def test_pull_from_queue_order(self, mocked_now):
# now needs to be padded to account for API and db clocks not in perfect sync
test_datetime = (datetime.utcnow() - timedelta(0, 3)).isoformat() + 'Z'
mocked_now.return_value = test_datetime
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.service_token)
minus_10_min = (datetime.utcnow() - timedelta(0, 600)).isoformat() + 'Z'
# purposely not ordered by the actual expected by pull
classifier4 = self.schedule_classifier(priority=4)
classifier1 = self.schedule_classifier(priority=1)
classifier2 = self.schedule_classifier(priority=2)
response = client.get('/classifiers/queue?title=' + DEFAULT_CLASSIFIER_TITLE + '&worker_id=foo')
self.assertEqual(classifier1['id'], response.data[0]['id'])
response = client.get('/classifiers/queue?title=' + DEFAULT_CLASSIFIER_TITLE + '&worker_id=foo')
self.assertEqual(classifier2['id'], response.data[0]['id'])
# All the 'normal' priority tasks from setUp() should be here
response = client.get('/classifiers/queue?title=' + DEFAULT_CLASSIFIER_TITLE + '&worker_id=foo')
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), number_of_classifiers_created_initially)
response = client.get('/classifiers/queue?title=' + DEFAULT_CLASSIFIER_TITLE + '&worker_id=foo')
self.assertEqual(classifier4['id'], response.data[0]['id'])
def test_put_member(self):
"""
Good request
"""
member_1 = MemberFactory()
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
data = {
'first_name': 'Patrick',
'last_name': 'St-pierre'
}
response = client.put(
reverse(
'api:retrieve_update_destroy_member_api',
kwargs={'pk': 1}
),
data,
format='json'
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['first_name'], 'Patrick')
self.assertEqual(response.data['last_name'], 'St-pierre')
class EndpointTestCase(TestCase):
def setUp(self):
super().setUp()
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.reload(self.r).token)
def assertResponseEqualsRoom(self, response, room, check_token=True):
response['name'].should.eql(room.name)
response['current_music'].should.eql(room.current_music)
response['shuffle'].should.eql(room.shuffle)
response['can_adjust_volume'].should.eql(room.can_adjust_volume)
response['count_left'].should.eql(room.get_count_remaining())
response['time_left'].should.eql(room.get_remaining_time())
response['current_time_left'].should.eql(room.get_current_remaining_time())
response['volume'].should.eql(room.volume)
response['playlist'].should.eql(list(room.playlist.all()))
if check_token:
response['token'].should.eql(room.token)
def assertResponseEqualsMusic(self, response, music):
response['name'].should.eql(music.name)
response['music_id'].should.eql(music.music_id)
response['url'].should.eql(music.url)
response['duration'].should.eql(music.duration)
response['thumbnail'].should.eql(music.thumbnail)
response['count'].should.eql(music.count)
response['timer_start'].should.eql(music.timer_start)
response['source'].should.eql(music.source)
if response['last_play'] is not None:
datetime.strptime(response['last_play'], '%Y-%m-%dT%H:%M:%S.%f').should.eql(music.last_play)
else:
response['last_play'].should.eql(music.last_play)
def test_expansion(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.token)
classifier1_response = client.post('/classifiers', self.classifier_post_data, format='json')
classifier2_response = client.post('/classifiers', self.classifier_post_data, format='json')
self.assertEqual(classifier1_response.status_code, 201)
self.assertEqual(classifier2_response.status_code, 201)
get_1_response = client.get('/classifiers/{id}?expand=user,genes,diseases'.format(id=classifier1_response.data['id']))
get_2_response = client.get('/classifiers/{id}?expand=user,genes,diseases'.format(id=classifier2_response.data['id']))
self.assertEqual(get_1_response.status_code, 200)
self.assertEqual(get_1_response.status_code, 200)
self.assertEqual(list(get_1_response.data.keys()), classifier_keys)
self.assertEqual(list(get_2_response.data.keys()), classifier_keys)
self.assertTrue(isinstance(get_1_response.data['user'], dict))
self.assertTrue(isinstance(get_2_response.data['user'], dict))
self.assertTrue(isinstance(get_1_response.data['genes'][0], dict))
self.assertTrue(isinstance(get_1_response.data['genes'][1], dict))
self.assertTrue(isinstance(get_1_response.data['diseases'][0], dict))
self.assertTrue(isinstance(get_1_response.data['diseases'][1], dict))
self.assertTrue(isinstance(get_2_response.data['genes'][0], dict))
self.assertTrue(isinstance(get_2_response.data['genes'][1], dict))
self.assertTrue(isinstance(get_2_response.data['diseases'][0], dict))
self.assertTrue(isinstance(get_2_response.data['diseases'][1], dict))
class AuthenticationTest(APITestCase):
def setUp(self):
self.client = APIClient()
self.organization = Organization(
rid=1, name="testorganization")
self.user = User.objects.create_user(
username='******', email='*****@*****.**', password='******', organization=self.organization)
def test_login_logout(self):
request = self.client.post(
'/auth/login', {"username": "******", "password": "******"})
token = request.data.get('token', None)
self.assertIsNotNone(
token, "Could not receive authentication token on login post.")
self.assertEqual(request.status_code, 200,
"Status code on /auth/login was %s (should be 200)." % request.status_code)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
request = self.client.get('/auth/load')
self.assertEqual(request.status_code, 200,
"Status code on /auth/load was not 200.")
self.assertEqual(request.data['username'], self.user.username,
"Usernames for loaded user (%s) and initialized user "
"(%s) do not match." % (request.data['username'], self.user.username))
request = self.client.get('/auth/logout')
self.assertEqual(request.status_code, 200,
"Status code on /auth/logout was %s (should be 200)." % request.status_code)
self.client.credentials(HTTP_AUTHORIZATION='')
request = self.client.get('/auth/load')
self.assertEqual(request.status_code, 401,
"Status code on /auth/load was %s (should be 401) "
"after logout." % request.status_code)
def test_case8(self):
client = APIClient()
client.credentials(HTTP_GOOGLEID=google_id, HTTP_TOKEN='invalidtoken')
response = client.post('/login/', {'email': email, 'name': name, 'font_size': font_size, 'language': language}, format='json')
self.assertNotEqual(response.status_code, status.HTTP_200_OK, "Login shouldn't work.")
def test_superuser_can_edit_an_unowned_sample(self):
client = APIClient()
client.credentials(
HTTP_AUTHORIZATION='Token ' + self.superuser1.auth_token.key
)
sample_data = deepcopy(self.sample_data)
res = client.post('/samples/', sample_data)
res_json = json.loads(res.content.decode('utf-8'))
sample_data['number'] = get_random_str()
sample_data.update(dict(
minerals=[
{
"id": str(self.minerals[2].pk),
"amount": "y",
},
{
"id": str(self.minerals[3].pk),
"amount": "y",
},
]
)),
res = client.put('/samples/{}/'.format(res_json['id']),
sample_data)
self.assertEqual(res.status_code, status.HTTP_200_OK)
res_json = json.loads(res.content.decode('utf-8'))
self.assertEqual(res_json['number'], updated_sample_number)
self.assertEqual(
set(mineral['id'] for mineral in res_json['minerals']),
set(mineral['id'] for mineral in sample_data['minerals'])
)
class AuthTestCase(APITestCase, TestCaseMixin):
def setUp(self):
self.user = User.objects.create()
self.client = APIClient()
token, created = Token.objects.get_or_create(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION="Token " + token.key)
self.notAuthClient = APIClient()
self.fakeAuthClient = APIClient()
self.fakeAuthClient.credentials(HTTP_AUTHORIZATION="Token justAFakeToken123")
def test_auth(self):
url = reverse("verify-token")
result = self.client.post(url)
self.assertEqual(result.status_code, 200)
def test_no_auth(self):
url = reverse("verify-token")
result = self.notAuthClient.post(url)
self.assertEqual(result.status_code, 401)
def test_fake_auth(self):
url = reverse("verify-token")
result = self.fakeAuthClient.post(url)
self.assertEqual(result.status_code, 401)
def test_create_selection(self):
token = Token.objects.get(user__username="******")
client = APIClient()
client.credentials(HTTP_AUTHORIZATION="Token " + token.key)
response = client.post("/selections/")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def get_api_client(self, admin_auth=False):
client = APIClient()
if admin_auth:
client.credentials(HTTP_AUTHORIZATION='Token {0}'.format(self.td.user_admin_apikey.key))
return client
def test_pull_and_complete(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.service_token)
update_response = self.pull_and_update(client, False)
self.assertEqual(update_response.data['status'], 'complete')
def get_authorized_client(user):
token = Token.objects.create(user=user)
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
return client
class GetVariableDetail(TestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', email='*****@*****.**', password='******')
self.token = Token.objects.get(user=self.user.id)
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
self.dataset = Dataset(name='test_set', owner=self.user)
self.dataset.save()
self.variable = Variable(name='variable', dataset=self.dataset, datatype='string', values=['one', 'two', 'three'])
self.variable.save()
self.url = reverse('api:variable_by_dataset_detail', kwargs={'dataset_pk': self.dataset.id, 'pk':self.variable.id})
def test_get_variable_detail(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['name'], self.variable.name)
self.assertEqual(response.data['dataset'], self.variable.dataset.id)
self.assertEqual(response.data['datatype'], self.variable.datatype)
self.assertEqual(response.data['values'], self.variable.values)
def test_modify_variable(self):
data = {'name': 'changed_name', 'dataset':'changed_dataset', 'datatype':'float', 'subtype': 'continuous', 'values':[1, 2 , 3]}
response = self.client.put(self.url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['name'], data['name'])
self.assertEqual(response.data['dataset'], self.variable.dataset.id)
self.assertEqual(response.data['datatype'], self.variable.datatype)
self.assertEqual(response.data['values'], self.variable.values)
self.assertEqual(response.data['subtype'], data['subtype'])
def test_delete_variable(self):
response = self.client.delete(self.url)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def create_client(user, url, get=True, kwargs=None):
token = Token.objects.get_or_create(user=user)[0]
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
if get:
return client.get(url, kwargs=kwargs)
return client.post(url, data=kwargs)
def test_list_tasks(self):
task_post_data = {
'task_def': self.task_def_name,
'data': {
'foo': 'bar'
}
}
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.token)
task_1_repsonse = client.post('/tasks', task_post_data, format='json')
task_2_response = client.post('/tasks', task_post_data, format='json')
client = APIClient() # clear token
list_response = client.get('/tasks')
self.assertEqual(list_response.status_code, 200)
self.assertEqual(list(list_response.data.keys()), ['count',
'next',
'previous',
'results'])
self.assertEqual(len(list_response.data['results']), 2)
self.assertEqual(list(list_response.data['results'][0].keys()), task_keys)
self.assertEqual(list(list_response.data['results'][1].keys()), task_keys)
def test_update_task_auth(self):
task_post_data = {
'task_def': self.task_def_name,
'unique': 'classifer-2343',
'data': {
'foo': 'bar'
}
}
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.token)
create_response = client.post('/tasks', task_post_data, format='json')
self.assertEqual(create_response.status_code, 201)
client = APIClient() # clear token
update = create_response.data
update['priority'] = 'high'
update_response = client.put('/tasks/' + str(update['id']), update, format='json')
self.assertEqual(update_response.status_code, 401)
self.assertEqual(update_response.data, {'detail': 'Authentication credentials were not provided.'})
def test_detail(self):
url = reverse('api-job-detail', kwargs={'pk': self.job1})
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['title'], 'job title 1')
# unexisting or of someone else: 404
url = reverse('api-job-detail', kwargs={'pk': 0})
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# setting back the correct url
url = reverse('api-job-detail', kwargs={'pk': self.job1})
client = APIClient()
# another user SAME APP: OK
user = User.objects.create(username='******', password='******', email="*****@*****.**")
Membership.objects.create(user=user, account=self.account)
token = Token.objects.get(user=user)
token = 'Token ' + token.key + '/' + self.app.token
client.credentials(HTTP_AUTHORIZATION=token)
response = client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
# another user, another app: 404
token = Token.objects.get(user=self.user2)
token = 'Token ' + token.key + '/' + self.app2.token
client.credentials(HTTP_AUTHORIZATION=token)
response = client.get(url, format='json')
# this is not 403 beacuse the list is restricted by the app (see get_queryset)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class GroupTests(APITestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', email='*****@*****.**', password='******')
self.cl = Client.objects.create(user=self.user,
redirect_uri="http://localhost/",
client_type=2
)
self.token = AccessToken.objects.create(
user=self.user, client=self.cl,
expires=datetime.date(
year=2015, month=1, day=2
)
)
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + self.token.token)
def test_create_group(self):
"""
Ensure we can create a group.
"""
url = reverse('group-create')
data = { 'name': 'SECSI',
'description': 'SECSI, DO YOU SPEAK IT', 'creator': self.user.id}
response = self.client.post(url + ".json", data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
class TodoTest(TestCase):
def setUp(self):
self.username = '******'
self.email = '*****@*****.**'
self.password = '******'
self.user = User.objects.create_user(self.username, self.email, self.password)
self.user.save()
self.client = APIClient()
def test_get_empty_todo_list(self):
token = Token.objects.create(user=self.user).key
self.client.credentials(HTTP_AUTHORIZATION="Token " + token)
request = self.client.get("/todos/", {}, format="json")
self.assertEqual(request.status_code, status.HTTP_200_OK)
def test_get_todo_list(self):
todo = Todo.objects.create(
title = "hacer tarea",
body = "terminar modulo django",
user = self.user,
)
todo.save()
token = Token.objects.create(user=self.user).key
self.client.credentials(HTTP_AUTHORIZATION="Token " + token)
request = self.client.get("/todos/", {}, format="json")
self.assertEqual(request.status_code, status.HTTP_200_OK)
def api_client():
"""Create an admin user, and login using the token."""
user = UserFactory(username='******', is_staff=True)
token = Token.objects.create(user=user)
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token {}'.format(token.key))
yield client
def user_api_client(user):
api_client = APIClient()
token = access_token_factory(scopes=['identities'], user=user)
api_client.credentials(HTTP_AUTHORIZATION='Bearer {}'.format(token.access_token))
api_client.token = token
api_client.user = user
return api_client
def interface_device_api_client(user):
api_client = APIClient()
enc_key = jwk.JWK.generate(kty='oct', alg='HS256', use='enc')
sign_key = jwk.JWK.generate(kty='EC', crv='P-256', use='sig')
user_device = UserDeviceFactory(
secret_key=json.loads(enc_key.export()),
public_key=json.loads(sign_key.export_public()),
user=user,
)
interface_device = InterfaceDeviceFactory(secret_key=str(uuid.uuid4()), scopes='read:identities:helmet')
header = {'alg': 'A256KW', 'enc': 'A128CBC-HS256', 'iss': str(user_device.id)}
nonce = int(random.random()*1000000000000000)
payload = {
'iss': str(user_device.id),
'cnt': user_device.auth_counter + 1,
'azp': str(interface_device.id),
'sub': str(user.uuid),
'iat': int(time.time()),
'nonce': nonce,
}
token = create_jwe(header, payload, sign_key, enc_key)
api_client.credentials(HTTP_AUTHORIZATION='Bearer {}'.format(token),
HTTP_X_INTERFACE_DEVICE_SECRET=str(interface_device.secret_key))
api_client.user_device = user_device
api_client.interface_device = interface_device
api_client.token = token
api_client.user = user_device.user
api_client.nonce = str(nonce)
return api_client
def test_url(self, token, view_name, query, table):
url = reverse(view_name) + '.json' + query
pre_index_scans = self.get_index_scan_counts(table)
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token)
start_time = time.time()
response = client.get(url)
time_taken = time.time() - start_time
# TODO figure out how to get stats to refresh without this workaround.
# You'd think that SELECT pg_stat_clear_snapshot() might work but no.
connection.close()
time.sleep(1)
post_index_scans = self.get_index_scan_counts(table)
access_result = colored(response.status_code, Fore.GREEN if 200 <= response.status_code < 300 else Fore.RED)
time_result = colored("%.3f" % time_taken, Fore.GREEN if time_taken < MAX_REQUEST_TIME else Fore.RED) + " secs"
used_indexes = [i for i, scans in pre_index_scans.iteritems() if post_index_scans.get(i) > scans]
index_result = ",".join(used_indexes)
self.stdout.write("GET %s %s / %s / %s" % (url, access_result, time_result, index_result))
def test_user_cannot_view_another_user_detail(self):
client = APIClient()
token = Token.objects.get(user__username=self.user_one.username)
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
url = reverse('user-detail', kwargs={'pk': self.user_two.pk})
response = client.get(url)
self.assertEqual(response.status_code, 404)
def test_only_me_can_delete_account(self):
"""
Accounts can only be deleted by authed owner
:return:
"""
# setup
self.test_create_account()
view = AccountViewSet.as_view({'delete': 'destroy'})
account = Account.objects.get(username=self.username)
client = APIClient()
# auth with jwt
response = client.post('/api-token-auth/',
self.json_account_credentials,
format='json')
token = response.data['token']
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Make request
client.credentials(HTTP_AUTHORIZATION='Bearer ' + token)
response = client.delete('/api/v1/accounts/'+self.username+'/')
# Asserts
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# check no object exists
try:
account = Account.objects.get(username=self.username)
except:
account = None
self.assertIsNone(account)
def test_update_subject_on_protocol(self, mock_grh_update, mock_grh_get, mock_orh, mock_srh):
'''
Ensure that we can create a subject on a Protocol
'''
subject = {
'id': 1,
'first_name': 'Johnny',
'last_name': 'Sample',
'organization_subject_id': '42424242',
'organization': '1',
'dob': '2000-01-01',
'modified': '2015-01-01 00:00:00.000',
'created': '2015-01-01 00:00:00.000'
}
url = reverse(
'protocol-subject-view',
kwargs={
'pk': self.test_protocol.id,
'subject': self.test_user.id
})
token = Token.objects.get(user__username='******')
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
mock_orh.return_value = TestOrganization
mock_srh.return_value = TestSubject
mock_grh_get.return_value = TestGroup
mock_grh_update.return_value = [{'success': True}]
response = client.put(url, subject, format='json')
self.assertTrue(response.status_code, 200)
print(response.data)
self.assertEqual(response.data['first_name'], 'Johnny')
def _get_basic_auth_client(user_id, password):
auth = base64.b64encode('{}:{}'.format(user_id, password).encode('utf-8'))
client = APIClient(HTTP_ACCEPT='application/json')
client.credentials(HTTP_AUTHORIZATION='Basic {}'.format(auth.decode('utf-8')))
return client
def create_oidc_api_client(scopes=(), user=None):
user = user or UserFactory()
token = access_token_factory(scopes=scopes, user=user)
api_client = APIClient()
api_client.credentials(HTTP_AUTHORIZATION='Bearer {}'.format(token.access_token))
api_client.user = user
return api_client
class DatasetListTest(TestCase):
#create two users and one dataset for each user.
def setUp(self):
self.user1 = User.objects.create_user(username='******', email='*****@*****.**', password='******')
self.user2 = User.objects.create_user(username='******', email='*****@*****.**', password='******')
self.token1 = Token.objects.get(user=self.user1.id)
self.token2 = Token.objects.get(user=self.user2.id)
self.client = APIClient()
self.url = reverse('api:dataset_list')
self.dataset1 = Dataset(name='dataset1', owner=self.user1)
self.dataset1.save()
self.dataset2 = Dataset(name='dataset2', owner=self.user2)
self.dataset2.save()
#Test that each user is shown only the dataset that he owns.
def test_show_datasets_by_owner(self):
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token1.key)
response = self.client.get(self.url)
self.assertEqual(response.data.__len__(), 1)
self.assertEqual(response.data[0]['name'], u'dataset1')
self.assertEqual(response.data[0]['owner'], u'api_test_user_1')
self.assertEqual(response.status_code, status.HTTP_200_OK)
#Test that unauthorized gets result in a 401 status code.
def test_list_dataset_noauth(self):
self.client.credentials()
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_queueing(self, mocked_now):
test_datetime = datetime.utcnow().isoformat() + 'Z'
mocked_now.return_value = test_datetime
task_post_data = {
'task_def': self.task_def_name,
'data': {
'foo': 'bar'
}
}
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.token)
response = client.post('/tasks', task_post_data, format='json')
self.assertEqual(response.status_code, 201)
self.assertEqual(list(response.data.keys()), task_keys)
self.assertEqual(response.data['task_def'], self.task_def_name)
## test fields defaults
self.assertEqual(response.data['status'], 'queued')
self.assertEqual(response.data['priority'], 'normal')
self.assertEqual(response.data['run_at'], test_datetime)
class AccountPermissionsTests(APITestCase):
def setUp(self) -> None:
self.superadmin = {'username': '******', 'password': '******', 'id': None,
'work': {"description": "superadmin work", "duration": 10, "workday": "2020-07-30",
"id": None}}
self.admin = {'username': '******', 'password': '******', 'id': None,
'work': {"description": "admin work", "duration": 10, "workday": "2020-07-30", "id": None}}
self.user = {'username': '******', 'password': '******', 'id': None,
'work': {"description": "user work", "duration": 10, "workday": "2020-07-30", "id": None}}
self.superadmin['id'] = User.objects.create_superuser(self.superadmin['username'], '*****@*****.**',
self.superadmin['password']).id
self.admin['id'] = User.objects.create_user(self.admin['username'], '*****@*****.**',
self.admin['password'], is_staff=True).id
self.user['id'] = User.objects.create_user(self.user['username'], '*****@*****.**',
self.user['password']).id
self.superadmin_auth_token = 'Token ' + (self.client.post(reverse('api_token_auth'),
self.superadmin, format='json')).data['token']
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION=self.superadmin_auth_token)
self.superadmin['work']['id'] = \
self.client.post(reverse('work-list'), self.superadmin['work'], format='json').data['id']
self.admin_auth_token = 'Token ' + (self.client.post(reverse('api_token_auth'),
self.admin, format='json')).data['token']
self.client.credentials(HTTP_AUTHORIZATION=self.admin_auth_token)
self.admin['work']['id'] = self.client.post(reverse('work-list'), self.admin['work'], format='json').data['id']
self.user_auth_token = 'Token ' + (self.client.post(reverse('api_token_auth'),
self.user, format='json')).data['token']
self.client.credentials(HTTP_AUTHORIZATION=self.user_auth_token)
self.user['work']['id'] = self.client.post(reverse('work-list'), self.user['work'], format='json').data['id']
def test_user_cannot_get_admin_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.user_auth_token)
response = client.get(reverse('work-detail', kwargs={'pk': self.superadmin['work']['id']}))
self.assertEqual(response.status_code, 404)
def test_admin_cannot_get_superuser_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.admin_auth_token)
response = client.get(reverse('work-detail', kwargs={'pk': self.superadmin['work']['id']}))
self.assertEqual(response.status_code, 404)
def test_superadmin_can_get_admin_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.superadmin_auth_token)
response = client.get(reverse('work-detail', kwargs={'pk': self.admin['work']['id']}))
self.assertEqual(response.status_code, 200)
def test_superadmin_can_get_user_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.superadmin_auth_token)
response = client.get(reverse('work-detail', kwargs={'pk': self.user['work']['id']}))
self.assertEqual(response.status_code, 200)
def test_user_cannot_delete_admin_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.user_auth_token)
response = client.delete(reverse('work-detail', kwargs={'pk': self.superadmin['work']['id']}))
self.assertEqual(response.status_code, 401)
def test_admin_cannot_delete_superuser_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.admin_auth_token)
response = client.delete(reverse('work-detail', kwargs={'pk': self.superadmin['work']['id']}))
self.assertEqual(response.status_code, 401)
def test_superadmin_can_delete_admin_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.superadmin_auth_token)
response = client.delete(reverse('work-detail', kwargs={'pk': self.admin['work']['id']}))
self.assertEqual(response.status_code, 204)
def test_superadmin_can_delete_user_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.superadmin_auth_token)
response = client.delete(reverse('work-detail', kwargs={'pk': self.user['work']['id']}))
self.assertEqual(response.status_code, 204)
class AppointmentViewTestCase(TestCase):
"""Test suite for the Appointment views."""
def setUp(self):
"""Defines the test client and other test variables."""
token = self.getToken()
self.api_client = APIClient()
self.api_client.credentials(HTTP_AUTHORIZATION='Token ' + token)
self.test_service = Service.objects.create(
name='Manicura Flash',
price=11.00,
category=CATEGORIES.MANICURA,
description='Test description'
)
self.test_client = Client.objects.create(
dni='12345678t',
name='Ander',
surname='Conal',
second_surname='Fuertes',
birthdate=datetime.now(),
phone_number='666666666',
address='Fake Street, 7',
postal_code='66666',
city='Bilbao',
province='Vizcaya',
email='*****@*****.**',
release_date=timezone.now(),
partner=PARTNER_OPTIONS.NO_PARTNER,
partner_release_date=datetime.now(),
known_for=KNOWN_FOR_CHOICES.FACEBOOK,
lopd=True,
lopd_channel=LOPD_CHANNEL_CHOICES.WHATSAPP,
lopd_options=LOPD_OPTION_CHOICES.FOTODEPILACION,
notes='Test'
)
self.test_invoice = Invoice.objects.create(
issueDate=timezone.now(),
client=self.test_client
)
self.another_test_invoice = Invoice.objects.create(
issueDate=timezone.now(),
client=self.test_client
)
self.appointment_data = {
"service": [self.test_service.id],
"date": timezone.now(),
"client": self.test_client.id,
"invoice": self.another_test_invoice.id,
"notes": "Newly created notes."
}
self.test_appointment = Appointment.objects.create(
date=timezone.now(),
client=self.test_client,
invoice=self.test_invoice,
notes=''
)
self.test_appointment.service.add(self.test_service)
self.test_appointment.save()
def getToken(self):
user = User.objects.create_user(username='******', password='******', email='*****@*****.**')
token = Token.objects.get_or_create(user=user)
return token[0].key
def test_api_can_create_an_appointment(self):
"""Test the API has Appointment creation capability."""
response = self.api_client.post(
reverse('appointment-create'),
self.appointment_data,
format="json")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
Appointment.objects.get(pk=response.json().get('id'))
def test_default_state(self):
"""Test the default state is PENDING."""
response = self.api_client.post(
reverse('appointment-create'),
self.appointment_data,
format="json")
self.assertEqual(response.json().get('state'), APPOINTMENT_STATES.PENDING)
def test_api_can_get_an_appointment(self):
"""Test the API can get a given Appointment."""
response = self.api_client.get(
reverse('appointment-details',
kwargs={'pk': self.test_appointment.id}),
format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
Appointment.objects.get(pk=response.json().get('id'))
def test_api_can_update_an_appointment(self):
"""Test the API can update a given Appointment."""
response = self.api_client.put(
reverse('appointment-details',
kwargs={'pk': self.test_appointment.id}),
self.appointment_data,
format='json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
Appointment.objects.get(pk=response.json().get('id'))
self.assertEqual(response.json().get('notes'), self.appointment_data.get('notes'))
def test_api_can_delete_an_appointment(self):
"""Test the API can delete a given Appointment."""
response = self.api_client.delete(
reverse('appointment-details',
kwargs={'pk': self.test_appointment.id}),
format='json',
follow=True)
self.assertEquals(response.status_code, status.HTTP_204_NO_CONTENT)
class ListEventTest(APITestCase):
#testing get method
def setUp(self):
self.client = APIClient()
customUser = apps.get_model('users', 'CustomUser')
self.user = customUser.objects.create_superuser(
'admin', '*****@*****.**', 'admin123')
self.token = Token.objects.create(user=self.user)
def testGetEvents(self):
self.client.force_login(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = self.client.get('http://127.0.0.1:8000/api/events/')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# testing create event method
def testCreateEvent(self):
url = 'http://127.0.0.1:8000/api/events/'
data = {
"id": 1,
"title": "Test for long and lat",
"date": "2019-10-07",
"time": "13:25:00",
"source": "school",
"destination": "abc",
"duration": 0,
"creator_id": 1,
"created_at": "2019-10-23T16:26:51.150975Z",
"long": "-95.712891",
"lat": "37.090240"
}
self.client.force_login(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = self.client.put(url, data, format='json')
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
data2 = {
"id": 2,
"title": "Test for long and lat",
"date": "2019-10-07",
"time": "13:25:00",
"source": "school",
"duration": 0,
"creator_id": 1,
"created_at": "2019-10-23T16:26:51.150975Z",
"long": "-95.712891",
"lat": "37.090240"
}
response = self.client.post(url, data2, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# testing conflict constraint at the time of event creation.
def testEventCreationConstraint(self):
url = 'http://127.0.0.1:8000/api/events/'
data1 = {
"id": 1,
"title": "Test1",
"date": "2019-10-07",
"time": "13:25:00",
"source": "school",
"destination": "540 N May, Mesa, AZ",
"duration": 0,
"creator_id": 1,
"created_at": "2019-10-23T16:26:51.150975Z",
"long": "-95.712891",
"lat": "37.090240"
}
data2 = {
"id": 2,
"title": "Test2",
"date": "2019-10-07",
"time": "13:25:00",
"source": "school",
"destination": "abc",
"duration": 0,
"creator_id": 1,
"created_at": "2019-10-23T16:26:51.150975Z",
"long": "-95.712891",
"lat": "37.090240"
}
data3 = {
"id": 3,
"title": "Test3",
"date": "2019-10-07",
"time": "13:40:00",
"source": "abc",
"destination": "2900 S Goldwater Lake Rd, Prescott, AZ 86303-8405",
"duration": 0,
"creator_id": 1,
"created_at": "2019-10-23T16:26:51.150975Z",
"long": "0",
"lat": "0"
}
self.client.force_login(user=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response1 = self.client.post(url, data1, format='json')
response2 = self.client.post(url, data2, format='json')
response3 = self.client.post(url, data3, format='json')
self.assertEqual(response2.status_code, status.HTTP_406_NOT_ACCEPTABLE)
self.assertEqual(response3.status_code,
status.HTTP_412_PRECONDITION_FAILED)
# testing event model
def createEventModel(self):
event = Event.objects.create(id=1,
title="Test for long and lat",
date="2019-10-07",
time="13:25:00",
source="school",
destination="abc",
duration=timedelta(),
creator_id=48,
created_at="2019-10-23T16:26:51.150975Z",
long=-95.712891,
lat=37.090240)
return event
def testEventModel(self):
event = self.createEventModel()
self.assertTrue(isinstance(event, Event))
class TestViews(TestCase):
def setUp(self):
api_key, key = APIKey.objects.create_key(name="expense-service")
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION=f"Api-Key {key}")
def test_expense_create(self):
payload = {
"amount": 50.0,
"merchant": "AT&T",
"description": "cell phone subscription",
"category": "utilities",
}
res = self.client.post(reverse("restapi:expense-list-create"),
payload,
format="json")
self.assertEqual(201, res.status_code)
json_res = res.json()
self.assertEqual(payload["amount"], json_res["amount"])
self.assertEqual(payload["merchant"], json_res["merchant"])
self.assertEqual(payload["description"], json_res["description"])
self.assertEqual(payload["category"], json_res["category"])
self.assertIsInstance(json_res["id"], int)
def test_expense_list(self):
res = self.client.get(reverse("restapi:expense-list-create"),
format="json")
self.assertEqual(200, res.status_code)
json_res = res.json()
self.assertIsInstance(json_res, list)
expenses = models.Expense.objects.all()
self.assertEqual(len(expenses), len(json_res))
def test_expense_create_required_fields_missing(self):
payload = {
"merchant": "AT&T",
"description": "cell phone subscription",
"category": "utilities",
}
res = self.client.post(reverse("restapi:expense-list-create"),
payload,
format="json")
self.assertEqual(400, res.status_code)
def test_expense_retrieve(self):
expense = models.Expense.objects.create(amount=300,
merchant="George",
description="loan",
category="transfer")
res = self.client.get(reverse("restapi:expense-retrieve-delete",
args=[expense.id]),
format="json")
self.assertEqual(200, res.status_code)
json_res = res.json()
self.assertEqual(expense.id, json_res["id"])
self.assertEqual(expense.amount, json_res["amount"])
self.assertEqual(expense.merchant, json_res["merchant"])
self.assertEqual(expense.description, json_res["description"])
self.assertEqual(expense.category, json_res["category"])
def test_expense_delete(self):
expense = models.Expense.objects.create(amount=400,
merchant="John",
description="loan",
category="transfer")
res = self.client.delete(reverse("restapi:expense-retrieve-delete",
args=[expense.id]),
format="json")
self.assertEqual(204, res.status_code)
self.assertFalse(models.Expense.objects.filter(pk=expense.id).exists())
def test_list_expense_filter_by_merchant(self):
amazon_expense = models.Expense.objects.create(
amount=100,
merchant="amazon",
description="sunglasses",
category="fashion")
ebay_expense = models.Expense.objects.create(amount=200,
merchant="ebay",
description="watch",
category="fashion")
url = "/api/expenses?merchant=amazon"
res = self.client.get(url, format="json")
self.assertEqual(200, res.status_code)
json_res = res.json()
self.assertEqual(1, len(json_res))
self.assertEqual(amazon_expense.id, json_res[0]["id"])
self.assertEqual(amazon_expense.amount, json_res[0]["amount"])
self.assertEqual(amazon_expense.merchant, json_res[0]["merchant"])
self.assertEqual(amazon_expense.description,
json_res[0]["description"])
self.assertEqual(amazon_expense.category, json_res[0]["category"])
def token_auth_client(db):
client = APIClient()
user = UserFactory()
token = Token.objects.create(user=user)
client.credentials(HTTP_AUTHORIZATION="Token " + token.key)
return client
class AlbumListTestCase(TestCase):
maxDiff = True
def setUp(self):
self.client = APIClient()
self.user = mommy.make('User',
username='******',
is_active=True)
self.user.set_password('pierwszy')
self.user.save()
self.user2 = mommy.make('User',
first_name='Adam',
username='******',
is_active=True)
self.assertEquals(User.objects.count(), 2)
mommy.make('Profile', user=self.user)
mommy.make('Profile', user=self.user2)
mommy.make('Album',
user=self.user,
name='pierwszy',
place=Place.objects.create(city='Paris'))
mommy.make('Album',
user=self.user,
name='drugi',
place=Place.objects.create(city='London'))
mommy.make('Token',
user=self.user,
key="9af907a61113e7c3a872920d759b3a3269c54191")
mommy.make('Token',
user=self.user2,
key="f09e9009b180d937552b9e52499d3dae6f6de059")
self.client.credentials(
HTTP_AUTHORIZATION='Token 9af907a61113e7c3a872920d759b3a3269c54191'
)
def test_album_list(self):
"""
Zakladajac, ze znajduje sie 2 uzytkownikow w systemie i 2 albumy
Gdy uzytkownik wysle zadanie pobrania listy albumow
To system zwroci liste albumow
"""
response = self.client.get('/api/albums/')
expected_response = [{
'place': 'London',
'name': 'drugi',
'photos_readable': []
}, {
'place': 'Paris',
'name': 'pierwszy',
'photos_readable': []
}]
self.assertEquals(expected_response,
cleaned(data_from(response), fields=['id']))
self.assertEquals(200, response.status_code)
def test_album_list_on_profile(self):
"""
Zakladajac, ze znajduje sie 2 uzytkownikow w systemie i 2 albumy
Gdy uzytkownik wysle zadanie pobrania listy albumow nalezacych do drugiego uzytkownika
To system zwroci liste albumow
"""
self.client.credentials(
HTTP_AUTHORIZATION='Token f09e9009b180d937552b9e52499d3dae6f6de059'
)
response = self.client.get('/api/users/{}/albums/'.format(
self.user.id))
expected_response = [{
'place': 'London',
'name': 'drugi',
'photos_readable': []
}, {
'place': 'Paris',
'name': 'pierwszy',
'photos_readable': []
}]
self.assertEquals(expected_response,
cleaned(data_from(response), fields=['id']))
self.assertEquals(200, response.status_code)
class PDUStatusTestCase(TestCase):
"""Test the PDUStatus API."""
def setUp(self):
"""Create a superuser and token for API calls."""
self.user = User.objects.create(username="******", is_superuser=True)
self.token = Token.objects.create(user=self.user)
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION=f"Token {self.token.key}")
self.base_url_lookup = "plugins-api:axians_netbox_pdu-api:pdustatus"
self.site = Site.objects.create(name="Site", slug="site")
self.role = DeviceRole.objects.create(name="Role", slug="role")
self.manufacturer = Manufacturer.objects.create(name="Manufacturer", slug="manufacturer")
self.device_type = DeviceType.objects.create(
slug="device_type", model="device_type", manufacturer=self.manufacturer
)
self.outlets = PowerOutletTemplate.objects.create(device_type=self.device_type, name="1")
self.pduconfig = PDUConfig.objects.create(
device_type=self.device_type, power_usage_oid="1.1.1.1", power_usage_unit="watts"
)
self.device = Device.objects.create(
name="Device One", device_role=self.role, device_type=self.device_type, site=self.site,
)
self.pdustatus = PDUStatus.objects.create(device=self.device, power_usage="1234")
self.device_1 = Device.objects.create(
name="Device Two", device_role=self.role, device_type=self.device_type, site=self.site,
)
self.pdustatus_1 = PDUStatus.objects.create(device=self.device_1, power_usage=4321)
def test_list_pdustatus(self):
"""Verify that PDUStatus can be listed."""
url = reverse(f"{self.base_url_lookup}-list")
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["count"], 2)
def test_get_pdustatus(self):
"""Verify that an PDUStatus can be retrieved."""
url = reverse(f"{self.base_url_lookup}-detail", kwargs={"pk": self.pdustatus.pk})
response = self.client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["power_usage"], int(self.pdustatus.power_usage))
def test_create_pdustatus_missing_mandatory_parameters(self):
"""Verify that the only mandatory POST parameters are power_usage_oid and power_usage_unit."""
url = reverse(f"{self.base_url_lookup}-list")
response = self.client.post(url, format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# The response tells us which fields are missing from the request
self.assertIn("device", response.data)
self.assertIn("power_usage", response.data)
self.assertEqual(len(response.data), 2, "Only two parameters should be mandatory")
def test_create_pdustatus_duplicate(self):
"""Verify that you cannot add two instances."""
url = reverse(f"{self.base_url_lookup}-list")
power_usage = 1234
data = {"device": self.device.pk, "power_usage": power_usage}
response = self.client.post(url, data, format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_update_pdustatus(self):
"""Verify that an PDUStatus can be updated via this API."""
url = reverse(f"{self.base_url_lookup}-detail", kwargs={"pk": self.pdustatus.pk})
response = self.client.patch(url, {"device": self.device.pk, "power_usage": "6666"}, format="json",)
pdu_status = PDUStatus.objects.get(pk=self.pdustatus.pk)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(pdu_status.device.pk, self.device.pk)
self.assertEqual(pdu_status.power_usage, 6666)
url = reverse(f"{self.base_url_lookup}-detail", kwargs={"pk": self.pdustatus_1.pk})
response = self.client.patch(url, {"device": self.device_1.pk, "power_usage": "7777"}, format="json",)
pdu_status = PDUStatus.objects.get(pk=self.pdustatus_1.pk)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(pdu_status.device.pk, self.device_1.pk)
self.assertEqual(pdu_status.power_usage, 7777)
def test_delete_pdustatus(self):
"""Verify that an PDUStatus can be deleted."""
url = reverse(f"{self.base_url_lookup}-detail", kwargs={"pk": self.pdustatus.pk})
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
with self.assertRaises(PDUStatus.DoesNotExist):
PDUStatus.objects.get(pk=self.pdustatus.pk)
class TestModels(TestCase):
fixtures = ['project.json']
def __init__(self, *args, **kwargs):
TestCase.__init__(self, *args, **kwargs)
self.client = None
self.project_id = 1
self.project_path = "zS2NSxM9A4I0"
def setUp(self):
# Making sure media root is empty
if exists(settings.MEDIA_ROOT):
rmtree(settings.MEDIA_ROOT)
makedirs(join(settings.MEDIA_ROOT, self.project_path), exist_ok=True)
self.client = APIClient()
def testWithoutAuthorization(self):
# Checking if the list starts empty
request = self.client.get('/api/logical_models/%d/' % self.project_id)
self.assertEqual(request.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(loads(request.content), {'detail': 'You do not have permission to perform this action.'})
model_name = 'Flobak2015_full_journal.pcbi.1004426.s003.ZGINML'
# Checking if we can add a model
request_add = self.client.post(
'/api/logical_models/%d/' % self.project_id,
{
'name': 'Flobak full',
'file': open(join(dirname(__file__), 'files', model_name), 'rb'),
},
)
self.assertEqual(request_add.status_code, status.HTTP_403_FORBIDDEN)
# Checking if we can remove it with a bad id
request_del = self.client.delete('/api/logical_models/%d/%d' % (self.project_id, 0))
self.assertEqual(request_del.status_code, status.HTTP_403_FORBIDDEN)
def testWithAuthorization(self):
# Checking if the list starts empty
request = self.client.post('/api/auth/login', {
'username': '******', 'password': '******'
})
self.assertEqual(request.status_code, status.HTTP_200_OK)
self.assertEqual(list(loads(request.content).keys()), ["key"])
# Adding credentials to the APIClient
api_key = loads(request.content)["key"]
self.client.credentials(HTTP_AUTHORIZATION='Token ' + api_key)
# Checking if the list starts empty
request = self.client.get('/api/logical_models/%d/' % self.project_id)
self.assertEqual(request.status_code, status.HTTP_200_OK)
self.assertEqual(loads(request.content), [])
model_name = 'Flobak2015_full_journal.pcbi.1004426.s003.ZGINML'
# Checking if we can add a model
request_add = self.client.post(
'/api/logical_models/%d/' % self.project_id,
{
'name': 'Flobak full',
'file': open(join(dirname(__file__), 'files', model_name), 'rb'),
},
)
self.assertEqual(request_add.status_code, status.HTTP_200_OK)
request = self.client.get('/api/logical_models/%d/' % self.project_id)
self.assertEqual(request.status_code, status.HTTP_200_OK)
model_id = 1
json_content = loads(request.content)
self.assertEqual(len(json_content), 1)
self.assertEqual(json_content[0]['name'], "Flobak full")
self.assertEqual(json_content[0]['project'], self.project_id)
# Checking if we can remove it with a bad id
request_del = self.client.delete('/api/logical_models/%d/%d' % (self.project_id, 0))
self.assertEqual(request_del.status_code, status.HTTP_404_NOT_FOUND)
# Now with the good id
request_del = self.client.delete('/api/logical_models/%d/%d' % (self.project_id, json_content[0]['id']))
self.assertEqual(request_del.status_code, status.HTTP_200_OK)
# Checking if the list ends up empty
request = self.client.get('/api/logical_models/%d/' % self.project_id)
self.assertEqual(request.status_code, status.HTTP_200_OK)
self.assertEqual(loads(request.content), [])
class TestAuth(TestCase):
def setUp(self):
self.client = APIClient()
from django.contrib.auth import get_user_model
User = get_user_model()
self.our_user = User.objects.create_user(email='*****@*****.**',
password='******',
name='qwerty')
self.another_user = mixer.blend(UserAccount, role='Customer')
self.restaurant = mixer.blend(Restaurant,
name='just get a house lulw',
address='Moscow',
main_contact=self.our_user)
self.another_restaurant = mixer.blend(Restaurant,
name='shosho',
address='Minsk',
main_contact=self.another_user)
self.token_url = 'http://*****:*****@mail.ru', 'password': 1234}
response = self.client.post(self.token_url, data=user_data)
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' +
response.data['access'])
def test_restaurant_list_works(self):
# create homework
url = reverse('restaurant-list')
# call the url
response = self.client.get(url)
# assertion
assert response.json() is not None
def test_restaurant_detail_works(self):
url = reverse('restaurant-detail', kwargs={'pk': self.restaurant.pk})
response = self.client.get(url)
# assertion
assert response.json() is not None
assert response.status_code == 200
assert response.json()['name'] == 'just get a house lulw'
def test_food_creation_error(self):
url = reverse('food-list')
input_data_wrong = {
'name': 'kasha gre4nevaya',
'price': 54.54,
'description': 'very testy lol',
'restaurant': self.another_restaurant
}
response_wrong = self.client.post(url, data=input_data_wrong)
assert response_wrong.status_code == 400
assert response_wrong.json(
)['error'] == 'You specified wrong restaurant!'
def test_restaurant_creation_error(self):
url = reverse('restaurant-list')
input_data_wrong = {
'name': 'kasha gre4nevaya',
'address': 'Svetlogorsk',
'main_contact': self.our_user.pk,
}
response_wrong = self.client.post(url, data=input_data_wrong)
assert response_wrong.status_code == 400
assert response_wrong.json()['error'] == 'You already have restaurant!'
input_data_wrong = {
'name': 'kasha gre4nevaya',
'address': 'Svetlogorsk',
'main_contact': self.another_user.pk,
}
response_wrong = self.client.post(url, data=input_data_wrong)
assert response_wrong.status_code == 400
assert response_wrong.json()['error'] == 'You specified wrong contact!'
class BulkUploadTests(APITransactionTestCase):
"""
Bulk upload error classes are documented in the wiki:
https://github.com/metpetdb/api_v2/wiki/Bulk-Upload
Note that these tests rely on files uploaded to DropBox.
An internet connection is required for most of them to pass.
"""
def setUp(self):
#Create a user
self.contributor1 = User.objects.create_user(
email='*****@*****.**',
password='******',
is_active=True)
self.owner = self.contributor1.id
#Authenticate User
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION='Token ' +
self.contributor1.auth_token.key)
#Create required minerals
minerals = [
'Silica', 'Quartz', 'Mica', 'Kalsilite', 'Celsian', 'Leucite'
]
Mineral.objects.bulk_create([Mineral(name=n) for n in minerals])
#Create required rock type
rock_type = RockType.objects.create(name='Slate')
#Create required elements
elements = [{
'name': 'Argon',
'atomic_number': 18,
'symbol': 'Ar'
}, {
'name': 'Silver',
'atomic_number': 47,
'symbol': 'Ag'
}]
self.elements = Element.objects.bulk_create(
[Element(**n) for n in elements])
#Create required Oxides
Oxide.objects.create(species='FeO',
conversion_factor=1.28659683051303,
element_id=self.elements[0].id)
#Create required Subsample
sample = Sample.objects.create(
rock_type=rock_type,
location_coords='POINT(-95.3385 29.7245)',
owner_id=self.owner)
subsample_type = SubsampleType.objects.create(name='Rock Chip')
Subsample.objects.create(id='dfab518c-7876-4d8d-ab62-22a4b2fb0cc4',
owner=self.contributor1,
sample=sample,
subsample_type=subsample_type)
def empty_errors(self, lst):
"""
Returns true iff lst contains fields with no errors
"""
return all(len(x['errors']) == 0 for x in lst if 'errors' in x.keys())
def is_error(self, lst, err):
"""
Returns true iff err is an error in at least one object in lst
"""
for l in lst:
if l['errors'] and err in l['errors'].values():
return True
return False
def field_has_multiple_errors(self, lst):
"""
Returns true iff lst contains an object with more than one error
"""
for l in lst:
if l['errors'] and len(l['errors']) > 1:
return True
return False
def test_bulkupload_samples_no_errors(self):
"""
Errorless sample bulk upload
"""
data = {
'owner':
self.owner,
'template':
'SampleTemplate',
'url':
'https://www.dropbox.com/s/2w7tav2bmdag72t/sample-redo-dates.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
self.assertIsNotNone(res.data)
self.assertTrue(self.empty_errors(res.data))
def test_bulkupload_chemical_analyses_no_errors(self):
"""
Errorless chemical analyses bulk upload
"""
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'url':
'https://www.dropbox.com/s/cyna912h69ylov8/chem-a-updated.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
self.assertIsNotNone(res.data)
self.assertTrue(self.empty_errors(res.data))
def test_invalid_bulkupload_template(self):
"""
Non-existent bulkupload_template
"""
data = {
'owner':
self.owner,
'template':
'NoExistTemplate',
'url':
'https://www.dropbox.com/s/2w7tav2bmdag72t/sample-redo-dates.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(res.data['error'], 'invalid template')
def test_sample_missing_required_field(self):
"""
Missing required field in sample
"""
data = {
'owner':
self.owner,
'template':
'SampleTemplate',
'url':
'https://www.dropbox.com/s/qw8nv3lwgn2c95l/sample_miss_no.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.is_error(res.data, 'missing'))
def test_chemical_analysis_missing_required_field(self):
"""
Missing required field in chemical analysis
"""
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'url':
'https://www.dropbox.com/s/ylvw8gslwby5dbq/chem-a-miss-id.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.is_error(res.data, 'missing'))
def test_sample_invalid_required_type(self):
"""
Create a sample with an invalid required type
"""
data = {
'owner':
self.owner,
'template':
'SampleTemplate',
'url':
'https://www.dropbox.com/s/mibznbi5d4o8616/sample-invalid-latitude.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.is_error(res.data, 'float expected'))
def test_chemical_analysis_invalid_required_type(self):
"""
Create a chemical analysis with an invalid required type
"""
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'url':
'https://www.dropbox.com/s/hgm1dfmi2aezx40/chem-a-type-err.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.is_error(res.data, 'float expected'))
def test_sample_multi_error(self):
"""
Submit a samples csv with multiple soft errors
"""
data = {
'owner':
self.owner,
'template':
'SampleTemplate',
'url':
'https://www.dropbox.com/s/k3y6dily50tue16/sample-multiple-error.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.field_has_multiple_errors(res.data))
def test_chemical_analysis_multi_error(self):
"""
Submit a chemical analysis csv with multiple soft errors
"""
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'url':
'https://www.dropbox.com/s/uubppw4tzjszfm7/chem-a-comb-err.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
self.assertTrue(self.field_has_multiple_errors(res.data))
def test_db_error(self):
"""
Submit a csv with a reference to an invalid foreign key
"""
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'url':
'https://www.dropbox.com/s/zol737s9uxa0xtr/chem-a-invalid-subsample-id.csv?dl=0'
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_400_BAD_REQUEST)
self.assertFalse(self.empty_errors(res.data))
def test_sample_json_fix(self):
data = {
'owner':
self.owner,
'template':
'SampleTemplate',
'json': [{
"location_name":
"The U S of A",
"mineral": [{
"amount": 0,
"name": "Silica"
}, {
"amount": 0,
"name": "Quartz"
}, {
"amount": 0,
"name": "Mica"
}],
"number":
"1",
"country":
"USA",
"comment": ["Comment on the sample"],
"collection_date":
"1999-03-27",
"region":
"Troy",
"description":
"Uber Sample",
"alias":
"2",
"rock_type_name":
"Slate",
"collector_name":
"Brandon D.",
"location_error":
"7",
"latitude":
"7.86210012",
"longitude":
"46.01432423",
"errors": {},
"metamorpic_grade":
"Chlorite Zone",
"reference":
"2000-038151"
}, {
"location_name":
"Merica",
"mineral": [{
"amount": 0,
"name": "Silica"
}, {
"amount": 0,
"name": "Quartz"
}, {
"amount": 0,
"name": "Mica"
}],
"number":
"7",
"country":
"USA",
"comment": ["Comment on the sample2"],
"collection_date":
"1999-03-22",
"region":
"Boston",
"description":
"Cool Sample",
"alias":
"2213",
"rock_type_name":
"Slate",
"collector_name":
"Brandon P.",
"location_error":
"2",
"latitude":
"12.86210012",
"longitude":
"13.01432423",
"errors": {
"number": "missing"
},
"metamorpic_grade":
"Biotite Zone",
"reference":
"2000-038151"
}, {
"meta_header": [["number", "number"], ["alias", "alias"],
["region", "region"], ["country", "country"],
[["latitude", "longitude"], "location_coords"],
["collector_name", "collector_name"],
["collection_date", "collection_date"],
["comment", "comment"],
["location_name", "location_name"],
["rock_type_name", "rock_type_name"],
["reference", "reference"],
["description", "description"],
["metamorpic_grade", "metamorpic_grade"],
["mineral", "minerals"]]
}]
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
def test_chemical_analysis_json_fix(self):
data = {
'owner':
self.owner,
'template':
'ChemicalAnalysesTemplate',
'json': [{
"analysis_date": "1990-03-12",
"mineral": [{
"name": "Kalsilite",
"amount": "4"
}],
"stage_y": 2.0,
"analyst": "7",
"analysis_method": "4",
"reference_image": "8",
"stage_x": 1.0,
"where_done": "5",
"subsample_id": "dfab518c-7876-4d8d-ab62-22a4b2fb0cc4",
"reference_x": 9.0,
" reference_y": "0",
"total": "3",
"element": [{
"name": "Argon",
"amount": "2"
}],
"spot_id": "2",
"errors": {},
"amount": "3",
"oxide": [{
"name": "FeO",
"amount": "3"
}],
"comment": ["1", "2", "3"]
}, {
"analysis_date": "1990-03-12",
"mineral": [{
"name": "Celsian",
"amount": "4"
}],
"stage_y": 2.0,
"analyst": "7",
"analysis_method": "4",
"reference_image": "8",
"stage_x": 1.0,
"where_done": "5",
"subsample_id": "dfab518c-7876-4d8d-ab62-22a4b2fb0cc4",
"reference_x": 9.0,
" reference_y": "0",
"total": "3",
"element": [{
"name": "Argon",
"amount": "3"
}],
"spot_id": "2",
"errors": {},
"amount": "6",
"oxide": [{
"name": "FeO",
"amount": "6"
}],
"comment": ["1", "2", "3"]
}, {
"analysis_date": "1990-03-12",
"mineral": [{
"name": "Leucite",
"amount": "4"
}],
"stage_y": 2.0,
"analyst": "7",
"analysis_method": "4",
"reference_image": "8",
"stage_x": 1.0,
"where_done": "5",
"subsample_id": "dfab518c-7876-4d8d-ab62-22a4b2fb0cc4",
"reference_x": 9.0,
" reference_y": "0",
"total": "3",
"element": [{
"name": "Silver",
"amount": "5"
}],
"spot_id": "2",
"errors": {},
"amount": "9",
"oxide": [{
"name": "FeO",
"amount": "9"
}],
"comment": ["6", "7", "8"]
}, {
"meta_header": [["subsample_id", "subsample_id"],
["spot_id", "spot_id"], ["mineral", "mineral"],
["analysis_method", "analysis_method"],
["where_done", "where_done"],
["analysis_date", "analysis_date"],
["analyst", "analyst"],
["reference_image", "reference_image"],
["reference_x", "reference_x"],
[" reference_y", " reference_y"],
["stage_x", "stage_x"], ["stage_y", "stage_y"],
["total", "total"], ["element", "element"],
["amount", "amount"], ["oxide", "oxide"],
["amount", "amount"], ["comment", "comment"],
["comment", "comment"], ["comment", "comment"]]
}]
}
res = self.client.post('/api/bulk_upload/', data)
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
def test_player_list_get_invalid_token(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='JWT absolute_invalid_token')
response = client.get(reverse('v1:player-list'))
self.assertEqual(response.status_code, 401)
def test_user_cannot_get_admin_work(self):
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=self.user_auth_token)
response = client.get(reverse('work-detail', kwargs={'pk': self.superadmin['work']['id']}))
self.assertEqual(response.status_code, 404)
class BwsRiskFactors(TestCase):
''' Test the risk factors webservice '''
TEST_BASE_DIR = os.path.dirname(os.path.dirname(__file__))
TEST_DATA_DIR = os.path.join(TEST_BASE_DIR, 'tests', 'data')
@classmethod
def setUpClass(cls):
''' Create a user, token and url. '''
super(BwsRiskFactors, cls).setUpClass()
cls.user = User.objects.create_user('testuser',
email='*****@*****.**',
password='******')
# add user details
UserDetails.objects.create(user=cls.user,
job_title=UserDetails.CGEN,
country='UK')
cls.user.save()
cls.token = Token.objects.create(user=cls.user)
cls.token.save()
cls.url = reverse('bws')
def setUp(self):
''' Set up test client and pedigree data. '''
self.client = APIClient(enforce_csrf_checks=True)
self.pedigree_data = open(
os.path.join(BwsRiskFactors.TEST_DATA_DIR, "pedigree_data.txt"),
"r")
def test_bws_risk_factor(self):
''' Test affect of including the risk factors. '''
data = {
'mut_freq': 'UK',
'cancer_rates': 'UK',
'pedigree_data': self.pedigree_data,
'user_id': 'test_XXX',
'risk_factor_code': 7
}
self.client.credentials(HTTP_AUTHORIZATION='Token ' +
BwsRiskFactors.token.key)
# no permissions to use the risk factors and so ignored
response = self.client.post(BwsRiskFactors.url,
data,
format='multipart',
HTTP_ACCEPT="application/json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
cancer_risks1 = json.loads(force_text(
response.content))['pedigree_result'][0]['cancer_risks']
# add permissions to enable use of the risk factors
data['pedigree_data'] = open(
os.path.join(BwsRiskFactors.TEST_DATA_DIR, "pedigree_data.txt"),
"r")
BwsRiskFactors.user.user_permissions.add(
Permission.objects.get(name='Can risk'))
response = self.client.post(BwsRiskFactors.url,
data,
format='multipart',
HTTP_ACCEPT="application/json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
cancer_risks2 = json.loads(force_text(
response.content))['pedigree_result'][0]['cancer_risks']
self.assertLess(cancer_risks2[0]['breast cancer risk']['decimal'],
cancer_risks1[0]['breast cancer risk']['decimal'])
def test_risk_factors_inconsistent(self):
''' Test inconsistent risk factors, e.g. age of first birth specified with parity unobserved. '''
data = {
'mut_freq':
'UK',
'cancer_rates':
'UK',
'pedigree_data':
self.pedigree_data,
'user_id':
'test_XXX',
'risk_factor_code':
BCRiskFactors.encode([0, 0, 1, 0, 0, 0, 0, 0, 0, 0])
}
self.client.credentials(HTTP_AUTHORIZATION='Token ' +
BwsRiskFactors.token.key)
BwsRiskFactors.user.user_permissions.add(
Permission.objects.get(name='Can risk'))
response = self.client.post(BwsRiskFactors.url,
data,
format='multipart',
HTTP_ACCEPT="application/json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
content = json.loads(force_text(response.content))
self.assertTrue('Model Error' in content)
class PDUStatusCreateTestCase(TestCase):
"""Test the PDUStatus API."""
def setUp(self):
"""Create a superuser and token for API calls."""
self.user = User.objects.create(username="******", is_superuser=True)
self.token = Token.objects.create(user=self.user)
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION=f"Token {self.token.key}")
self.base_url_lookup = "plugins-api:axians_netbox_pdu-api:pdustatus"
self.site = Site.objects.create(name="Site", slug="site")
self.role = DeviceRole.objects.create(name="Role", slug="role")
self.manufacturer = Manufacturer.objects.create(name="Manufacturer", slug="manufacturer")
self.device_type = DeviceType.objects.create(
slug="device_type", model="device_type", manufacturer=self.manufacturer
)
self.outlets = PowerOutletTemplate.objects.create(device_type=self.device_type, name="1")
self.pduconfig = PDUConfig.objects.create(
device_type=self.device_type, power_usage_oid="1.1.1.1", power_usage_unit="watts"
)
self.device = Device.objects.create(
name="Device One", device_role=self.role, device_type=self.device_type, site=self.site,
)
def test_create_pdustatus(self):
"""Verify that an PDUStatus can be created."""
url = reverse(f"{self.base_url_lookup}-list")
power_usage = 1234
data = {"device": self.device.pk, "power_usage": power_usage}
response = self.client.post(url, data, format="json")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
for key, value in data.items():
self.assertEqual(response.data[key], value)
self.assertEqual(response.data["device"], self.device.pk)
self.assertEqual(response.data["power_usage"], power_usage)
pdu_status = PDUStatus.objects.get(pk=response.data["id"])
self.assertEqual(pdu_status.device.pk, data["device"])
self.assertEqual(pdu_status.power_usage, data["power_usage"])
def test_create_pdustatus_without_power_outlets(self):
"""Verify that an PDUStatus can be created."""
self.device.poweroutlets.all().delete()
url = reverse(f"{self.base_url_lookup}-list")
power_usage = 1234
data = {"device": self.device.pk, "power_usage": power_usage}
response = self.client.post(url, data, format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_create_pdustatus_without_device(self):
"""Verify that an PDUStatus can be created."""
self.device.delete()
url = reverse(f"{self.base_url_lookup}-list")
power_usage = 1234
data = {"device": 1, "power_usage": power_usage}
response = self.client.post(url, data, format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class CommentsAndFriendsApiTest(APITestCase):
def setUp(self):
#create an user
self.user = User.objects.create_user(username = '******', password = '******')
self.user.set_password('testUser345')
self.user.is_superuser = True
self.user.is_staff = True
self.user.save()
self.author = Author.objects.create(user = self.user, github = 'testUser1.github')
self.uid1 = self.author.id
self.user2 = User.objects.create_user(username = '******', password = '******')
self.user2.set_password('testUser000')
self.user2.is_superuser = True
self.user2.is_staff = True
self.user2.save()
self.author2 = Author.objects.create(user = self.user2, github = 'testUser2.github')
self.uid2 = self.author2.id
#create a post
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
response = self.client.post('/posts/create' ,{
"title": "first post",
"description": "this is my first post",
"content_type": "text/markdown",
"content": "this is my first post for test"
})
response = self.client.get('/posts', {}, format='json')
request_msg = response.data['posts']
self.post_id = request_msg[0]['id']
# print self.post_id
def test_create_comment(self):
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
response = self.client.post('/posts/%s/comments/create' % self.post_id, {
"comment": "here is my first comment",
"content_type": "text/markdown"
})
self.assertEqual(response.status_code, 201)
#get the id of comment
self.comment_id = response.data['id']
# test to get comments
response = self.client.get('/posts/%s' % self.post_id, {}, format = 'json')
self.assertEqual(response.status_code, 200)
comments = response.data['comments']
self.assertTrue(comments[0]['id'] != None)
#test to get a comment
response = self.client.get('/comments/%s' % self.comment_id, {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test delete the comment
response = self.client.delete('/comments/%s/destroy' % self.comment_id)
self.assertEqual(response.status_code, 204)
def test_send_friend_request(self):
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
#test to send a friend request
response = self.client.post('/author/friend_request/%s' % self.uid2, {}, format = 'json')
self.assertEqual(response.status_code, 202)
# print self.uid2
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser2:testUser000'))
#test get friend request list
response = self.client.get('/author/friends/friend_requests', {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test accept friend request
response = self.client.post('/author/friend_request/accept/%s' % self.uid1, {}, format = 'json')
self.assertEqual(response.status_code, 202)
#test get friend list for user2, since user1 and user2 are friends now
response = self.client.get('/author/%s/network' % self.uid2, {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test get all friend's post
response = self.client.get('/author/%s/posts' % self.uid1, {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test unfriend a friend
response = self.client.delete('/author/friends/unfriend/%s' % self.uid1, {}, format = 'json')
self.assertEqual(response.status_code, 202)
#test get the friend list for user 2 again,
response = self.client.get('/author/%s/network' % self.uid2, {}, format = 'json')
self.assertEqual(response.status_code, 200)
request = response.data['authors']
self.assertTrue(request == [])
def test_reject_friend_requests(self):
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
#test to send a friend request
response = self.client.post('/author/friend_request/%s' % self.uid2, {}, format = 'json')
self.assertEqual(response.status_code, 202)
#test reject friend request
response = self.client.delete('/author/friend_request/reject/%s' % self.uid1, {}, format = 'json')
self.assertEqual(response.status_code, 202)
class PostTestCase(TestCase):
"""
Testing that you must be authorized to post and
that you must have the correct object-level permissions
to update and delete a post.
"""
def setUp(self):
# Create and log into a user
self.user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
self.client = APIClient()
response = self.client.post('/auth/', {
'username': '******',
'password': '******'
})
self.token = json.loads(response.content)['token']
def test_authorized_listing(self):
Post.objects.create(message='Hello!', author=self.user)
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
response = self.client.get('/posts/')
posts = json.loads(response.content)
self.assertEqual(len(posts), 1)
def test_unauthorized_listing(self):
Post.objects.create(message='Hello!', author=self.user)
response = self.client.get('/posts/')
posts = json.loads(response.content)
self.assertEqual(len(posts), 1)
def test_authorized_posting(self):
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
post = 'Making a post on the wall!'
self.client.post('/posts/', {'message': post})
# The post should now exist
self.assertTrue(Post.objects.filter(message=post).exists())
def test_unauthorized_posting(self):
post = 'Making a post on the wall!'
self.client.post('/posts/', {'message': post})
# The post should not exist
self.assertFalse(Post.objects.filter(message=post).exists())
def test_authorized_update(self):
# Create a post with the original user
post = 'Making a post on the wall!'
instance = Post.objects.create(message=post, author=self.user)
# Try to update the post when authorized
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
new_post = 'Updating a post on the wall!'
self.client.patch('/posts/%i/' % instance.id, {'message': new_post})
# The content of the post should have changed to the new post
self.assertTrue(Post.objects.filter(message=new_post).exists())
def test_unauthorized_update(self):
# Create a post with the original user
post = 'Making a post on the wall!'
instance = Post.objects.create(message=post, author=self.user)
# Create and log into a second user
new_user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
response = self.client.post('/auth/', {
'username': '******',
'password': '******'
})
new_token = json.loads(response.content)['token']
# Now, try to make an update with the new user's credentials
new_post = 'Updating a post on the wall!'
self.client.credentials(HTTP_AUTHORIZATION='Token ' + new_token)
self.client.patch('/posts/%i/' % instance.id, {'message': new_post})
# The original post should still be up
self.assertTrue(Post.objects.filter(message=post).exists())
# Now, totally deauthorize and try to do an update
self.client.credentials(HTTP_AUTHORIZATION='')
self.client.patch('/posts/%i/' % instance.id, {'message': new_post})
# The original post should still be up
self.assertTrue(Post.objects.filter(message=post).exists())
def test_authorized_full_update(self):
# Create a post with the original user
post = 'Making a post on the wall!'
instance = Post.objects.create(message=post, author=self.user)
# Set-up the object we'll replace our post with
post_data = PostSerializer(instance).data
new_message = 'Updating a post on the wall!'
post_data['message'] = new_message
post_data['author'] = post_data['author']['username']
# Login and try to do a full update
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
self.client.put('/posts/%i/' % instance.id, post_data)
# The content of the post should have changed to the new post
self.assertTrue(Post.objects.filter(message=new_message).exists())
def test_unauthorized_full_update(self):
# Create a post with the original user
post = 'Making a post on the wall!'
instance = Post.objects.create(message=post, author=self.user)
# Set-up the object we'll replace our post with
post_data = PostSerializer(instance).data
new_message = 'Updating a post on the wall!'
post_data['message'] = new_message
post_data['author'] = post_data['author']['username']
# Create and log into a second user
new_user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
response = self.client.post('/auth/', {
'username': '******',
'password': '******'
})
new_token = json.loads(response.content)['token']
# Now, try to make an update with the new user's credentials
self.client.credentials(HTTP_AUTHORIZATION='Token ' + new_token)
self.client.put('/posts/%i/' % instance.id, post_data)
# The original post should still be up
self.assertTrue(Post.objects.filter(message=post).exists())
# Now, totally deauthorize and try to do an update
self.client.credentials(HTTP_AUTHORIZATION='')
self.client.put('/posts/%i/' % instance.id, post_data)
# The original post should still be up
self.assertTrue(Post.objects.filter(message=post).exists())
def test_authorized_deletion(self):
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token)
post = 'Making a post on the wall!'
response = self.client.post('/posts/', {'message': post})
# Get the ID from the instance
instance = Post.objects.get(message=post)
self.client.delete('/posts/%i/' % instance.id)
# The post should no longer exist
self.assertFalse(Post.objects.filter(message=post).exists())
def test_unauthorized_deletion(self):
# Create a post with the original user
instance = Post.objects.create(message='Hello!', author=self.user)
# Create and log into a second user
new_user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
response = self.client.post('/auth/', {
'username': '******',
'password': '******'
})
new_token = json.loads(response.content)['token']
# Now, try to delete with the new user's credentials
self.client.credentials(HTTP_AUTHORIZATION='Token ' + new_token)
self.client.delete('/posts/%i/' % instance.id)
# The post should still exist
self.assertTrue(Post.objects.filter(id=instance.id).exists())
# Now, totally deauthorize and try to delete
self.client.credentials(HTTP_AUTHORIZATION='')
self.client.delete('/posts/%i/' % instance.id)
# The post should still exist
self.assertTrue(Post.objects.filter(id=instance.id).exists())
class DeleteScheduleTestCase(APITestCase):
def setUp(self):
# make_everything()
self.master_object = make_master('VASYA', 10)
self.user = self.master_object.user
token, _ = Token.objects.get_or_create(master=self.master_object)
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION=f'Token {token.key}')
def test_delete_time_slots(self):
schedule = Schedule.objects.create(master=self.master_object,
date='2017-11-20')
TimeSlot.objects.create(time=Time.objects.create(hour=10, minute=30),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=00),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=30),
taken=False,
schedule=schedule),
resp = self.client.patch(reverse(CreateDeleteScheduleView.view_name,
args=[self.master_object.id]),
data={
'date': '2017-11-20',
'time_slots': '10:30,11:00'
},
format='json')
self.assertEqual(resp.status_code, status.HTTP_204_NO_CONTENT)
master = Master.objects.get(first_name='VASYA')
schedules = master.schedule.all()
self.assertEqual(len(schedules), 1)
schedule = schedules[0]
self.assertEqual(schedule.date,
datetime.strptime('2017-11-20', '%Y-%m-%d').date())
self.assertIsNone(schedule.get_slot('10:30'))
self.assertIsNone(schedule.get_slot('11:00'))
def test_delete_time_slots_and_schedule(self):
schedule = Schedule.objects.create(master=self.master_object,
date='2017-11-20')
TimeSlot.objects.create(time=Time.objects.create(hour=10, minute=30),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=00),
taken=False,
schedule=schedule),
resp = self.client.patch(reverse(CreateDeleteScheduleView.view_name,
args=[self.master_object.id]),
data={
'date': '2017-11-20',
'time_slots': '10:30,11:00'
},
format='json')
self.assertEqual(resp.status_code, status.HTTP_204_NO_CONTENT)
master = Master.objects.get(first_name='VASYA')
schedules = master.schedule.all()
# both timeslots are deleted -> the schedule is deleted
self.assertEqual(len(schedules), 0)
def test_delete_time_slots_range(self):
schedule = Schedule.objects.create(master=self.master_object,
date='2017-11-20')
TimeSlot.objects.create(time=Time.objects.create(hour=10, minute=30),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=00),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=30),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=12, minute=0),
taken=False,
schedule=schedule),
resp = self.client.patch(reverse(CreateDeleteScheduleView.view_name,
args=[self.master_object.id]),
data={
'date': '2017-11-20',
'time_slots': '10:30-11:30'
},
format='json')
self.assertEqual(resp.status_code, status.HTTP_204_NO_CONTENT)
master = Master.objects.get(first_name='VASYA')
schedules = master.schedule.all()
self.assertEqual(len(schedules), 1)
schedule = schedules[0]
self.assertEqual(schedule.date,
datetime.strptime('2017-11-20', '%Y-%m-%d').date())
self.assertIsNone(schedule.get_slot('10:30'))
self.assertIsNone(schedule.get_slot('11:00'))
self.assertIsNone(schedule.get_slot('11:30'))
def test_delete_time_slots_wrong_date(self):
schedule = Schedule.objects.create(master=self.master_object,
date='2017-11-20')
TimeSlot.objects.create(time=Time.objects.create(hour=10, minute=30),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=00),
taken=False,
schedule=schedule),
resp = self.client.patch(reverse(CreateDeleteScheduleView.view_name,
args=[self.master_object.id]),
data={
'date': '2017-11-21',
'time_slots': '10:30,11:00'
},
format='json')
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
def test_delete_time_slots_taken(self):
schedule = Schedule.objects.create(master=self.master_object,
date='2017-11-20')
TimeSlot.objects.create(time=Time.objects.create(hour=10, minute=30),
taken=True,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=00),
taken=False,
schedule=schedule),
TimeSlot.objects.create(time=Time.objects.create(hour=11, minute=30),
taken=False,
schedule=schedule),
resp = self.client.patch(reverse(CreateDeleteScheduleView.view_name,
args=[self.master_object.id]),
data={
'date': '2017-11-20',
'time_slots': '10:30-11:30'
},
format='json')
self.assertEqual(resp.status_code,
status.HTTP_500_INTERNAL_SERVER_ERROR)
class PostApiTest(APITestCase):
def setUp(self):
self.user = User.objects.create_user(username = '******', password = '******')
self.user.set_password('testUser345')
self.user.is_superuser = True
self.user.is_staff = True
self.user.save()
self.author = Author.objects.create(user = self.user, github = 'testUser1.github')
#print self.user.password
self.uid = self.author.id
def test_get_user_info(self):
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
response = self.client.get('/author/%s' % self.uid, {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test get all Users
response = self.client.get('/author/', {}, format = 'json')
self.assertEqual(response.status_code, 200)
def test_post(self):
self.client = APIClient()
self.client.credentials(HTTP_AUTHORIZATION = 'Basic '+ base64.b64encode('testUser1:testUser345'))
response = self.client.post('/posts/create' ,{
"title": "first post",
"description": "this is my first post",
"content_type": "text/markdown",
"content": "this is my first post for test"
})
self.assertEqual(response.status_code, 201)
#test get posts
response = self.client.get('/posts', {}, format='json')
self.assertEqual(response.status_code, 200)
request_msg = response.data['posts']
self.post_id = request_msg[0]['id']
# print self.post_id
#test get a single post with post_id
response = self.client.get('/posts/%s' % self.post_id, {}, format ='json')
self.assertEqual(response.status_code, 200)
#test all the posts of a single user that are public
response = self.client.get('/author/%s/posts' % self.uid, {}, format = 'json')
self.assertEqual(response.status_code, 200)
#test update a post
response = self.client.put('/posts/%s/update' % self.post_id, {
"title": "update post",
"description": "this is an updated msg",
"content_type": "text/markdown",
"content": "this is the msg for update posts"
})
self.assertEqual(response.status_code, 200)
#delete posts
response = self.client.delete('/posts/%s/destroy' % self.post_id, {}, format='json')
self.assertEqual(response.status_code, 204)
class APITest(APITestCase):
def setUp(self):
"""
Configura o ambiente de teste
"""
# usuario api
self.usuario_api = get_user_model().objects.create_user(
username="******", password="******")
token = Token.objects.create(user=self.usuario_api)
self.cliente_api = APIClient()
self.cliente_api.credentials(HTTP_AUTHORIZATION="Token " + token.key)
# usuario teste
self.usuario_teste = get_user_model().objects.create_user(
username="******", password="******")
token_teste = Token.objects.create(user=self.usuario_teste)
self.cliente_teste = APIClient()
self.cliente_teste.credentials(HTTP_AUTHORIZATION="Token " +
token_teste.key)
# Cadastro de especialidades
self.pediatra = Especialidade.objects.create(nome="Pediatra")
self.ortopedista = Especialidade.objects.create(nome="Orpedista")
self.otorrino = Especialidade.objects.create(nome="Otorrino")
# Cadastro dos médicos
self.medica_juliette = Medico.objects.create(
nome="Juliette", crm=5214, especialidade=self.pediatra)
self.medica_vihtube = Medico.objects.create(
nome="Vihtube", crm=5472, especialidade=self.otorrino)
self.medico_joao = Medico.objects.create(
nome="Joao", crm=1334, especialidade=self.ortopedista)
self.medica_camilla = Medico.objects.create(
nome="Camilla", crm=1587, especialidade=self.pediatra)
# Cadastrar alguns horários
agora = dt.now()
futuro_1 = agora + timedelta(minutes=5)
hora_futuro1 = Horario.objects.create(horario=futuro_1.time())
futuro_2 = futuro_1 + timedelta(minutes=5)
self.hora_futuro2 = Horario.objects.create(horario=futuro_2.time())
hora_generica = Horario.objects.create(horario="14:00")
hora_generica_2 = Horario.objects.create(horario="15:00")
passado = agora - timedelta(minutes=5)
hora_passado = Horario.objects.create(horario=passado.time())
# Cadastra agendas
# Agenda para hoje da Juliette
self.hoje = dt.today()
self.agenda_hoje = Agenda(medico=self.medica_juliette, dia=self.hoje)
self.agenda_hoje.save()
# Adiciona horarios validos à agenda
self.agenda_hoje.horarios.add(hora_futuro1, self.hora_futuro2)
# Adiciona horarios invalidos (Dia de hoje, mas que já passou)
self.agenda_hoje.horarios.add(hora_passado)
# Agenda para amanhã
self.amanha = self.hoje + timedelta(days=1)
self.agenda_amanha = Agenda(medico=self.medica_vihtube,
dia=self.amanha)
self.agenda_amanha.save()
# Adiciona horários e todos são válido, pois a agenda é para amanhã
self.agenda_amanha.horarios.add(hora_futuro1, self.hora_futuro2,
hora_passado, hora_generica,
hora_generica_2)
# Agenda passada
self.agenda_ontem = Agenda(medico=self.medico_joao,
dia=self.hoje - timedelta(days=1))
self.agenda_ontem.save()
self.agenda_ontem.horarios.add(hora_futuro1, self.hora_futuro2,
hora_passado, hora_generica)
url_consultas = reverse("consultas_post")
# Cadastra algumas consultas para hoje e amanhã
res = self.cliente_api.post(url_consultas, {
"agenda_id": self.agenda_hoje.pk,
"horario": futuro_1.time()
})
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
self.pk_consulta = res.data["id"]
self.consulta_passada = Consulta.objects.create(
horario="14:00",
usuario=self.usuario_api,
agenda=self.agenda_ontem,
)
self.cliente_api.post(url_consultas, {
"agenda_id": self.agenda_amanha.pk,
"horario": passado.time()
})
self.cliente_api.post(url_consultas, {
"agenda_id": self.agenda_amanha.pk,
"horario": futuro_1.time()
})
self.cliente_api.post(url_consultas, {
"agenda_id": self.agenda_amanha.pk,
"horario": futuro_2.time()
})
def teste_get_especialidades(self):
"""
Testa o GET request no endpoint especialidades
que deve retornar todas as especialidades cadastradas no banco
"""
url = reverse("get_especialidades")
resposta = self.cliente_api.get(url, format="json")
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 3)
def teste_busca_especialidades(self):
"""
Testa a pesquisa em especialidades (?search=)
"""
url = reverse("get_especialidades") + "?search=ped"
resposta = self.cliente_api.get(url, format="json")
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
url = reverse("get_especialidades") + "?search=o"
resposta = self.cliente_api.get(url, format="json")
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 2)
def teste_get_medicos(self):
"""
Testa o GET request no endpoint medicos
que deve retornar todos os médicos cadastrados no banco
"""
url = reverse("get_medicos")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 4)
def teste_busca_medicos(self):
"""
Testa a busca (?search) pelo nome do médico
"""
url = reverse("get_medicos") + "?search=ju"
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(resposta.data[0]["nome"], "Juliette")
url = reverse("get_medicos") + "?search=j"
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 2)
def teste_filtro_medicos(self):
"""
Testa o filtro de especialidade
"""
url = f'{reverse("get_medicos")}?especialidade={self.ortopedista.pk}'
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(resposta.data[0]["nome"], "Joao")
url = (f'{reverse("get_medicos")}?especialidade={self.ortopedista.pk}'
f"&especialidade={self.pediatra.pk}")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 3)
def teste_filtro_busca_medicos(self):
"""
Testa a busca e o filtro juntos
"""
url = reverse("get_medicos") + "?search=j"
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 2)
# certifica que filtrou a juliete
url = f'{reverse("get_medicos")}?search=j&especialidade={self.ortopedista.pk}'
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
def teste_get_agenda_disponiveis(self):
"""
Testa se lista somente as agendas disponiveis e não mostra
as agendas para datas passadas
"""
url = reverse("get_agendas")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 2)
def teste_agenda_horario_excluido(self):
"""
Testa se o horário é removido da listagem da agenda disponivel
quando se marcar uma consulta para ele
"""
url = reverse("get_agendas")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data[1]["horarios"]), 2)
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_201_CREATED)
# Depois da inserção deve ter só 1 horario disponivel agora
url = reverse("get_agendas")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data[1]["horarios"]), 1)
def teste_filtro_medico_agenda(self):
"""
Testa o filtro de medico aplicado no endpoint agenda
"""
url = f'{reverse("get_agendas")}?medico={self.medico_joao.pk}'
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 0)
url = f'{reverse("get_agendas")}?medico={self.medica_juliette.pk}'
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
def teste_filtro_especialidade_agenda(self):
"""
Testa o filtro de especialidade aplicado no endpoint agenda
"""
url = f'{reverse("get_agendas")}?especialidade={self.pediatra.pk}'
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
def teste_filtro_data_agenda(self):
"""
Testa o filtro de especialidade aplicado no endpoint agenda
"""
url = (
f'{reverse("get_agendas")}?data_inicio={self.hoje.date()}&data_final={self.hoje.date()}'
)
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
def teste_todos_filtros_agenda(self):
"""
Testa a combinação dos filtros do endpoint agenda
"""
url = (
f'{reverse("get_agendas")}?medico={self.medica_juliette.pk}'
f"&especialidade={self.pediatra.pk}&data_inicio={self.hoje.date()}"
f"&data_final={self.hoje.date()}")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 1)
def teste_horario_excluido_agenda(self):
"""
Teste se os horarios passados sao removidos da listagem da agenda e se o
horario marcado esta sendo removido da listagem
"""
url = (
f'{reverse("get_agendas")}?data_inicio={self.hoje.date()}&data_final={self.hoje.date()}'
)
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data[0]["horarios"]), 1)
def teste_agenda_excluida_quando_cheia(self):
"""
Teste se a agenda desaparece da listagem quando tem todos os seus horarios
preenchidos, pois não há mais horários disponíveis
"""
url = (
f'{reverse("get_agendas")}?data_inicio={self.hoje.date()}&data_final={self.hoje.date()}'
)
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data[0]["horarios"]), 1)
# Agenda consulta no último horario disponivel nessa agenda
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_hoje.pk,
"horario": self.hora_futuro2.horario
})
self.assertEqual(resposta.status_code, status.HTTP_201_CREATED)
# Deve retornar um array vazio
url = (
f'{reverse("get_agendas")}?data_inicio={self.hoje.date()}&data_final={self.hoje.date()}'
)
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 0)
def teste_get_consultas(self):
"""
Testa se lista somente as consultas que não passaram o dia e o horario
"""
url = reverse("consultas_post")
resposta = self.cliente_api.get(url)
self.assertEqual(resposta.status_code, status.HTTP_200_OK)
self.assertEqual(len(resposta.data), 4)
def teste_marcar_consulta(self):
"""
Teste o caso onde a insercao da certo
"""
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_201_CREATED)
def teste_marcar_consulta_dia_passado(self):
"""
Testa a inserção em um dia passado
"""
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_ontem.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_400_BAD_REQUEST)
def teste_marcar_consulta_mesmo_horario(self):
"""
Testa a inserção em um dia e horário que o usuário já tem outra
consulta marcada no mesmo dia e horario
"""
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_201_CREATED)
# marcando consulta para o mesmo dia e horarios para esse usuario
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_400_BAD_REQUEST)
def teste_marcar_consulta_horario_ocupado(self):
"""
Testa a inserção em um dia e horário que já está ocupado por
outro usuario
"""
url = reverse("consultas_post")
resposta = self.cliente_api.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_201_CREATED)
# usuario teste tenta marcar a consulta no mesmo dia e horario
# do usuário api
url = reverse("consultas_post")
resposta = self.cliente_teste.post(url, {
"agenda_id": self.agenda_amanha.pk,
"horario": "14:00"
})
self.assertEqual(resposta.status_code, status.HTTP_400_BAD_REQUEST)
def teste_desmarcar_consulta(self):
"""
Testa o caso de sucesso da desmarcação de consulta
"""
url = f'{reverse("consultas_post")}{self.pk_consulta}/'
resposta = self.cliente_api.delete(url)
self.assertEqual(resposta.status_code, status.HTTP_204_NO_CONTENT)
def teste_desmacar_consulta_inexistente(self):
"""
Testa caso onde tenta desmarcar uma consulta que não existe
"""
url = f'{reverse("consultas_post")}546846/'
resposta = self.cliente_api.delete(url)
self.assertEqual(resposta.status_code, status.HTTP_404_NOT_FOUND)
def teste_desmacar_consulta_do_outro(self):
"""
Testa caso onde um usuario manda um delete para uma consulta
que existe, mas não pertence a ele
"""
url = f'{reverse("consultas_post")}{self.pk_consulta}/'
resposta = self.cliente_teste.delete(url)
self.assertEqual(resposta.status_code, status.HTTP_404_NOT_FOUND)
def teste_desmarcar_consulta_passada(self):
"""
Testa caso onde o usuario tenta desmarcar uma consulta
que ja aconteceu
"""
url = f'{reverse("consultas_post")}{self.consulta_passada.pk}/'
resposta = self.cliente_teste.delete(url)
self.assertEqual(resposta.status_code, status.HTTP_404_NOT_FOUND)
class OwnerUserAccountTest(APITestCase):
r"""
This class of tests is used for testing of following endpoints:
- Access to account's main page
- Partial Update of the account
- Create/Update/Delete of the user's own userpic
- Create/Update/Delete of the user's own documents
- Create/Update/Delete of the user's own billing addresses
- Create/Update/Delete the user's own of phones
- Changing of user's own password
- !!Deprecated: Changing of user's own username
- Tests of permissions
- Tests of access to another user's info
- Access to sub-resources like properties, etc.
"""
def setUp(self) -> None:
self.client = APIClient()
self.false_token = "adamantly"
self.token_verify_url = reverse('jwtauth:token_verify')
self.token_obtain_ulr = reverse('jwtauth:token_obtain_pair')
self.registration_url = reverse('jwtauth:register')
self.login_url = reverse('jwtauth:token_obtain_pair')
self.logout_url = reverse('jwtauth:logout')
self.logout_all_url = reverse('jwtauth:logout_all')
self.properties_create_list_url = reverse('properties:properties-list')
self.user_main_page_url = reverse('userAccount:user-details')
self.userpic_url = reverse('userAccount:userpic')
# this section of JSON bodies for the requests
self.registration_json_correct = \
{
"first_name": "test_case_fn",
"last_name": "test_case_ln",
"email": "*****@*****.**",
"password": "******",
"password2": "test_pass_test_pass"
}
# this section of JSON bodies for the responses assertion
# be advised: first account always creates with id of 1
self.main_page_payload_JSON = \
{
"id": 1,
"email": "*****@*****.**",
"userpic": "",
"first_name": "test_case_fn",
"last_name": "test_case_ln",
"middle_name": "",
"bio": "",
"timezone": "Europe/Moscow",
"is_confirmed": False,
"is_staff": False,
'two_factor_auth': False,
"dob": "1970-01-01",
"gender": "",
"properties_url": "http://testserver/api/v1/user/properties/",
"documents_url": "http://testserver/api/v1/user/documents/",
"billing_addresses_url": "http://testserver/api/v1/user/billing_addresses/",
"phones_url": "http://testserver/api/v1/user/phones/"
}
self.list_of_possible_genders = ['M', 'F', 'D']
self.list_of_possible_dobs = [
'2000-01-01',
'2002-01-01',
'01-01-2000',
]
self.response_post = self.client.post(
path=self.registration_url,
data=self.registration_json_correct,
format='json')
self.client_auth = APIClient()
self.client_not_auth = APIClient()
self.client_auth.credentials(
HTTP_AUTHORIZATION=f'Bearer {self.response_post.data["access"]}')
def test_main_page_access(self):
resp_auth = self.client_auth.get(self.user_main_page_url,
format='json')
# due to the fact that we can't really test the dates for updating and
# creating the object, we must pop them from data and then compare
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data, self.main_page_payload_JSON)
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
resp_not_auth = self.client_not_auth.get(self.user_main_page_url,
format='json')
self.assertEqual(resp_not_auth.status_code,
status.HTTP_401_UNAUTHORIZED)
def test_partial_update(self):
list_of_first_names = generate_random_list_of_strings(10, 7)
list_of_last_names = generate_random_list_of_strings(10, 10)
list_of_patronymics = generate_random_list_of_strings(10, 10)
list_of_random_bios = generate_random_list_of_strings(10, 50)
for i in range(len(list_of_first_names)):
data = {"first_name": list_of_first_names[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["first_name"],
list_of_first_names[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
for i in range(len(list_of_last_names)):
data = {"last_name": list_of_last_names[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["last_name"],
list_of_last_names[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
for i in range(len(list_of_patronymics)):
data = {"middle_name": list_of_patronymics[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["middle_name"],
list_of_patronymics[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
for i in range(len(list_of_random_bios)):
data = {"bio": list_of_random_bios[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["bio"], list_of_random_bios[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
for i in range(len(self.list_of_possible_genders) - 1):
data = {"gender": self.list_of_possible_genders[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["gender"],
self.list_of_possible_genders[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
for i in range(len(self.list_of_possible_dobs) - 1):
data = {"dob": self.list_of_possible_dobs[i]}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(resp_auth.data["dob"],
self.list_of_possible_dobs[i])
self.assertEqual(resp_auth.status_code, status.HTTP_200_OK)
data = {
"gender":
self.list_of_possible_genders[len(self.list_of_possible_genders) -
1]
}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
resp_auth.data.pop('created_at')
resp_auth.data.pop('updated_at')
self.assertEqual(
resp_auth.data["gender"],
self.list_of_possible_genders[len(self.list_of_possible_genders) -
2])
data = {
"dob":
self.list_of_possible_dobs[len(self.list_of_possible_dobs) - 1]
}
resp_auth = self.client_auth.patch(self.user_main_page_url,
data=data,
format='json')
self.assertEqual(resp_auth.status_code, status.HTTP_400_BAD_REQUEST)
def test_upload_update_userpic(self):
image1 = Image.new('RGB', (100, 100))
image2 = Image.new('RGB', (100, 100))
tmp_file1 = tempfile.NamedTemporaryFile(suffix='.jpg')
tmp_file2 = tempfile.NamedTemporaryFile(suffix='.png')
image1.save(tmp_file1)
image2.save(tmp_file2)
tmp_file1.seek(0)
resp_auth_1 = self.client_auth.put(self.userpic_url,
data={'image': tmp_file1},
format='multipart')
self.assertEqual(resp_auth_1.status_code, status.HTTP_200_OK)
self.assertIsNot(resp_auth_1.data['image'], "")
tmp_file2.seek(0)
resp_auth_2 = self.client_auth.put(self.userpic_url,
data={'image': tmp_file2},
format='multipart')
self.assertEqual(resp_auth_2.status_code, status.HTTP_200_OK)
self.assertIsNot(resp_auth_2.data['image'], "")
self.assertNotEqual(resp_auth_1.data['image'],
resp_auth_2.data['image'])
def test_delete_userpic(self):
pass
def test_access_to_documents(self):
pass
def test_create_document(self):
pass
def test_delete_document(self):
pass
def test_update_documents(self):
pass
def test_access_to_billing_addresses(self):
pass
def test_create_billing_addresses(self):
pass
def test_delete_billing_addresses(self):
pass
def test_update_billing_addresses(self):
pass
def test_access_to_phones(self):
pass
def test_create_phones(self):
pass
def test_delete_phones(self):
pass
def test_update_phones(self):
pass
def test_change_password(self):
pass
class SurgeryTest(APITestCase):
fixtures = ['testdata.json']
def setUp(self):
self.data = {
"name": 'test_11',
}
self.client = APIClient()
self.client.credentials(HTTP_tenant="test")
self.tetant_data = {"name": "test", "subdomain_prefix": "foo_bar"}
self.tenant = self.create_tenant(self.tetant_data)
self.url = reverse('surgery-list')
@staticmethod
def create_surgery(data):
return SurgeryModel.objects.get_or_create(**data)[0]
@staticmethod
def create_tenant(data):
tenant = Tenant.objects.get_or_create(**data)
return tenant[0]
def test_surgery_list(self):
# client = APIClient()
self.client.credentials(HTTP_tenant="test")
response = self.client.get(self.url)
self.assertEqual(
response.status_code, 200,
'Expected Response Code 200, received {0} instead.'.format(
response.status_code))
def test_surgery_create(self):
tenant = self.create_tenant(self.tetant_data)
# self.client.credentials(HTTP_tenant= "t1")
response = self.client.post(self.url,
data={
"name": "test_surgery",
"tenant": tenant.id
})
self.assertEqual(
response.status_code, status.HTTP_201_CREATED,
'Expected Response Code 200, received {0} instead.'.format(
response.status_code))
def test_surgery_update(self):
data = {
"name": "test_surgery1",
"tenant": self.create_tenant(self.tetant_data)
}
surgery = self.create_surgery(data)
url = reverse("surgery-detail", kwargs={"pk": surgery.id})
response = self.client.put(url,
data={
"name": "test_surgery_name_changed",
"tenant": surgery.tenant.id
})
self.assertEqual(response.data.get("name"),
"test_surgery_name_changed",
"Name not changed properly")
self.assertEqual(
response.status_code, status.HTTP_200_OK,
'Expected Response Code 200, received {0} instead.'.format(
response.status_code))
def test_surgery_delete(self):
data = {
"name": "test_surgery1",
"tenant": self.create_tenant(self.tetant_data)
}
surgery = self.create_surgery(data)
url = reverse("surgery-detail", kwargs={"pk": surgery.id})
response = self.client.delete(
url, data={"name": "test_surgery_name_changed"})
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_surgery_delete_does_not_exist(self):
data = {
"name": "test_surgery1",
"tenant": self.create_tenant(self.tetant_data)
}
surgery = self.create_surgery(data)
url = reverse("surgery-detail",
kwargs={"pk": SurgeryModel.objects.latest('id').id + 1})
response = self.client.delete(
url, data={"name": "test_surgery_name_changed"})
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class MakeANewChargeInStripe(TestCase):
def setUp(self):
self.maxDiff = None
expected_json = {
"customer_id":
"cus_842ErI0D7xCGm1",
"cards": [{
"card_id": "card_17nu9mJNKLANSXXXNZlzhQge",
"last4": "4444",
"brand": "MasterCard",
"name": u"Javier Castañeda",
"customer": {
"customer_id": "cus_842ErI0D7xCGm1",
"user": {
"id": 2,
"username": "******",
"name": None,
"last_name": None,
"second_last_name": None,
"description": None,
"email": "*****@*****.**"
}
}
}]
}
self.expected_json = json.dumps(expected_json)
stripe.api_key = settings.STRIPE_PRIVATE_KEY
self.client = APIClient()
self.client.post(reverse('api:v2:registration-list'), {
'username': '******',
'email': '*****@*****.**',
'password': '******',
'device_os': 'IOS',
'gender': 2,
},
format='json')
#
# Login the user to the platform before running every test
#
self.login_response = self.client.post(reverse('api:v2:auth-login'), {
'email': '*****@*****.**',
'password': '******',
'device_os': 'IOS'
},
format='json')
self.client.credentials(
HTTP_AUTHORIZATION=('JWT ' +
self.login_response.data.get('token')))
self.stripe_cards = []
self.stripe_customer = None
self.class_status = None
self.class_status_2 = None
self.class_status_3 = None
self.related_class = None
self.class_extension = None
self.another_class = None
self.class_subject = None
self.teacher_subject = None
self.user = None
self.another_user = None
@httpretty.activate
def create_customer_and_card(self, customer_id):
custumer_data = {
"id": "{}".format(customer_id),
"object": "customer",
"account_balance": 0,
"business_vat_id": None,
"created": 1461863006,
"currency": None,
"default_source": "card_17nu9mJNKLANSXXXNZlzhQge",
"delinquent": False,
"description": "Javier Castañeda",
"discount": None,
"email": "*****@*****.**",
"livemode": False,
"metadata": {},
"shipping": None,
"sources": {
"object":
"list",
"data": [{
"id": "card_17nu9mJNKLANSXXXNZlzhQge",
"object": "card",
"address_city": None,
"address_country": None,
"address_line1": None,
"address_line1_check": None,
"address_line2": None,
"address_state": None,
"address_zip": None,
"address_zip_check": None,
"brand": "MasterCard",
"country": "US",
"customer": "cus_8M0Z2V20QoOpMS",
"cvc_check": "pass",
"dynamic_last4": None,
"exp_month": 12,
"exp_year": 2017,
"fingerprint": "Xt5EWLLDS7FJjR1c",
"funding": "credit",
"last4": "4444",
"metadata": {},
"name": "Javier Castañeda",
"tokenization_method": None
}],
"has_more":
False,
"total_count":
1,
"url":
"/v1/customers/cus_8M0Z2V20QoOpMS/sources"
},
"subscriptions": {
"object": "list",
"data": [],
"has_more": False,
"total_count": 0,
"url": "/v1/customers/cus_8M0Z2V20QoOpMS/subscriptions"
}
}
httpretty.register_uri(
httpretty.GET,
"https://api.stripe.com/v1/customers/{}".format(customer_id),
body=json.dumps(custumer_data),
status=200)
#
# Customer created for the testing of Charges and cards
#
self.customer = stripe.Customer.retrieve(customer_id)
#
# Cards created for the testing of Charges and cards
#
self.cards = self.customer.sources.data
self.user = get_user_model().objects.create(username=customer_id,
password='******',
email='*****@*****.**',
is_teacher=True)
self.another_user = get_user_model().objects.create(
username='******', password='******', email='*****@*****.**')
#
# Create the stripeCustomer inside the database for testing
#
self.stripe_customer = StripeCustomer.objects.create(
user=self.user,
account_balance=self.customer.account_balance,
delinquent=self.customer.delinquent,
default_source=self.customer.default_source,
customer_id=self.customer.id)
self.stripe_cards = []
for card in self.cards:
self.stripe_cards.append(
StripeCard.objects.create(
customer=self.stripe_customer,
name=card.name,
address_line_1=card.address_line1,
address_line_1_check=card.address_line1_check,
address_line_2=card.address_line2,
address_city=card.address_city,
address_state=card.address_state,
address_country=card.address_country,
address_zip=card.address_zip,
address_zip_check=card.address_zip_check,
brand=card.brand,
country=card.country,
cvc_check=card.cvc_check,
dynamic_last4=card.dynamic_last4,
tokenization_method=card.tokenization_method,
exp_month=card.exp_month,
exp_year=card.exp_year,
funding=card.funding,
last4=card.last4,
fingerprint=card.fingerprint,
card_id=card.id))
self.class_status = ClassStatus.objects.create(
name="status", description="status")
self.class_status_2 = ClassStatus.objects.create(
name="status2", description="status2")
self.class_status_3 = ClassStatus.objects.create(
name="acecpted", description="acecpted")
self.class_subject = Subject.objects.create(name="subject",
description="subject",
price_per_hour=9.99)
self.teacher_subject = SubjectTeacher.objects.create(
teacher=self.user, subject=self.class_subject, status=True)
self.related_class = Class.objects.create(
class_start_date="2016-07-14 20:00:52.921276+00:00",
teacher=self.user,
student=self.user,
subject=self.class_subject,
class_status=self.class_status,
class_detail="testing class",
participants=1,
class_time=time(hour=1, minute=0),
time_zone_conf=5,
location=(u"SRID=4326;POINT "
u"(19.4619810000000015 -99.1511504000000059)"))
self.class_extension_1 = RequestClassExtensionTime.objects.create(
class_request=self.related_class, time=time(0, 30, 0, 0))
self.another_class = Class.objects.create(
class_start_date="2016-07-14 20:00:52.921276+00:00",
teacher=self.another_user,
student=self.another_user,
subject=self.class_subject,
class_status=self.class_status_2,
class_time=time(hour=1, minute=0),
class_detail="testing class",
participants=2,
time_zone_conf=5,
location=(u"SRID=4326;POINT "
u"(19.4619810000000015 -99.1511504000000059)"))
self.class_extension_2 = RequestClassExtensionTime.objects.create(
class_request=self.another_class, time=time(0, 30, 0, 0))
def tearDown(self):
if self.class_status:
self.class_status.delete()
if self.class_subject:
self.class_subject.delete()
if self.related_class:
self.related_class.delete()
if self.another_class:
self.another_class.delete()
if self.stripe_cards:
for card in self.stripe_cards:
card.delete()
if self.stripe_customer:
self.stripe_customer.delete()
@httpretty.activate
def test_the_user_should_be_able_to_create_a_new_charge(self):
charges_data = {
"id": "ch_185IYD2eZvKYlo2CiprQHol4",
"object": "charge",
"amount": 2000,
"amount_refunded": 0,
"application_fee": None,
"balance_transaction": "txn_185IYD2eZvKYlo2CeR0Oax5g",
"captured": True,
"created": 1461863021,
"currency": "usd",
"customer": "cus_842ErI0D7xCGm1",
"description": None,
"destination": None,
"dispute": None,
"failure_code": None,
"failure_message": None,
"fraud_details": {},
"invoice": None,
"livemode": False,
"metadata": {},
"order": None,
"paid": True,
"receipt_email": None,
"receipt_number": None,
"refunded": False,
"refunds": {
"object": "list",
"data": [],
"has_more": False,
"total_count": 0,
"url": "/v1/charges/ch_185IYD2eZvKYlo2CiprQHol4/refunds"
},
"shipping": None,
"source": {
"id": "card_17nu9mJNKLANSXXXNZlzhQge",
"object": "card",
"address_city": None,
"address_country": None,
"address_line1": None,
"address_line1_check": None,
"address_line2": None,
"address_state": None,
"address_zip": None,
"address_zip_check": None,
"brand": "Visa",
"country": "US",
"customer": "cus_842ErI0D7xCGm1",
"cvc_check": "pass",
"dynamic_last4": None,
"exp_month": 12,
"exp_year": 2017,
"fingerprint": "Xt5EWLLDS7FJjR1c",
"funding": "credit",
"last4": "4242",
"metadata": {},
"name": "Javier Castañeda",
"tokenization_method": None
},
"source_transfer": None,
"statement_descriptor": None,
"status": "succeeded"
}
httpretty.register_uri(httpretty.POST,
"https://api.stripe.com/v1/charges",
body=json.dumps(charges_data),
status=201)
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Create a new charge for the user
#
response = self.client.post(reverse('api:v1:stripe-charges-list'), {
'currency': 'usd',
'customer_id': self.customer.id,
'description': 'testing charge',
'class_id': self.related_class.id
},
format='json')
#
# If everything was correct the answer should be a 201 http response
# with a success message and a charge id. If the charge was created in
# Stripe then is possible to retrieve it
#
self.assertEqual(response.status_code, 201)
# Testing information returned from the serializer.
self.assertEqual(response.data.get('amount'), "9.99")
# Checking related class information.
data = response.data
self.assertEqual(data['related_class']['id'], 1)
self.assertEqual(data['related_class']['teacher'], 2)
self.assertEqual(data['related_class']['student'], 2)
self.assertEqual(data['related_class']['subject']['id'], 1)
# Testing the spected information against the stripe charge
# information.
created_charge = stripe.Charge.retrieve(response.data.get('charge_id'))
self.assertEqual(created_charge.amount, 999)
self.assertEqual(created_charge.currency, 'usd')
self.assertEqual(created_charge.description, 'testing charge')
self.assertEqual(created_charge.amount_refunded, 0)
def test_customer_detail_information_by_user_id(self):
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Getting the customer information.
#
response = self.client.get(reverse('api:v1:stripe-customers-detail',
kwargs={'pk': 2}),
format='json')
self.assertJSONEqual(response.content, self.expected_json)
def test_customer_detail_information_by_customer_id(self):
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Getting the customer information.
#
response = self.client.get(reverse('api:v1:stripe-customers-detail',
kwargs={'pk': self.customer.id}),
format='json')
self.assertJSONEqual(response.content, self.expected_json)
@httpretty.activate
def test_address_line1_is_incorrect_for_the_card(self):
"""
This test is designed for the card with number 4000 0000 0000 0010
where the address_line1 and address_zip are incorrect to check that
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
charges_data = {
"id": "ch_185IYD2eZvKYlo2CiprQHol4",
"object": "charge",
"amount": 2000,
"amount_refunded": 0,
"application_fee": None,
"balance_transaction": "txn_185IYD2eZvKYlo2CeR0Oax5g",
"captured": True,
"created": 1461863021,
"currency": "usd",
"customer": "cus_842ErI0D7xCGm1",
"description": None,
"destination": None,
"dispute": None,
"failure_code": None,
"failure_message": None,
"fraud_details": {},
"invoice": None,
"livemode": False,
"metadata": {},
"order": None,
"paid": True,
"receipt_email": None,
"receipt_number": None,
"refunded": False,
"refunds": {
"object": "list",
"data": [],
"has_more": False,
"total_count": 0,
"url": "/v1/charges/ch_185IYD2eZvKYlo2CiprQHol4/refunds"
},
"shipping": None,
"source": {
"id": "card_17nu9mJNKLANSXXXNZlzhQge",
"object": "card",
"address_city": None,
"address_country": None,
"address_line1": None,
"address_line1_check": None,
"address_line2": None,
"address_state": None,
"address_zip": None,
"address_zip_check": None,
"brand": "Visa",
"country": "US",
"customer": "cus_842ErI0D7xCGm1",
"cvc_check": "pass",
"dynamic_last4": None,
"exp_month": 12,
"exp_year": 2017,
"fingerprint": "Xt5EWLLDS7FJjR1c",
"funding": "credit",
"last4": "4242",
"metadata": {},
"name": "Javier Castañeda",
"tokenization_method": None
},
"source_transfer": None,
"statement_descriptor": None,
"status": "succeeded"
}
httpretty.register_uri(httpretty.POST,
"https://api.stripe.com/v1/charges",
body=json.dumps(charges_data),
status=201)
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Create a new charge for the user
#
response = self.client.post(reverse('api:v1:stripe-charges-list'), {
'currency': 'usd',
'customer_id': self.customer.id,
'description': 'testing charge',
'class_id': self.related_class.id
},
format='json')
#
# If everything was correct the answer should be a 201 http response
# with a success message and a charge id. If the charge was cerated in
# Stripe then is possible to retrieve it
#
# Testing information returned from the serializer.
self.assertEqual(response.data['amount'], "9.99")
# Checking related class information.
self.assertEqual(response.data['related_class']['id'], 1)
self.assertEqual(response.data['related_class']['teacher'], 2)
self.assertEqual(response.data['related_class']['student'], 2)
self.assertEqual(response.data['related_class']['subject']['id'], 1)
created_charge = stripe.Charge.retrieve(response.data.get('charge_id'))
self.assertEqual(created_charge.amount, 999)
self.assertEqual(created_charge.currency, 'usd')
self.assertEqual(created_charge.description, 'testing charge')
self.assertEqual(created_charge.amount_refunded, 0)
self.assertEqual(created_charge.source.address_line1_check, None)
def test_address_line1_is_unavailable_for_the_card(self):
"""
This test is designed for the card with number 4000 0000 0000 0044
where the address_line1 and address_zip are unavailable to check that
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
charges_data = {
"id": "ch_185IYD2eZvKYlo2CiprQHol4",
"object": "charge",
"amount": 2000,
"amount_refunded": 0,
"application_fee": None,
"balance_transaction": "txn_185IYD2eZvKYlo2CeR0Oax5g",
"captured": True,
"created": 1461863021,
"currency": "usd",
"customer": "cus_842ErI0D7xCGm1",
"description": None,
"destination": None,
"dispute": None,
"failure_code": None,
"failure_message": None,
"fraud_details": {},
"invoice": None,
"livemode": False,
"metadata": {},
"order": None,
"paid": True,
"receipt_email": None,
"receipt_number": None,
"refunded": False,
"refunds": {
"object": "list",
"data": [],
"has_more": False,
"total_count": 0,
"url": "/v1/charges/ch_185IYD2eZvKYlo2CiprQHol4/refunds"
},
"shipping": None,
"source": {
"id": "card_17nu9mJNKLANSXXXNZlzhQge",
"object": "card",
"address_city": None,
"address_country": None,
"address_line1": None,
"address_line1_check": None,
"address_line2": None,
"address_state": None,
"address_zip": None,
"address_zip_check": None,
"brand": "Visa",
"country": "US",
"customer": "cus_842ErI0D7xCGm1",
"cvc_check": "pass",
"dynamic_last4": None,
"exp_month": 12,
"exp_year": 2017,
"fingerprint": "Xt5EWLLDS7FJjR1c",
"funding": "credit",
"last4": "4242",
"metadata": {},
"name": "Javier Castañeda",
"tokenization_method": None
},
"source_transfer": None,
"statement_descriptor": None,
"status": "succeeded"
}
httpretty.register_uri(httpretty.POST,
"https://api.stripe.com/v1/charges",
body=json.dumps(charges_data),
status=201)
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Create a new charge for the user
#
response = self.client.post(reverse('api:v1:stripe-charges-list'), {
'currency': 'usd',
'customer_id': self.customer.id,
'description': 'testing charge',
'class_id': 1
},
format='json')
#
# If everything was correct the answer should be a 201 http response
# with a success message and a charge id. If the charge was cerated in
# Stripe then is possible to retrieve it
#
self.assertEqual(response.status_code, 201)
# Testing information returned from the serializer.
self.assertEqual(response.data['amount'], "9.99")
# Checking related class information.
self.assertEqual(response.data['related_class']['id'], 1)
self.assertEqual(response.data['related_class']['teacher'], 2)
self.assertEqual(response.data['related_class']['student'], 2)
self.assertEqual(response.data['related_class']['subject']['id'], 1)
created_charge = stripe.Charge.retrieve(response.data.get('charge_id'))
self.assertEqual(created_charge.amount, 999)
self.assertEqual(created_charge.currency, 'usd')
self.assertEqual(created_charge.description, 'testing charge')
self.assertEqual(created_charge.amount_refunded, 0)
self.assertEqual(created_charge.source.address_line1_check, None)
@httpretty.activate
def test_a_charge_is_not_created_when_the_card_is_declined(self):
"""
This test is designed for the card with number 4000 0000 0000 0019
where the card is denied to check that
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
httpretty.register_uri(
httpretty.POST,
"https://api.stripe.com/v1/charges",
body="{'error_message':'Your card was declined.'}",
status=400)
self.create_customer_and_card('cus_85ZAFMAAcIMWZW')
#
# Create a new charge for the user
#
response = self.client.post(
reverse('api:v1:stripe-charges-list'), {
'amount': 1050,
'currency': 'usd',
'customer_id': self.customer.id,
'description': 'testing charge',
'class_id': self.related_class.id
})
# #
# # The expected answer should be a 500 http response
# # with a error message and a error code.
# #
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data.get('error_message'),
"Your card was declined.")
# self.assertEqual(
# response.data.get('error_code'),
# 'card_declined'
# )
def test_a_customer_is_not_created_when_the_cvc_code_is_incorrect(self):
"""
This test is designed for the card with number 4000 0000 0000 0127
where the cvc code is incorrect
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
with self.assertRaises(stripe.error.CardError):
stripe.Customer.create(source='tok_17pNKiJNKLANSXXXMRIWbCuX',
description='incorrect cvc code')
def test_a_customer_is_not_created_when_the_card_is_declines(self):
"""
This test is designed for the card with number 4000 0000 0000 0002
where the card is declined
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
with self.assertRaises(stripe.error.CardError):
stripe.Customer.create(source='tok_17pNHmJNKLANSXXXBIeWhGvi',
description='card declined')
def test_a_customer_is_not_created_when_the_card_has_expired(self):
"""
This test is designed for the card with number 4000 0000 0000 0069
where the card is declined
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
with self.assertRaises(stripe.error.CardError):
stripe.Customer.create(source='tok_17pNLzJNKLANSXXXIjkm6Iub',
description='card expired')
def test_a_customer_is_not_created_when_there_is_a_processing_error(self):
"""
This test is designed for the card with number 4000 0000 0000 0119
where the card is declined
the error message is managed correctly. All the customers where
created with the console, if there is a problem with the customer
a new token should be generated, a new customer created and the
customer_id should be replaced.
"""
with self.assertRaises(stripe.error.CardError):
stripe.Customer.create(source='tok_17pNMhJNKLANSXXX2j2KPc68',
description='processing error')
def test_student_without_a_stripe_customer_cant_receive_a_class(self):
"""
A user that doesn't have a customer account, avoid teacher to accept
the class.
"""
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Trying to change the state of the class to accepted
#
response = self.client.patch(
reverse('api:v1:class-detail',
kwargs={'pk': self.another_class.id}), {'class_status': 3},
format='json')
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data.get('error_message'),
"Student doesn't have a stripe customer account.")
def test_student_with_a_stripe_customer_can_receive_a_class(self):
"""
A user that does have a customer account, allows a teacher to accept
a class and generate a stripe charge.
"""
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Trying to change the state of the class to accepted
#
response = self.client.patch(
reverse('api:v1:class-detail',
kwargs={'pk': self.related_class.id}), {'class_status': 3},
format='json')
# A charge was created so, the state should be 201.
self.assertEqual(response.status_code, 200)
# Testing information returned from the serializer.
self.assertEqual(response.data['amount'], "9.99")
# Checking related class information.
self.assertEqual(response.data['related_class']['id'], 1)
self.assertEqual(response.data['related_class']['teacher'], 2)
self.assertEqual(response.data['related_class']['student'], 2)
self.assertEqual(response.data['related_class']['subject']['id'], 1)
created_charge = stripe.Charge.retrieve(response.data.get('charge_id'))
self.assertEqual(created_charge.amount, 999)
self.assertEqual(created_charge.currency, 'usd')
self.assertEqual(created_charge.description,
'class:1 customer:cus_842ErI0D7xCGm1 amount:9.99')
self.assertEqual(created_charge.amount_refunded, 0)
self.assertEqual(created_charge.source.address_line1_check, None)
created_charge = stripe.Charge.retrieve(response.data.get('charge_id'))
self.assertEqual(created_charge.amount, 999)
self.assertEqual(created_charge.currency, 'usd')
schedule_class = Class.objects.get(id=1)
# Description used in the stripe charge.
charge_description = generate_charge_description(
schedule_class,
schedule_class.teacher.price_per_hour(schedule_class.subject.id))
self.assertEqual(created_charge.description, charge_description)
self.assertEqual(created_charge.amount_refunded, 0)
self.assertEqual(created_charge.source.address_line1_check, None)
def test_student_without_a_stripe_customer_cant_receive_a_extension(self):
"""
A user that doesn't have a customer account, avoid him to accept a
class extension.
"""
self.create_customer_and_card('cus_842ErI0D7xCGm1')
#
# Trying to change the state of the class extension to accepted.
#
response = self.client.patch(reverse(
'api:v1:request-class-extension-time-detail',
kwargs={'pk': self.class_extension_2.id}), {'accepted': True},
format='json')
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data.get('error_message'),
"Student doesn't have a stripe customer account.")
class TestOutlookTokens(TestCase):
"""
Unit Test case class for Outlook Tokens.
"""
OUTLOOK_AUTH_CODE = settings.OUTLOOK_AUTH_CODE
OUTLOOK_REFRESH_TOKEN = settings.OUTLOOK_REFRESH_TOKEN
OUTLOOK_DETAILS = {
"client_id": '2e36be5f-0040-4f0d-bbef-12787ddc158b',
"client_secret": '.5JwU-O9E_lY~uYUha5.3~dAUx3_0p_wu2',
"tenant_id": 'cc6b2eea-c864-4839-85f5-94736facc3be',
"redirect_uri": 'http://*****:*****@mail.com'
}
User.objects.create_superuser(**self.credentials)
self.client = APIClient()
response = self.client.post('http://localhost:8000/api-token-auth/', {
'username': self.credentials['username'],
"password": self.credentials['password']
},
format='json')
self.token = response.json()['token']
self.client.credentials(HTTP_AUTHORIZATION=self.token)
def test_outlook_token(self):
"""
Unit test cases for token generation.
"""
post_data_auth_code = {
'grant_type': 'authorization_code',
'code': self.OUTLOOK_AUTH_CODE,
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
post_data_refresh_token = {
'grant_type': 'refresh_token',
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'refresh_token': self.OUTLOOK_REFRESH_TOKEN,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
if self.OUTLOOK_REFRESH_TOKEN is not None:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_refresh_token)
response = r.json()
token_response = "Token Generated" if 'refresh_token' in response.keys(
) else "Token Not Generated"
else:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_auth_code)
response = r.json()
self.assertEqual(token_response, "Token Generated")
self.assertEqual(status.HTTP_200_OK, r.status_code)
def test_outlook_invalid_token(self):
"""
Unit test cases for expired token.
"""
OUTLOOK_REFRESH_INVALID_TOKEN = "0.AAAA6i5rzGTIOUiF9ZRzb6zDvl--Ni5AAA1Pu-8SeH3cFYtYAPE.AgABAAAAAAAGV_bv21oQQ4ROqh0_1-tAAQDs_wIA9P_OGYOVkWs4tpIDhO-WGf7nByalMDx2UuJbtBaJbIK0DCEM2pWIsrQDjP7ilTC2fNH_qtuETWAfQV1FincmGBBJ_CHP00qAwvfOAuv488gTSCU4eezpajvAIER2LC50q6HghAEBJRLZ2t-EdHD9KeJYsASzwpYMODUMLug7c1geD_oTI_est_6hHdTnn8nUrLo5jwUJWiWLLlwTzcQUswYnMjTCmr3tACvWi5gaRxJJwsQ3CQJQOye6v9g6lDpyqLC8OweL1ZsvwW4-xabeov8NKeFYLTIblt0CV9NApsog6ncexWQ0HRdrkmxiMLZv3jrD5FiFL0JywgekwxJtJyR47MPbZzjpJb6RkZs3tKPYUA9NT3NRqDBeVIDYD7aQfGNLB0zDn-ux41tuqjo7CtieBv7CwQb-9KrcSMXszlKvmMgbHikesUX2JFFF3QrXXY7yaKaQaI3h9cgUkJdf6WgkyZAnoqFZlqtFgxp3TWnO-x2mfT27fcKwxiAlbnG6XsXvtivXu7YHSjSFfhqNvgRCqbw0IDkeGTJIdsmCSh1NNtCy4iVE7d4uarmSh3I27selzPTOqZVoMAHvUd5I6TMzCNV-s1Rj0Ov5dTX5n33QYIG4LKxSWYL-gdGgZlAtQkW74o7e9CWggt2dpbziEsCyDgf-OufRmSqPHZruDOUqmJCdGroT5kvicydQBOObKPz5RbU8pelI_T5JVWQxJA1CMIrBlt8ihtKtrpKbI-BSsUJiYSJ65A0sTYMHVcvk_gcjzgkX4Ifi4ULQHzF9zlyCRdJAb8g2ccWaoCmUdm6kVY_iBt6XrhQ8PC1s0kriSi-fPkyj7-xYGXZrOR26Zv7r4Fgq1KFsbC0O79GnkMrOD_x4Szu0wHYQAzdOk37uAFOg93BRbbHf3RBXZqDfLlEJr_h4YIut6qW8zzRHgwK0ARMm4D3juhtCShyMrA0G1TjuRhUEsMWef4ALXA"
post_data_auth_code = {
'grant_type': 'authorization_code',
'code': self.OUTLOOK_AUTH_CODE,
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
post_data_refresh_token = {
'grant_type': 'refresh_token',
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'refresh_token': OUTLOOK_REFRESH_INVALID_TOKEN,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
if self.OUTLOOK_REFRESH_TOKEN is not None:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_refresh_token)
response = r.json()
token_response = "invalid_grant" if 'error' in response.keys(
) else "Valid Token"
else:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_auth_code)
response = r.json()
self.assertEqual(token_response, "invalid_grant")
self.assertNotEqual(status.HTTP_200_OK, r.status_code)
def test_outlook_token_negative(self):
"""
Unit test case for token repeatation
"""
post_data_auth_code = {
'grant_type': 'authorization_code',
'code': self.OUTLOOK_AUTH_CODE,
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
post_data_refresh_token = {
'grant_type': 'refresh_token',
'redirect_uri': self.OUTLOOK_DETAILS['redirect_uri'],
'scope': self.OUTLOOK_SCOPES,
'refresh_token': self.OUTLOOK_REFRESH_TOKEN,
'client_id': self.OUTLOOK_DETAILS['client_id'],
'client_secret': self.OUTLOOK_DETAILS['client_secret']
}
if self.OUTLOOK_REFRESH_TOKEN is not None:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_refresh_token)
token_before = r.json()
time.sleep(10)
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_refresh_token)
token_after = r.json()
else:
r = requests.post(settings.OUTLOOK_TOKEN_URL,
data=post_data_auth_code)
response = r.json()
self.assertNotEqual(token_before['refresh_token'],
token_after['refresh_token'])
self.assertEqual(status.HTTP_200_OK, r.status_code)
def test_remove_provider_with_non_customer_user(self):
"""
Test removing a provider with the user account that does not belong to the customer group.
PermissionDenied is expected.
"""
# Get the customer owner token so a regular user can be created
user_name = self.customer_data[0]['owner']['username']
user_pass = self.customer_data[0]['owner']['password']
owner_token = self.get_token(user_name, user_pass)
# Create a regular user and get the user's token
user_data = {
'username': '******',
'password': '******',
'email': '*****@*****.**'
}
user = self.create_user(owner_token, user_data)
self.assertEquals(user.status_code, 201)
user_token = self.get_token(user_data['username'],
user_data['password'])
# Create a Provider as a regular user
iam_arn = 'arn:aws:s3:::my_s3_bucket'
bucket_name = 'my_s3_bucket'
response = self.create_provider(bucket_name, iam_arn, user_token)
self.assertEqual(response.status_code, 201)
# Verify that the Provider creation was successful
json_result = response.json()
self.assertIsNotNone(json_result.get('uuid'))
self.assertIsNotNone(json_result.get('customer'))
self.assertEqual(
json_result.get('customer').get('name'),
self.customer_data[0].get('name'))
self.assertIsNotNone(json_result.get('created_by'))
self.assertEqual(
json_result.get('created_by').get('username'),
user_data['username'])
# Create a regular user that belongs to a different customer
other_owner_token = self.get_token(
self.customer_data[1]['owner']['username'],
self.customer_data[1]['owner']['password'])
other_user_data = {
'username': '******',
'password': '******',
'email': '*****@*****.**'
}
other_user = self.create_user(other_owner_token, other_user_data)
self.assertEquals(other_user.status_code, 201)
other_user_token = self.get_token(other_user_data['username'],
other_user_data['password'])
# Remove Provider as the regular user that belongs to the other company
url = reverse('provider-detail', args=[json_result.get('uuid')])
client = APIClient()
client.credentials(HTTP_AUTHORIZATION=other_user_token)
response = client.delete(url)
self.assertEqual(response.status_code, 403)
class TestAPITestClient(TestCase):
def setUp(self):
self.client = APIClient()
def test_credentials(self):
"""
Setting `.credentials()` adds the required headers to each request.
"""
self.client.credentials(HTTP_AUTHORIZATION='example')
for _ in range(0, 3):
response = self.client.get('/view/')
self.assertEqual(response.data['auth'], 'example')
def test_force_authenticate(self):
"""
Setting `.force_authenticate()` forcibly authenticates each request.
"""
user = User.objects.create_user('example', '*****@*****.**')
self.client.force_authenticate(user)
response = self.client.get('/view/')
self.assertEqual(response.data['user'], 'example')
def test_force_authenticate_with_sessions(self):
"""
Setting `.force_authenticate()` forcibly authenticates each request.
"""
user = User.objects.create_user('example', '*****@*****.**')
self.client.force_authenticate(user)
# First request does not yet have an active session
response = self.client.get('/session-view/')
self.assertEqual(response.data['active_session'], False)
# Subsequent requests have an active session
response = self.client.get('/session-view/')
self.assertEqual(response.data['active_session'], True)
# Force authenticating as `None` should also logout the user session.
self.client.force_authenticate(None)
response = self.client.get('/session-view/')
self.assertEqual(response.data['active_session'], False)
def test_csrf_exempt_by_default(self):
"""
By default, the test client is CSRF exempt.
"""
User.objects.create_user('example', '*****@*****.**', 'password')
self.client.login(username='******', password='******')
response = self.client.post('/view/')
self.assertEqual(response.status_code, 200)
def test_explicitly_enforce_csrf_checks(self):
"""
The test client can enforce CSRF checks.
"""
client = APIClient(enforce_csrf_checks=True)
User.objects.create_user('example', '*****@*****.**', 'password')
client.login(username='******', password='******')
response = client.post('/view/')
expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, expected)
def test_can_logout(self):
"""
`logout()` resets stored credentials
"""
self.client.credentials(HTTP_AUTHORIZATION='example')
response = self.client.get('/view/')
self.assertEqual(response.data['auth'], 'example')
self.client.logout()
response = self.client.get('/view/')
self.assertEqual(response.data['auth'], b'')
def test_logout_resets_force_authenticate(self):
"""
`logout()` resets any `force_authenticate`
"""
user = User.objects.create_user('example', '*****@*****.**',
'password')
self.client.force_authenticate(user)
response = self.client.get('/view/')
self.assertEqual(response.data['user'], 'example')
self.client.logout()
response = self.client.get('/view/')
self.assertEqual(response.data['user'], '')
def test_follow_redirect(self):
"""
Follow redirect by setting follow argument.
"""
response = self.client.get('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.get('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
response = self.client.post('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.post('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
response = self.client.put('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.put('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
response = self.client.patch('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.patch('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
response = self.client.delete('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.delete('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
response = self.client.options('/redirect-view/')
self.assertEqual(response.status_code, 302)
response = self.client.options('/redirect-view/', follow=True)
self.assertIsNotNone(response.redirect_chain)
self.assertEqual(response.status_code, 200)
def test_invalid_multipart_data(self):
"""
MultiPart encoding cannot support nested data, so raise a helpful
error if the user attempts to do so.
"""
self.assertRaises(AssertionError,
self.client.post,
path='/view/',
data={
'valid': 123,
'invalid': {
'a': 123
}
})
def auth_api_client(create_token):
from rest_framework.test import APIClient
api_client = APIClient()
api_client.credentials(HTTP_AUTHORIZATION='Token ' + create_token.key)
return api_client
class RecipeViewSetTest(TestCase):
def setUp(self):
path_dir = pathlib.Path().absolute()
load_dotenv(os.path.join(path_dir, '.env'))
self.API_URL = os.getenv('API_BASE')
self.chef = ChefUser.objects.create(username="******",
first_name="Alvo",
last_name="Dumbledore",
email="*****@*****.**",
password="******")
self.client = APIClient()
self.refresh = RefreshToken.for_user(self.chef)
self.client.credentials(
HTTP_AUTHORIZATION=f'Bearer {self.refresh.access_token}')
Recipe.objects.create(
title="Pão de aveia",
ingredients="1 ovo, 2 colheres de farinha de aveia, pitada de sal",
preparation_mode=
"Mistura todos os ingredientes e coloque na figideira.",
chef=self.chef)
def test_create_recipe(self):
data = {
"title":
"Mousse de Chocolate Funcional",
"ingredients":
"1 abacate, 2 bananas maduras e cacau em pó 100%.",
"preparation_mode":
"Bata todos os ingredientes no liquidificador e depois coloque na geladeira."
}
response = self.client.post('{0}api/recipes/'.format(self.API_URL),
data,
format='json')
self.assertEquals(response.status_code, 201)
def test_return_list_recipes(self):
response = self.client.get('{0}api/recipes/'.format(self.API_URL),
format='json')
encoded_recipe = json.dumps(response.data)
decoded_recipe = json.loads(encoded_recipe)
value = next((True for recipe in decoded_recipe
if recipe['title'] == 'Pão de aveia'), None)
self.assertEquals(value, True)
self.assertEquals(response.status_code, 200)
def test_get_recipe_by_id(self):
response = self.client.get('{0}api/recipes/1/'.format(self.API_URL),
format='json')
self.assertEquals(response.data['title'], 'Pão de aveia')
def test_update_recipe(self):
data = {"title": "Pão de aveia funcional"}
response = self.client.put('{0}api/recipes/1/'.format(self.API_URL),
data,
format='json')
self.assertEquals(response.data['title'], 'Pão de aveia funcional')
def test_delete_recipe(self):
response = self.client.delete('{0}api/recipes/1/'.format(self.API_URL))
recipes = Recipe.objects.all()
self.assertEquals(len(recipes), 0)
self.assertEquals(response.status_code, 204)
def test_search_recipes_chef(self):
data = {"search": "Alvo"}
response = self.client.post(reverse('recipes_chef'),
data,
format='json')
encoded_recipe = json.dumps(response.data)
decoded_recipe = json.loads(encoded_recipe)
self.assertEquals(decoded_recipe[0]['title'], 'Pão de aveia')
self.assertEquals(response.status_code, 200)
def test_search_recipe(self):
data = {"search": "aveia"}
response = self.client.post(reverse('search_recipe'),
data,
format='json')
encoded_recipe = json.dumps(response.data)
decoded_recipe = json.loads(encoded_recipe)
self.assertEquals(decoded_recipe[0]['title'], 'Pão de aveia')
self.assertEquals(response.status_code, 200)
class TestBlockUserViews(TestCase):
def setUp(self):
self.client = APIClient()
self.block_user_url = reverse('block')
self.example_user1 = User(username='******')
self.example_user1.set_password('pass')
self.example_user1.save()
self.example_user2 = User(username='******')
self.example_user2.set_password('pass')
self.example_user2.save()
self.response = self.client.post('/api/authentication/token/', {
'username': "******",
'password': "******"
},
format='multipart')
self.access_token = self.response.data['access']
def test_block_a_user_with_no_data(self):
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' +
self.access_token)
resp = self.client.post(self.block_user_url, {}, format='multipart')
self.assertEqual(resp.data,
{"blocked_id": ["This field is required."]})
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
def test_block_a_user(self):
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' +
self.access_token)
resp = self.client.post(self.block_user_url,
{'blocked_id': self.example_user2.pk},
format='multipart')
self.assertEqual(resp.data, {'blocked_instance'})
self.assertEqual(resp.status_code, status.HTTP_201_CREATED)
def test_block_non_existed_user(self):
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' +
self.access_token)
resp = self.client.post(self.block_user_url, {'blocked_id': 10000},
format='multipart')
self.assertEqual(resp.data, {"blocked_id": ["not exists"]})
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
def test_block_already_blocked_user(self):
blocked_instance = UserBlacklist(user=self.example_user1,
blocked_user=self.example_user2)
blocked_instance.save()
print('done')
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' +
self.access_token)
resp = self.client.post(self.block_user_url,
{'blocked_id': self.example_user2.pk},
format='multipart')
print('blocked_id')
self.assertEqual(resp.data, {"blocked_id": "already blocked"})
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
class ViewTestCase(TestCase):
"""Test suite for the api views."""
def setUp(self):
"""Define the test client and other test variables."""
self.client = APIClient()
self.initialize_data = {
'customer_xid': 'ea0212d3-abd6-406f-8c67-868e814a2436'
}
self.response = self.client.post(reverse('mini_wallet:init_wallet'),
self.initialize_data,
format="json")
response_json = self.response.json()
self.api_token = response_json['data']['token']
def test_api_can_init_wallet(self):
"""Test the api has initialize account for wallet."""
# print(self.response.json())
self.assertEqual(self.response.status_code, status.HTTP_200_OK)
def test_api_can_get_wallet_balance(self):
"""Test the api has get wallet balance for wallet."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
wallet_response = self.client.get(reverse('mini_wallet:wallet'),
format="json")
self.assertEqual(wallet_response.status_code, status.HTTP_200_OK)
def test_api_can_enable_wallet(self):
"""Test the api can enable wallet."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
self.client.patch(reverse('mini_wallet:wallet'), format="json")
wallet_response = self.client.post(reverse('mini_wallet:wallet'),
format="json")
self.assertEqual(wallet_response.status_code, status.HTTP_200_OK)
def test_api_can_disable_wallet(self):
"""Test the api can disable wallet."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
self.client.post(reverse('mini_wallet:wallet'), format="json")
wallet_response = self.client.patch(reverse('mini_wallet:wallet'),
format="json")
# print(wallet_response.json())
self.assertEqual(wallet_response.status_code, status.HTTP_200_OK)
def test_api_can_credit_transaction(self):
"""Test the api can credit transaction."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
data = {
'amount': 100,
'reference_id': '50535246-dcb2-4929-8cc9-004ea06f5241'
}
response = self.client.post(reverse('mini_wallet:wallet_transaction',
kwargs={'category': 'deposits'}),
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_api_can_debit_transaction(self):
"""Test the api can debit transaction."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
data = {
'amount': 100,
'reference_id': '50535246-dcb2-4929-8cc9-004ea06f5241'
}
response = self.client.post(reverse('mini_wallet:wallet_transaction',
kwargs={'category':
'withdrawals'}),
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_api_check_validate_transaction(self):
"""Test the api can debit transaction."""
self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.api_token)
data = {
'amount': 100,
'reference_id': '50535246-dcb2-4929-8cc9-004ea06f52411111111111111'
}
response = self.client.post(reverse('mini_wallet:wallet_transaction',
kwargs={'category':
'withdrawals'}),
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
data = {'amount': '', 'reference_id': ''}
response = self.client.post(reverse('mini_wallet:wallet_transaction',
kwargs={'category':
'withdrawals'}),
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_with_correct_secret(self):
client = APIClient()
client.credentials(HTTP_SECRET=settings.API_SECRET)
response = client.get("/api/v1/levels/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
