def setUp(self):
self.factory = APIRequestFactory()
self.view = views.ReviewerDetailView.as_view()
self.user = factories.UserFactory(username='******')
self.user2 = factories.UserFactory(username='******')
self.token, _ = Token.objects.get_or_create(user=self.user)
self.token2, _ = Token.objects.get_or_create(user=self.user2)
def seed(self):
# create user for authentication
self.user = factories.UserFactory()
for i in range(0, 14):
user = factories.UserFactory()
# store the id for testing
self.userId = user.id
def test__get_request_user_no_reviewer(self, mock_req):
user = factories.UserFactory(username='******', reviewer=None)
mock_req.user = user
s = ReviewSerializer(context={'request': mock_req})
with self.assertRaises(ValidationError):
s._get_request_user()
def test_to_internal_value_adds_ip_and_reviewer(
self, mock_req):
user = factories.UserFactory(username='******')
mock_req.META = {
'HTTP_X_FORWARDED_FOR': '192.0.0.1',
'REMOTE_ADDR': '142.0.0.1'
}
mock_req.user = user
mock_req.versionong_scheme.get_versioned_viewname.return_value = ''
s = ReviewSerializer(context={'request': mock_req}, partial=True)
data = {
"rating": 5,
"title": "test title",
"summary": "test summary",
}
expected_ret = {
"rating": 5,
"title": "test title",
"summary": "test summary",
"ip_address": "192.0.0.1",
"reviewer": user.reviewer
}
ret = s.to_internal_value(data)
self.assertEqual(ret, expected_ret)
def test_cant_delete_other_password(self):
not_my_password = factories.PasswordFactory(
user=factories.UserFactory())
self.assertEqual(1, models.Password.objects.all().count())
request = self.client.delete('/api/passwords/%s/' % not_my_password.id)
self.assertEqual(404, request.status_code)
self.assertEqual(1, models.Password.objects.all().count())
def test__get_request_user_known_user(self, mock_req):
user = factories.UserFactory(username='******')
reviewer = user.reviewer
mock_req.user = user
s = ReviewSerializer(context={'request': mock_req})
expected_ret = reviewer
ret = s._get_request_user()
self.assertEqual(ret, expected_ret)
def test_login_bad_password(self):
user = factories.UserFactory(email="*****@*****.**",
password="******")
data = {
"email": "*****@*****.**",
"password": "******",
}
request = self.client.post("/api/tokens/auth/", data)
self.assertEqual(request.status_code, 401)
def test_cant_delete_other_password_profiles(self):
not_my_password_profile = factories.EncryptedPasswordProfileFactory(
user=factories.UserFactory())
self.assertEqual(1,
models.EncryptedPasswordProfile.objects.all().count())
request = self.client.delete("/api/encrypted_password_profiles/%s/" %
not_my_password_profile.id)
self.assertEqual(404, request.status_code)
self.assertEqual(1,
models.EncryptedPasswordProfile.objects.all().count())
def test_login(self):
user = factories.UserFactory(email="*****@*****.**",
password="******")
data = {
"email": "*****@*****.**",
"password": "******",
}
request = self.client.post("/api/tokens/auth/", data)
self.assertEqual(request.status_code, 200)
self.assertIsNotNone(request.data["token"])
def test_cant_update_other_password(self):
not_my_password = factories.PasswordFactory(
user=factories.UserFactory())
self.assertEqual('lesspass.com', not_my_password.site)
new_password = {
"site": "facebook",
}
request = self.client.put('/api/passwords/%s/' % not_my_password.id,
new_password)
self.assertEqual(404, request.status_code)
self.assertEqual(1, models.Password.objects.all().count())
def test__get_request_user_anon_user(self, mock_req):
# set the property, then reset when done
user = factories.UserFactory(username='******', reviewer=None)
type(user).is_anonymous = mock.PropertyMock(return_value=True)
mock_req.user = user
s = ReviewSerializer(context={'request': mock_req})
with self.assertRaises(ValidationError):
s._get_request_user()
type(user).is_anonymous = mock.PropertyMock(return_value=False)
def test_filter_queryset(self, mock_req):
mock_view = mock.Mock()
user1 = factories.UserFactory(username='******')
user2 = factories.UserFactory(username='******')
user3 = factories.UserFactory(username='******')
user4 = factories.UserFactory(username='******', reviewer=None)
queryset = Reviewer.objects.all()
f = IsUserFilterBackend()
for u in [user1, user2, user3]:
mock_req.user = u
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(len(ret), 1)
self.assertTrue(u.reviewer in ret)
# user without a reviewer
mock_req.user = user4
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(len(ret), 0)
def test_filter_queryset(self, mock_req):
"""
Assert that reviewers can only see their own reviews
:param mock_req:
:return:
"""
mock_view = mock.Mock()
company = factories.CompanyFactory(name='company1')
company2 = factories.CompanyFactory(name='company2')
user1 = factories.UserFactory(username='******')
user2 = factories.UserFactory(username='******')
user3 = factories.UserFactory(username='******')
user4 = factories.UserFactory(username='******', reviewer=None)
r1 = factories.ReviewFactory(reviewer=user1.reviewer, company=company)
r2 = factories.ReviewFactory(reviewer=user2.reviewer, company=company)
r3 = factories.ReviewFactory(reviewer=user2.reviewer, company=company2)
r4 = factories.ReviewFactory(reviewer=user3.reviewer, company=company)
r5 = factories.ReviewFactory(reviewer=user3.reviewer, company=company)
r6 = factories.ReviewFactory(reviewer=user3.reviewer, company=company2)
queryset = Review.objects.all()
f = IsReviewerFilterBackend()
for i, u in enumerate([user1, user2, user3]):
mock_req.user = u
expected_ret = Review.objects.filter(reviewer=u.reviewer)
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(set(expected_ret), set(ret))
# user without a reviewer
mock_req.user = user4
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(len(ret), 0)
def test_can_post_good_credentials(self, mock_validate):
user = factories.UserFactory(username='******')
mock_validate.return_value = {
'username': '******',
'password': '******',
'user': user
}
data = {'username': '******', 'password': '******'}
request = self.factory.post('/api/token-auth/', data, format='json')
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIsNotNone(response.data['token'])
def test_nrt_get_passwords_with_bearer(self):
user = factories.UserFactory(email="*****@*****.**",
password="******")
password = factories.PasswordFactory(user=user)
data = {
"email": "*****@*****.**",
"password": "******",
}
request = self.client.post("/api/auth/jwt/create/", data)
headers = {
"HTTP_AUTHORIZATION":
"Bearer {token}".format(token=request.data["access"])
}
request = self.client.get("/api/passwords/", **headers)
self.assertEqual(request.status_code, 200)
self.assertEqual(request.data["results"][0]["login"], password.login)
def test_cant_update_other_password(self):
not_my_password_profile = factories.EncryptedPasswordProfileFactory(
user=factories.UserFactory(),
password_profile="test_cant_update_other_password",
)
self.assertEqual("test_cant_update_other_password",
not_my_password_profile.password_profile)
request = self.client.put(
"/api/encrypted_password_profiles/%s/" %
not_my_password_profile.id,
{"password_profile": "not_my_password_profile"},
)
self.assertEqual(404, request.status_code)
self.assertEqual(
"test_cant_update_other_password",
models.EncryptedPasswordProfile.objects.first().password_profile,
)
def test_update_user_data(self):
user = factories.UserFactory(
username='******',
first_name='only_fn',
last_name='only_ln'
)
user.reviewer.bio = 'test bio'
user.save()
data = {
"first_name": "only_fn",
"last_name": "only_ln",
}
s = ReviewerSerializer()
ret = s.update(user, data)
self.assertEqual(ret.username, 'test_update_user_only')
self.assertEqual(ret.first_name, 'only_fn')
self.assertEqual(ret.last_name, 'only_ln')
self.assertEqual(ret.reviewer.bio, "test bio")
def test_update_user_and_reviewer_data_and_password(self):
user = factories.UserFactory(
username='******',
first_name='update_fn',
last_name='update_ln'
)
user.reviewer.bio = 'test bio'
user.save()
data = {
"first_name": "update_fn",
"last_name": "update_ln",
"password": "******",
"reviewer": {"bio": "update bio"}
}
s = ReviewerSerializer()
ret = s.update(user, data)
self.assertEqual(ret.username, 'test_update_user')
self.assertEqual(ret.first_name, 'update_fn')
self.assertEqual(ret.last_name, 'update_ln')
self.assertEqual(ret.reviewer.bio, "update bio")
def test_delete_auth_user_me(self):
nb_of_users = models.LessPassUser.objects.all().count()
user = factories.UserFactory(
email="*****@*****.**",
password="******",
)
self.assertEqual(nb_of_users + 1, models.LessPassUser.objects.all().count())
client = APIClient()
client.force_authenticate(user=user)
credentials = {
"email": "*****@*****.**",
"password": "******",
}
request = client.post("/api/auth/jwt/create/", credentials)
self.assertEqual(request.status_code, 200)
request = client.delete(
"/api/auth/users/me/", {"current_password": "******"}
)
self.assertEqual(request.status_code, 204)
request = client.post("/api/auth/jwt/create/", credentials)
self.assertEqual(request.status_code, 401)
self.assertEqual(nb_of_users, models.LessPassUser.objects.all().count())
def setUp(self):
self.user = factories.UserFactory()
self.client = APIClient()
self.client.force_authenticate(user=self.user)
def setUp(self):
self.factory = APIRequestFactory()
self.view = views.AuthenticateUserView.as_view()
self.user = factories.UserFactory(username='******')
def setUp(self):
factories.UserFactory(
email="*****@*****.**",
password="******",
)
def test_cant_retrieve_other_password_profiles(self):
not_my_password_profile = factories.EncryptedPasswordProfileFactory(
user=factories.UserFactory())
request = self.client.get("/api/encrypted_password_profiles/%s/" %
not_my_password_profile.id)
self.assertEqual(404, request.status_code)
def end_user():
return f.UserFactory(email="*****@*****.**",
password="******",
role="end_user").save()
def test_cant_retrieve_other_passwords(self):
not_my_password = factories.PasswordFactory(
user=factories.UserFactory())
request = self.client.get('/api/passwords/%s/' % not_my_password.id)
self.assertEqual(404, request.status_code)
def setUp(self):
self.factory = APIRequestFactory()
self.view = views.CompanyDetailView.as_view()
self.user = factories.UserFactory(username='******')
self.token, _ = Token.objects.get_or_create(user=self.user)
self.company = factories.CompanyFactory(name="company_api")
def admin():
return f.UserFactory(email="*****@*****.**",
password="******",
role="admin").save()
