def test_simple_update(self):
input_email = "*****@*****.**"
input_password = "******"
input_admin = True
input_first_name = "VINAIUPDATETEST"
input_last_name = "Ryan"
u_input_create_date = pytz.utc.localize(
datetime.datetime(2017, 6, 1, 0, 0))
u_input_update_date = pytz.utc.localize(
datetime.datetime(2017, 6, 3, 0, 0))
self.model = User.objects.create(
email=input_email, password=input_password,
is_admin=input_admin, first_name=input_first_name,
last_name=input_last_name, created_at=u_input_create_date,
updated_at=u_input_update_date
)
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path='admin/2/update_user/',
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
self.kwargs = {'selected_id': 2}
self.client.post(
reverse(self.route_name, kwargs=self.kwargs),
data={'password': '******', 'email': '*****@*****.**',
'password_confirmation': 'ds', 'first_name': 'Vinai'})
self.assertEquals(2, len(User.objects.all()))
self.assertEquals("*****@*****.**", User.objects.get(user_id=2).email)
self.assertEquals("Vinai", User.objects.get(user_id=2).first_name)
def test_can_delete_a_user(self):
input_email = "*****@*****.**"
input_password = "******"
input_admin = True
input_first_name = "VINAITEST"
input_last_name = "Dens"
u_input_create_date = pytz.utc.localize(
datetime.datetime(2017, 6, 1, 0, 0))
u_input_update_date = pytz.utc.localize(
datetime.datetime(2017, 6, 3, 0, 0))
self.model = User.objects.create(
email=input_email, password=input_password,
is_admin=input_admin, first_name=input_first_name,
last_name=input_last_name, created_at=u_input_create_date,
updated_at=u_input_update_date
)
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path='admin/2/delete_user',
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
self.client.delete(reverse(self.route_name,kwargs=self.kwargs)) # simulate the post request
self.assertEquals(0, len(User.objects.filter(first_name="VINAITEST")))
def test_not_present_user_does_not_do_anything(self):
self.kwargs = {'selected_id': 5}
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path='admin/5/update_user',
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
self.client.post(reverse(self.route_name,
kwargs=self.kwargs)) # simulate the post request
self.assertEquals(1, len(User.objects.all()))
def test_sql_injection_interpolation(self):
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path='http://127.0.0.1:8000/admin/1/analytics/?ip=127.0.0.1&email=&password%20FROM%20app_user%3B%20select%20user_agent=',
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
# The attack string may vary depending on the system used
url = 'http://127.0.0.1:8000/admin/1/analytics/?ip=127.0.0.1&email=&email%2C%20password%20FROM%20app_user%3B--'
response = self.client.get(url)
self.assertTrue('email' in response.content)
self.assertTrue('password' in response.content)
def test_health_n_stuff_download(self):
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path=self.route,
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
response = self.client.get(
reverse(self.route_name) + '/?name=public/docs/Health_n_Stuff.pdf',
follow=True)
self.assertEquals(response['Content-Disposition'],
'attachment; filename=%s' \
% os.path.basename('public/docs/Health_n_Stuff.pdf'))
def test_no_upload_returns_error_message(self):
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path=self.route,
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
response = self.client.post(reverse('app:upload_benefit_form'),
{'backup': False}, follow=True)
self.assertContains(response,
'Something went wrong! Are you sure you selected a file?')
self.assertFalse(
os.path.isfile(BASE_DIR + '/media/data/Dental_n_Stuff.pdf'))
def test_can_send_file(self):
simulate_simple_authentication(factory=self.factory,
client=self.client,
email="*****@*****.**",
password="******",
path=self.route,
add_messages_middleware=AuthRouteTestingWithKwargs.add_messages_middleware,
views=sessions)
with open(BASE_DIR + '/public/docs/Dental_n_Stuff.pdf') as fp:
response = self.client.post(reverse('app:upload_benefit_form'),
{'myfile': fp, 'backup': False},
follow=True)
self.assertContains(response, 'File was successfully uploaded!')
self.assertTrue(
os.path.isfile(BASE_DIR + '/media/data/Dental_n_Stuff.pdf'))
os.remove(BASE_DIR + '/media/data/Dental_n_Stuff.pdf') # cleanup