def tearDownClass(cls): """ Remove the users after the tests """ set_current_user(None) LilyUser.objects.all().delete() Tenant.objects.all().delete()
def setUpClass(cls): """ Creates a user and logs it in before running the actual tests. """ password = '******' set_current_user(None) # Set the anonymous user on the class cls.anonymous_user_obj = AnonymousUser() cls.anonymous_user = APIClient() # Set the authenticated user on the class cls.user_obj = LilyUser.objects.create_user(email='*****@*****.**', password=password, tenant_id=1) cls.user = APIClient() cls.user.login(email=cls.user_obj.email, password=password) # Set the superuser on the class cls.superuser_obj = LilyUser.objects.create_superuser(email='*****@*****.**', password=password, tenant_id=1) cls.superuser = APIClient() cls.superuser.login(email=cls.superuser_obj.email, password=password) # Set the authenticated user from another tenant on the class cls.other_tenant_user_obj = LilyUser.objects.create_user(email='*****@*****.**', password=password, tenant_id=2) cls.other_tenant_user = APIClient() cls.other_tenant_user.login(email=cls.other_tenant_user_obj.email, password=password)
def _test_create_action_object(self, action, with_send_from=True, with_message=False, should_succeed=True, with_primary_email_account=True): """ This helper function tests the create functionality for the passed action. """ if with_primary_email_account: self.user_obj.primary_email_account = EmailAccountFactory( owner=self.user_obj, tenant=self.user_obj.tenant) self.user_obj.save() set_current_user(self.user_obj) stub_dict = self._create_object_stub(action=action, with_send_from=with_send_from, with_message=with_message) request = self.user.post(self.get_url(self.list_url), stub_dict) if should_succeed: self.assertStatus(request, status.HTTP_201_CREATED, stub_dict) created_id = json.loads(request.content).get('id') self.assertIsNotNone(created_id) db_obj = self.model_cls.objects.get(pk=created_id) self._compare_objects(db_obj, json.loads(request.content)) else: self.assertStatus(request, status.HTTP_400_BAD_REQUEST, stub_dict)
def authenticate(self, request): for authenticator_cls in self.authenticators: authenticator = authenticator_cls() auth_tuple = authenticator.authenticate(request) if auth_tuple: if isinstance(authenticator, TokenAuthentication) or isinstance( authenticator, TokenGETAuthentication): if not has_required_tier(2, tenant=auth_tuple[0].tenant): # Tenant is on free plan, so no external API access. raise PermissionDenied({ 'detail': ('API access has been disabled because you are on the free plan.' 'Please upgrade to continue using the API') }) break else: # All authentication failed. return None # Set the current user for the tenant filters. set_current_user(auth_tuple[0]) return auth_tuple
def setUpClass(cls): """ Creates a user and logs it in before running the actual tests. """ password = '******' set_current_user(None) # Set the anonymous user on the class cls.anonymous_user_obj = AnonymousUser() cls.anonymous_user = APIClient() # Set the authenticated user on the class cls.user_obj = LilyUser.objects.create_user(email='*****@*****.**', password=password, tenant_id=1) cls.user = APIClient() cls.user.login(email=cls.user_obj.email, password=password) # Set the superuser on the class cls.superuser_obj = LilyUser.objects.create_superuser( email='*****@*****.**', password=password, tenant_id=1 ) cls.superuser = APIClient() cls.superuser.login(email=cls.superuser_obj.email, password=password) # Set the authenticated user from another tenant on the class cls.other_tenant_user_obj = LilyUser.objects.create_user( email='*****@*****.**', password=password, tenant_id=2 ) cls.other_tenant_user = APIClient() cls.other_tenant_user.login(email=cls.other_tenant_user_obj.email, password=password)
def _test_create_action_object(self, action, with_send_from=True, with_message=False, should_succeed=True, with_primary_email_account=True): """ This helper function tests the create functionality for the passed action. """ if with_primary_email_account: self.user_obj.primary_email_account = EmailAccountFactory(owner=self.user_obj, tenant=self.user_obj.tenant) self.user_obj.save() set_current_user(self.user_obj) stub_dict = self._create_object_stub( action=action, with_send_from=with_send_from, with_message=with_message ) request = self.user.post(self.get_url(self.list_url), stub_dict) if should_succeed: self.assertStatus(request, status.HTTP_201_CREATED, stub_dict) created_id = json.loads(request.content).get('id') self.assertIsNotNone(created_id) db_obj = self.model_cls.objects.get(pk=created_id) self._compare_objects(db_obj, json.loads(request.content)) else: self.assertStatus(request, status.HTTP_400_BAD_REQUEST, stub_dict)
def setUpTestData(cls): """ Creates a user and logs it in before running the actual tests. """ password = '******' set_current_user(None) # Set the anonymous user on the class. cls.anonymous_user_obj = AnonymousUser() cls.anonymous_user = APIClient() tenant_1 = TenantFactory.create() tenant_2 = TenantFactory.create() # Set the authenticated user on the class. cls.user_obj = LilyUser.objects.create_user( email='*****@*****.**', password=password, tenant_id=tenant_1.id ) account_admin = Group.objects.get_or_create(name='account_admin')[0] cls.user_obj.groups.add(account_admin) cls.user_obj.info = UserInfo.objects.create( registration_finished=True ) cls.user_obj.save() cls.user = APIClient() cls.user.login(username=cls.user_obj.email, password=password) # Set the superuser on the class. cls.superuser_obj = LilyUser.objects.create_superuser( email='*****@*****.**', password=password, tenant_id=tenant_1.id ) cls.superuser_obj.info = UserInfo.objects.create( registration_finished=True ) cls.superuser_obj.save() cls.superuser = APIClient() cls.superuser.login(username=cls.superuser_obj.email, password=password) # Set the authenticated user from another tenant on the class. cls.other_tenant_user_obj = LilyUser.objects.create_user( email='*****@*****.**', password=password, tenant_id=tenant_2.id ) cls.other_tenant_user_obj.info = UserInfo.objects.create( registration_finished=True ) cls.other_tenant_user_obj.save() cls.other_tenant_user = APIClient() cls.other_tenant_user.login(username=cls.other_tenant_user_obj.email, password=password)
def test_delete_object_authenticated(self): set_current_user(self.user_obj) db_obj = self._create_object() request = self.user.delete( self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_204_NO_CONTENT) self.assertFalse(self.model_cls.objects.get(pk=db_obj.pk).is_active)
def test_delete_object_deleted_filter(self): set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) db_obj.delete() # Delete the object request = self.user.delete(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_delete_object_deleted_filter(self): set_current_user(self.user_obj) db_obj = self._create_object() db_obj.delete() # Delete the object request = self.user.delete(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_delete_object_authenticated(self): """ Test that the object is deleted normally when the user is properly authenticated. """ set_current_user(self.user_obj) db_obj = self._create_object() request = self.user.delete(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_204_NO_CONTENT)
def test_update_object_with_webhook(self): set_current_user(self.user_obj) stub_dict = self._create_object_stub(with_email=True, with_webhooks=True, email=self.user_obj.email) self.user_obj.first_name = 'something' self.user_obj.save() request = self.user.put(self.get_url(self.detail_url, kwargs={'pk': self.user_obj.pk}), data=stub_dict) self.assertStatus(request, status.HTTP_200_OK, stub_dict)
def test_create_object_tenant_filter(self): set_current_user(self.user_obj) stub_dict = self._create_object_stub(with_email=True) request = self.user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_201_CREATED, stub_dict) db_obj = self.model_cls.objects.get(pk=request.data.get('id')) self.assertEqual(self.user_obj.tenant, db_obj.tenant)
def test_get_object_tenant_filter(self): """ Test that users from different tenants can't access eachothers data. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) request = self.other_tenant_user.get(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_delete_object_tenant_filter(self): """ Test that users from different tenants can't delete eachothers data. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) request = self.other_tenant_user.delete(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_send_email(self, delay_mock): """ Test that sending an email is possible """ set_current_user(self.user_obj) email = self._create_object(size=1) self.user.post(self.get_url(self.detail_url, action_name='send', kwargs={'pk': email.pk})) self.assertEqual(delay_mock.call_count, 1)
def test_get_object_unauthenticated(self): """ Test that an unauthenticated user doesn't have access to the object. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) request = self.anonymous_user.get(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(request.data, {u'detail': u'Authentication credentials were not provided.'})
def test_delete_object_unauthenticated(self): """ Test that an unauthenticated user doesn't have the access to delete an object. """ set_current_user(self.user_obj) db_obj = self._create_object() request = self.anonymous_user.delete(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_403_FORBIDDEN) self.assertEqual(request.data, {u'detail': u'Authentication credentials were not provided.'})
def test_delete_object_tenant_filter(self): """ Test that users from different tenants can't delete eachothers data. """ set_current_user(self.user_obj) db_obj = self._create_object() request = self.other_tenant_user.delete(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_delete_object_tenant_filter(self): """ Test that users from different tenants can't delete each other's data. """ set_current_user(self.user_obj) db_obj = self._create_object() request = self.other_tenant_user.delete(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_get_object_authenticated(self): """ Test that the object returns normally when the user is properly authenticated. """ set_current_user(self.user_obj) db_obj = self._create_object() request = self.user.get(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_200_OK) self._compare_objects(db_obj, json.loads(request.content))
def test_get_object_authenticated_other(self): """ Test that an authenticated user doesn't have access to other tenants. """ set_current_user(self.user_obj) db_obj = self.user_obj.tenant request = self.other_tenant_user.get(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual(request.data, {u'detail': u'Method "GET" not allowed.'})
def test_get_object_authenticated(self): """ Test that the object returns normally when the user is properly authenticated. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) request = self.user.get(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_200_OK) self._compare_objects(db_obj, json.loads(request.content))
def test_create_object_unauthenticated(self): """ Test that an unauthenticated user doesn't have the access to create an object. """ set_current_user(self.user_obj) stub_dict = self._create_object_stub() request = self.anonymous_user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_403_FORBIDDEN) self.assertEqual(request.data, {u'detail': u'Authentication credentials were not provided.'})
def test_create_object_unauthenticated(self): """ Test that an unauthenticated user doesn't have the access to create an object. """ set_current_user(self.user_obj) stub_dict = self._create_object_stub() request = self.anonymous_user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_403_FORBIDDEN, stub_dict) self.assertEqual(request.data, {u'detail': u'Authentication credentials were not provided.'})
def test_update_object_with_webhook_to_lily(self): set_current_user(self.user_obj) stub_dict = self._create_object_stub(with_email=True, with_webhooks=True, email=self.user_obj.email) self.user_obj.first_name = 'something' self.user_obj.save() stub_dict['webhooks'][0]['url'] = 'app.hellolily.com/some-url' request = self.user.put(self.get_url(self.detail_url, kwargs={'pk': self.user_obj.pk}), data=stub_dict) self.assertStatus(request, status.HTTP_400_BAD_REQUEST, stub_dict)
def test_update_object_authenticated_other(self): """ Test that an authenticated user is not able to updated an other tenant. """ set_current_user(self.user_obj) db_obj = self.other_tenant_user_obj.tenant stub_dict = self._create_object_stub() request = self.user.put(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk}), data=stub_dict) self.assertStatus(request, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_create_object_authenticated(self): """ Test that an authenticated user doesn't have the access to create a tenant. """ set_current_user(self.user_obj) stub_dict = self._create_object_stub() request = self.user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual(request.data, {u'detail': u'Method "POST" not allowed.'})
def test_create_object_unauthenticated(self): """ Test that an unauthenticated user doesn't have the access to create an object. """ set_current_user(self.user_obj) stub_dict = self.factory_cls.stub().__dict__ del stub_dict['tenant'] request = self.anonymous_user.post(reverse(self.list_url), stub_dict) self.assertEqual(request.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(request.data, {u'detail': u'Authentication credentials were not provided.'})
def test_create_object_authenticated(self): set_current_user(self.user_obj) stub_dict = self._create_object_stub(with_email=True) request = self.user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_201_CREATED, stub_dict) created_id = json.loads(request.content).get('id') self.assertIsNotNone(created_id) db_obj = self.model_cls.objects.get(pk=created_id) self._compare_objects(db_obj, json.loads(request.content))
def test_create_object_tenant_filter(self): """ Test that the tenant is set correctly on the new object. """ set_current_user(self.user_obj) stub_dict = self._create_object_stub() request = self.user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_201_CREATED, stub_dict) db_obj = self.model_cls.objects.get(pk=request.data.get('id')) self.assertEqual(self.user_obj.tenant, db_obj.tenant)
def test_update_object_tenant_filter(self): """ Test that users from different tenants can't update eachothers data. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) stub_dict = self.factory_cls.stub().__dict__ del stub_dict['tenant'] request = self.other_tenant_user.put(reverse(self.detail_url, kwargs={'pk': db_obj.pk}), stub_dict) self.assertEqual(request.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_get_object_authenticated_other(self): """ Test that an authenticated user doesn't have access to other tenants. """ set_current_user(self.user_obj) db_obj = self.user_obj.tenant request = self.other_tenant_user.get( self.get_url(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertStatus(request, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual(request.data, {u'detail': u'Method "GET" not allowed.'})
def test_create_object_tenant_filter(self): """ Test that the tenant is set correctly on the new object. """ set_current_user(self.user_obj) stub_dict = self._create_object_stub() request = self.user.post(self.get_url(self.list_url), stub_dict) self.assertStatus(request, status.HTTP_201_CREATED) db_obj = self.model_cls.objects.get(pk=request.data.get('id')) self.assertEqual(self.user_obj.tenant, db_obj.tenant)
def handle(self, tenant_id, *args, **options): self.stdout.write(self.style.SUCCESS('>>') + ' Starting fixing. \n\n') set_current_user( LilyUser.objects.filter(tenant_id=tenant_id, is_active=True).first()) self.fix_accounts(tenant_id) self.deduplicate_contact_emails(tenant_id) self.fix_contacts(tenant_id) self.put_accounts_emails_in_contacts() self.stdout.write( self.style.SUCCESS('>>') + ' Successfully fixed. \n\n')
def setUpClass(cls): """ Creates a user and logs it in before running the account tests. """ set_current_user(None) # Remove leftovers from previous tests LilyUser.objects.all().delete() Tenant.objects.all().delete() cls.user = LilyUserFactory.create(is_active=True, email='*****@*****.**', password=make_password('test')) cls.client = APIClient() cls.client.login(email='*****@*****.**', password='******')
def test_send_email(self, delay_mock): """ Test that sending an email is possible """ set_current_user(self.user_obj) email = self._create_object(size=1) self.user.post( self.get_url(self.detail_url, action_name='send', kwargs={'pk': email.pk})) self.assertEqual(delay_mock.call_count, 1)
def test_create_object_tenant_filter(self): """ Test that the tenant is set correctly on the new object. """ set_current_user(self.user_obj) stub_dict = self.factory_cls.stub().__dict__ del stub_dict['tenant'] request = self.user.post(reverse(self.list_url), stub_dict) self.assertEqual(request.status_code, status.HTTP_201_CREATED) db_obj = self.model_cls.objects.get(pk=request.data.get('id')) self.assertEqual(self.user_obj.tenant, db_obj.tenant)
def test_update_object_deleted_filter(self): """ Test that deleted objects can't be updated. """ set_current_user(self.user_obj) db_obj = self._create_object() db_obj.delete() # Delete the object stub_dict = self._create_object_stub() request = self.user.put(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk}), data=stub_dict) self.assertStatus(request, status.HTTP_404_NOT_FOUND, stub_dict) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_update_object_deleted_filter(self): """ Test that deleted objects can't be updated. """ set_current_user(self.user_obj) db_obj = self._create_object() db_obj.delete() # Delete the object stub_dict = self._create_object_stub() request = self.user.put(self.get_url(self.detail_url, kwargs={'pk': db_obj.pk}), data=stub_dict) self.assertStatus(request, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def handle(self, tenant_id, *args, **options): self.stdout.write( self.style.SUCCESS('>>') + ' Starting with notes export. \n\n') set_current_user( LilyUser.objects.filter(tenant_id=tenant_id, is_active=True).first()) self.export_account_notes(tenant_id) self.export_contact_notes(tenant_id) self.export_case_notes(tenant_id) self.export_deal_notes(tenant_id) self.stdout.write( self.style.SUCCESS('>>') + ' Successfully exported notes. \n\n')
def test_update_object_deleted_filter(self): """ Test that deleted objects can't be updated. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) db_obj.delete() # Delete the object stub_dict = self.factory_cls.stub().__dict__ del stub_dict['tenant'] request = self.user.put(reverse(self.detail_url, kwargs={'pk': db_obj.pk}), data=stub_dict) self.assertEqual(request.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(request.data, {u'detail': u'Not found.'})
def test_delete_object_authenticated(self): """ Test that the object is deleted normally when the user is properly authenticated. """ set_current_user(self.user_obj) db_obj = self.factory_cls.create(tenant=self.user_obj.tenant) request = self.user.delete(reverse(self.detail_url, kwargs={'pk': db_obj.pk})) self.assertEqual(request.status_code, status.HTTP_204_NO_CONTENT) if 'is_deleted' in self.model_cls._meta.get_all_field_names(): self.assertTrue(self.model_cls.objects.get(pk=db_obj.pk).is_deleted) else: self.assertRaises(ObjectDoesNotExist, self.model_cls.objects.get(pk=db_obj.pk))
def handle(self, tenant_id, *args, **options): self.stdout.write( self.style.SUCCESS('>>') + ' Running preflight checks. \n\n') set_current_user( LilyUser.objects.filter(tenant_id=tenant_id, is_active=True).first()) success = run_all_checks(tenant_id) self.stdout.write( self.style.SUCCESS('>>') + ' Preflight checks finished, issues found: {}. \n\n'.format( not success)) sys.exit(0 if success else 1)