def test_request_password_change_inactive_user(self):
# Create an account, but do not activate it
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that the activation email was still sent
self.assertEqual(len(mail.outbox), 1)
def test_request_password_change_inactive_user(self):
# Create an account, but do not activate it
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that the activation email was still sent
self.assertEqual(len(mail.outbox), 1)
def test_unicode_usernames(self, unicode_username):
with patch.dict(settings.FEATURES, {'ENABLE_UNICODE_USERNAME': False}):
with self.assertRaises(AccountUsernameInvalid):
create_account(unicode_username, self.PASSWORD, self.EMAIL) # Feature is disabled, therefore invalid.
with patch.dict(settings.FEATURES, {'ENABLE_UNICODE_USERNAME': True}):
try:
create_account(unicode_username, self.PASSWORD, self.EMAIL)
except AccountUsernameInvalid:
self.fail(u'The API should accept Unicode username `{unicode_username}`.'.format(
unicode_username=unicode_username,
))
def test_request_password_change_inactive_user(self):
# Create an account, but do not activate it
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
request = RequestFactory().post('/password')
request.user = Mock()
request.site = SiteFactory()
with patch('crum.get_current_request', return_value=request):
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that the activation email was still sent
self.assertEqual(len(mail.outbox), 1)
def test_normalize_password(self):
"""
Test that unicode normalization on passwords is happening when a user is created.
"""
# Set user password to NFKD format so that we can test that it is normalized to
# NFKC format upon account creation.
create_account(self.USERNAME, unicodedata.normalize('NFKD', u'Ṗŕệṿïệẅ Ṯệẍt'), self.EMAIL)
user = User.objects.get(username=self.USERNAME)
salt_val = user.password.split('$')[1]
expected_user_password = make_password(unicodedata.normalize('NFKC', u'Ṗŕệṿïệẅ Ṯệẍt'), salt_val)
self.assertEqual(expected_user_password, user.password)
def test_password_change_inactive_user(self):
# Log out the user created during test setup
self.client.logout()
# Create a second user, but do not activate it
create_account(self.ALTERNATE_USERNAME, self.OLD_PASSWORD, self.NEW_EMAIL)
# Send the view the email address tied to the inactive user
response = self._change_password(email=self.NEW_EMAIL)
# Expect that the activation email is still sent,
# since the user may have lost the original activation email.
self.assertEqual(response.status_code, 200)
self.assertEqual(len(mail.outbox), 1)
def test_activate_account_prevent_auth_user_writes(self):
activation_key = create_account(self.USERNAME, self.PASSWORD,
self.EMAIL)
with pytest.raises(UserAPIInternalError,
message=SYSTEM_MAINTENANCE_MSG):
with waffle().override(PREVENT_AUTH_USER_WRITES, True):
activate_account(activation_key)
def test_create_account(self):
# Create a new account, which should have empty account settings by default.
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
# Retrieve the account settings
user = User.objects.get(username=self.USERNAME)
request = RequestFactory().get("/api/user/v1/accounts/")
request.user = user
account_settings = get_account_settings(request)[0]
# Expect a date joined field but remove it to simplify the following comparison
self.assertIsNotNone(account_settings['date_joined'])
del account_settings['date_joined']
# Expect all the values to be defaulted
self.assertEqual(
account_settings, {
'username': self.USERNAME,
'email': self.EMAIL,
'name': u'',
'gender': None,
'goals': None,
'is_active': False,
'level_of_education': None,
'mailing_address': None,
'year_of_birth': None,
'country': None,
'social_links': [],
'bio': None,
'profile_image': {
'has_image':
False,
'image_url_full':
request.build_absolute_uri('/static/default_50.png'),
'image_url_small':
request.build_absolute_uri('/static/default_10.png'),
},
'requires_parental_consent': True,
'language_proficiencies': [],
'account_privacy': PRIVATE_VISIBILITY,
'accomplishments_shared': False,
'extended_profile': [],
'secondary_email': None,
'time_zone': None,
'course_certificates': None,
})
def test_login_and_registration_form_already_authenticated(self, url_name):
# Create/activate a new account and log in
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
activate_account(activation_key)
result = self.client.login(username=self.USERNAME, password=self.PASSWORD)
self.assertTrue(result)
# Verify that we're redirected to the dashboard
response = self.client.get(reverse(url_name))
self.assertRedirects(response, reverse("dashboard"))
def setUp(self):
super(StudentAccountUpdateTest, self).setUp()
# Create/activate a new account
activation_key = create_account(self.USERNAME, self.OLD_PASSWORD, self.OLD_EMAIL)
activate_account(activation_key)
# Login
result = self.client.login(username=self.USERNAME, password=self.OLD_PASSWORD)
self.assertTrue(result)
def test_login_and_registration_form_already_authenticated(self, url_name):
# Create/activate a new account and log in
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
activate_account(activation_key)
result = self.client.login(username=self.USERNAME, password=self.PASSWORD)
self.assertTrue(result)
# Verify that we're redirected to the dashboard
response = self.client.get(reverse(url_name))
self.assertRedirects(response, reverse("dashboard"))
def setUp(self):
super(StudentAccountUpdateTest, self).setUp()
# Create/activate a new account
activation_key = create_account(self.USERNAME, self.OLD_PASSWORD, self.OLD_EMAIL)
activate_account(activation_key)
# Login
result = self.client.login(username=self.USERNAME, password=self.OLD_PASSWORD)
self.assertTrue(result)
def test_create_account(self):
# Create a new account, which should have empty account settings by default.
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
# Retrieve the account settings
user = User.objects.get(username=self.USERNAME)
request = RequestFactory().get("/api/user/v1/accounts/")
request.user = user
account_settings = get_account_settings(request)[0]
# Expect a date joined field but remove it to simplify the following comparison
self.assertIsNotNone(account_settings['date_joined'])
del account_settings['date_joined']
# Expect all the values to be defaulted
self.assertEqual(account_settings, {
'username': self.USERNAME,
'email': self.EMAIL,
'name': u'',
'gender': None,
'goals': None,
'is_active': False,
'level_of_education': None,
'mailing_address': None,
'year_of_birth': None,
'country': None,
'social_links': [],
'bio': None,
'profile_image': {
'has_image': False,
'image_url_full': request.build_absolute_uri('/static/default_50.png'),
'image_url_small': request.build_absolute_uri('/static/default_10.png'),
},
'requires_parental_consent': True,
'language_proficiencies': [],
'account_privacy': PRIVATE_VISIBILITY,
'accomplishments_shared': False,
'extended_profile': [],
'secondary_email': None,
'time_zone': None,
'course_certificates': None,
})
def test_create_account_duplicate_email(django_db_use_migrations):
"""
Test case for duplicate email constraint
Email uniqueness constraints were introduced in a database migration,
which we disable in the unit tests to improve the speed of the test suite
This test only runs if migrations have been run.
django_db_use_migrations is a pytest_django fixture which tells us whether
migrations are being used.
"""
password = '******'
email = '*****@*****.**'
if django_db_use_migrations:
create_account('zappadappadoo', password, email)
with pytest.raises(
AccountUserAlreadyExists,
message='Migrations are being used, but creating an account with duplicate email succeeded!'
):
create_account('different_user', password, email)
def test_request_password_change(self):
# Create and activate an account
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
activate_account(activation_key)
# Request a password change
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that one email message has been sent
self.assertEqual(len(mail.outbox), 1)
# Verify that the body of the message contains something that looks
# like an activation link
email_body = mail.outbox[0].body
result = re.search(r'(?P<url>https?://[^\s]+)', email_body)
self.assertIsNot(result, None)
def setUp(self):
super(UserAccountUpdateTest, self).setUp()
# Create/activate a new account
activation_key = create_account(self.USERNAME, self.OLD_PASSWORD, self.OLD_EMAIL)
activate_account(activation_key)
self.account_recovery = AccountRecoveryFactory.create(user=User.objects.get(email=self.OLD_EMAIL))
self.enable_account_recovery_switch = Switch.objects.create(
name=ENABLE_SECONDARY_EMAIL_FEATURE_SWITCH,
active=True
)
# Login
result = self.client.login(username=self.USERNAME, password=self.OLD_PASSWORD)
self.assertTrue(result)
def test_activate_account(self):
# Create the account, which is initially inactive
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
user = User.objects.get(username=self.USERNAME)
request = RequestFactory().get("/api/user/v1/accounts/")
request.user = user
account = get_account_settings(request)[0]
self.assertEqual(self.USERNAME, account["username"])
self.assertEqual(self.EMAIL, account["email"])
self.assertFalse(account["is_active"])
# Activate the account and verify that it is now active
activate_account(activation_key)
account = get_account_settings(request)[0]
self.assertTrue(account['is_active'])
def test_request_password_change(self):
# Create and activate an account
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
activate_account(activation_key)
# Request a password change
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that one email message has been sent
self.assertEqual(len(mail.outbox), 1)
# Verify that the body of the message contains something that looks
# like an activation link
email_body = mail.outbox[0].body
result = re.search(r'(?P<url>https?://[^\s]+)', email_body)
self.assertIsNot(result, None)
def test_request_password_change(self):
# Create and activate an account
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
activate_account(activation_key)
request = RequestFactory().post('/password')
request.user = Mock()
request.site = SiteFactory()
with patch('crum.get_current_request', return_value=request):
# Request a password change
request_password_change(self.EMAIL, self.IS_SECURE)
# Verify that one email message has been sent
self.assertEqual(len(mail.outbox), 1)
# Verify that the body of the message contains something that looks
# like an activation link
email_body = mail.outbox[0].body
result = re.search(r'(?P<url>https?://[^\s]+)', email_body)
self.assertIsNot(result, None)
def test_create_account_invalid_username(self, invalid_username):
create_account(invalid_username, self.PASSWORD, self.EMAIL)
def test_activate_account_prevent_auth_user_writes(self):
activation_key = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
with pytest.raises(UserAPIInternalError, message=SYSTEM_MAINTENANCE_MSG):
with waffle().override(PREVENT_AUTH_USER_WRITES, True):
activate_account(activation_key)
def test_create_account_invalid_username(self, invalid_username):
with pytest.raises(AccountRequestError):
create_account(invalid_username, self.PASSWORD, self.EMAIL)
def test_create_account_username_password_equal(self):
# Username and password cannot be the same
create_account(self.USERNAME, self.USERNAME, self.EMAIL)
def test_create_account_duplicate_email(self):
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
with self.assertRaises(AccountUserAlreadyExists):
create_account('different_user', self.PASSWORD, self.EMAIL)
def test_create_account_invalid_password(self, invalid_password):
create_account(self.USERNAME, invalid_password, self.EMAIL)
def test_username_too_long(self):
long_username = '******' * (USERNAME_MAX_LENGTH + 1)
with self.assertRaises(AccountUsernameInvalid):
create_account(long_username, self.PASSWORD, self.EMAIL)
def test_create_account_duplicate_username(self):
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
with self.assertRaises(AccountUserAlreadyExists):
create_account(self.USERNAME, self.PASSWORD, '*****@*****.**')
def test_create_account_invalid_email(self, invalid_email):
create_account(self.USERNAME, self.PASSWORD, invalid_email)
def test_create_account_invalid_password(self, invalid_password):
create_account(self.USERNAME, invalid_password, self.EMAIL)
def test_create_account_not_allowed(self):
"""
Test case to check user creation is forbidden when ALLOW_PUBLIC_ACCOUNT_CREATION feature flag is turned off
"""
response = create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
self.assertEqual(response.status_code, 403)
def test_create_account_invalid_email(self, invalid_email):
with pytest.raises(AccountEmailInvalid):
create_account(self.USERNAME, self.PASSWORD, invalid_email)
def test_create_account_username_password_equal(self):
# Username and password cannot be the same
create_account(self.USERNAME, self.USERNAME, self.EMAIL)
def test_create_account_invalid_password(self, invalid_password):
with pytest.raises(AccountPasswordInvalid):
create_account(self.USERNAME, invalid_password, self.EMAIL)
def test_create_account_invalid_email(self, invalid_email):
create_account(self.USERNAME, self.PASSWORD, invalid_email)
def test_create_account_username_password_equal(self):
# Username and password cannot be the same
with pytest.raises(AccountPasswordInvalid):
create_account(self.USERNAME, self.USERNAME, self.EMAIL)
def test_create_account_duplicate_email(self):
create_account(self.USERNAME, self.PASSWORD, self.EMAIL)
with self.assertRaises(AccountUserAlreadyExists):
create_account('different_user', self.PASSWORD, self.EMAIL)
def test_create_account_invalid_username(self, invalid_username):
create_account(invalid_username, self.PASSWORD, self.EMAIL)
