def test_refresh_with_access_token(self, client, access_token):
response = client.post(TOKEN_REFRESH_URL, {
'refresh': access_token,
})
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response('Token has wrong type')
def test_refresh_with_invalid_refresh_token(self, client):
response = client.post(TOKEN_REFRESH_URL, {
'refresh': 'invalid_token',
})
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response(
'Token is invalid or expired')
def test_refresh_without_token(self, client):
response = client.post(TOKEN_REFRESH_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'refresh':
'This field is required.',
})
def test_invalid_credentials(self, client, user):
response = client.post(LOGIN_URL, {
'email': user.email + 'a',
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response(
'No active account found with the given credentials')
def test_invalid_field(self, client):
response = client.post(CHECK_FIELD_TAKEN_URL, {
'field': 'invalid_field',
'value': fake.safe_email(),
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
{'field': '"invalid_field" is not a valid choice.'})
def test_invalid_uidb64(self, client):
response = client.post(ACTIVATE_ACCOUNT_URL, {
'token': 'incorrect_token',
'uidb64': 'incorrect_uidb64',
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
def test_register_email_taken(self, client, user):
response = client.post(REGISTRATION_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
{'email': 'Email is already taken.'})
def test_empty_data(self, client):
response = client.post(REGISTRATION_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'email':
'This field is required.',
'password':
'******',
})
def test_without_credentials(self, client):
response = client.post(LOGIN_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'email':
'This field is required.',
'password':
'******',
})
def test_invalid_user_id(self, client):
response = client.post(
ACTIVATE_ACCOUNT_URL, {
'token': 'incorrect_token',
'uidb64': urlsafe_base64_encode(force_bytes(888)),
})
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.data == test_error_response(
'No User matches the given query.')
def test_empty_data(self, client):
response = client.post(ACTIVATE_ACCOUNT_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'uidb64':
'This field is required.',
'token':
'This field is required.',
})
def test_invalid_uidb64(self, client):
response = client.post(
PASSWORD_RESET_URL, {
'token': 'incorrect_token',
'uidb64': 'incorrect_uidb64',
'new_password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
def test_invalid_uid(self, client, user):
response = client.post(
PASSWORD_RESET_URL, {
'token': 'invalid_token',
'uidb64': urlsafe_base64_encode(force_bytes(user.id)),
'new_password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
def test_another_user_token(self, client, users):
response = client.post(
PASSWORD_RESET_URL, {
'token': default_token_generator.make_token(users[0]),
'uidb64': urlsafe_base64_encode(force_bytes(users[1].id)),
'new_password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
def test_invalid_user_id(self, client):
response = client.post(
PASSWORD_RESET_URL, {
'token': 'incorrect_token',
'uidb64': urlsafe_base64_encode(force_bytes(888)),
'new_password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.data == test_error_response(
'No User matches the given query.')
def test_another_user_token(self, client, users):
users[0].update(is_email_verified=False)
users[1].update(is_email_verified=False)
response = client.post(
ACTIVATE_ACCOUNT_URL, {
'token': default_token_generator.make_token(users[0]),
'uidb64': urlsafe_base64_encode(force_bytes(users[1].id)),
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
def test_empty_data(self, client):
response = client.post(PASSWORD_RESET_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'uidb64':
'This field is required.',
'token':
'This field is required.',
'new_password':
'******',
})
def test_change_password_with_invalid_old_password(self,
authorised_client):
response = authorised_client.put(
PASSWORD_URL, {
'old_password': DEFAULT_USER_PASSWORD + '!',
'new_password': DEFAULT_USER_PASSWORD + 'a',
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'old_password':
'******',
})
def test_invalid_uid(self, client, user):
user.update(is_email_verified=False)
response = client.post(
ACTIVATE_ACCOUNT_URL, {
'token': 'invalid_token',
'uidb64': urlsafe_base64_encode(force_bytes(user.id)),
})
user.refresh_from_db()
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
'Link is invalid or expired.')
assert not user.is_email_verified
def test_refresh_with_expired_token(self, client, user):
time1, time2 = '2100-01-01 00:00:00', '2100-01-08 00:00:01'
with freeze_time(time1):
refresh_token = str(RefreshToken.for_user(user))
with freeze_time(time2):
response = client.post(TOKEN_REFRESH_URL, {
'refresh': refresh_token,
})
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response(
'Token is invalid or expired')
def test_get_inactive_account(self, authorised_client):
authorised_client.user.update(is_active=False)
response = authorised_client.get(ME_URL)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response('User not found')
def test_no_credentials(self, client):
response = client.get(ME_URL)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert response.data == test_error_response(
'Authentication credentials were not provided.')
class TestRegistrationView:
def test_empty_data(self, client):
response = client.post(REGISTRATION_URL)
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response({
'email':
'This field is required.',
'password':
'******',
})
def test_register_email_taken(self, client, user):
response = client.post(REGISTRATION_URL, {
'email': user.email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == test_error_response(
{'email': 'Email is already taken.'})
@pytest.mark.parametrize('password, expected_response', [
(
'short',
test_error_response({
'password':
'******'
}),
),
(
'123456789513241241234',
test_error_response(
{'password': '******'}),
),
(
'qwerty123',
test_error_response({'password': '******'}),
),
])
def test_register_wrong_password(self, password, expected_response,
client):
response = client.post(REGISTRATION_URL, {
'email': fake.safe_email(),
'password': password,
})
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.data == expected_response
def test_register(self, client):
email = fake.safe_email()
response = client.post(REGISTRATION_URL, {
'email': email,
'password': DEFAULT_USER_PASSWORD,
})
assert response.status_code == status.HTTP_200_OK
assert 'access' in response.data
assert 'refresh' in response.data
user = User.all.get(email=email)
assert user.check_password(DEFAULT_USER_PASSWORD)
assert not user.is_email_verified
def test_register_with_read_only_fields(self, client):
email = fake.safe_email()
response = client.post(
REGISTRATION_URL, {
'id': 0,
'is_staff': True,
'is_superuser': True,
'email': email,
'password': DEFAULT_USER_PASSWORD,
})
user = User.all.get(email=email)
assert response.status_code == status.HTTP_200_OK
assert user.id != 0
assert not user.is_staff
assert not user.is_superuser
