def test_options(self):
user = create_user()
login_user(self.client, user)
response = self.client.options(self.base_url)
self.assert_status_equal(response, status.HTTP_200_OK)
def test_post_not_set_new_password_if_wrong_current_password(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
def test_post_not_set_new_username_if_same(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertTrue(user.is_active)
def test_post_update_username_and_send_activation_email(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assert_emails_in_mailbox(1)
self.assert_email_exists(to=[user.email])
def test_none_token_model_results_in_no_operation(self):
user = create_user()
user_logged_out.connect(self.signal_receiver)
login_user(self.client, user)
response = self.client.post(self.base_url)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assertEqual(response.data, None)
self.assertFalse(self.signal_sent)
def test_post_should_logout_logged_in_user(self):
user = create_user()
user_logged_out.connect(self.signal_receiver)
login_user(self.client, user)
response = self.client.post(self.base_url)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assertEqual(response.data, None)
self.assertTrue(self.signal_sent)
def test_not_delete_if_fails_password_validation(self):
user = create_user()
self.assert_instance_exists(User, username="******")
data = {"current_password": "******"}
login_user(self.client, user)
response = self.client.delete(self.base_url, data=data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data, {"current_password": ["Invalid password."]})
def test_post_not_set_new_username_if_invalid(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(user.username, data["new_username"])
def test_post_logout_after_password_change(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
is_logged = Token.objects.filter(user=user).exists()
self.assertFalse(is_logged)
def test_delete_user_if_logged_in(self):
user = create_user()
self.assert_instance_exists(User, username="******")
data = {"current_password": "******"}
login_user(self.client, user)
response = self.client.delete(self.base_url, data=data, user=user)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assert_instance_does_not_exist(User, username="******")
def test_post_set_new_username(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertEqual(data["new_username"], user.username)
def test_post_not_set_new_username_if_wrong_current_password(self):
user = create_user()
orig_username = user.get_username()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertEqual(orig_username, user.username)
def test_post_set_new_password(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertTrue(user.check_password(data["new_password"]))
self.assert_emails_in_mailbox(0)
def test_post_not_set_new_username_if_exists(self):
username = "******"
create_user(username=username)
user = create_user(username="******")
data = {"new_username": username, "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(user.username, username)
def test_post_password_changed_confirmation_email(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertTrue(user.check_password(data["new_password"]))
self.assert_emails_in_mailbox(1)
self.assert_email_exists(to=[user.email])
def test_patch_edits_user_attribute(self):
user = create_user()
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(user.pk,)),
data={"email": "*****@*****.**"},
)
self.assert_status_equal(response, status.HTTP_200_OK)
self.assertTrue("email" in response.data)
user.refresh_from_db()
self.assertTrue(user.email == "*****@*****.**")
def test_post_not_set_new_password_if_mismatch(self):
user = create_user()
data = {
"new_password": "******",
"re_new_password": "******",
"current_password": "******",
}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertTrue(user.check_password(data["current_password"]))
def test_post_not_set_new_password_if_fails_validation(self):
user = create_user()
data = {
"new_password": "******",
"re_new_password": "******",
"current_password": "******",
}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data,
{"new_password": ["Password 666 is not allowed."]})
def test_post_not_set_new_username_if_mismatch(self):
user = create_user()
data = {
"new_username": "******",
"re_new_username": "******",
"current_password": "******",
}
login_user(self.client, user)
response = self.client.post(self.base_url, data, user=user)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(data["new_username"], user.username)
def test_patch_cant_edit_others_attribute(self):
user = create_user()
another_user = create_user(
**{"username": "******", "password": "******", "email": "*****@*****.**"}
)
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(another_user.pk,)),
data={"email": "*****@*****.**"},
)
self.assert_status_equal(response, status.HTTP_404_NOT_FOUND)
another_user.refresh_from_db()
self.assertTrue(another_user.email == "*****@*****.**")
def test_post_logout_cycle_session(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
self.client.force_login(user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
session_id = self.client.cookies["sessionid"].coded_value
engine = importlib.import_module(settings.SESSION_ENGINE)
session = engine.SessionStore(session_id)
session_key = session[HASH_SESSION_KEY]
self.assertEqual(session_key, user.get_session_auth_hash())
def test_put_edits_user_attribute(self):
user_data = {
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
user = create_user(**user_data)
user_data["password"] = "******"
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(user.pk,)), data=user_data
)
self.assert_status_equal(response, status.HTTP_200_OK)
user.refresh_from_db()
self.assertTrue(user.email == "*****@*****.**")
def test_put_cant_edit_others_attribute(self):
user = create_user()
another_user_data = {
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
another_user = create_user(**another_user_data)
another_user_data["password"] = "******"
another_user_data["email"] = "*****@*****.**"
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(another_user.pk,)), data=another_user_data
)
self.assert_status_equal(response, status.HTTP_404_NOT_FOUND)
another_user.refresh_from_db()
assert another_user.email, "*****@*****.**"
def setUp(self):
self.base_url = reverse("user-me")
self.user = create_user()
login_user(self.client, self.user)
def test_user_cannot_list_other_users(self):
login_user(self.client, self.user)
response = self.client.get(self.base_url)
self.assert_status_equal(response, status.HTTP_200_OK)
self.assertEqual(len(response.json()), 1)
def test_superuser_can_list_all_users(self):
login_user(self.client, self.superuser)
response = self.client.get(self.base_url)
self.assert_status_equal(response, status.HTTP_200_OK)
self.assertEqual(len(response.json()), 2)
def test_superuser_can_get_other_user_detail(self):
login_user(self.client, self.superuser)
response = self.client.get(reverse("user-detail", args=[self.user.pk]))
self.assert_status_equal(response, status.HTTP_200_OK)