def test_uwp_patch_other(self):
     """User with proper perms can patch other user."""
     password = "******"
     new_password = "******"
     user = factories.UserFactory(permission_codes=["users.change_user"])
     other_user = factories.UserFactory()
     self.auth(user)
     data = {
         "data":
         self.schema.get_data(id=other_user.id,
                              current_password=password,
                              password=new_password)
     }
     response = self.patch(
         f"/{self.resource_name}/{other_user.pk}/",
         data=data,
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(),
     )
     json = response.json()
     # check parameters are correct
     self.assertEqual(json["data"]["id"], str(other_user.pk))
     self.assertEqual(json["data"]["attributes"]["email"], other_user.email)
     # check password was successfully updated
     other_user.refresh_from_db()
     self.assertTrue(other_user.check_password(new_password))
 def test_uwp_get_other(self):
     """User with perms can get other users."""
     user = factories.UserFactory(permission_codes=["users.view_user"])
     other_user = factories.UserFactory()
     self.auth(user)
     response = self.get(
         f"/{self.resource_name}/{other_user.pk}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(),
     )
     json = response.json()
     # check parameters are correct
     self.assertEqual(json["data"]["id"], str(other_user.pk))
     self.assertEqual(json["data"]["attributes"]["email"], other_user.email)
Beispiel #3
0
 def test_user_delete_token(self):
     """User can delete token."""
     email = "*****@*****.**"
     password = "******"
     factories.UserFactory(email=email, password=password)
     data = {"data": self.schema.get_data(email=email, password=password)}
     token = self.post(
         f"/{self.resource_name}/",
         data=data,
         asserted_status=status.HTTP_201_CREATED,
         asserted_schema=self.schema.get_matcher(),
     ).json()["data"]["attributes"]["token"]
     self.client.credentials(  # pylint: disable=no-member
         HTTP_AUTHORIZATION=f"Token {token}")
     self.get(
         f"/{self.resource_name}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(many=True,
                                                 exclude=["token"]),
     )
     # delete the token (logout)
     self.delete(f"/{self.resource_name}/",
                 asserted_status=status.HTTP_204_NO_CONTENT)
     # check the token is no longer valid
     self.get(f"/{self.resource_name}/",
              asserted_status=status.HTTP_401_UNAUTHORIZED)
Beispiel #4
0
 def test_user_delete_keep_token(self):
     """User can delete session and token persists."""
     email = "*****@*****.**"
     password = "******"
     user = factories.UserFactory(email=email, password=password)
     data = {"data": self.schema.get_data(email=email, password=password)}
     token = self.post(
         f"/{self.resource_name}/",
         data=data,
         asserted_status=status.HTTP_201_CREATED,
         asserted_schema=self.schema.get_matcher(),
     ).json()["data"]["attributes"]["token"]
     self.auth(user)
     self.get(
         f"/{self.resource_name}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(many=True,
                                                 exclude=["token"]),
     )
     # logout - i.e. flush the session
     self.delete(f"/{self.resource_name}/",
                 asserted_status=status.HTTP_204_NO_CONTENT)
     self.auth(None)
     # check client is not currently authed
     self.get(f"/{self.resource_name}/",
              asserted_status=status.HTTP_401_UNAUTHORIZED)
     # check the token is still valid
     self.client.credentials(  # pylint: disable=no-member
         HTTP_AUTHORIZATION=f"Token {token}")
     self.get(
         f"/{self.resource_name}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(many=True,
                                                 exclude=["token"]),
     )
 def test_anon_delete(self):
     """Unauthenticated user cannot delete."""
     user = factories.UserFactory()
     response = self.delete(
         f"/{self.resource_name}/{user.pk}/",
         asserted_status=status.HTTP_405_METHOD_NOT_ALLOWED,
     )
     json = response.json()
     # check has correct error
     self.assertHasError(json, "data", 'Method "DELETE" not allowed.')
 def test_user_delete_self(self):
     """User cannot delete self."""
     user = factories.UserFactory(permission_codes=["users.delete_user"])
     self.auth(user)
     response = self.delete(
         f"/{self.resource_name}/{user.pk}/",
         asserted_status=status.HTTP_405_METHOD_NOT_ALLOWED,
     )
     json = response.json()
     # check has correct error
     self.assertHasError(json, "data", 'Method "DELETE" not allowed.')
 def test_user_get_self(self):
     """User can get own user."""
     user = factories.UserFactory()
     self.auth(user)
     response = self.get(
         f"/{self.resource_name}/{user.pk}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(),
     )
     json = response.json()
     # check parameters are correct
     self.assertEqual(json["data"]["id"], str(user.pk))
     self.assertEqual(json["data"]["attributes"]["email"], user.email)
 def test_user_create(self):
     """User cannot create user."""
     user = factories.UserFactory()
     self.auth(user)
     email = "*****@*****.**"
     password = "******"
     data = {"data": self.schema.get_data(email=email, password=password)}
     response = self.post(
         f"/{self.resource_name}/",
         data=data,
         asserted_status=status.HTTP_403_FORBIDDEN,
     )
     json = response.json()
     # check email is correct
     self.assertHasError(json, "data", "You cannot create users.")
Beispiel #9
0
 def test_anon_create(self):
     """Unauthenticated user can create session."""
     email = "*****@*****.**"
     password = "******"
     user = factories.UserFactory(email=email, password=password)
     data = {"data": self.schema.get_data(email=email, password=password)}
     response = self.post(
         f"/{self.resource_name}/",
         data=data,
         asserted_status=status.HTTP_201_CREATED,
         asserted_schema=self.schema.get_matcher(),
     )
     json = response.json()
     # check parameters are correct
     self.assertIn("token", json["data"]["attributes"])
     self.assertEqual(json["data"]["relationships"]["user"]["data"]["id"],
                      str(user.pk))
Beispiel #10
0
 def test_user_get_own(self):
     """User can get own session."""
     email = "*****@*****.**"
     password = "******"
     user = factories.UserFactory(email=email, password=password)
     self.auth(user)
     response = self.get(
         f"/{self.resource_name}/",
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(many=True,
                                                 exclude=["token"]),
     )
     json = response.json()
     # check there is one instance in the json
     self.assertEqual(len(json["data"]), 1)
     session = json["data"][0]
     # check parameters are correct
     self.assertNotIn("token", session["attributes"])
     self.assertEqual(session["relationships"]["user"]["data"]["id"],
                      str(user.pk))
 def test_current_password_correct(self):
     """User cannot change own password without correct current password."""
     new_password = "******"
     user = factories.UserFactory()
     self.auth(user)
     data = {
         "data":
         self.schema.get_data(id=user.id,
                              current_password="******",
                              password=new_password)
     }
     response = self.patch(
         f"/{self.resource_name}/{user.pk}/",
         data=data,
         asserted_status=status.HTTP_400_BAD_REQUEST,
     )
     json = response.json()
     # check has correct error
     self.assertHasError(json, "current_password",
                         "Your current password is incorrect.")
 def test_current_password_required(self):
     """User cannot change own password without current password."""
     password = "******"
     new_password = "******"
     user = factories.UserFactory(password=password)
     self.auth(user)
     data = {
         "data": self.schema.get_data(id=user.id, password=new_password)
     }
     response = self.patch(
         f"/{self.resource_name}/{user.pk}/",
         data=data,
         asserted_status=status.HTTP_400_BAD_REQUEST,
     )
     json = response.json()
     # check has correct error
     self.assertHasError(
         json,
         "current_password",
         "This field is required when changing your password.",
     )
Beispiel #13
0
 def test_include_user(self):
     """User cannot be included in compound document."""
     email = "*****@*****.**"
     password = "******"
     factories.UserFactory(email=email, password=password)
     data = {"data": self.schema.get_data(email=email, password=password)}
     token_json = self.post(f"/{self.resource_name}/", data=data).json()
     token = token_json["data"]["attributes"]["token"]
     # check the token is valid
     self.client.credentials(  # pylint: disable=no-member
         HTTP_AUTHORIZATION=f"Token {token}")
     request = self.get(
         f"/{self.resource_name}/?include=user",
         asserted_status=status.HTTP_400_BAD_REQUEST,
     )
     json = request.json()
     # check has correct error
     self.assertHasError(
         json,
         "data",
         "This endpoint does not support the include parameter for path user",
     )
 def test_user_patch_password(self):
     """User can change their own password."""
     password = "******"
     new_password = "******"
     user = factories.UserFactory(email="*****@*****.**",
                                  password=password)
     self.auth(user)
     data = {
         "data":
         self.schema.get_data(id=user.id,
                              current_password=password,
                              password=new_password)
     }
     self.patch(
         f"/{self.resource_name}/{user.pk}/",
         data=data,
         asserted_status=status.HTTP_200_OK,
         asserted_schema=self.schema.get_matcher(),
     )
     # check password was successfully updated
     user.refresh_from_db()
     self.assertTrue(user.check_password(new_password))
 def test_user_delete_other(self):
     """User cannot delete other user."""
     user = factories.UserFactory()
     self.auth(user)
     self.test_anon_delete()
 def test_uwp_delete_other(self):
     """User with perms cannot delete other user."""
     user = factories.UserFactory(permission_codes=["users.delete_user"])
     self.auth(user)
     self.test_anon_delete()
 def test_uwp_create(self):
     """Users with perms can create users."""
     user = factories.UserFactory(permission_codes=["users.add_user"])
     self.auth(user)
     self.test_anon_create()