def login_with_permission(self, permission_codename):
self.client.logout()
ct = ContentType(app_label='dms', model=str(uuid.uuid4()), name=str(uuid.uuid4())).save()
permission = Permission(name=permission_codename, codename=permission_codename, content_type=ct.id).save()
group = Group(name=str(uuid.uuid4()), permissions=[permission]).save()
user = User(username='******', group=group)
user.set_password('pw')
self.client.login(username='******', password='******')
def login_with_permission(self, permission_codename):
self.client.logout()
ct = ContentType(app_label='dms',
model=str(uuid.uuid4()),
name=str(uuid.uuid4())).save()
permission = Permission(name=permission_codename,
codename=permission_codename,
content_type=ct.id).save()
group = Group(name=str(uuid.uuid4()), permissions=[permission]).save()
user = User(username='******', group=group)
user.set_password('pw')
self.client.login(username='******', password='******')
def _post_with_basic_auth(api_endpoint, data_dict):
api_url = settings.HOSTNAME + api_endpoint
data = json.dumps(data_dict)
payload = {'username': '******', 'password': settings.API_USER_PASS}
api_user = User.objects.order_by('-id').first()
if api_user is None:
api_user = User(**dict(username=payload['username'], is_active=True)).save()
api_user.set_password(payload['password'])
basic_auth_key = _basic_auth_header(payload['username'], payload['password'])
else:
basic_auth_key = _basic_auth_header(api_user.username, settings.API_USER_PASS)
return requests.post(api_url, data, \
headers={'Authorization': basic_auth_key, 'content-type': 'application/json'})
def test_allow_user_to_see_their_own(self):
self.client.logout()
attr = self.user_profile_attr.copy()
attr['phone'] = '+2555837295789'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('weak_password')
attr['user'] = user
profile = UserProfile(**attr)
profile.photo.put(open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg', 'rb'), content_type='image/content_type')
profile.save()
self.client.login(username='******', password='******')
response = self.client.get(self.PROFILE_IMAGE_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
def test_not_raising_403_if_user_only_wants_access_to_their_profile(self):
self.client.logout()
attr = self.mobile_user.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775029500'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('hahahah')
attr['user'] = user
profile = UserProfile(**attr).save()
self.client.login(username='******', password='******')
response = self.client.get(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
def test_not_raising_403_if_user_only_wants_access_to_their_profile(self):
self.client.logout()
attr = self.mobile_user.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775029500'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('hahahah')
attr['user'] = user
profile = UserProfile(**attr).save()
self.client.login(username='******', password='******')
response = self.client.get(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
def _post_with_basic_auth(api_endpoint, data_dict):
api_url = settings.HOSTNAME + api_endpoint
data = json.dumps(data_dict)
payload = {'username': '******', 'password': settings.API_USER_PASS}
api_user = User.objects.order_by('-id').first()
if api_user is None:
api_user = User(
**dict(username=payload['username'], is_active=True)).save()
api_user.set_password(payload['password'])
basic_auth_key = _basic_auth_header(payload['username'],
payload['password'])
else:
basic_auth_key = _basic_auth_header(api_user.username,
settings.API_USER_PASS)
return requests.post(api_url, data, \
headers={'Authorization': basic_auth_key, 'content-type': 'application/json'})
def _post_with_token_auth(api_endpoint, data_dict):
api_url = settings.HOSTNAME + api_endpoint
payload = {'username': '******', 'password': settings.API_USER_PASS}
api_user = User.objects.order_by('-id').first()
if api_user is None:
api_user = User(**dict(username=payload['username'], is_active=True)).save()
api_user.set_password(payload['password'])
token, created = Token.objects.get_or_create(user=api_user)
else:
try:
token = Token.objects.get(user=api_user)
except DoesNotExist:
token, created = Token.objects.get_or_create(user=api_user)
return requests.post(api_url, json.dumps(data_dict), \
headers={'Authorization': 'Token %s' % token.key, 'content-type': 'application/json'})
def _post_with_token_auth(api_endpoint, data_dict):
api_url = settings.HOSTNAME + api_endpoint
payload = {'username': '******', 'password': settings.API_USER_PASS}
api_user = User.objects.order_by('-id').first()
if api_user is None:
api_user = User(
**dict(username=payload['username'], is_active=True)).save()
api_user.set_password(payload['password'])
token, created = Token.objects.get_or_create(user=api_user)
else:
try:
token = Token.objects.get(user=api_user)
except DoesNotExist:
token, created = Token.objects.get_or_create(user=api_user)
return requests.post(api_url, json.dumps(data_dict), \
headers={'Authorization': 'Token %s' % token.key, 'content-type': 'application/json'})
class PasswordChangeSerializerTest(MongoTestCase):
def setUp(self):
self.user = User(username='******')
self.user.set_password('hehe')
self.password_data = dict(old_password='******',
new_password='******',
confirm_password='******')
def test_serialize_should_show_nothing(self):
serializer = UserPasswordChangeSerializer(self.user,
data=self.password_data)
self.assertEqual({}, serializer.data)
def test_should_deserialize_user_object(self):
serializer = UserPasswordChangeSerializer(self.user,
data=self.password_data)
self.assertTrue(serializer.is_valid())
saved_user = serializer.save()
self.assertTrue(isinstance(saved_user, User))
self.assertTrue(
saved_user.check_password(self.password_data['new_password']))
def test_serializer_should_be_invalid_if_current_password_does_not_match(
self):
data = self.password_data.copy()
data['old_password'] = '******'
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['Current password incorrect.'],
serializer.errors['old_password'])
def test_serializer_should_be_invalid_if_new_password_and_confirm_password_do_not_match(
self):
data = self.password_data.copy()
data['confirm_password'] = '******'
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(["The two password fields didn't match."],
serializer.errors['confirm_password'])
def test_new_password_is_required(self):
data = self.password_data.copy()
data['new_password'] = ''
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'],
serializer.errors['new_password'])
del data['new_password']
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'],
serializer.errors['new_password'])
def test_confirm_password_is_required(self):
data = self.password_data.copy()
data['confirm_password'] = ''
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'],
serializer.errors['confirm_password'])
del data['confirm_password']
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'],
serializer.errors['confirm_password'])
class PasswordChangeSerializerTest(MongoTestCase):
def setUp(self):
self.user = User(username='******')
self.user.set_password('hehe')
self.password_data = dict(old_password='******', new_password='******', confirm_password='******')
def test_serialize_should_show_nothing(self):
serializer = UserPasswordChangeSerializer(self.user, data=self.password_data)
self.assertEqual({}, serializer.data)
def test_should_deserialize_user_object(self):
serializer = UserPasswordChangeSerializer(self.user, data=self.password_data)
self.assertTrue(serializer.is_valid())
saved_user = serializer.save()
self.assertTrue(isinstance(saved_user, User))
self.assertTrue(saved_user.check_password(self.password_data['new_password']))
def test_serializer_should_be_invalid_if_current_password_does_not_match(self):
data = self.password_data.copy()
data['old_password'] = '******'
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['Current password incorrect.'], serializer.errors['old_password'])
def test_serializer_should_be_invalid_if_new_password_and_confirm_password_do_not_match(self):
data = self.password_data.copy()
data['confirm_password'] = '******'
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(["The two password fields didn't match."], serializer.errors['confirm_password'])
def test_new_password_is_required(self):
data = self.password_data.copy()
data['new_password'] = ''
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'], serializer.errors['new_password'])
del data['new_password']
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'], serializer.errors['new_password'])
def test_confirm_password_is_required(self):
data = self.password_data.copy()
data['confirm_password'] = ''
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'], serializer.errors['confirm_password'])
del data['confirm_password']
serializer = UserPasswordChangeSerializer(self.user, data=data)
self.assertFalse(serializer.is_valid())
self.assertEqual(['This field is required.'], serializer.errors['confirm_password'])
