def test_update_password(self): test_user = self.http_req.user # make sure user who is shooting the request has proper permission to # update an user's attributes, whatever itself or others. user_should_have_perm(test_user, 'auth.change_user') user_new_attrs = self.user_new_attrs.copy() new_password = '******' user_new_attrs['password'] = new_password try: XUser.update(self.http_req, user_new_attrs, test_user.pk) except Fault as e: self.assertEqual( e.faultCode, 403, 'Old password was not provided, ' + 'PermissionDenied should be catched.') user_new_attrs['old_password'] = '******' try: XUser.update(self.http_req, user_new_attrs, test_user.pk) except Fault as e: self.assertEqual( e.faultCode, 403, 'Invalid old password was provided. ' + 'PermissionDenied should be catched.') user_new_attrs['old_password'] = test_user.username data = XUser.update(self.http_req, user_new_attrs, test_user.pk) self.assert_('password' not in data) self.assertEqual(data['first_name'], user_new_attrs['first_name']) self.assertEqual(data['last_name'], user_new_attrs['last_name']) self.assertEqual(data['email'], user_new_attrs['email']) user = User.objects.get(pk=test_user.pk) self.assert_(user.check_password(new_password))
def test_update_password(self): test_user = self.http_req.user # make sure user who is shooting the request has proper permission to # update an user's attributes, whatever itself or others. user_should_have_perm(test_user, 'auth.change_user') user_new_attrs = self.user_new_attrs.copy() new_password = '******' user_new_attrs['password'] = new_password try: XUser.update(self.http_req, user_new_attrs, test_user.pk) except Fault as e: self.assertEqual(e.faultCode, 403, 'Old password was not provided, ' + 'PermissionDenied should be catched.') user_new_attrs['old_password'] = '******' try: XUser.update(self.http_req, user_new_attrs, test_user.pk) except Fault as e: self.assertEqual(e.faultCode, 403, 'Invalid old password was provided. ' + 'PermissionDenied should be catched.') user_new_attrs['old_password'] = test_user.username data = XUser.update(self.http_req, user_new_attrs, test_user.pk) self.assert_('password' not in data) self.assertEqual(data['first_name'], user_new_attrs['first_name']) self.assertEqual(data['last_name'], user_new_attrs['last_name']) self.assertEqual(data['email'], user_new_attrs['email']) user = User.objects.get(pk=test_user.pk) self.assert_(user.check_password(new_password))
def test_do_nothing(self): original_user = self.http_req.user XUser.update(self.http_req) updated_user = User.objects.get(pk=self.http_req.user.pk) self.assertEqual(original_user.first_name, updated_user.first_name) self.assertEqual(original_user.last_name, updated_user.last_name) self.assertEqual(original_user.email, updated_user.email) self.assertEqual(original_user.password, updated_user.password)
def test_update_password(self): test_user = self.http_req.user # make sure user who is shooting the request has proper permission to # update an user's attributes, whatever itself or others. user_should_have_perm(test_user, 'auth.change_user') user_new_attrs = self.user_new_attrs.copy() new_password = '******' user_new_attrs['password'] = new_password self.assertXmlrpcFaultForbidden(XUser.update, self.http_req, user_new_attrs, test_user.pk) user_new_attrs['old_password'] = '******' self.assertXmlrpcFaultForbidden(XUser.update, self.http_req, user_new_attrs, test_user.pk) user_new_attrs['old_password'] = test_user.username data = XUser.update(self.http_req, user_new_attrs, test_user.pk) self.assertNotIn('password', data) self.assertEqual(data['first_name'], user_new_attrs['first_name']) self.assertEqual(data['last_name'], user_new_attrs['last_name']) self.assertEqual(data['email'], user_new_attrs['email']) user = User.objects.get(pk=test_user.pk) self.assertTrue(user.check_password(new_password))
def test_update_password(self): test_user = self.http_req.user # make sure user who is shooting the request has proper permission to # update an user's attributes, whatever itself or others. user_should_have_perm(test_user, 'auth.change_user') user_new_attrs = self.user_new_attrs.copy() new_password = '******' user_new_attrs['password'] = new_password self.assertRaisesXmlrpcFault(FORBIDDEN, XUser.update, self.http_req, user_new_attrs, test_user.pk) user_new_attrs['old_password'] = '******' self.assertRaisesXmlrpcFault(FORBIDDEN, XUser.update, self.http_req, user_new_attrs, test_user.pk) user_new_attrs['old_password'] = test_user.username data = XUser.update(self.http_req, user_new_attrs, test_user.pk) self.assert_('password' not in data) self.assertEqual(data['first_name'], user_new_attrs['first_name']) self.assertEqual(data['last_name'], user_new_attrs['last_name']) self.assertEqual(data['email'], user_new_attrs['email']) user = User.objects.get(pk=test_user.pk) self.assert_(user.check_password(new_password))
def test_update_other_with_proper_permission(self): user_should_have_perm(self.http_req.user, 'auth.change_user') data = XUser.update(self.http_req, self.user_new_attrs, self.user.pk) updated_user = User.objects.get(pk=self.user.pk) self.assertEqual(data['first_name'], updated_user.first_name) self.assertEqual(data['last_name'], updated_user.last_name) self.assertEqual(data['email'], updated_user.email)
def test_update_myself_without_passing_id(self): data = XUser.update(self.http_req, self.user_new_attrs) self.assertEqual(data['first_name'], self.user_new_attrs['first_name']) self.assertEqual(data['last_name'], self.user_new_attrs['last_name']) self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_myself(self): data = XUser.update(self.http_req, self.user_new_attrs, self.http_req.user.pk) self.assertEqual(data['first_name'], self.user_new_attrs['first_name']) self.assertEqual(data['last_name'], self.user_new_attrs['last_name']) self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_other_missing_permission(self): new_values = {'some_attr': 'xxx'} try: XUser.update(self.http_req, new_values, self.user.pk) except Fault as e: self.assertEqual(e.faultCode, 403)