164
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
165
|
|
|
user_data = self.user_data.copy() |
|
166
|
1 |
|
user_data['phone'] = "0123456789" |
|
167
|
1 |
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
168
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
169
|
|
|
self.assertEqual(response.data['phone'], user_data['phone']) |
|
170
|
|
|
# Guarantee that tests are independant |
|
171
|
1 |
|
self.user.phone = self.user_data['phone'] |
|
172
|
|
|
self.user.save() |
|
173
|
1 |
|
|
|
174
|
1 |
|
def test_edit_lastname_wrong_permission(self): |
|
175
|
1 |
|
# Client wants to change his lastname |
|
176
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
177
|
|
|
user_data = self.user_data.copy() |
|
178
|
1 |
|
user_data['lastname'] = "Daudet" |
|
179
|
|
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
180
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
181
|
1 |
|
|
|
182
|
1 |
|
def test_edit_lastname_ok(self): |
|
|
|
|
|
|
183
|
1 |
|
# Admin wants to change an user's lastname |
|
184
|
|
|
self.client.force_authenticate(user=self.admin_user) |
|
185
|
1 |
|
user_data = self.user_data.copy() |
|
186
|
|
|
user_data['lastname'] = "Daudet" |
|
187
|
1 |
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
188
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
189
|
1 |
|
self.assertEqual(response.data['lastname'], user_data['lastname']) |
|
190
|
1 |
|
# Guarantee that tests are independant |
|
191
|
|
|
self.user.lastname = self.user_data['lastname'] |
|
192
|
|
|
self.user.save() |
|
193
|
1 |
|
|
|
194
|
|
|
|
|
195
|
1 |
|
#### "Change password" requests |
|
196
|
1 |
|
def test_change_pwd_wrong_pwd(self): |
|
197
|
|
|
# Client gives a wrong old password |
|
198
|
1 |
|
self.user.set_password('old_pwd') |
|
199
|
|
|
self.client.force_authenticate(user=self.user) |
|
200
|
1 |
|
response = self.client.put('/user/change_password/', {'old_password': 'wrong', 'password': 'new_pwd'}) |
|
201
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
202
|
|
|
|
|
203
|
1 |
|
def test_change_pwd_no_pwd(self): |
|
204
|
|
|
# Client gives no new password |
|
205
|
1 |
|
self.user.set_password('old_pwd') |
|
206
|
1 |
|
self.client.force_authenticate(user=self.user) |
|
207
|
1 |
|
response = self.client.put('/user/change_password/', {'old_password': 'old_pwd', 'password': ''}) |
|
208
|
1 |
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
209
|
1 |
|
|
|
210
|
|
|
def test_change_pwd_ok(self): |
|
211
|
|
|
# Client successfully changes his password |
|
212
|
|
|
self.user.set_password('old_pwd') |
|
213
|
|
|
self.client.force_authenticate(user=self.user) |
|
214
|
|
|
response = self.client.put('/user/change_password/', {'old_password': 'old_pwd', 'password': 'new_strong_pwd'}) |
|
215
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
216
|
|
|
|
|
217
|
|
|
#### "Reset password" requests |
|
218
|
|
|
def test_reset_pwd_no_email(self): |
|
219
|
|
|
# Client gives no email |
|
220
|
|
|
response = self.client.post('/user/reset_password/', {'email': ''}) |
|
221
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
222
|
|
|
|
|
223
|
|
|
def test_reset_pwd_no_user(self): |
|
224
|
|
|
# Client's email is not found |
|
225
|
|
|
response = self.client.post('/user/reset_password/', {'email': '[email protected]'}) |
|
226
|
|
|
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) |
|
227
|
|
|
|
|
228
|
|
|
def test_reset_pwd_ok(self): |
|
229
|
|
|
# Client successfully resets his password |
|
230
|
|
|
response = self.client.post('/user/reset_password/', {'email': self.user.email}) |
|
231
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
232
|
|
|
self.assertEqual(len(mail.outbox), 1) |
|
233
|
|
|
from sigma_core.views.user import reset_mail |
|
234
|
|
|
self.assertEqual(mail.outbox[0].subject, reset_mail['subject']) |
|
235
|
|
|
|
|
236
|
|
|
#### "Add photo" requests |
|
237
|
|
|
def test_addphoto_ok(self): |
|
238
|
|
|
self.client.force_authenticate(user=self.user) |
|
239
|
|
|
with open("sigma_files/test_img.png", "rb") as img: |
|
240
|
|
|
response = self.client.post(self.user_url + "addphoto/", {'file': img}, format='multipart') |
|
241
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
242
|
|
|
|
|
243
|
|
|
#### Deletion requests |
|
244
|
|
|
|
ProjetSigma /
backend
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.