def test_point_update(self):
"""
Test that a point can be updated.
Checks:
- trying to update the point without authentication gives a 401
- trying to update the point as a different user gives a 403
- valid PUT response status is 200
- trying to update the point without a latitude gives a 400
- trying to update the point without a longitude gives a 400
- trying to update the point with an invalid latitude gives a 400
- trying to update the point with an invalid longitude gives a 400
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
user2 = User(username='******', location='Test')
user2.set_password('tester2')
user2.save()
point = Point.objects.create(name='test', description='testing',
latitude=12.123, longitude=45.456, creator=user)
url = reverse('point-detail', args=[point.id])
data = {
'name': 'updated point',
'description': 'hello',
'latitude': -12.123,
'longitude': -45.456
}
unauthorized_response = self.client.put(url, data)
self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED)
self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2'))
forbidden_response = self.client.put(url, data)
self.assertEqual(forbidden_response.status_code, status.HTTP_403_FORBIDDEN)
self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.put(url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
no_latitude_data = { 'name': 'updated point again', 'longitude': 45.456789 }
no_latitude_response = self.client.put(url, no_latitude_data)
self.assertEqual(no_latitude_response.status_code, status.HTTP_400_BAD_REQUEST)
no_longitude_data = { 'name': 'updated point again', 'latitude': 12.123456 }
no_longitude_response = self.client.put(url, no_longitude_data)
self.assertEqual(no_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
invalid_latitude_data = { 'name': 'update it', 'latitude': 'hello', 'longitude': 45.123 }
invalid_latitude_response = self.client.put(url, invalid_latitude_data)
self.assertEqual(invalid_latitude_response.status_code, status.HTTP_400_BAD_REQUEST)
invalid_longitude_data = { 'name': 'update it', 'latitude': 12.123, 'longitude': '0x123' }
invalid_longitude_response = self.client.put(url, invalid_longitude_data)
self.assertEqual(invalid_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
def test_tag_create(self):
"""
Test that a new tag for a point can be created.
Checks:
- trying to create a tag without authentication gives a 401
- trying to create a tag as a non-creator gives a 403
- valid POST response status is 201
- response data attributes match the ones sent in the request
- creator, point, _url and _parent links are valid (accessible with a GET request)
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
user2 = User(username='******', location='Test')
user2.set_password('tester2')
user2.save()
point = Point.objects.create(name='test',
description='testing',
latitude=12.123,
longitude=45.456,
creator=user)
data = {
'name': 'camping',
}
url = reverse('point-tag-list', args=[point.id])
unauthorized_response = self.client.post(url, data)
self.assertEqual(unauthorized_response.status_code,
status.HTTP_401_UNAUTHORIZED)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2'))
forbidden_response = self.client.post(url, data)
self.assertEqual(forbidden_response.status_code,
status.HTTP_403_FORBIDDEN)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.post(url, data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(response.data['name'], 'camping')
self.assertTrue(utils.check_point_get(self.client, response.data))
self.assertTrue(utils.check_creator_get(self.client, response.data))
self.assertTrue(utils.check_url_get(self.client, response.data))
self.assertTrue(utils.check_parent_get(self.client, response.data))
def test_point_delete(self):
"""
Test that a point can be deleted.
Checks:
- trying to delete the point without authentication gives a 401
- valid DELETE response status is 204
- trying to delete the same point again gives a 404
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
point = Point.objects.create(name='test', description='testing',
latitude=12.123, longitude=45.456, creator=user)
url = reverse('point-detail', args=[point.id])
unauthorized_response = self.client.delete(url)
self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED)
self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
not_found_response = self.client.delete(url)
self.assertEqual(not_found_response.status_code, status.HTTP_404_NOT_FOUND)
def test_comment_update(self):
"""
Test that a comment can be updated.
Checks:
- trying to update the comment without authentication gives a 401
- trying to update the comment as a different user gives a 403
- valid PUT response status is 200
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
user2 = User(username='******', location='Test')
user2.set_password('tester2')
user2.save()
point = Point.objects.create(name='test',
description='testing',
latitude=12.123,
longitude=45.456,
creator=user)
comment = Comment.objects.create(content='hello world',
creator=user,
point=point)
url = reverse('point-comment-detail', args=[point.id, comment.id])
data = {
'content': 'updated comment',
}
unauthorized_response = self.client.put(url, data)
self.assertEqual(unauthorized_response.status_code,
status.HTTP_401_UNAUTHORIZED)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2'))
forbidden_response = self.client.put(url, data)
self.assertEqual(forbidden_response.status_code,
status.HTTP_403_FORBIDDEN)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.put(url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_delete(self):
"""
Test that a user can be deleted.
Checks:
- trying to delete the user without authentication gives a 401
- trying to delete the user as another user gives a 403
- trying to delete a non-existing user gives a 404
- valid DELETE response status is 204
- trying to delete the same user again gives a 401
(as the user is deleted and no longer authenticated)
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
another_user = User(username='******', location='Test2')
another_user.set_password('tester2')
another_user.save()
url = reverse('user-detail', args=[user.id])
unauthorized_response = self.client.delete(url)
self.assertEqual(unauthorized_response.status_code,
status.HTTP_401_UNAUTHORIZED)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2'))
forbidden_response = self.client.delete(url)
self.assertEqual(forbidden_response.status_code,
status.HTTP_403_FORBIDDEN)
not_found_response = self.client.delete(url + '1')
self.assertEqual(not_found_response.status_code,
status.HTTP_404_NOT_FOUND)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
deleted_response = self.client.delete(url)
self.assertEqual(deleted_response.status_code,
status.HTTP_401_UNAUTHORIZED)
def test_star_create(self):
"""
Test that a new star for a point can be created.
Checks:
- trying to create a star without authentication gives a 401
- valid POST response status is 201
- response data attributes match the ones sent in the request
- creator, point, _url and _parent links are valid (accessible with a GET request)
- trying to create a star twice as the same user gives a 409
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
point = Point.objects.create(name='test',
description='testing',
latitude=12.123,
longitude=45.456,
creator=user)
url = reverse('point-star-list', args=[point.id])
unauthorized_response = self.client.post(url)
self.assertEqual(unauthorized_response.status_code,
status.HTTP_401_UNAUTHORIZED)
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.post(url)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(utils.check_point_get(self.client, response.data))
self.assertTrue(utils.check_creator_get(self.client, response.data))
self.assertTrue(utils.check_url_get(self.client, response.data))
self.assertTrue(utils.check_parent_get(self.client, response.data))
duplicate_response = self.client.post(url)
self.assertEqual(duplicate_response.status_code,
status.HTTP_409_CONFLICT)
def test_point_create(self):
"""
Test that a new point can be created.
Checks:
- trying to create a point without authentication gives a 401
- valid POST response status is 201
- response data attributes match the ones sent in the request
- creator, _url and _parent links are valid (accessible with a GET request)
- trying to create a point with the same name by the same creator gives a 409
- trying to create a point with an invalid latitude value gives a 400
- trying to create a point with an invalid longitude value gives a 400
- trying to create a point with a too big latitude value gives a 400
- trying to create a point with a too small longitude value gives a 400
- trying to create a point without a latitude gives a 400
- trying to create a point without a longitude gives a 400
"""
user = User(username='******', location='Test')
user.set_password('tester')
user.save()
data = {
'name': 'test',
'description': 'testing',
'latitude': 12.123456,
'longitude': 45.456789,
}
url = reverse('point-list')
unauthorized_response = self.client.post(url, data)
self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED)
self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.post(url, data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(response.data['name'], 'test')
self.assertEqual(response.data['description'], 'testing')
self.assertEqual(response.data['latitude'], '12.123456')
self.assertEqual(response.data['longitude'], '45.456789')
self.assertTrue(utils.check_creator_get(self.client, response.data))
self.assertTrue(utils.check_url_get(self.client, response.data))
self.assertTrue(utils.check_parent_get(self.client, response.data))
duplicate_response = self.client.post(url, data)
self.assertEqual(duplicate_response.status_code, status.HTTP_409_CONFLICT)
no_name_data = { 'latitude': 12.123456, 'longitude': 45.456789 }
no_name_response = self.client.post(url, no_name_data)
self.assertEqual(no_name_response.status_code, status.HTTP_400_BAD_REQUEST)
invalid_latitude_data = { 'name': 'test2', 'latitude': '12.3a5', 'longitude': 45.456789 }
invalid_latitude_response = self.client.post(url, invalid_latitude_data)
self.assertEqual(invalid_latitude_response.status_code, status.HTTP_400_BAD_REQUEST)
invalid_longitude_data = { 'name': 'test2', 'latitude': 12.345, 'longitude': ''}
invalid_longitude_response = self.client.post(url, invalid_longitude_data)
self.assertEqual(invalid_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
# latitude larger than max (90)
too_large_latitude_data = { 'name': 'test2', 'latitude': 90.345, 'longitude': -10}
too_large_latitude_response = self.client.post(url, too_large_latitude_data)
self.assertEqual(too_large_latitude_response.status_code, status.HTTP_400_BAD_REQUEST)
# longitude smaller than min (-180)
too_small_longitude_data = { 'name': 'test2', 'latitude': 80.345, 'longitude': -181}
too_small_longitude_data = self.client.post(url, too_small_longitude_data)
self.assertEqual(too_small_longitude_data.status_code, status.HTTP_400_BAD_REQUEST)
no_latitude_data = { 'name': 'test2', 'longitude': 45.456789 }
no_latitude_response = self.client.post(url, no_latitude_data)
self.assertEqual(no_latitude_response.status_code, status.HTTP_400_BAD_REQUEST)
no_longitude_data = { 'name': 'test2', 'latitude': 12.123456 }
no_longitude_response = self.client.post(url, no_longitude_data)
self.assertEqual(no_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
def test_user_update(self):
"""
Test that a user can be updated.
Checks:
- valid PUT response status is 200
- response data attributes match the ones sent in the request
- _url and _parent links are valid (accessible with a GET request)
- trying to update a username with the same name gives a 403
- trying to update a user without a username gives a 400
- trying to update a user without a password gives a 400
"""
user = User(username='******', location='Original')
user.set_password('original')
user.save()
user2 = User(username='******', location='Test')
user2.set_password('tester')
user2.save()
url = reverse('user-detail', args=[user2.id])
data = {
'username': '******',
'password': '******',
'location': 'Oulu'
}
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester'))
response = self.client.put(url, data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['username'], 'tester2')
self.assertEqual(response.data['location'], 'Oulu')
# update user authentication details
self.client.credentials(
HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2'))
self.assertTrue(utils.check_url_get(self.client, response.data))
self.assertTrue(utils.check_parent_get(self.client, response.data))
existing_user_url = reverse('user-detail', args=[user.id])
existing_user_data = {
'username': '******',
'password': '******',
'location': 'Oulu'
}
existing_user_response = self.client.put(existing_user_url,
existing_user_data)
self.assertEqual(existing_user_response.status_code,
status.HTTP_403_FORBIDDEN)
no_username_data = {'password': '******'}
no_username_response = self.client.put(url, no_username_data)
self.assertEqual(no_username_response.status_code,
status.HTTP_400_BAD_REQUEST)
no_password_data = {'username': '******'}
no_password_response = self.client.put(url, no_password_data)
self.assertEqual(no_password_response.status_code,
status.HTTP_400_BAD_REQUEST)
