def test_change_succeeds(self):
self.client.force_login(user=self.verified_user)
self.assertTrue(self.verified_user.mail_verified)
old_email = self.verified_user.email
new_email = faker.email()
# typical frontend use case of getting, modifying and sending data
data = self.client.get(self.url).data
data['email'] = new_email
response = self.client.patch(self.url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.data)
self.assertEqual(response.data['email'], old_email)
self.assertEqual(len(mail.outbox), 2)
self.assertIn('Your email address changed!', mail.outbox[0].subject)
self.assertEqual(mail.outbox[0].to, [old_email],
'error: change notice sent to wrong address')
self.assertIn('Please verify your email', mail.outbox[1].subject)
self.assertEqual(mail.outbox[1].to, [new_email],
'error: verification request sent to wrong address')
self.assertNotIn('Thank you for signing up', mail.outbox[1].body)
self.verified_user.refresh_from_db()
self.assertFalse(self.verified_user.mail_verified)
self.assertEqual(self.verified_user.email, old_email)
self.assertEqual(self.verified_user.unverified_email, new_email)
self.verified_user.verify_mail()
self.verified_user.refresh_from_db()
self.assertTrue(self.verified_user.mail_verified)
self.assertEqual(self.verified_user.email, new_email)
response = self.client.get(self.url)
self.assertEqual(response.data['email'], new_email)
def setUpBeforeMigration(self, apps):
logging.disable(logging.CRITICAL)
self.email = faker.email()
User = apps.get_model('users', 'User')
History = apps.get_model('history', 'History')
Group = apps.get_model('groups', 'Group')
GroupMembership = apps.get_model('groups', 'GroupMembership')
self.user = User.objects.create(email=self.email, display_name='Peter')
self.group = Group.objects.create(
name=faker.name(),
description=faker.sentence(nb_words=40),
public_description=faker.sentence(nb_words=20),
)
membership = GroupMembership.objects.create(group=self.group,
user=self.user)
self.membership_id = membership.id
self.history = History.objects.create(
typus=HistoryTypus.GROUP_CREATE,
group=self.group,
payload={},
)
self.history.users.add(self.user)
self.history.save()
self.history.date = timezone.now() - relativedelta(days=100)
self.history.save()
self.user.created_at = timezone.now() - relativedelta(days=200)
self.user.save()
def setUpBeforeMigration(self, apps):
User = apps.get_model('users', 'User')
Group = apps.get_model('groups', 'Group')
Store = apps.get_model('stores', 'Store')
PickupDateSeries = apps.get_model('stores', 'PickupDateSeries')
PickupDate = apps.get_model('stores', 'PickupDate')
Feedback = apps.get_model('stores', 'Feedback')
self.email = faker.email()
self.now = datetime.datetime.now(tz=pytz.utc)
self.date = faker.date_time_between(start_date='now',
end_date='+24h',
tzinfo=pytz.utc)
self.group_name = 'Group ' + faker.name()
self.store_name = 'Store ' + faker.name()
user = User.objects.create(email=self.email, display_name='Peter')
group = Group.objects.create(name=self.group_name)
store = Store.objects.create(name=self.store_name, group=group)
pickup_date_series = PickupDateSeries.objects.create(
store=store, start_date=self.now)
pickup_date = PickupDate.objects.create(series=pickup_date_series,
store=store,
date=self.date)
pickup_date.collectors.add(user)
Feedback.objects.create(given_by=user, about=pickup_date)
def test_superusers_have_all_perms(self):
email = faker.email()
superuser = get_user_model().objects.create_superuser(email, 'foo')
self.assertTrue(superuser.has_perm('eating horses'))
self.assertTrue(
superuser.has_perm('eating this specific horse',
'I am a kind and gentle horse'))
self.assertTrue(superuser.has_module_perms('lunar'))
def setUpBeforeMigration(self, apps):
User = apps.get_model('users', 'User')
self.user_not_verified = User.objects.create(
email=faker.email(),
activation_key='123',
key_expires_at=timezone.now() + timedelta(minutes=1),
mail_verified=False)
self.user_verified = User.objects.create(email=faker.email(),
activation_key='',
key_expires_at=None,
mail_verified=True)
self.user_code_expired = User.objects.create(
email=faker.email(),
activation_key='123',
key_expires_at=timezone.now() - timedelta(minutes=1),
mail_verified=False)
def setUp(self):
self.verified_user = VerifiedUserFactory()
self.another_user = VerifiedUserFactory()
self.old_email = self.verified_user.email
self.new_email = faker.email()
self.password = self.verified_user.display_name
self.url = '/api/auth/email/'
self.url_patch = '/api/auth/user/'
mail.outbox = []
def make_user():
data = c.post('/api/auth/user/', {
'email': str(timezone.now().microsecond) + faker.email(),
'password': password,
'display_name': faker.name(),
'description': 'I am a fake user',
'mobile_number': faker.phone_number()
}).data
print('created user:'******'email'])
return data
def test_normal_users_have_no_perms(self):
email = faker.email()
user = get_user_model().objects.create_user(email,
'foo',
display_name='I am normal')
self.assertFalse(user.has_perm('eating horses'))
self.assertFalse(
user.has_perm('eating this specific horse',
'I am a kind and gentle horse'))
self.assertFalse(user.has_module_perms('lunar'))
def test_changing_sensitive_fields_is_forbidden(self):
self.client.force_login(user=self.verified_user)
response = self.client.get(self.url)
original = response.data
response = self.client.patch(self.url, {'unverified_email': faker.email()})
self.assertEqual(response.data['unverified_email'], original['unverified_email'])
response = self.client.patch(self.url, {'mail_verified': False})
self.assertEqual(response.data['mail_verified'], True)
def setUp(self):
self.user = UserFactory()
self.url = '/api/auth/user/'
self.user_data = {
'email': faker.email(),
'password': faker.name(),
'display_name': faker.name(),
'address': faker.address(),
'latitude': faker.latitude(),
'longitude': faker.longitude()
}
mail.outbox = []
def test_change_back_to_previous_address(self):
self.client.force_login(user=self.verified_user)
original = self.verified_user.email
response = self.client.patch(self.url, {'email': faker.email()})
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(mail.outbox), 2)
mail.outbox.clear()
response = self.client.patch(self.url, {'email': original})
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(mail.outbox), 2)
self.assertIn('Your email address changed!', mail.outbox[0].subject)
self.assertEqual(response.data['email'], original)
self.assertEqual(response.data['mail_verified'], False)
def setUpClass(cls):
super().setUpClass()
cls.user = UserFactory()
cls.user2 = UserFactory()
cls.verified_user = VerifiedUserFactory()
cls.url = '/api/users/'
cls.user_data = {
'email': faker.email(),
'password': faker.name(),
'display_name': faker.name(),
'address': faker.address(),
'latitude': faker.latitude(),
'longitude': faker.longitude()
}
cls.group = GroupFactory(members=[cls.user, cls.user2])
cls.another_common_group = GroupFactory(members=[cls.user, cls.user2])
cls.user_in_another_group = UserFactory()
cls.another_group = GroupFactory(members=[cls.user_in_another_group, ])
class UserFactory(DjangoModelFactory):
class Meta:
model = get_user_model()
strategy = CREATE_STRATEGY
is_active = True
is_staff = False
display_name = LazyAttribute(lambda _: faker.name())
email = LazyAttribute(lambda _: faker.email())
description = LazyAttribute(lambda _: faker.text())
# Use display_name as password, as it is readable
password = PostGeneration(lambda obj, *args, **kwargs: obj.set_password(obj.display_name))
@classmethod
def _create(cls, model_class, *args, **kwargs):
manager = cls._get_manager(model_class)
user = manager.create_user(*args, **kwargs)
return user
def setUp(self):
self.user = UserFactory()
self.user2 = UserFactory()
self.url = '/api/users/'
self.user_data = {
'email': faker.email(),
'password': faker.name(),
'display_name': faker.name(),
'address': faker.address(),
'latitude': faker.latitude(),
'longitude': faker.longitude()
}
self.group = GroupFactory(members=[self.user, self.user2])
self.another_common_group = GroupFactory(
members=[self.user, self.user2])
self.user_in_another_group = UserFactory()
self.another_group = GroupFactory(members=[
self.user_in_another_group,
])
mail.outbox = []
def test_change_succeeds(self):
self.client.force_login(user=self.verified_user)
self.assertTrue(self.verified_user.mail_verified)
# typical frontend use case of getting, modifying and sending data
data = self.client.get(self.user_url).data
data['email'] = faker.email()
response = self.client.patch(self.user_url, data, format='json')
user = get_user_model().objects.get(id=self.verified_user.id)
self.assertEqual(response.status_code, status.HTTP_200_OK,
response.data)
self.assertEqual(response.data['email'], self.verified_user.email)
self.assertFalse(user.mail_verified)
self.assertEqual(len(mail.outbox), 2)
self.assertEqual(mail.outbox[0].subject, 'Your email address changed!')
self.assertEqual(mail.outbox[0].to, [user.email])
self.assertEqual(mail.outbox[1].subject, 'Verify your email address')
self.assertEqual(mail.outbox[1].to, [user.unverified_email])
user.verify_mail()
self.assertTrue(user.mail_verified)
response = self.client.get(self.user_url)
self.assertEqual(response.data['email'], data['email'])
def setUpBeforeMigration(self, apps):
logging.disable(logging.CRITICAL)
self.email = faker.email()
User = apps.get_model('users', 'User')
User.objects.create(email=self.email, display_name='Peter')
def test_create_superuser(self):
email = faker.email()
get_user_model().objects.create_superuser(email, 'letmein')
self.assertEqual(get_user_model().objects.filter(email=email).count(),
1)
