def test_only_self_edits(self):
p1 = ProfileFactory()
p2 = ProfileFactory()
self.client.force_authenticate(user=p2.user)
url = reverse('user-detail', args=[p1.user.username])
res = self.client.patch(url, {})
# u2 should not have permission to edit u1's user.
eq_(res.status_code, 403)
def test_request_password_reset(self, get_current):
get_current.return_value.domain = 'testserver'
p = ProfileFactory()
url = reverse('user-request-password-reset', args=[p.user.username])
res = self.client.get(url)
eq_(res.status_code, 204)
eq_(1, len(mail.outbox))
def test_settings_visible_when_signed_in(self):
p = ProfileFactory()
p.settings.create(name="foo", value="bar")
url = reverse("user-detail", args=[p.user.username])
self.client.force_authenticate(user=p.user)
res = self.client.get(url)
eq_(res.data["settings"], [{"name": "foo", "value": "bar"}])
def test_adds_event_to_db(self, key, process_mock):
profile = ProfileFactory(fxa_uid="54321")
events = {
"https://schemas.accounts.firefox.com/event/password-change": {
"changeTime": 1565721242227
}
}
eq_(0, AccountEvent.objects.count())
response = self._call_webhook(events, key)
eq_(202, response.status_code)
eq_(1, AccountEvent.objects.count())
eq_(1, process_mock.delay.call_count)
account_event = AccountEvent.objects.last()
eq_(account_event.status, AccountEvent.UNPROCESSED)
self.assertEqual(json.loads(account_event.body),
list(events.values())[0])
eq_(account_event.event_type, AccountEvent.PASSWORD_CHANGE)
eq_(account_event.fxa_uid, "54321")
eq_(account_event.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event.issued_at, "1565720808")
eq_(account_event.profile, profile)
def test_settings_visible_when_signed_in(self):
p = ProfileFactory()
p.settings.create(name='foo', value='bar')
url = reverse('user-detail', args=[p.user.username])
self.client.force_authenticate(user=p.user)
res = self.client.get(url)
eq_(res.data['settings'], [{'name': 'foo', 'value': 'bar'}])
def test_last_answer_date(self):
p = ProfileFactory()
u = p.user
AnswerFactory(creator=u)
serializer = api.ProfileSerializer(instance=p)
eq_(serializer.data['last_answer_date'], u.answers.last().created)
def test_set_setting_add(self):
p = ProfileFactory()
self.client.force_authenticate(user=p.user)
url = reverse('user-set-setting', args=[p.user.username])
res = self.client.post(url, {'name': 'foo', 'value': 'bar'})
eq_(res.status_code, 200)
eq_(p.settings.get(name='foo').value, 'bar')
def test_cant_update_username(self):
p = ProfileFactory(user__username='******')
serializer = api.ProfileSerializer(data=self.data, instance=p)
eq_(serializer.is_valid(), False)
eq_(serializer.errors, {
'username': [u"Can't change this field."],
})
def test_delete_setting_exists_with_delete(self):
p = ProfileFactory()
self.client.force_authenticate(user=p.user)
s = SettingFactory(user=p.user)
url = reverse('user-delete-setting', args=[p.user.username])
res = self.client.delete(url, {'name': s.name})
eq_(res.status_code, 204)
eq_(p.settings.filter(name=s.name).count(), 0)
def test_avatar_size(self):
p = ProfileFactory()
url = reverse("user-detail", args=[p.user.username])
res = self.client.get(url)
assert "?s=200" in res.data["avatar"]
res = self.client.get(url, {"avatar_size": 128})
assert "?s=128" in res.data["avatar"]
def test_avatar_size(self):
p = ProfileFactory()
url = reverse('user-detail', args=[p.user.username])
res = self.client.get(url)
assert '?s=200' in res.data['avatar']
res = self.client.get(url, {'avatar_size': 128})
assert '?s=128' in res.data['avatar']
def test_logs_out_user_first_seen_before_password_change(self):
self.request.user = ProfileFactory(
fxa_password_change=datetime.utcnow() + timedelta(minutes=5)).user
self._process_request(self.request)
response = self._process_request(self.request)
assert isinstance(self.request.user, AnonymousUser)
assert isinstance(response, HttpResponseRedirect)
def test_does_nothing_if_user_first_seen_after_password_change(self):
self.request.user = ProfileFactory(
fxa_password_change=datetime.utcnow() - timedelta(minutes=5)).user
user = self.request.user
self._process_request(self.request)
self._process_request(self.request)
self.assertEqual(user, self.request.user)
def test_set_setting_update(self):
p = ProfileFactory()
self.client.force_authenticate(user=p.user)
s = SettingFactory(user=p.user, name='favorite_fruit', value='apple')
url = reverse('user-set-setting', args=[p.user.username])
res = self.client.post(url, {'name': 'favorite_fruit', 'value': 'banana'})
eq_(res.status_code, 200)
eq_(res.data['value'], 'banana')
s = Setting.objects.get(id=s.id)
eq_(s.value, 'banana')
def test_add_and_delete(self):
"""Adding a user with a profile should add it to the index.
Deleting should delete it.
"""
p = ProfileFactory()
self.refresh()
eq_(UserMappingType.search().count(), 1)
p.user.delete()
self.refresh()
eq_(UserMappingType.search().count(), 0)
def test_process_password_change(self):
profile = ProfileFactory()
account_event_1 = AccountEventFactory(
body=json.dumps({
"changeTime": 2000
}),
event_type=AccountEvent.PASSWORD_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile
)
process_event_password_change(account_event_1.id)
profile.refresh_from_db()
account_event_1.refresh_from_db()
eq_(profile.fxa_password_change, datetime.utcfromtimestamp(2))
eq_(account_event_1.status, AccountEvent.PROCESSED)
account_event_2 = AccountEventFactory(
body=json.dumps({
"changeTime": 1000
}),
event_type=AccountEvent.PASSWORD_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile
)
process_event_password_change(account_event_2.id)
profile.refresh_from_db()
account_event_2.refresh_from_db()
eq_(profile.fxa_password_change, datetime.utcfromtimestamp(2))
eq_(account_event_2.status, AccountEvent.IGNORED)
def test_process_subscription_state_change_out_of_order(self):
profile = ProfileFactory()
account_event_1 = AccountEventFactory(
body=json.dumps({
"capabilities": ["capability_1"],
"isActive": True,
"changeTime": 1
}),
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile
)
process_event_subscription_state_change(account_event_1.id)
account_event_1.refresh_from_db()
eq_(account_event_1.status, AccountEvent.PROCESSED)
account_event_2 = AccountEventFactory(
body=json.dumps({
"capabilities": ["capability_1"],
"isActive": True,
"changeTime": 3
}),
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile
)
process_event_subscription_state_change(account_event_2.id)
account_event_2.refresh_from_db()
eq_(account_event_2.status, AccountEvent.PROCESSED)
account_event_3 = AccountEventFactory(
body=json.dumps({
"capabilities": ["capability_1"],
"isActive": False,
"changeTime": 2
}),
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile
)
process_event_subscription_state_change(account_event_3.id)
account_event_3.refresh_from_db()
eq_(account_event_3.status, AccountEvent.IGNORED)
def test_process_delete_user(self):
profile = ProfileFactory()
account_event = AccountEventFactory(
body=json.dumps({}),
event_type=AccountEvent.DELETE_USER,
status=AccountEvent.UNPROCESSED,
profile=profile)
assert profile.user.is_active
process_event_delete_user(account_event.id)
profile.user.refresh_from_db()
account_event.refresh_from_db()
assert not profile.user.is_active
eq_(account_event.status, AccountEvent.PROCESSED)
def test_handles_unknown_events(self, key, process_mock):
profile = ProfileFactory(fxa_uid="54321")
events = {
"https://schemas.accounts.firefox.com/event/delete-user": {},
"https://schemas.accounts.firefox.com/event/foobar": {},
"barfoo": {}
}
eq_(0, AccountEvent.objects.count())
response = self._call_webhook(events, key)
eq_(202, response.status_code)
eq_(3, AccountEvent.objects.count())
eq_(1, process_mock.delay.call_count)
account_event_1 = AccountEvent.objects.get(
event_type=AccountEvent.DELETE_USER
)
account_event_2 = AccountEvent.objects.get(
event_type="foobar"
)
account_event_3 = AccountEvent.objects.get(
event_type="barfoo"
)
self.assertEqual(json.loads(account_event_1.body), {})
self.assertEqual(json.loads(account_event_2.body), {})
self.assertEqual(json.loads(account_event_3.body), {})
eq_(account_event_1.status, AccountEvent.UNPROCESSED)
eq_(account_event_2.status, AccountEvent.NOT_IMPLEMENTED)
eq_(account_event_3.status, AccountEvent.NOT_IMPLEMENTED)
eq_(account_event_1.fxa_uid, "54321")
eq_(account_event_2.fxa_uid, "54321")
eq_(account_event_3.fxa_uid, "54321")
eq_(account_event_1.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event_2.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event_3.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event_1.issued_at, "1565720808")
eq_(account_event_2.issued_at, "1565720808")
eq_(account_event_3.issued_at, "1565720808")
eq_(account_event_1.profile, profile)
eq_(account_event_2.profile, profile)
eq_(account_event_3.profile, profile)
def test_adds_multiple_events_to_db(self, key, process_subscription_mock,
process_profile_mock):
profile = ProfileFactory(fxa_uid="54321")
events = {
"https://schemas.accounts.firefox.com/event/profile-change": {},
"https://schemas.accounts.firefox.com/event/subscription-state-change":
{
"capabilities": ["capability_1", "capability_2"],
"isActive": True,
"changeTime": 1565721242227,
},
}
eq_(0, AccountEvent.objects.count())
response = self._call_webhook(events, key)
eq_(202, response.status_code)
eq_(2, AccountEvent.objects.count())
eq_(1, process_subscription_mock.delay.call_count)
eq_(1, process_profile_mock.delay.call_count)
account_event_1 = AccountEvent.objects.get(
event_type=AccountEvent.PROFILE_CHANGE)
account_event_2 = AccountEvent.objects.get(
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE)
self.assertEqual(json.loads(account_event_1.body), {})
self.assertEqual(json.loads(account_event_2.body),
list(events.values())[1])
eq_(account_event_1.status, AccountEvent.UNPROCESSED)
eq_(account_event_2.status, AccountEvent.UNPROCESSED)
eq_(account_event_1.fxa_uid, "54321")
eq_(account_event_2.fxa_uid, "54321")
eq_(account_event_1.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event_2.jwt_id, "e19ed6c5-4816-4171-aa43-56ffe80dbda1")
eq_(account_event_1.issued_at, "1565720808")
eq_(account_event_2.issued_at, "1565720808")
eq_(account_event_1.profile, profile)
eq_(account_event_2.profile, profile)
def test_process_subscription_state_change(self):
product_1 = ProductFactory(codename="capability_1")
product_2 = ProductFactory(codename="capability_2")
product_3 = ProductFactory(codename="capability_3")
profile = ProfileFactory()
profile.products.add(product_3)
account_event_1 = AccountEventFactory(
body=json.dumps({
"capabilities": ["capability_1", "capability_2"],
"isActive": True,
"changeTime": 1,
}),
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile,
)
process_event_subscription_state_change(account_event_1.id)
account_event_1.refresh_from_db()
self.assertCountEqual(profile.products.all(),
[product_1, product_2, product_3])
eq_(account_event_1.status, AccountEvent.PROCESSED)
account_event_2 = AccountEventFactory(
body=json.dumps({
"capabilities": ["capability_1", "capability_2"],
"isActive": False,
"changeTime": 2,
}),
event_type=AccountEvent.SUBSCRIPTION_STATE_CHANGE,
status=AccountEvent.UNPROCESSED,
profile=profile,
)
process_event_subscription_state_change(account_event_2.id)
account_event_2.refresh_from_db()
self.assertCountEqual(profile.products.all(), [product_3])
eq_(account_event_2.status, AccountEvent.PROCESSED)
def setUp(self):
self.profile = ProfileFactory()
group = GroupFactory()
self.profile.user.groups.add(group)
self.prepare().save()
self.profile.user.groups.remove(group)
def test_is_active(self):
p = ProfileFactory()
url = reverse('user-detail', args=[p.user.username])
res = self.client.get(url)
assert 'is_active' in res.data
def test_settings_not_visible_when_signed_out(self):
p = ProfileFactory()
p.settings.create(name='foo', value='bar')
url = reverse('user-detail', args=[p.user.username])
res = self.client.get(url)
assert 'settings' not in res.data
def test_settings_not_visible_when_signed_out(self):
p = ProfileFactory()
p.settings.create(name="foo", value="bar")
url = reverse("user-detail", args=[p.user.username])
res = self.client.get(url)
assert "settings" not in res.data
def test_email_not_visible_when_signed_out(self):
p = ProfileFactory()
url = reverse('user-detail', args=[p.user.username])
res = self.client.get(url)
assert 'email' not in res.data
def test_email_visible_when_signed_in(self):
p = ProfileFactory()
url = reverse('user-detail', args=[p.user.username])
self.client.force_authenticate(user=p.user)
res = self.client.get(url)
eq_(res.data['email'], p.user.email)
def test_cant_delete(self):
p = ProfileFactory()
self.client.force_authenticate(user=p.user)
url = reverse('user-detail', args=[p.user.username])
res = self.client.delete(url)
eq_(res.status_code, 405)
def test_delete_setting_404(self):
p = ProfileFactory()
self.client.force_authenticate(user=p.user)
url = reverse('user-delete-setting', args=[p.user.username])
res = self.client.post(url, {'name': 'nonexistant'})
eq_(res.status_code, 404)
