def test_get_delete_link_local_site(self):
"""Testing GET <URL> API contains the correct DELETE link with a local
site
"""
doc = User.objects.get(username='******')
local_site = self.get_local_site(name=self.local_site_name)
local_site.users.add(self.user)
local_site.users.add(doc)
group = self.create_review_group(local_site=local_site)
group.users.add(doc)
rsp = self.api_get(
get_review_group_user_item_url(group.name, doc.username,
local_site.name),
expected_mimetype=review_group_user_item_mimetype)
delete_href = \
rsp['user']['links']['delete']['href'][len(self.base_url):]
self.assertEqual(
delete_href,
get_review_group_user_item_url(group.name, doc.username,
local_site.name))
self.assertNotEqual(delete_href, get_user_item_url(doc.username,
local_site.name))
def test_get_delete_link_local_site(self):
"""Testing GET <URL> API contains the correct DELETE link with a local
site
"""
doc = User.objects.get(username='******')
local_site = self.get_local_site(name=self.local_site_name)
local_site.users.add(self.user)
local_site.users.add(doc)
group = self.create_review_group(local_site=local_site)
group.users.add(doc)
rsp = self.api_get(get_review_group_user_item_url(
group.name, doc.username, local_site.name),
expected_mimetype=review_group_user_item_mimetype)
delete_href = \
rsp['user']['links']['delete']['href'][len(self.base_url):]
self.assertEqual(
delete_href,
get_review_group_user_item_url(group.name, doc.username,
local_site.name))
self.assertNotEqual(delete_href,
get_user_item_url(doc.username, local_site.name))
def test_put_is_active_as_user_with_perm(self):
"""Testing the PUT <URL> API with profile fields as user with
auth.change_user permission
"""
user = self.create_user(username='******',
password='******')
self.create_user(username='******',
password='******',
perms=[('auth', 'change_user')])
self.assertTrue(self.client.login(username='******',
password='******'))
rsp = self.api_put(
get_user_item_url(user.username),
{
'is_active': 'false',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_rsp = rsp['user']
self.assertFalse(user_rsp['is_active'])
user = User.objects.get(pk=user.pk)
self.assertFalse(user.is_active)
def test_put_with_email_and_no_backend_support(self):
"""Testing the PUT <URL> API with setting email with
auth_backend.supports_change_email == False
"""
self.spy_on(get_enabled_auth_backends,
call_fake=lambda: [NoProfileAuthBackend()])
user = self.create_user(username='******', password='******')
self.assertTrue(
self.client.login(username='******', password='******'))
rsp = self.api_put(get_user_item_url(user.username), {
'email': '*****@*****.**',
},
expected_status=400)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertEqual(
rsp['fields'], {
'email': [
'The configured auth backend does not allow e-mail '
'addresses to be changed.'
],
})
def test_put_with_render_avatars_at(self):
"""Testing the PUT <URL> API with render_avatars_at=..."""
avatar_services.register(SimpleRenderAvatarService)
avatar_services.enable_service(SimpleRenderAvatarService, save=False)
avatar_services.set_default_service(SimpleRenderAvatarService)
user = self.create_user(username='******',
password='******')
self.assertTrue(self.client.login(username='******',
password='******'))
rsp = self.api_put(
get_user_item_url(user.username),
{
'first_name': 'new-name',
'render_avatars_at': '24,abc,48,,128',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['user']['avatar_html'],
{
'24': '<div class="avatar" data-size="24">test-user</div>',
'48': '<div class="avatar" data-size="48">test-user</div>',
'128': '<div class="avatar" data-size="128">test-user</div>',
})
def test_put_with_update_email_failure(self):
"""Testing the PUT <URL> API with auth_backend.update_email() failure
"""
auth_backend = BrokenUpdateProfileAuthBackend()
logger = logging.getLogger('reviewboard.webapi.resources.user')
self.spy_on(get_enabled_auth_backends,
call_fake=lambda: [auth_backend])
self.spy_on(logger.exception)
user = self.create_user(username='******', password='******')
self.assertTrue(
self.client.login(username='******', password='******'))
rsp = self.api_put(get_user_item_url(user.username), {
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['user']['email'], '*****@*****.**')
user = User.objects.get(pk=user.pk)
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(
logger.exception.called_with(
'Error when calling update_email for auth backend %r for user '
'ID %s: %s', auth_backend, user.pk))
def test_put_profile_fields_as_superuser(self):
"""Testing the PUT <URL> API with profile fields as superuser"""
auth_backend = get_enabled_auth_backends()[0]
self.spy_on(auth_backend.update_name)
self.spy_on(auth_backend.update_email)
user = self.create_user(username='******', password='******')
self._login_user(admin=True)
rsp = self.api_put(get_user_item_url(user.username), {
'first_name': 'new-first-name',
'last_name': 'new-last-name',
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_rsp = rsp['user']
self.assertEqual(user_rsp['first_name'], 'new-first-name')
self.assertEqual(user_rsp['last_name'], 'new-last-name')
self.assertEqual(user_rsp['email'], '*****@*****.**')
user = User.objects.get(pk=user.pk)
self.assertEqual(user.first_name, 'new-first-name')
self.assertEqual(user.last_name, 'new-last-name')
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(auth_backend.update_name.called_with(user))
self.assertTrue(auth_backend.update_email.called_with(user))
def test_put_is_active_as_same_user(self):
"""Testing the PUT <URL> API with is_active field as user being
modified
"""
user = self.create_user(username='******', password='******')
self.assertTrue(
self.client.login(username='******', password='******'))
rsp = self.api_put(get_user_item_url(user.username), {
'is_active': 'false',
},
expected_status=400)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertEqual(
rsp['fields'], {
'is_active': [
'This field can only be set by administrators and users '
'with the auth.change_user permission.'
],
})
user = User.objects.get(pk=user.pk)
self.assertTrue(user.is_active)
def test_get_inactive_user(self):
"""Testing the GET <URL> API for an inactive user"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_item_url('dopey'),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['is_active'], False)
def test_get_inactive_user(self):
"""Testing the GET <URL> API for an inactive user"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_item_url('dopey'),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['is_active'], False)
def test_put_with_user_not_found(self):
"""Testing the PUT <URL> API with username not found"""
self._login_user(admin=True)
rsp = self.api_put(get_user_item_url('bad-username'), {
'first_name': 'new-first-name',
},
expected_status=404)
self.assertEqual(rsp['stat'], 'fail')
self.assertEqual(rsp['err']['code'], DOES_NOT_EXIST.code)
def test_put_profile_fields_as_other_user(self):
"""Testing the PUT <URL> API with profile fields as other user"""
user = self.create_user(username='******', password='******')
rsp = self.api_put(get_user_item_url(user.username), {
'first_name': 'new-first-name',
'last_name': 'new-last-name',
'email': '*****@*****.**',
},
expected_status=403)
self.assertEqual(rsp['stat'], 'fail')
def test_get_user(self):
"""Testing the GET users/<username>/ API"""
username = '******'
user = User.objects.get(username=username)
self.assertFalse(user.get_profile().is_private)
rsp = self.apiGet(get_user_item_url(username),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertEqual(rsp['user']['first_name'], user.first_name)
self.assertEqual(rsp['user']['last_name'], user.last_name)
self.assertEqual(rsp['user']['id'], user.id)
self.assertEqual(rsp['user']['email'], user.email)
def test_put_with_invalid_email_field(self):
"""Testing the PUT <URL> API with invalid e-mail field"""
user = self.create_user(username='******', password='******')
self.assertTrue(
self.client.login(username='******', password='******'))
rsp = self.api_put(get_user_item_url(user.username), {
'email': 'bad-email',
},
expected_status=400)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertEqual(rsp['fields'], {
'email': ['Enter a valid email address.'],
})
def test_get_with_site(self):
"""Testing the GET users/<username>/ API with a local site"""
self._login_user(local_site=True)
username = '******'
user = User.objects.get(username=username)
profile = Profile.objects.get(user=user)
self.assertFalse(profile.is_private)
rsp = self.apiGet(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertEqual(rsp['user']['first_name'], user.first_name)
self.assertEqual(rsp['user']['last_name'], user.last_name)
self.assertEqual(rsp['user']['id'], user.id)
self.assertEqual(rsp['user']['email'], user.email)
def test_put_is_active_as_superuser(self):
"""Testing the PUT <URL> API with is_active field as superuser"""
user = self.create_user(username='******', password='******')
self._login_user(admin=True)
rsp = self.api_put(get_user_item_url(user.username), {
'is_active': 'false',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_rsp = rsp['user']
self.assertFalse(user_rsp['is_active'])
user = User.objects.get(pk=user.pk)
self.assertFalse(user.is_active)
def test_get_with_render_avatars_at(self):
"""Testing the GET <URL> API with ?render-avatars-at=..."""
avatar_services.register(SimpleRenderAvatarService)
avatar_services.enable_service(SimpleRenderAvatarService, save=False)
avatar_services.set_default_service(SimpleRenderAvatarService)
rsp = self.api_get(get_user_item_url('dopey'), {
'render-avatars-at': '24,abc,48,,128',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['user']['avatar_html'], {
'24': '<div class="avatar" data-size="24">dopey</div>',
'48': '<div class="avatar" data-size="48">dopey</div>',
'128': '<div class="avatar" data-size="128">dopey</div>',
})
def test_get_with_profile_private_and_only_fields(self):
"""Testing the GET <URL> API with a private profile and ?only-fields=
"""
username = '******'
user = User.objects.get(username=username)
profile = user.get_profile()
profile.is_private = True
profile.save(update_fields=('is_private', ))
rsp = self.api_get('%s?only-fields=username' %
get_user_item_url(username),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertNotIn('first_name', rsp['user'])
self.assertNotIn('last_name', rsp['user'])
self.assertNotIn('email', rsp['user'])
def test_get_user_with_site_and_profile_private(self):
"""Testing the GET users/<username>/ API with a local site and private profile"""
self._login_user(local_site=True)
username = '******'
user = User.objects.get(username=username)
profile = user.get_profile()
profile.is_private = True
profile.save()
rsp = self.apiGet(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertFalse('first_name' in rsp['user'])
self.assertFalse('last_name' in rsp['user'])
self.assertFalse('email' in rsp['user'])
def test_get_with_profile_private_and_only_fields(self):
"""Testing the GET <URL> API with a private profile and ?only-fields=
"""
username = '******'
user = User.objects.get(username=username)
profile, is_new = Profile.objects.get_or_create(user=user)
profile.is_private = True
profile.save()
rsp = self.api_get(
'%s?only-fields=username' % get_user_item_url(username),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertNotIn('first_name', rsp['user'])
self.assertNotIn('last_name', rsp['user'])
self.assertNotIn('email', rsp['user'])
def test_get_avatar_service_no_urls(self):
"""Testing the GET <URL> API when the avatar service returns no URLs
"""
avatar_services.register(NoURLAvatarService)
avatar_services.enable_service(NoURLAvatarService, save=False)
dopey = User.objects.get(username='******')
settings_mgr = avatar_services.settings_manager_class(dopey)
settings_mgr.avatar_service_id = NoURLAvatarService.avatar_service_id
settings_mgr.save()
rsp = self.api_get(get_user_item_url('dopey'),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_rsp = rsp['user']
self.assertIn('avatar_url', user_rsp)
self.assertIsNone(user_rsp['avatar_url'])
self.assertIn('avatar_urls', user_rsp)
self.assertEqual(user_rsp['avatar_urls'], {})
def test_get_avatar_service_no_urls(self):
"""Testing the GET <URL> API when the avatar service returns no URLs
"""
avatar_services.register(NoURLAvatarService)
avatar_services.enable_service(NoURLAvatarService, save=False)
dopey = User.objects.get(username='******')
settings_mgr = avatar_services.settings_manager_class(dopey)
settings_mgr.avatar_service_id = NoURLAvatarService.avatar_service_id
settings_mgr.save()
rsp = self.api_get(get_user_item_url('dopey'),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_rsp = rsp['user']
self.assertIn('avatar_url', user_rsp)
self.assertIsNone(user_rsp['avatar_url'])
self.assertIn('avatar_urls', user_rsp)
self.assertEqual(user_rsp['avatar_urls'], {})
def test_get_with_site_and_profile_private(self):
"""Testing the GET users/<username>/ API with a local site and private
profile
"""
username = '******'
user = User.objects.get(username=username)
site = LocalSite.objects.create(name=self.local_site_name)
site.users = [user, self.user]
profile = user.get_profile()
profile.is_private = True
profile.save(update_fields=('is_private', ))
rsp = self.api_get(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertNotIn('first_name', rsp['user'])
self.assertNotIn('last_name', rsp['user'])
self.assertNotIn('email', rsp['user'])
def test_get_with_render_avatars_at(self):
"""Testing the GET <URL> API with ?render-avatars-at=..."""
avatar_services.register(SimpleRenderAvatarService)
avatar_services.enable_service(SimpleRenderAvatarService, save=False)
avatar_services.set_default_service(SimpleRenderAvatarService)
rsp = self.api_get(
get_user_item_url('dopey'),
{
'render-avatars-at': '24,abc,48,,128',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['user']['avatar_html'],
{
'24': '<div class="avatar" data-size="24">dopey</div>',
'48': '<div class="avatar" data-size="48">dopey</div>',
'128': '<div class="avatar" data-size="128">dopey</div>',
})
def test_get_with_site_and_profile_private_as_site_admin(self):
"""Testing the GET users/<username>/ API with a local site and private
profile as a LocalSite admin
"""
self._login_user(local_site=True)
username = '******'
user = User.objects.get(username=username)
profile = user.get_profile()
profile.is_private = True
profile.save(update_fields=('is_private',))
rsp = self.api_get(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
item_rsp = rsp['user']
self.assertEqual(item_rsp['username'], user.username)
self.assertEqual(item_rsp['first_name'], user.first_name)
self.assertEqual(item_rsp['last_name'], user.last_name)
self.assertEqual(item_rsp['email'], user.email)
def test_get_with_site_and_profile_private(self):
"""Testing the GET users/<username>/ API with a local site and private
profile
"""
username = '******'
user = User.objects.get(username=username)
site = LocalSite.objects.create(name=self.local_site_name)
site.users = [user, self.user]
profile = user.get_profile()
profile.is_private = True
profile.save(update_fields=('is_private',))
rsp = self.api_get(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(rsp['user']['username'], user.username)
self.assertNotIn('first_name', rsp['user'])
self.assertNotIn('last_name', rsp['user'])
self.assertNotIn('email', rsp['user'])
def test_get_with_site_and_profile_private_as_site_admin(self):
"""Testing the GET users/<username>/ API with a local site and private
profile as a LocalSite admin
"""
self._login_user(local_site=True)
username = '******'
user = User.objects.get(username=username)
profile = user.get_profile()
profile.is_private = True
profile.save(update_fields=('is_private', ))
rsp = self.api_get(get_user_item_url(username, self.local_site_name),
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
item_rsp = rsp['user']
self.assertEqual(item_rsp['username'], user.username)
self.assertEqual(item_rsp['first_name'], user.first_name)
self.assertEqual(item_rsp['last_name'], user.last_name)
self.assertEqual(item_rsp['email'], user.email)
def _test_post_with_submit_as(self, local_site=None):
submit_as_username = '******'
self.assertNotEqual(self.user.username, submit_as_username)
if local_site:
local_site_name = local_site.name
local_site.users.add(User.objects.get(username=submit_as_username))
else:
local_site_name = None
rsp = self.apiPost(get_review_request_list_url(local_site_name), {
'submit_as': submit_as_username,
},
expected_mimetype=review_request_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['review_request']['links']['submitter']['href'],
self.base_url +
get_user_item_url(submit_as_username, local_site_name))
ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def test_post_reviewrequests_with_submit_as(self):
"""Testing the POST review-requests/?submit_as= API"""
self.user.is_superuser = True
self.user.save()
repository = self.create_repository()
rsp = self.apiPost(
get_review_request_list_url(),
{
'repository': repository.path,
'submit_as': 'doc',
},
expected_mimetype=review_request_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['review_request']['links']['repository']['href'],
self.base_url + get_repository_item_url(repository))
self.assertEqual(
rsp['review_request']['links']['submitter']['href'],
self.base_url + get_user_item_url('doc'))
ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def _test_post_with_submit_as(self, local_site=None):
if local_site:
local_site_name = local_site.name
else:
local_site_name = None
submit_as_username = '******'
self.assertNotEqual(self.user.username, submit_as_username)
rsp = self.apiPost(
get_review_request_list_url(local_site_name),
{
'submit_as': submit_as_username,
},
expected_mimetype=review_request_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['review_request']['links']['submitter']['href'],
self.base_url +
get_user_item_url(submit_as_username, local_site_name))
ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def test_get_missing_user_with_site(self):
"""Testing the GET users/<username>/ API with a local site"""
self._login_user(local_site=True)
self.api_get(get_user_item_url('dopey', self.local_site_name),
expected_status=404)
def test_get_not_modified(self):
"""Testing the GET users/<username>/ API with Not Modified response"""
self._testHttpCaching(get_user_item_url('doc'),
check_etags=True)
def setup_basic_get_test(self, user, with_local_site, local_site_name):
return (get_user_item_url(user.username, local_site_name),
user_item_mimetype,
user)
def setup_http_not_allowed_item_test(self, user):
return get_user_item_url(user.username)
def test_get_user_with_site_no_access(self):
"""Testing the GET users/<username>/ API with a local site and Permission Denied error."""
print self.fixtures
self.apiGet(get_user_item_url('doc', self.local_site_name),
expected_status=403)
