|
1
|
|
|
import json |
|
2
|
|
|
|
|
3
|
|
|
from rest_framework import status |
|
4
|
|
|
from rest_framework.test import APITestCase, force_authenticate |
|
5
|
|
|
|
|
6
|
|
|
from sigma_core.tests.factories import UserFactory, AdminUserFactory |
|
7
|
|
|
from sigma_core.serializers.user import UserWithoutPermissionsSerializer as UserSerializer |
|
8
|
|
|
|
|
9
|
|
|
|
|
10
|
|
|
class UserTests(APITestCase): |
|
11
|
|
|
@classmethod |
|
12
|
|
|
def setUpTestData(self): |
|
13
|
|
|
super(UserTests, self).setUpTestData() |
|
14
|
|
|
|
|
15
|
|
|
self.user = UserFactory() |
|
16
|
|
|
self.user2 = UserFactory() |
|
17
|
|
|
self.admin_user = AdminUserFactory() |
|
18
|
|
|
|
|
19
|
|
|
serializer = UserSerializer(self.user) |
|
20
|
|
|
self.user_data = serializer.data |
|
21
|
|
|
self.user_url = '/user/%d/' % self.user.id |
|
22
|
|
|
|
|
23
|
|
|
self.users_list = [self.user, self.user2, self.admin_user] |
|
24
|
|
|
|
|
25
|
|
|
self.new_user_data = {'lastname': 'Doe', 'firstname': 'John', 'email': '[email protected]', 'password': 'password'} |
|
26
|
|
|
|
|
27
|
|
|
#### List requests |
|
28
|
|
|
def test_get_users_list_unauthed(self): |
|
29
|
|
|
# Client not authenticated |
|
30
|
|
|
response = self.client.get('/user/') |
|
31
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
32
|
|
|
|
|
33
|
|
|
# def test_get_users_list_forbidden(self): |
|
34
|
|
|
# # Client authenticated but has no permission |
|
35
|
|
|
# self.client.force_authenticate(user=self.user) |
|
36
|
|
|
# response = self.client.get('/user/') |
|
37
|
|
|
# self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
38
|
|
|
|
|
39
|
|
|
def test_get_users_list_ok(self): |
|
40
|
|
|
# Client has permissions |
|
41
|
|
|
self.client.force_authenticate(user=self.user) |
|
42
|
|
|
response = self.client.get('/user/') |
|
43
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
44
|
|
|
self.assertEqual(len(response.data), len(self.users_list)) |
|
45
|
|
|
|
|
46
|
|
|
#### Get requests |
|
47
|
|
|
def test_get_user_unauthed(self): |
|
48
|
|
|
# Client is not authenticated |
|
49
|
|
|
response = self.client.get(self.user_url) |
|
50
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
51
|
|
|
|
|
52
|
|
|
# def test_get_user_forbidden(self): |
|
53
|
|
|
# # Client authenticated but has no permission |
|
54
|
|
|
# self.client.force_authenticate(user=self.user2) |
|
55
|
|
|
# response = self.client.get(self.user_url) |
|
56
|
|
|
# self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
57
|
|
|
|
|
58
|
|
|
def test_get_user_ok(self): |
|
59
|
|
|
# Client has permissions |
|
60
|
|
|
self.client.force_authenticate(user=self.user) |
|
61
|
|
|
response = self.client.get(self.user_url) |
|
62
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
63
|
|
|
response.data.pop('permissions', None) # Workaround because DRY rest permissions needs a request |
|
64
|
|
|
self.assertEqual(response.data, self.user_data) |
|
65
|
|
|
|
|
66
|
|
|
#### "Get my data" requests |
|
67
|
|
|
def test_get_my_data_unauthed(self): |
|
68
|
|
|
# Client is not authenticated |
|
69
|
|
|
response = self.client.get('/user/me/') |
|
70
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
71
|
|
|
|
|
72
|
|
|
def test_get_my_data_ok(self): |
|
73
|
|
|
# Client is authenticated |
|
74
|
|
|
self.client.force_authenticate(user=self.user) |
|
75
|
|
|
response = self.client.get('/user/me/') |
|
76
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
77
|
|
|
self.assertEqual(response.data['id'], self.user.id) |
|
78
|
|
|
|
|
79
|
|
|
#### Create requests |
|
80
|
|
|
def test_create_user_unauthed(self): |
|
81
|
|
|
# Client is not authenticated |
|
82
|
|
|
response = self.client.post('/user/', self.new_user_data) |
|
83
|
|
|
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) |
|
84
|
|
|
|
|
85
|
|
|
def test_create_user_forbidden(self): |
|
86
|
|
|
# Client has no permission |
|
87
|
|
|
self.client.force_authenticate(user=self.user) |
|
88
|
|
|
response = self.client.post('/user/', self.new_user_data) |
|
89
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
90
|
|
|
|
|
91
|
|
|
def test_create_user_ok(self): |
|
92
|
|
|
# Client has permissions |
|
93
|
|
|
self.client.force_authenticate(user=self.admin_user) |
|
94
|
|
|
response = self.client.post('/user/', self.new_user_data) |
|
95
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED) |
|
96
|
|
|
self.assertEqual(response.data['lastname'], self.new_user_data['lastname']) |
|
97
|
|
|
|
|
98
|
|
|
#### Modification requests |
|
99
|
|
|
def test_edit_email_wrong_permission(self): |
|
100
|
|
|
# Client wants to change another user's email |
|
101
|
|
|
self.client.force_authenticate(user=self.user) |
|
102
|
|
|
user_data = UserSerializer(self.user2).data |
|
103
|
|
|
user_data['email'] = "[email protected]" |
|
104
|
|
|
response = self.client.put("/user/%d/" % self.user2.id, user_data) |
|
105
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
106
|
|
|
|
|
107
|
|
|
def test_edit_email_nonvalid_email(self): |
|
108
|
|
|
# Client wants to change his email with a non valid value |
|
109
|
|
|
self.client.force_authenticate(user=self.user) |
|
110
|
|
|
user_data = self.user_data.copy() |
|
111
|
|
|
user_data['email'] = "ThisIsNotAnEmail" |
|
112
|
|
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
113
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) |
|
114
|
|
|
|
|
115
|
|
|
def test_edit_email_ok(self): |
|
|
|
|
|
|
116
|
|
|
# Client wants to change his email and succeed in |
|
117
|
|
|
self.client.force_authenticate(user=self.user) |
|
118
|
|
|
user_data = self.user_data.copy() |
|
119
|
|
|
user_data['email'] = "[email protected]" |
|
120
|
|
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
121
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
122
|
|
|
self.assertEqual(response.data['email'], user_data['email']) |
|
123
|
|
|
# Guarantee that tests are independant |
|
124
|
|
|
self.user.email = self.user_data['email'] |
|
125
|
|
|
self.user.save() |
|
126
|
|
|
|
|
127
|
|
|
def test_edit_profile_wrong_permission(self): |
|
128
|
|
|
# Client wants to change another user's phone number |
|
129
|
|
|
self.client.force_authenticate(user=self.user) |
|
130
|
|
|
user_data = UserSerializer(self.user2).data |
|
131
|
|
|
user_data['phone'] = "0123456789" |
|
132
|
|
|
response = self.client.put("/user/%d/" % self.user2.id, user_data) |
|
133
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) |
|
134
|
|
|
|
|
135
|
|
|
def test_edit_profile_ok(self): |
|
|
|
|
|
|
136
|
|
|
# Client wants to change his phone number |
|
137
|
|
|
self.client.force_authenticate(user=self.user) |
|
138
|
|
|
user_data = self.user_data.copy() |
|
139
|
|
|
user_data['phone'] = "0123456789" |
|
140
|
|
|
response = self.client.put("/user/%d/" % self.user.id, user_data) |
|
141
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK) |
|
142
|
|
|
self.assertEqual(response.data['phone'], user_data['phone']) |
|
143
|
|
|
# Guarantee that tests are independant |
|
144
|
|
|
self.user.phone = self.user_data['phone'] |
|
145
|
|
|
self.user.save() |
|
146
|
|
|
|
|
147
|
|
|
def test_edit_lastname_wrong_permission(self): |
|
148
|
|
|
# Client wants to change his lastname |
|
149
|
|
|
pass |
|
150
|
|
|
|
|
151
|
|
|
def test_edit_lastname_ok(self): |
|
152
|
|
|
# Admin wants to change an user's lastname |
|
153
|
|
|
pass |
|
154
|
|
|
|
|
155
|
|
|
|
|
156
|
|
|
#### "Change password" requests |
|
157
|
|
|
|
|
158
|
|
|
#### Deletion requests |
|
159
|
|
|
|
ProjetSigma /
backend
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.