def test_post_invalid(self):
"""Invalid post conditions should results HTTP 422 Unprocessable entity
* 'member' does not exist
* 'organization' does not exist
* 'status' is not in ['approve', 'deny', 'revoke']
"""
request_url = reverse(self.url_name)
with self.subTest(
'post with non-existing member results in error message'):
new_user = UserFactory()
new_user_pk = new_user.pk
new_user.delete() # now we know they don't exist.
response = self.client.post(
request_url,
{
'approve': 'Not gonna work',
'member': new_user_pk,
'organization': self.organizations[0].pk,
},
)
self.assertEqual(response.status_code, 422)
self.assertIn(b'member',
response.content) # error with the member field
with self.subTest(
'post with non-existing organization results in error message'
):
new_org = OrganizationFactory()
new_org_pk = new_org.pk
new_org.delete() # now we know they don't exist.
response = self.client.post(
request_url,
{
'approve': 'Not gonna work',
'member': self.user.pk,
'organization': new_org_pk,
},
)
self.assertEqual(response.status_code, 422)
self.assertIn(
b'organization',
response.content) # error with the organization field
with self.subTest('post with wrong status results in error message'):
response = self.client.post(
request_url,
{
'member': self.user.pk,
'organization': self.organizations[0].pk
},
)
self.assertEqual(response.status_code, 422)
self.assertIn(b'status',
response.content) # error with the status field
def test_filter_by_user(self):
"""The filter_by_user() method returns the first UserSocialAuth object for member."""
# A UserSocialAuth object for the self.member and the Resource
self_member_result = UserSocialAuthFactory(user=self.member,
uid=self.member.id,
provider=Resource.name)
# A UserSocialAuth object for the self.member, but for a different Resource
UserSocialAuthFactory(user=self.member,
uid=self.member.id,
provider='other_resource')
# A UserSocialAuth object for the Resource, but for a different member
other_member = UserFactory()
other_member_result = UserSocialAuthFactory(user=other_member,
uid=other_member.id,
provider=Resource.name)
resource = Resource(self.member)
# Calling the filter_by_user() method filters the UserSocialAuth
# objects for the appropriate member, even if it's not the member
# that the Resource was instantiated for.
self.assertEqual(
set(
resource.filter_by_user(self.member).values_list('id',
flat=True)),
set([self_member_result.id]),
)
self.assertEqual(
set(
resource.filter_by_user(other_member).values_list('id',
flat=True)),
set([other_member_result.id]),
)
def test_init(self):
"""Initializing a Resource sets the member and db_object."""
with self.subTest('Initializing Resource requires a member'):
with self.assertRaises(TypeError):
Resource()
with self.subTest('Initializing Resource sets member and db_object'):
# A UserSocialAuth object for the self.member and the Resource
user_social_auth = UserSocialAuthFactory(user=self.member,
uid=self.member.id,
provider=Resource.name)
# A UserSocialAuth object for the self.member, but for a different Resource
UserSocialAuthFactory(user=self.member,
uid=self.member.id,
provider='other_resource')
# A UserSocialAuth object for the Resource, but for a different member
other_member = UserFactory()
UserSocialAuthFactory(user=other_member,
uid=other_member.id,
provider=Resource.name)
# Initializing the Resource sets the user_social_auth (for the
# self.member and the Resource) as the db_object.
resource = Resource(self.member)
self.assertEqual(resource.member, self.member)
self.assertEqual(resource.db_object, user_social_auth)
def test_get(self):
"""A successful request to get data for a member."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_self_user_access_to_member_token(member, provider_name)
# A user at the Organization (the self.user) GETs the data for the member.
url = reverse(
self.url_name,
kwargs={
'pk': member.pk,
'resource_name': provider_name,
'record_type': 'prescriptions'
}
)
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
# Here, we assert that the response has the expected mocked response.
# More specific testing for the Resource.get() method exists in the
# sharemyhealth app.
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.context['data'].json(),
self.expected_response_success['content']
)
self.assertTemplateUsed(response, 'member/data.html')
def test_authenticated(self):
"""The user must be authenticated to see records."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_user_access_to_member_token(self.user, member, provider_name)
url = reverse(self.url_name,
kwargs={
'pk': member.pk,
'resource_name': 'list'
})
with self.subTest('Authenticated'):
self.client.force_login(self.user)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
with self.subTest('Not authenticated'):
self.client.logout()
response = self.client.get(url)
expected_redirect = '{}?next={}'.format(reverse('login'), url)
self.assertRedirects(response, expected_redirect)
def test_authenticated(self):
"""The user must be authenticated to get a member's data."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_self_user_access_to_member_token(member, provider_name)
# The url that will be used during this test to try to get the member's data
url = reverse(self.url_name,
kwargs={
'pk': member.pk,
'resource_name': provider_name,
'record_type': 'prescriptions'
})
with self.subTest('Not authenticated'):
self.client.logout()
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
expected_redirect = '{}?next={}'.format(reverse('home'), url)
self.assertRedirects(response, expected_redirect)
with self.subTest('Authenticated'):
self.client.force_login(self.user)
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
def test_parameters(self):
"""Sending invalid parameters into the function returns a 404 response."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_self_user_access_to_member_token(member, provider_name)
with self.subTest('invalid resource_name parameter'):
url = reverse(self.url_name,
kwargs={
'pk': member.pk,
'resource_name': 'invalid_name',
'record_type': 'prescriptions'
})
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 404)
with self.subTest('invalid record_type parameter'):
url = reverse(self.url_name,
kwargs={
'pk': member.pk,
'resource_name': provider_name,
'record_type': 'invalid_name'
})
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 404)
for valid_resource_name in settings.RESOURCE_NAME_AND_CLASS_MAPPING.keys(
):
for valid_record_type in settings.VALID_MEMBER_DATA_RECORD_TYPES:
with self.subTest(resource_name=valid_resource_name,
record_type=valid_record_type):
url = reverse(self.url_name,
kwargs={
'pk': member.pk,
'resource_name': valid_resource_name,
'record_type': valid_record_type
})
# Mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
def setUp(self):
super().setUp()
self.member = UserFactory()
# When we mock uses of the requests library in this test class, this is
# the expected mock response.
self.expected_response_success = {
'status_code': 200,
'content': {
'test_key': 'Test content'
},
}
def test_post_user_unauthorized(self):
"""posting dismissal of another user's notification raises 404"""
other_user = UserFactory()
notification = Notification.objects.create(
notify=other_user, actor=self.user, message="Notify Other User"
)
pk = notification.pk
response = self.client.post(reverse('notifications:dismiss', kwargs={'pk': pk}))
self.assertEqual(response.status_code, 404)
def test_resource_grant_needed(self):
"""Requesting to GET the member's data without a ResourceGrant returns a 404 response."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token. This creates a
# ResourceGrant for the member's access_token to the request.user's Organization.
provider_name = Resource.name
self.give_self_user_access_to_member_token(member, provider_name)
with self.subTest('with ResourceGrant'):
url = reverse(
self.url_name,
kwargs={
'pk': member.pk,
'resource_name': provider_name,
'record_type': 'prescriptions'
}
)
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
with self.subTest('without ResourceGrant'):
# Remove the ResourceGrant for the member's access_token to the
# request.user's Organization.
ResourceGrant.objects.filter(
member=member,
organization__users=self.user
).delete()
url = reverse(
self.url_name,
kwargs={
'pk': member.pk,
'resource_name': provider_name,
'record_type': 'prescriptions'
}
)
# Mock the use of the requests library, so we don't make real requests
# from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
# Because the self.user's Organization no longer has a ResourceGrant
# for the member's access_token, the response has a 404 status_code.
self.assertEqual(response.status_code, 404)
def test_get(self):
"""The response context_data should include the notifications for request.user,
but not the notifications created for another user.
"""
for i in range(3):
Notification.objects.create(notify=self.user, actor=self.user, message="Notify %d" % i)
other_user = UserFactory()
for i in range(1):
Notification.objects.create(notify=other_user, actor=self.user, message="Notify %d" % i)
response = self.client.get(reverse(self.url_name))
self.assertEqual(response.status_code, 200)
for notification in response.context_data['notifications']:
self.assertEqual(notification.notify, self.user)
def test_get(self):
"""GET the data sources view."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_user_access_to_member_token(self.user, member, provider_name)
url = reverse(self.url_name, kwargs={'pk': member.pk})
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
def test_authenticated(self):
"""The user must be authenticated to see data sources."""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_user_access_to_member_token(self.user, member, provider_name)
url = reverse(self.url_name, kwargs={'pk': member.pk})
with self.subTest('Authenticated'):
self.client.force_login(self.user)
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
with self.subTest('Not authenticated'):
self.client.logout()
response = self.client.get(url)
expected_redirect = '{}?next={}'.format(reverse('login'), url)
self.assertRedirects(response, expected_redirect)
def test_context_data(self):
"""
OUTDATED
GETting records view puts response of get_member_data() into the context.
"""
# Create a member
member = UserFactory()
# Give the self.user access to the member's access_token.
provider_name = Resource.name
self.give_user_access_to_member_token(self.user, member, provider_name)
url = reverse(self.url_name, kwargs={'pk': member.pk, 'resource_name': 'list'})
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(url)
# The response has data matches the mocked response.
self.assertEqual(response.status_code, 200)
def test_str(self):
"""Test for string representation."""
user = UserFactory()
self.assertEqual(str(user.username), user.username)
def test_get_permissions(self):
"""
A user may see a member's data sources, if:
- the request.user is the member, or
- the request.user is in an Organization that has an approved
ResourceRequest for the member's data
"""
# Create a member
member = UserFactory()
# The member has received an access_token to get their own data.
provider_name = Resource.name
access_token = 'accessTOKENhere'
UserSocialAuthFactory(
user=member,
provider=provider_name,
extra_data={
'refresh_token': 'refreshTOKEN',
'access_token': access_token
},
)
# The URLs that will be used in this test
member_data_url = reverse(self.url_name, kwargs={'pk': member.pk})
with self.subTest(
"A member's data sources without an approved ResourceRequest"):
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user does not have access to the member's data
self.assertEqual(response.status_code, 302)
with self.subTest(
"A member's data sources with an approved ResourceRequest, other Organization"
):
# The member has approved some Organization's request for the member's data
organization = OrganizationFactory()
resource_request = ResourceRequestFactory(
member=member,
organization=organization,
resourcegrant=None,
status=REQUEST_APPROVED,
)
resource_grant = ResourceGrantFactory(
member=resource_request.member,
organization=resource_request.organization,
resource_class_path=resource_request.resource_class_path,
resource_request=resource_request,
)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user now has access to the member's data
self.assertEqual(response.status_code, 302)
with self.subTest(
"A member's data sources with approved ResourceRequest from request.user's Organization"
):
# The request.user is now in the organization
organization.agents.add(self.user)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user does not have access to the member's data, since
# the request.user is not in the organization.
self.assertEqual(response.status_code, 200)
with self.subTest('A member requesting their own data'):
self.client.logout()
self.client.force_login(member)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user has access to their own data, regardless of their
# Organization.
self.assertEqual(response.status_code, 200)
# Even if we remove the ResourceRequest and ResourceGrant objects,
# the member is allowed to see their own data.
resource_request.delete()
resource_grant.delete()
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
self.assertEqual(response.status_code, 200)
