def test_update_password(self):
user = UserProfileFactory()
user.set_password('Password123!')
user.save()
user.update_password()
self.assertTrue(user.check_password('Password123!'))
self.assertEqual(
user.update_password(password='******'),
dict(errors=[
'This password is too common.',
'This password is not alphanumeric.'
]))
self.assertEqual(
user.update_password(password='******'),
dict(errors=[
'This password is too short. It must contain at least 8 characters.',
'This password is not alphanumeric.'
]))
user.verification_token = 'some-token'
user.save()
user.update_password(password='******')
self.assertIsNone(user.verification_token)
self.assertFalse(user.check_password('Password123!'))
self.assertTrue(user.check_password('Newpassw0rd'))
user.update_password(hashed_password='******')
self.assertFalse(user.check_password('password'))
self.assertEqual(user.password, 'hashedpassword')
def test_update_password(self):
user = UserProfileFactory()
user.set_password('password')
user.save()
user.update_password()
self.assertTrue(user.check_password('password'))
user.update_password(password='******')
self.assertFalse(user.check_password('password'))
self.assertTrue(user.check_password('newpassword'))
user.update_password(hashed_password='******')
self.assertFalse(user.check_password('password'))
self.assertEqual(user.password, 'hashedpassword')
def test_request_and_reset(self, send_mail_mock):
user = UserProfileFactory(username='******', email='*****@*****.**')
self.assertIsNone(user.verification_token)
response = self.client.post('/users/password/reset/',
dict(),
format='json')
self.assertEqual(response.status_code, 400)
response = self.client.post('/users/password/reset/',
dict(email='*****@*****.**'),
format='json')
self.assertEqual(response.status_code, 404)
response = self.client.post('/users/password/reset/',
dict(email='*****@*****.**'),
format='json')
self.assertEqual(response.status_code, 200)
user.refresh_from_db()
self.assertIsNotNone(user.verification_token)
send_mail_mock.assert_called_once()
response = self.client.put('/users/password/reset/',
dict(),
format='json')
self.assertEqual(response.status_code, 400)
response = self.client.put('/users/password/reset/',
dict(token='bad-token'),
format='json')
self.assertEqual(response.status_code, 400)
response = self.client.put('/users/password/reset/',
dict(new_password='******'),
format='json')
self.assertEqual(response.status_code, 400)
response = self.client.put('/users/password/reset/',
dict(token='bad-token',
new_password='******'),
format='json')
self.assertEqual(response.status_code, 404)
response = self.client.put('/users/password/reset/',
dict(token=user.verification_token,
new_password='******'),
format='json')
self.assertEqual(response.status_code, 200)
user.refresh_from_db()
self.assertIsNone(user.verification_token)
self.assertTrue(user.check_password('new-password123'))
response = self.client.post('/users/login/',
dict(username='******',
password='******'),
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, dict(token=user.get_token()))
class UserDetailViewTest(OCLAPITestCase):
def setUp(self):
super().setUp()
self.user = UserProfileFactory()
self.token = self.user.get_token()
self.superuser = UserProfile.objects.get(username='******')
def test_get_200(self):
response = self.client.get('/users/{}/'.format(self.user.username),
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['username'], self.user.username)
self.assertEqual(response.data['name'], self.user.name)
self.assertEqual(response.data['url'], self.user.uri)
def test_get_200_with_subscribed_orgs(self):
response = self.client.get(
'/users/{}/?includeSubscribedOrgs=false'.format(
self.user.username),
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['username'], self.user.username)
self.assertEqual(response.data['name'], self.user.name)
self.assertEqual(response.data['url'], self.user.uri)
self.assertFalse('subscribed_orgs' in response.data)
response = self.client.get(
'/users/{}/?includeSubscribedOrgs=true'.format(self.user.username),
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['username'], self.user.username)
self.assertEqual(len(response.data['subscribed_orgs']), 0)
org = OrganizationFactory()
self.user.organizations.add(org)
response = self.client.get(
'/users/{}/?includeSubscribedOrgs=true'.format(self.user.username),
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['username'], self.user.username)
self.assertEqual(len(response.data['subscribed_orgs']), 1)
def test_get_404(self):
response = self.client.get('/users/foobar/',
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 404)
def test_put_200(self):
self.user.set_password('password')
self.user.email = '*****@*****.**'
self.user.save()
self.assertTrue(self.user.check_password('password'))
response = self.client.put('/users/{}/'.format(self.user.username),
dict(password='******',
email='*****@*****.**'),
HTTP_AUTHORIZATION='Token ' + self.token,
format='json')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['username'], self.user.username)
self.user.refresh_from_db()
self.assertTrue(self.user.check_password('newpassword123'))
self.assertEqual(self.user.email, '*****@*****.**')
def test_delete_self_405(self):
response = self.client.delete(
'/users/{}/'.format(self.superuser.username),
HTTP_AUTHORIZATION='Token ' + self.superuser.get_token(),
format='json')
self.assertEqual(response.status_code, 405)
def test_delete_403(self):
random_user = UserProfileFactory()
response = self.client.delete('/users/{}/'.format(self.user.username),
HTTP_AUTHORIZATION='Token ' +
random_user.get_token(),
format='json')
self.assertEqual(response.status_code, 403)
def test_delete_204(self):
response = self.client.delete('/users/{}/'.format(self.user.username),
HTTP_AUTHORIZATION='Token ' +
self.superuser.get_token(),
format='json')
self.assertEqual(response.status_code, 204)
self.user.refresh_from_db()
self.assertFalse(self.user.is_active)
