def setUp(self):
self.client = Client()
self.api = Api()
self.users_list_url = self.api.get_resource_list_uri('userprofile')
self.user_post_data = self.api.get_resource_example_data(
'userprofile', 'POST')
def setUp(self):
self.client = Client()
self.api = Api()
self.users_list_url = self.api.get_resource_list_uri('userprofile')
self.user_post_data = self.api.get_resource_example_data('userprofile','POST')
class TestUserProfile(TestCase):
def setUp(self):
self.client = Client()
self.api = Api()
self.users_list_url = self.api.get_resource_list_uri('userprofile')
self.user_post_data = self.api.get_resource_example_data(
'userprofile', 'POST')
def test_basic_operations(self):
user_data = {
"username": "******",
"password": "******",
"email": "*****@*****.**"
}
#Create a userprofile
user = User.objects.create_user(**user_data)
profile = UserProfile(user=user, facebook_id=31337)
profile.username = "******"
#Set some properties
patch = {"facebook_id": 666}
profile.set(**patch)
#Get them, and check if they are returned
self.assertEqual(profile.username, "jia200x")
self.assertEqual(profile.user.username, "jia200x")
self.assertEqual(profile.facebook_id, 666)
def test_get(self):
user = User.objects.create_user(username="******",
email="*****@*****.**",
password="******")
user.save()
profile = UserProfile.get(user)
self.assertEqual('test1', profile.username)
def test_missing_email(self):
del self.user_post_data['email']
post_response = self.client.post(self.users_list_url,
self.user_post_data,
parse='json')
self.assertEqual(400, post_response.status_code) # 400: CLIENT ERROR
self.assertEqual(['email'], post_response.data.keys())
def test_missing_password(self):
del self.user_post_data['password']
post_response = self.client.post(self.users_list_url,
self.user_post_data,
parse='json')
self.assertEqual(400, post_response.status_code) # 400: CLIENT ERROR
self.assertEqual(['password'], post_response.data.keys())
def test_change_password(self):
client = self.client
old_password = "******"
new_password = "******"
#obtain a test user profile
(location,
profile) = self.api.resources['userprofile'].create_test_resource(
{'password': old_password})
#login with the profile
self.assertTrue(
client.login(username=profile.email, password=old_password))
#change password patch
patch_data = {"password": new_password}
response = client.patch(location, patch_data)
#Attempt with new password
self.assertEqual(202, response.status_code, response.content)
#Try to login again with old password
client.logout()
self.assertFalse(
client.login(username=profile.email, password=old_password))
#Try with the new one
self.assertTrue(
client.login(username=profile.email, password=new_password))
def test_resource(self):
client = self.client
#test POST
post_response = client.post(self.users_list_url, self.user_post_data)
self.assertEqual(post_response.status_code, 201, post_response.content)
#test matching GET
get_response = client.get(self.users_list_url, parse='json')
self.assertEqual(get_response.status_code, 200, get_response.content)
userprofile_dict = get_response.data['objects'][0]
userprofile_keys = userprofile_dict.keys()
self.assertTrue('email' in userprofile_keys)
self.assertTrue('facebook_id' in userprofile_keys)
#test attempt unauthorized put
put_data = dict(self.user_post_data)
put_data['first_name'] = "darth"
put_response = client.put(userprofile_dict['resource_uri'], put_data)
self.assertEqual(put_response.status_code, 401,
put_response.content) #UNAUTHORIZED
#test authenticate
rpc_response = client.rpc('authenticate',
email=self.user_post_data['email'],
password=self.user_post_data['password'])
self.assertEqual(200, rpc_response.status_code, rpc_response.content)
#test PUT
put_data = self.user_post_data
put_data['first_name'] = "darth"
put_response = client.put(userprofile_dict['resource_uri'], put_data)
self.assertEqual(put_response.status_code, 204, put_response.content)
#test PATCH
patch_data = dict(put_data)
patch_response = client.patch(userprofile_dict['resource_uri'],
{'last_name': 'vader'})
self.assertEqual(patch_response.status_code, 202,
patch_response.content)
#test PATCH to superuser (not allowed)
patch_data = {'is_superuser': True, 'is_staff': True}
patch_response = client.patch(userprofile_dict['resource_uri'],
patch_data)
user_id = int(userprofile_dict['resource_uri'].split('/')[-2])
user = User.objects.get(id=user_id)
self.assertFalse(user.is_superuser,
"Allowed user to made himself superuser!")
self.assertFalse(user.is_staff, "Allowed user to made himself staff!")
#test PATCH to facebook_id (not allowed)
patch_data = {'facebook_id': 12345678}
patch_response = client.patch(userprofile_dict['resource_uri'],
patch_data)
user_id = int(userprofile_dict['resource_uri'].split('/')[-2])
user = User.objects.get(id=user_id)
profile = UserProfile.get(user)
self.assertNotEqual(
12345678, profile.facebook_id,
"Allowed user to change his own facebook_id by POST/PUT!")
#test matching GET
get_response = client.get(userprofile_dict['resource_uri'],
parse='json')
userprofile_dict = get_response.data
expected_data = dict(put_data)
del expected_data['password']
expected_data['last_name'] = 'vader'
self.assertEqual(get_response.status_code, 200, get_response.content)
self.assertDictContainsSubset(expected_data, userprofile_dict)
class TestUserProfile(TestCase):
def setUp(self):
self.client = Client()
self.api = Api()
self.users_list_url = self.api.get_resource_list_uri('userprofile')
self.user_post_data = self.api.get_resource_example_data('userprofile','POST')
def test_basic_operations(self):
user_data = {
"username":"******",
"password":"******",
"email" : "*****@*****.**"
}
#Create a userprofile
user=User.objects.create_user(**user_data)
profile = UserProfile(user=user, facebook_id=31337)
profile.username = "******"
#Set some properties
patch = {"facebook_id":666}
profile.set(**patch)
#Get them, and check if they are returned
self.assertEqual(profile.username,"jia200x")
self.assertEqual(profile.user.username,"jia200x")
self.assertEqual(profile.facebook_id,666)
def test_get(self):
user = User.objects.create_user(username="******",
email="*****@*****.**", password="******")
user.save()
profile = UserProfile.get(user)
self.assertEqual('test1', profile.username)
def test_missing_email(self):
del self.user_post_data['email']
post_response = self.client.post(self.users_list_url,
self.user_post_data, parse='json')
self.assertEqual(400, post_response.status_code) # 400: CLIENT ERROR
self.assertEqual(['email'], post_response.data.keys())
def test_missing_password(self):
del self.user_post_data['password']
post_response = self.client.post(self.users_list_url,
self.user_post_data, parse='json')
self.assertEqual(400, post_response.status_code) # 400: CLIENT ERROR
self.assertEqual(['password'], post_response.data.keys())
def test_change_password(self):
client = self.client
old_password = "******"
new_password = "******"
#obtain a test user profile
(location, profile) = self.api.resources['userprofile'].create_test_resource({'password' : old_password})
#login with the profile
self.assertTrue(client.login(username=profile.email, password=old_password))
#change password patch
patch_data = { "password" : new_password }
response = client.patch(location, patch_data)
#Attempt with new password
self.assertEqual(202, response.status_code, response.content)
#Try to login again with old password
client.logout()
self.assertFalse(client.login(username=profile.email, password=old_password))
#Try with the new one
self.assertTrue(client.login(username=profile.email, password=new_password))
def test_resource(self):
client = self.client
#test POST
post_response = client.post(self.users_list_url, self.user_post_data)
self.assertEqual(post_response.status_code, 201, post_response.content)
#test matching GET
get_response = client.get(self.users_list_url, parse='json')
self.assertEqual(get_response.status_code, 200, get_response.content)
userprofile_dict = get_response.data['objects'][0]
userprofile_keys = userprofile_dict.keys()
self.assertTrue('email' in userprofile_keys)
self.assertTrue('facebook_id' in userprofile_keys)
#test attempt unauthorized put
put_data = dict(self.user_post_data)
put_data['first_name'] = "darth"
put_response = client.put(userprofile_dict['resource_uri'],put_data)
self.assertEqual(put_response.status_code, 401, put_response.content) #UNAUTHORIZED
#test authenticate
rpc_response = client.rpc('authenticate',
email=self.user_post_data['email'], password=self.user_post_data['password'])
self.assertEqual(200,rpc_response.status_code, rpc_response.content)
#test PUT
put_data = self.user_post_data
put_data['first_name'] = "darth"
put_response = client.put(userprofile_dict['resource_uri'], put_data)
self.assertEqual(put_response.status_code, 204, put_response.content)
#test PATCH
patch_data = dict(put_data)
patch_response = client.patch(userprofile_dict['resource_uri'], {'last_name':'vader'})
self.assertEqual(patch_response.status_code, 202, patch_response.content)
#test PATCH to superuser (not allowed)
patch_data = {'is_superuser': True, 'is_staff' : True}
patch_response = client.patch(userprofile_dict['resource_uri'], patch_data)
user_id = int(userprofile_dict['resource_uri'].split('/')[-2])
user = User.objects.get(id=user_id)
self.assertFalse(user.is_superuser,"Allowed user to made himself superuser!")
self.assertFalse(user.is_staff,"Allowed user to made himself staff!")
#test PATCH to facebook_id (not allowed)
patch_data = {'facebook_id' : 12345678}
patch_response = client.patch(userprofile_dict['resource_uri'], patch_data)
user_id = int(userprofile_dict['resource_uri'].split('/')[-2])
user = User.objects.get(id=user_id)
profile = UserProfile.get(user)
self.assertNotEqual(12345678,profile.facebook_id,"Allowed user to change his own facebook_id by POST/PUT!")
#test matching GET
get_response = client.get(userprofile_dict['resource_uri'], parse='json')
userprofile_dict = get_response.data
expected_data = dict(put_data)
del expected_data['password']
expected_data['last_name'] = 'vader'
self.assertEqual(get_response.status_code, 200, get_response.content)
self.assertDictContainsSubset(expected_data, userprofile_dict)
