Example #1
0
    def test_change_password(self):
        """Change the current user's password."""

        # Create a user.
        token = create_and_login()

        # Try changing the password.
        response = self.client.post(
            PASSWORD_URL,
            json.dumps({"current_password": TEST_USER[2],
                        "new_password": "******"}),
            content_type="application/json",
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_200_OK)

        # Test logging in using the new password.
        login(TEST_USER[0], "boom")

        # Verify that we can't log in using the old password.
        response = self.client.post(LOGIN_URL,
                                    {"username": TEST_USER[0],
                                     "password": TEST_USER[2]})

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)
Example #2
0
    def test_change_password(self):
        """Change the current user's password."""

        # Create a user.
        token = create_and_login()

        # Try changing the password.
        response = self.client.post(PASSWORD_URL,
                                    json.dumps({
                                        "current_password": TEST_USER[2],
                                        "new_password": "******"
                                    }),
                                    content_type="application/json",
                                    HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                    token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_200_OK)

        # Test logging in using the new password.
        login(TEST_USER[0], "boom")

        # Verify that we can't log in using the old password.
        response = self.client.post(LOGIN_URL, {
            "username": TEST_USER[0],
            "password": TEST_USER[2]
        })

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)
Example #3
0
    def test_bad_token(self):
        """The change password request has a bad authentication token."""

        # Create a user and log them in.
        create_and_login()

        # Try changing the password.
        response = \
            self.client.post(
                PASSWORD_URL,
                json.dumps({"username": TEST_USER[0],
                            "current_password": TEST_USER[2],
                            "new_password": "******"}),
                content_type="application/json",
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)

        # Test logging in using the old password.
        login(TEST_USER[0], TEST_USER[2])

        # Verify that we can't log in using the new password.
        response = self.client.post(LOGIN_URL, {
            "username": TEST_USER[0],
            "password": "******"
        })

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)
Example #4
0
    def test_bad_token(self):
        """The change password request has a bad authentication token."""

        # Create a user and log them in.
        create_and_login()

        # Try changing the password.
        response = \
            self.client.post(
                PASSWORD_URL,
                json.dumps({"username": TEST_USER[0],
                            "current_password": TEST_USER[2],
                            "new_password": "******"}),
                content_type="application/json",
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % BAD_TOKEN)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)

        # Test logging in using the old password.
        login(TEST_USER[0], TEST_USER[2])

        # Verify that we can't log in using the new password.
        response = self.client.post(LOGIN_URL,
                                    {"username": TEST_USER[0],
                                     "password": "******"})

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)
Example #5
0
    def test_login_already_logged_in(self):        # pylint: disable=R0201
        """Logging in when the user is already logged in.

        The user should remain logged in.

        """

        create_and_login()
        login(TEST_USER[0], TEST_USER[2])
Example #6
0
    def test_login_already_logged_in(self):  # pylint: disable=R0201
        """Logging in when the user is already logged in.

        The user should remain logged in.

        """

        create_and_login()
        login(TEST_USER[0], TEST_USER[2])
Example #7
0
    def test_login_another_logged_in(self):  # pylint: disable=R0201
        """Logging in when another user is logged in.

        The second user should be logged in normally.

        """

        # Create user 1 and user 2. User 2 is just user 1 with the username and
        # password swapped.
        create_and_login()
        get_user_model().objects.create_user(TEST_USER[2], TEST_USER[1],
                                             TEST_USER[0])

        # Login user 1, then login user 2.
        login(TEST_USER[0], TEST_USER[2])
        login(TEST_USER[2], TEST_USER[0])
Example #8
0
    def test_login_another_logged_in(self):        # pylint: disable=R0201
        """Logging in when another user is logged in.

        The second user should be logged in normally.

        """

        # Create user 1 and user 2. User 2 is just user 1 with the username and
        # password swapped.
        create_and_login()
        get_user_model().objects.create_user(TEST_USER[2],
                                             TEST_USER[1],
                                             TEST_USER[0])

        # Login user 1, then login user 2.
        login(TEST_USER[0], TEST_USER[2])
        login(TEST_USER[2], TEST_USER[0])
Example #9
0
    def test_not_logged_in(self):
        """The user isn't logged in.

        The user shouldn't be able to change their password.

        """

        # Create a user and log them out.
        token = create_and_login()
        response = self.client.post(LOGOUT_URL,
                                    HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                    token)

        self.assertContains(response, '', status_code=HTTP_200_OK)

        # Now try changing the password.
        response = self.client.post(PASSWORD_URL,
                                    json.dumps({
                                        "username":
                                        TEST_USER_1[0],
                                        "current_password":
                                        TEST_USER_1[2],
                                        "new_password":
                                        "******"
                                    }),
                                    content_type="application/json",
                                    HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                    token)
        self.assertContains(response,
                            CONTENT_BAD_TOKEN,
                            status_code=HTTP_401_UNAUTHORIZED)

        # Verify that we can't log in using the NEW password.
        response = self.client.post(LOGIN_URL, {
            "username": TEST_USER_1[0],
            "password": "******"
        })

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)

        # We should be able to still log in using the old password.
        login(TEST_USER_1[0], TEST_USER_1[2])
    def test_put(self):
        """Change a tenant's attributes."""

        # The expected result, sans uuid.
        INITIAL_TENANT = {
            "name": "tenant",
            "owner": "John",
            "owner_contact": "206.867.5309"
        }
        NEW_TENANT = {
            "name": "TENant",
            "owner": "Bob",
            "owner_contact": "212.867.5309"
        }

        def get_tenant(token, expected):
            """Get the tenant using the token and check the response."""

            response = self.client.get(
                TENANTS_ID_URL % tenant.uuid,
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

            check_response_without_uuid(response, HTTP_200_OK, expected)

        # Make a tenant
        tenant = Tenant.objects.create(**INITIAL_TENANT)

        # Create a Django admin user, and a normal user who's a tenant_admin of
        # the tenant.
        token = create_and_login(is_superuser=True)
        get_user_model().objects.create_user("a",
                                             "*****@*****.**",
                                             "a",
                                             tenant=tenant,
                                             tenant_admin=True)

        # Test changing the tenant as a Django admin.
        response = self.client.put(TENANTS_ID_URL % tenant.uuid,
                                   json.dumps(NEW_TENANT),
                                   content_type="application/json",
                                   HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                   token)

        check_response_without_uuid(response, HTTP_200_OK, NEW_TENANT)
        get_tenant(token, NEW_TENANT)

        # Test changing the tenant as a tenant admin.
        token = login('a', 'a')
        response = self.client.put(TENANTS_ID_URL % tenant.uuid,
                                   json.dumps(NEW_TENANT),
                                   content_type="application/json",
                                   HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                   token)

        check_response_without_uuid(response, HTTP_200_OK, NEW_TENANT)
        get_tenant(token, NEW_TENANT)
Example #11
0
    def test_no_new_password(self):
        """The change password request doesn't have a new password."""

        # Create a user and log them in.
        token = create_and_login()

        # Try changing the password.
        response = self.client.post(
            PASSWORD_URL,
            json.dumps({"username": TEST_USER[0],
                        "current_password": TEST_USER[2]}),
            content_type="application/json",
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_400_BAD_REQUEST)

        # Test logging in using the old password.
        login(TEST_USER[0], TEST_USER[2])
Example #12
0
    def test_no_new_password(self):
        """The change password request doesn't have a new password."""

        # Create a user and log them in.
        token = create_and_login()

        # Try changing the password.
        response = self.client.post(PASSWORD_URL,
                                    json.dumps({
                                        "username": TEST_USER[0],
                                        "current_password": TEST_USER[2]
                                    }),
                                    content_type="application/json",
                                    HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                    token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_400_BAD_REQUEST)

        # Test logging in using the old password.
        login(TEST_USER[0], TEST_USER[2])
Example #13
0
    def test_put(self):
        """Change a tenant's attributes."""

        # The expected result, sans uuid.
        INITIAL_TENANT = {"name": "tenant",
                          "owner": "John",
                          "owner_contact": "206.867.5309"}
        NEW_TENANT = {"name": "TENant",
                      "owner": "Bob",
                      "owner_contact": "212.867.5309"}

        def get_tenant(token, expected):
            """Get the tenant using the token and check the response."""

            response = self.client.get(
                TENANTS_ID_URL % tenant.uuid,
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

            check_response_without_uuid(response, HTTP_200_OK, expected)

        # Make a tenant
        tenant = Tenant.objects.create(**INITIAL_TENANT)

        # Create a Django admin user, and a normal user who's a tenant_admin of
        # the tenant.
        token = create_and_login(is_superuser=True)
        get_user_model().objects.create_user("a",
                                             "*****@*****.**",
                                             "a",
                                             tenant=tenant,
                                             tenant_admin=True)

        # Test changing the tenant as a Django admin.
        response = self.client.put(
            TENANTS_ID_URL % tenant.uuid,
            json.dumps(NEW_TENANT),
            content_type="application/json",
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        check_response_without_uuid(response, HTTP_200_OK, NEW_TENANT)
        get_tenant(token, NEW_TENANT)

        # Test changing the tenant as a tenant admin.
        token = login('a', 'a')
        response = self.client.put(
            TENANTS_ID_URL % tenant.uuid,
            json.dumps(NEW_TENANT),
            content_type="application/json",
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        check_response_without_uuid(response, HTTP_200_OK, NEW_TENANT)
        get_tenant(token, NEW_TENANT)
Example #14
0
    def test_not_logged_in(self):
        """The user isn't logged in.

        The user shouldn't be able to change their password.

        """

        # Create a user and log them out.
        token = create_and_login()
        response = self.client.post(
            LOGOUT_URL,
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        self.assertContains(response, '', status_code=HTTP_200_OK)

        # Now try changing the password.
        response = self.client.post(
            PASSWORD_URL,
            json.dumps({"username": TEST_USER[0],
                        "current_password": TEST_USER[2],
                        "new_password": "******"}),
            content_type="application/json",
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)
        self.assertContains(response,
                            CONTENT_BAD_TOKEN,
                            status_code=HTTP_401_UNAUTHORIZED)

        # Verify that we can't log in using the NEW password.
        response = self.client.post(LOGIN_URL,
                                    {"username": TEST_USER[0],
                                     "password": "******"})

        self.assertContains(response,
                            CONTENT_NON_FIELD_ERRORS,
                            status_code=HTTP_400_BAD_REQUEST)

        # We should be able to still log in using the old password.
        login(TEST_USER[0], TEST_USER[2])
    def test_get(self):
        """Get a tenant record."""

        # The expected result, sans uuid.
        EXPECTED_RESULT = {
            "name": "tenant",
            "owner": "John",
            "owner_contact": "206.867.5309"
        }

        def get_tenant(token):
            """Get the tenant using the token, and check the response."""

            response = self.client.get(
                TENANTS_ID_URL % tenant.uuid,
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

            check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESULT)

        # Make a tenant
        tenant = Tenant.objects.create(name='tenant',
                                       owner='John',
                                       owner_contact='206.867.5309')

        # Create a Django admin user, and a normal user who's a tenant_admin of
        # the tenant.
        token = create_and_login(is_superuser=True)
        get_user_model().objects.create_user("a",
                                             "*****@*****.**",
                                             "a",
                                             tenant=tenant,
                                             tenant_admin=True)

        # Test getting the tenant as a Django admin, then as the tenant_admin
        # of the tenant. Both should work.
        get_tenant(token)
        token = login('a', 'a')
        get_tenant(token)
Example #16
0
    def test_get(self):
        """Get a tenant record."""

        # The expected result, sans uuid.
        EXPECTED_RESULT = {"name": "tenant",
                           "owner": "John",
                           "owner_contact": "206.867.5309"}

        def get_tenant(token):
            """Get the tenant using the token, and check the response."""

            response = self.client.get(
                TENANTS_ID_URL % tenant.uuid,
                HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

            check_response_without_uuid(response, HTTP_200_OK, EXPECTED_RESULT)

        # Make a tenant
        tenant = Tenant.objects.create(name='tenant',
                                       owner='John',
                                       owner_contact='206.867.5309')

        # Create a Django admin user, and a normal user who's a tenant_admin of
        # the tenant.
        token = create_and_login(is_superuser=True)
        get_user_model().objects.create_user("a",
                                             "*****@*****.**",
                                             "a",
                                             tenant=tenant,
                                             tenant_admin=True)

        # Test getting the tenant as a Django admin, then as the tenant_admin
        # of the tenant. Both should work.
        get_tenant(token)
        token = login('a', 'a')
        get_tenant(token)
Example #17
0
    def test_get(self):
        """List a tenant's users."""

        # The accounts in this test.
        TENANT_USERS = [{"username": "******",
                         "email": "*****@*****.**",
                         "password": "******",
                         "tenant_admin": True},
                        {"username": "******", "email": "*****@*****.**", "password": "******"},
                        {"username": "******", "email": "*****@*****.**", "password": "******"},
                        ]

        USERS = [{"username": "******", "email": "*****@*****.**", "password": "******"},
                 {"username": "******", "email": "*****@*****.**", "password": "******"},
                 ]

        EXPECTED_RESULT = [{"username": "******",
                            "first_name": '',
                            "last_name": '',
                            "email": "*****@*****.**",
                            "default_tenant_admin": False,
                            "tenant_name": "tennet",
                            "tenant_admin": True,
                            "is_superuser": False},
                           {"username": "******",
                            "first_name": '',
                            "last_name": '',
                            "email": "*****@*****.**",
                            "default_tenant_admin": False,
                            "tenant_admin": False,
                            "is_superuser": False},
                           {"username": "******",
                            "first_name": '',
                            "last_name": '',
                            "email": "*****@*****.**",
                            "default_tenant_admin": False,
                            "tenant_admin": False,
                            "is_superuser": False},
                           ]

        # Make a tenant
        tenant = Tenant.objects.create(name='tennet',
                                       owner='John',
                                       owner_contact='206.867.5309')

        # Create users belonging to this tenant. One will be the tenant_admin.
        for user in TENANT_USERS:
            user["tenant"] = tenant
            get_user_model().objects.create_user(**user)

        # Create users who don't belong to the tenant.
        for user in USERS:
            get_user_model().objects.create(**user)

        # Log in as the tenant_admin.
        tenant_admin = [x for x in TENANT_USERS if "tenant_admin" in x][0]
        token = login(tenant_admin["username"], tenant_admin["password"])

        # Get the tenant's user list and check the response. We do a partial
        # check of the uuid, date_joined, and last_login keys. They must exist,
        # and their values must be strings, and the UUID ought to be >= 32
        # characters.
        response = self.client.get(
            TENANTS_ID_USERS_URL % tenant.uuid,
            HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD % token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_200_OK)

        response_content = json.loads(response.content)

        for entry in response_content["results"]:
            self.assertIsInstance(entry["uuid"], basestring)
            self.assertGreaterEqual(len(entry["uuid"]), 32)

            self.assertIsInstance(entry["date_joined"], basestring)

            # The tenant_admin has logged in, but the other two users have
            # never logged in.
            if entry["tenant_admin"]:
                self.assertIsInstance(entry["last_login"], basestring)
            else:
                self.assertIsNone(entry["last_login"])

            del entry["uuid"]
            del entry["date_joined"]
            del entry["last_login"]

        self.assertItemsEqual(response_content["results"], EXPECTED_RESULT)
Example #18
0
    def test_get(self):
        """List a tenant's users."""

        # The accounts in this test.
        TENANT_USERS = [
            {
                "username": "******",
                "email": "*****@*****.**",
                "password": "******",
                "tenant_admin": True
            },
            {
                "username": "******",
                "email": "*****@*****.**",
                "password": "******"
            },
            {
                "username": "******",
                "email": "*****@*****.**",
                "password": "******"
            },
        ]

        USERS = [
            {
                "username": "******",
                "email": "*****@*****.**",
                "password": "******"
            },
            {
                "username": "******",
                "email": "*****@*****.**",
                "password": "******"
            },
        ]

        EXPECTED_RESULT = [
            {
                "username": "******",
                "first_name": '',
                "last_name": '',
                "email": "*****@*****.**",
                "default_tenant_admin": False,
                "tenant_name": "tennet",
                "tenant_admin": True,
                "is_superuser": False
            },
            {
                "username": "******",
                "first_name": '',
                "last_name": '',
                "email": "*****@*****.**",
                "default_tenant_admin": False,
                "tenant_admin": False,
                "is_superuser": False
            },
            {
                "username": "******",
                "first_name": '',
                "last_name": '',
                "email": "*****@*****.**",
                "default_tenant_admin": False,
                "tenant_admin": False,
                "is_superuser": False
            },
        ]

        # Make a tenant
        tenant = Tenant.objects.create(name='tennet',
                                       owner='John',
                                       owner_contact='206.867.5309')

        # Create users belonging to this tenant. One will be the tenant_admin.
        for user in TENANT_USERS:
            user["tenant"] = tenant
            get_user_model().objects.create_user(**user)

        # Create users who don't belong to the tenant.
        for user in USERS:
            get_user_model().objects.create(**user)

        # Log in as the tenant_admin.
        tenant_admin = [x for x in TENANT_USERS if "tenant_admin" in x][0]
        token = login(tenant_admin["username"], tenant_admin["password"])

        # Get the tenant's user list and check the response. We do a partial
        # check of the uuid, date_joined, and last_login keys. They must exist,
        # and their values must be strings, and the UUID ought to be >= 32
        # characters.
        response = self.client.get(TENANTS_ID_USERS_URL % tenant.uuid,
                                   HTTP_AUTHORIZATION=AUTHORIZATION_PAYLOAD %
                                   token)

        # pylint: disable=E1101
        self.assertEqual(response.status_code, HTTP_200_OK)

        response_content = json.loads(response.content)

        for entry in response_content["results"]:
            self.assertIsInstance(entry["uuid"], basestring)
            self.assertGreaterEqual(len(entry["uuid"]), 32)

            self.assertIsInstance(entry["date_joined"], basestring)
            self.assertIsInstance(entry["last_login"], basestring)

            del entry["uuid"]
            del entry["date_joined"]
            del entry["last_login"]

        self.assertItemsEqual(response_content["results"], EXPECTED_RESULT)