def test_simple_update(self): input_email = "*****@*****.**" input_password = "******" input_admin = True input_first_name = "VINAIUPDATETEST" input_last_name = "Ryan" u_input_create_date = pytz.utc.localize( datetime.datetime(2017, 6, 1, 0, 0)) u_input_update_date = pytz.utc.localize( datetime.datetime(2017, 6, 3, 0, 0)) self.model = User.objects.create( email=input_email, password=input_password, is_admin=input_admin, first_name=input_first_name, last_name=input_last_name, created_at=u_input_create_date, updated_at=u_input_update_date ) simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path='admin/2/update_user/', add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) self.kwargs = {'selected_id': 2} self.client.post( reverse(self.route_name, kwargs=self.kwargs), data={'password': '******', 'email': '*****@*****.**', 'password_confirmation': 'ds', 'first_name': 'Vinai'}) self.assertEquals(2, len(User.objects.all())) self.assertEquals("*****@*****.**", User.objects.get(user_id=2).email) self.assertEquals("Vinai", User.objects.get(user_id=2).first_name)
def test_can_delete_a_user(self): input_email = "*****@*****.**" input_password = "******" input_admin = True input_first_name = "VINAITEST" input_last_name = "Dens" u_input_create_date = pytz.utc.localize( datetime.datetime(2017, 6, 1, 0, 0)) u_input_update_date = pytz.utc.localize( datetime.datetime(2017, 6, 3, 0, 0)) self.model = User.objects.create( email=input_email, password=input_password, is_admin=input_admin, first_name=input_first_name, last_name=input_last_name, created_at=u_input_create_date, updated_at=u_input_update_date ) simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path='admin/2/delete_user', add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) self.client.delete(reverse(self.route_name,kwargs=self.kwargs)) # simulate the post request self.assertEquals(0, len(User.objects.filter(first_name="VINAITEST")))
def test_not_present_user_does_not_do_anything(self): self.kwargs = {'selected_id': 5} simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path='admin/5/update_user', add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) self.client.post(reverse(self.route_name, kwargs=self.kwargs)) # simulate the post request self.assertEquals(1, len(User.objects.all()))
def test_sql_injection_interpolation(self): simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path='http://127.0.0.1:8000/admin/1/analytics/?ip=127.0.0.1&email=&password%20FROM%20app_user%3B%20select%20user_agent=', add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) # The attack string may vary depending on the system used url = 'http://127.0.0.1:8000/admin/1/analytics/?ip=127.0.0.1&email=&email%2C%20password%20FROM%20app_user%3B--' response = self.client.get(url) self.assertTrue('email' in response.content) self.assertTrue('password' in response.content)
def test_health_n_stuff_download(self): simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path=self.route, add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) response = self.client.get( reverse(self.route_name) + '/?name=public/docs/Health_n_Stuff.pdf', follow=True) self.assertEquals(response['Content-Disposition'], 'attachment; filename=%s' \ % os.path.basename('public/docs/Health_n_Stuff.pdf'))
def test_no_upload_returns_error_message(self): simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path=self.route, add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) response = self.client.post(reverse('app:upload_benefit_form'), {'backup': False}, follow=True) self.assertContains(response, 'Something went wrong! Are you sure you selected a file?') self.assertFalse( os.path.isfile(BASE_DIR + '/media/data/Dental_n_Stuff.pdf'))
def test_can_send_file(self): simulate_simple_authentication(factory=self.factory, client=self.client, email="*****@*****.**", password="******", path=self.route, add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware, views=sessions) with open(BASE_DIR + '/public/docs/Dental_n_Stuff.pdf') as fp: response = self.client.post(reverse('app:upload_benefit_form'), {'myfile': fp, 'backup': False}, follow=True) self.assertContains(response, 'File was successfully uploaded!') self.assertTrue( os.path.isfile(BASE_DIR + '/media/data/Dental_n_Stuff.pdf')) os.remove(BASE_DIR + '/media/data/Dental_n_Stuff.pdf') # cleanup