def setUp(self):
super().setUp()
self.user = create_user(username="******", email="*****@*****.**")
self.superuser = create_user(
username="******",
email="*****@*****.**",
is_superuser=True,
is_staff=True,
)
def setUp(self):
self.base_url = reverse("user-list")
self.user = create_user(username="******", email="*****@*****.**")
self.superuser = create_user(
username="******",
email="*****@*****.**",
is_superuser=True,
is_staff=True,
)
def test_post_not_set_new_username_if_exists(self):
username = "******"
create_user(username=username)
user = create_user(username="******")
data = {"new_username": username, "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(user.username, username)
def test_dont_resend_activation_when_no_password(self):
user = create_user(is_active=False, password=None)
data = {"email": user.email}
response = self.client.post(self.base_url, data)
self.assert_emails_in_mailbox(0)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
def test_resend_activation_view(self):
user = create_user(is_active=False)
data = {"email": user.email}
response = self.client.post(self.base_url, data)
self.assert_email_exists(to=[user.email])
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
def test_post_should_not_login_if_user_is_not_active(self):
"""
In Django >= 1.10 authenticate() returns None if
user is inactive, while in Django < 1.10 authenticate()
succeeds if user is inactive.
"""
user = create_user()
data = {"username": user.username, "password": user.raw_password}
user.is_active = False
user.save()
user_logged_in.connect(self.signal_receiver)
response = self.client.post(self.base_url, data)
if django.VERSION >= (1, 10):
expected_errors = [
settings.CONSTANTS.messages.INVALID_CREDENTIALS_ERROR
]
else:
expected_errors = [
settings.CONSTANTS.messages.INACTIVE_ACCOUNT_ERROR
]
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data["non_field_errors"], expected_errors)
self.assertFalse(self.signal_sent)
def test_options(self):
user = create_user()
login_user(self.client, user)
response = self.client.options(self.base_url)
self.assert_status_equal(response, status.HTTP_200_OK)
def test_resend_activation_view_custom_user(self):
user = create_user(use_custom_data=True, is_active=False)
data = {"custom_email": get_user_email(user)}
response = self.client.post(self.base_url, data)
self.assert_emails_in_mailbox(1)
self.assert_email_exists(to=[get_user_email(user)])
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
def test_post_not_set_new_password_if_wrong_current_password(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
def test_post_send_email_to_user_with_request_domain_and_site_name(self):
user = create_user()
data = {"email": user.email}
response = self.client.post(self.base_url, data)
request = response.wsgi_request
self.assertIn(request.get_host(), mail.outbox[0].body)
def test_patch_cant_edit_others_attribute(self):
user = create_user()
another_user = create_user(**{
"username": "******",
"password": "******",
"email": "*****@*****.**"
})
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(another_user.pk, )),
data={"email": "*****@*****.**"},
)
self.assert_status_equal(response, status.HTTP_404_NOT_FOUND)
another_user.refresh_from_db()
self.assertTrue(another_user.email == "*****@*****.**")
def test_post_not_set_new_username_if_same(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertTrue(user.is_active)
def test_not_delete_if_fails_password_validation(self):
user = create_user()
self.assert_instance_exists(User, username="******")
data = {"current_password": "******"}
login_user(self.client, user)
response = self.client.delete(self.base_url, data=data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data, {"current_password": ["Invalid password."]})
def test_none_token_model_results_in_no_operation(self):
user = create_user()
user_logged_out.connect(self.signal_receiver)
login_user(self.client, user)
response = self.client.post(self.base_url)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assertEqual(response.data, None)
self.assertFalse(self.signal_sent)
def test_post_set_new_custom_username(self):
user = create_user(use_custom_data=True)
data = {"new_custom_username": "******", "current_password": "******"}
self.client.force_authenticate(user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertEqual(data["new_custom_username"], user.get_username())
def test_post_should_logout_logged_in_user(self):
user = create_user()
user_logged_out.connect(self.signal_receiver)
login_user(self.client, user)
response = self.client.post(self.base_url)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assertEqual(response.data, None)
self.assertTrue(self.signal_sent)
def test_post_logout_after_password_change(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
is_logged = Token.objects.filter(user=user).exists()
self.assertFalse(is_logged)
def test_post_set_new_username(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertEqual(data["new_username"], user.username)
def test_post_update_username_and_send_activation_email(self):
user = create_user()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assert_emails_in_mailbox(1)
self.assert_email_exists(to=[user.email])
def test_delete_user_if_logged_in(self):
user = create_user()
self.assert_instance_exists(User, username="******")
data = {"current_password": "******"}
login_user(self.client, user)
response = self.client.delete(self.base_url, data=data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assert_instance_does_not_exist(User, username="******")
def test_post_set_new_password(self):
user = create_user()
data = {"new_password": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
user.refresh_from_db()
self.assertTrue(user.check_password(data["new_password"]))
self.assert_emails_in_mailbox(0)
def test_put_cant_edit_others_attribute(self):
user = create_user()
another_user_data = {
"username": "******",
"password": "******",
"email": "*****@*****.**",
}
another_user = create_user(**another_user_data)
another_user_data["password"] = "******"
another_user_data["email"] = "*****@*****.**"
login_user(self.client, user)
response = self.client.patch(path=reverse("user-detail",
args=(another_user.pk, )),
data=another_user_data)
self.assert_status_equal(response, status.HTTP_404_NOT_FOUND)
another_user.refresh_from_db()
assert another_user.email, "*****@*****.**"
def test_post_not_set_new_username_if_wrong_current_password(self):
user = create_user()
orig_username = user.get_username()
data = {"new_username": "******", "current_password": "******"}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertEqual(orig_username, user.username)
def test_post_should_send_email_to_user_with_password_reset_link(self):
user = create_user()
data = {"email": user.email}
response = self.client.post(self.base_url, data)
request = response.wsgi_request
self.assert_status_equal(response, status.HTTP_204_NO_CONTENT)
self.assert_emails_in_mailbox(1)
self.assert_email_exists(to=[user.email])
site = get_current_site(request)
self.assertIn(site.domain, mail.outbox[0].body)
self.assertIn(site.name, mail.outbox[0].body)
def test_post_should_not_login_if_invalid_credentials(self):
user = create_user()
data = {"username": user.username, "password": "******"}
user_login_failed.connect(self.signal_receiver)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertEqual(
response.data["non_field_errors"],
[settings.CONSTANTS.messages.INVALID_CREDENTIALS_ERROR],
)
self.assertTrue(self.signal_sent)
def test_post_not_reset_if_fails_username_validation(self):
user = create_user()
data = {
"uid": djoser.utils.encode_uid(user.pk),
"token": default_token_generator.make_token(user),
"new_username": "******",
"re_new_username": "******",
}
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(user.username, data["new_username"])
def test_login_using_email(self):
user = create_user()
previous_last_login = user.last_login
data = {"email": user.email, "password": user.raw_password}
user_logged_in.connect(self.signal_receiver)
response = self.client.post(self.base_url, data)
user.refresh_from_db()
self.assert_status_equal(response, status.HTTP_200_OK)
self.assertEqual(response.data["auth_token"], user.auth_token.key)
self.assertNotEqual(user.last_login, previous_last_login)
self.assertTrue(self.signal_sent)
def test_post_not_set_new_username_if_invalid(self):
user = create_user()
data = {
"new_username": "******",
"current_password": "******"
}
login_user(self.client, user)
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
user.refresh_from_db()
self.assertNotEqual(user.username, data["new_username"])
def test_patch_edits_user_attribute(self):
user = create_user()
login_user(self.client, user)
response = self.client.patch(
path=reverse("user-detail", args=(user.pk, )),
data={"email": "*****@*****.**"},
)
self.assert_status_equal(response, status.HTTP_200_OK)
self.assertTrue("email" in response.data)
user.refresh_from_db()
self.assertTrue(user.email == "*****@*****.**")
def test_post_not_set_new_password_if_user_does_not_exist(self):
user = create_user()
data = {
"uid": djoser.utils.encode_uid(user.pk + 1),
"token": default_token_generator.make_token(user),
"new_password": "******",
}
response = self.client.post(self.base_url, data)
self.assert_status_equal(response, status.HTTP_400_BAD_REQUEST)
self.assertIn("uid", response.data)
user.refresh_from_db()
self.assertFalse(user.check_password(data["new_password"]))
