class TodoTestAPI(APITestCase, DjangoReduxTestCases):
def setUp(self):
self.group = {
'name': 'todo group',
}
self.data = {
'group': None,
'title': 'todo title',
'body': 'todo object body',
'is_done': False,
}
self.client = TenantClient(self.tenant)
@patch.object(DjangoReduxJWTAuthentication, 'authenticate')
def test_create_todo_api(self, mock):
mock.return_value = self.account, {}
response = self.client.post(reverse('todo:todo-group-list'),
self.group)
self.assertEquals(response.status_code, HTTP_201_CREATED)
self.data['group'] = response.data['id']
response = self.client.post(reverse('todo:todo-list'), self.data)
self.assertEquals(response.status_code, HTTP_201_CREATED)
@patch.object(DjangoReduxJWTAuthentication, 'authenticate')
def test_update_todo_api(self, mock):
mock.return_value = self.account, {}
response = self.client.post(reverse('todo:todo-group-list'),
self.group)
self.assertEquals(response.status_code, HTTP_201_CREATED)
self.data['group'] = response.data['id']
response = self.client.post(reverse('todo:todo-list'), self.data)
self.assertEquals(response.status_code, HTTP_201_CREATED)
id = response.data['id']
self.data['body'] = 'this is updated todo body'
response = self.client.put(
path=reverse('todo:todo-detail', kwargs={'pk': id}),
data=json.dumps(self.data),
content_type='application/json',
)
self.assertEquals(response.status_code, HTTP_200_OK)
self.assertEquals(response.data['body'], 'this is updated todo body')
self.assertFalse(response.data['is_done'])
self.data['is_done'] = True
response = self.client.put(
path=reverse('todo:todo-detail', kwargs={'pk': id}),
data=json.dumps(self.data),
content_type='application/json',
)
self.assertEquals(response.status_code, HTTP_200_OK)
self.assertTrue(response.data['is_done'])
class APISendResetPasswordEmailWithSchemaTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test shared_api.tests.test_send_reset_password_email_views
"""
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APISendResetPasswordEmailWithSchemaTestCase, self).setUp()
self.c = TenantClient(self.tenant)
call_command('init_app', verbosity=0)
call_command('create_shared_account',
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
verbosity=0)
@transaction.atomic
def tearDown(self):
users = SharedUser.objects.all()
for user in users.all():
user.delete()
del self.c
super(APISendResetPasswordEmailWithSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_send_reset_password_email_with_success(self):
url = reverse('workery_send_reset_password_email_api_endpoint')
data = {
'email_or_username': TEST_USER_EMAIL,
}
response = self.c.post(url,
json.dumps(data),
content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_api_send_reset_password_email_with_failure(self):
url = reverse('workery_send_reset_password_email_api_endpoint')
data = {
'email_or_username': "******",
}
response = self.c.post(url,
json.dumps(data),
content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class TodoGroupTestAPI(APITestCase, DjangoReduxTestCases):
def setUp(self):
self.data = {
'name': 'todo group',
}
self.client = TenantClient(self.tenant)
@patch.object(DjangoReduxJWTAuthentication, 'authenticate')
def test_create_todo_group_api(self, mock):
mock.return_value = self.account, {}
response = self.client.post(reverse('todo:todo-group-list'), self.data)
self.assertEquals(response.status_code, HTTP_201_CREATED)
@patch.object(DjangoReduxJWTAuthentication, 'authenticate')
def test_get_todo_group_by_id_api(self, mock):
mock.return_value = self.account, {}
response = self.client.post(reverse('todo:todo-group-list'), self.data)
self.assertEquals(response.status_code, HTTP_201_CREATED)
id = response.data['id']
response = self.client.get(
reverse('todo:todo-group-detail', kwargs={'pk': id}))
self.assertEquals(response.status_code, HTTP_200_OK)
self.assertEquals(response.data['name'], self.data['name'])
@patch.object(DjangoReduxJWTAuthentication, 'authenticate')
def test_update_todo_group_api(self, mock):
mock.return_value = self.account, {}
response = self.client.post(reverse('todo:todo-group-list'), self.data)
self.assertEquals(response.status_code, HTTP_201_CREATED)
id = response.data['id']
self.data['name'] = 'update todo group'
response = self.client.put(path=reverse('todo:todo-group-detail',
kwargs={'pk': id}),
data=json.dumps(self.data),
content_type='application/json')
self.assertEquals(response.status_code, HTTP_200_OK)
self.assertEquals(response.data['name'], 'update todo group')
class APILogOutWithPublicSchemaTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test shared_api.tests.test_logout_views
"""
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APILogOutWithPublicSchemaTestCase, self).setUp()
self.c = TenantClient(self.tenant)
call_command('init_app', verbosity=0)
call_command('create_shared_account',
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
verbosity=0)
@transaction.atomic
def tearDown(self):
users = SharedUser.objects.all()
for user in users.all():
user.delete()
del self.c
super(APILogOutWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_logout(self):
# Log in the the account.
user = SharedUser.objects.get()
token, orig_iat = get_jwt_token_and_orig_iat(user)
# Log out.
logout_url = reverse('workery_logout_api_endpoint')
data = {
'email_or_username': TEST_USER_EMAIL,
'password': TEST_USER_PASSWORD,
}
response = self.c.post(logout_url,
json.dumps(data),
HTTP_AUTHORIZATION='JWT {0}'.format(token),
content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_200_OK)
class APICityOptionWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticallianceofhumankind'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_superuser = True
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APICityOptionWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
ProvinceOption.objects.delete_all()
CityOption.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APICityOptionWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get('/api/tenantcityoption/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/tenantcityoption/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post(self):
data = {
'name': 'Unit Test',
}
response = self.unauthorized_client.post(
'/api/tenantcityoption/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authentication(self):
country = CountryOption.objects.create(
id=1,
name="Unit Test",
)
province = ProvinceOption.objects.create(
id=1,
name="Unit Test",
country=country,
)
data = {
'name': 'Unit Test',
'country': country.id,
'province': province.id
}
response = self.authorized_client.post('/api/tenantcityoption/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put(self):
# Create a new object with our specific test data.
country = CountryOption.objects.create(
id=1,
name="Unit Test",
)
province = ProvinceOption.objects.create(
id=1,
name="Unit Test",
country=country,
)
city = CityOption.objects.create(
id=1,
name="Unit Test",
country=country,
province=province,
)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
'country': country.id,
'province': province.id,
'city': city.id,
}
response = self.unauthorized_client.put(
'/api/tenantcityoption/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
# Create a new object with our specific test data.
country = CountryOption.objects.create(
id=1,
name="Unit Test",
)
province = ProvinceOption.objects.create(
id=1,
name="Unit Test",
country=country,
)
city = CityOption.objects.create(
id=1,
name="Unit Test",
country=country,
province=province,
)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
'country': country.id,
'province': province.id,
'city': city.id,
}
response = self.authorized_client.put('/api/tenantcityoption/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
response = self.unauthorized_client.delete('/api/tenantcityoption/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication(self):
country = CountryOption.objects.create(
id=1,
name="Unit Test",
)
province = ProvinceOption.objects.create(
id=1,
name="Unit Test",
country=country,
)
city = CityOption.objects.create(
id=1,
name="Unit Test",
country=country,
province=province,
)
response = self.authorized_client.delete('/api/tenantcityoption/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
class WorkspaceAPIWithTenantSchemaTestCase(APITestCase, FastTenantTestCase):
fixtures = []
@staticmethod
def get_test_schema_name():
return 'galacticalliance'
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
user.groups.add(group)
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
Workspace.objects.bulk_create([
Workspace(owner=self.user),
Workspace(owner=self.user),
Workspace(owner=self.user),
])
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
Workspace.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Workspace.objects.delete_all()
FileUpload.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(WorkspaceAPIWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get('/api/tenantworkspace/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/tenantworkspace/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.unauthorized_client.post('/api/tenantworkspace/',
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_non_management_user(self):
for group in self.user.groups.all():
group.delete()
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'type_of': constants.INFO_RESOURCE_INTERAL_URL_TYPE,
'url': 'http://smegurus.com'
}
response = self.authorized_client.post('/api/tenantworkspace/',
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_post_with_authentication(self):
# CASE 1 OF 5: SUCCESS
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'type_of': constants.INFO_RESOURCE_INTERAL_URL_TYPE,
'url': 'http://smegurus.com'
}
response = self.authorized_client.post('/api/tenantworkspace/',
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put(self):
# Create a new object with our specific test data.
Workspace.objects.create(id=999,
name="Unit Test",
description="Used for unit testing purposes.")
# Run the test.
data = {
'id': 999,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.unauthorized_client.put(
'/api/tenantworkspace/999/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
# Create a new object with our specific test data.
Workspace.objects.create(id=666,
name="Unit Test",
description="Used for unit testing purposes.",
owner_id=self.user.id)
# Run the test.
data = {
'id': 666,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.put('/api/tenantworkspace/666/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
Workspace.objects.create(id=999,
name="Unit Test",
description="Used for unit testing purposes.")
response = self.unauthorized_client.delete('/api/tenantworkspace/999/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication(self):
Workspace.objects.create(id=999,
name="Unit Test",
description="Used for unit testing purposes.")
response = self.authorized_client.delete('/api/tenantworkspace/999/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
class APIIntakeWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_superuser = True
user.is_active = True
user.groups.add(org_admin_group)
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIIntakeWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
self.authorized_client.login(
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
self.tenant.owner = self.user
self.tenant.save()
self.me = Me.objects.create(
owner=self.user,
)
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
Intake.objects.delete_all()
Note.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
items = User.objects.all()
for item in items.all():
item.delete()
items = Group.objects.all()
for item in items.all():
item.delete()
# super(APIIntakeWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list_with_anonymous_user(self):
response = self.unauthorized_client.get('/api/tenantintake/?format=json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authenticated__user(self):
# Change Group that the User belongs in.
entrepreneur_group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(entrepreneur_group)
self.user.save()
# Test and verify.
response = self.authorized_client.get('/api/tenantintake/?format=json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authenticated_management_group_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.save()
# Test and verify.
response = self.authorized_client.get('/api/tenantintake/?format=json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authenticated_advisor_group_user(self):
# Change Group that the User belongs in.
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(advisor_group)
self.user.save()
# Test and verify.
response = self.authorized_client.get('/api/tenantintake/?format=json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'me': self.me.id,
}
response = self.unauthorized_client.post('/api/tenantintake/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authenticated_management_group_user(self):
# Run the test and verify.
data = {
'me': self.me.id,
}
response = self.authorized_client.post('/api/tenantintake/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_post_with_authenticated_advisor_group_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Test and verify.
data = {
'me': self.me.id,
}
response = self.authorized_client.post('/api/tenantintake/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put_with_anonymous_user(self):
# Create a new object with our specific test data.
Intake.objects.create(
id=1,
me=self.me,
)
# Run the test.
data = {
'id': 1,
'me': self.me.id,
}
response = self.unauthorized_client.put('/api/tenantintake/1/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authenticated_management_user(self):
# Create a new object with our specific test data.
Intake.objects.create(
id=1,
me=self.me,
)
# Run the test.
data = {
'id': 1,
'me': self.me.id,
}
response = self.authorized_client.put('/api/tenantintake/1/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_put_with_authenticated_advisor_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Create a new object with our specific test data.
Intake.objects.create(
id=1,
me=self.me,
)
# Run the test.
data = {
'id': 1,
'me': self.me.id,
}
response = self.authorized_client.put('/api/tenantintake/1/?format=json', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_with_anonymous_user(self):
Intake.objects.create(
id=1,
me=self.me,
)
response = self.unauthorized_client.delete('/api/tenantintake/1/?format=json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authenticated_management_user(self):
Intake.objects.create(
id=1,
me=self.me,
judgement_note=Note.objects.create(
id=1,
me=self.me,
),
privacy_note=Note.objects.create(
id=2,
me=self.me,
),
terms_note=Note.objects.create(
id=3,
me=self.me,
),
confidentiality_note=Note.objects.create(
id=4,
me=self.me,
),
collection_note=Note.objects.create(
id=5,
me=self.me,
),
)
response = self.authorized_client.delete('/api/tenantintake/1/?format=json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authenticated_advisor_user(self):
# Create our object to be deleted.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
judgement_note=Note.objects.create(
id=1,
me=self.me,
),
)
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Run test and verify.
response = self.authorized_client.delete('/api/tenantintake/1/?format=json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_complete_intake_with_anonymous_user(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.PENDING_REVIEW_STATUS,
judgement_note=Note.objects.create(
id=1,
me=self.me,
),
)
# Run the test and verify.
response = self.unauthorized_client.put(
'/api/tenantintake/1/complete_intake/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
me = Intake.objects.get(id=1)
self.assertEqual(me.status, constants.PENDING_REVIEW_STATUS)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_complete_intake_with_owner_user(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/complete_intake/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
me = Intake.objects.get(id=1)
self.assertEqual(me.status, constants.PENDING_REVIEW_STATUS)
# Test that one email has been sent.
self.assertEqual(len(mail.outbox), 1)
# Verify that the subject of the first message is correct.
self.assertEqual(mail.outbox[0].subject, 'New Entrepreneur Application!')
@transaction.atomic
def test_complete_intake_with_different_owner_user(self):
# Setup our objects.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
new_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******',
)
new_user.is_active = True
new_user.groups.add(org_admin_group)
new_user.save()
new_me = Me.objects.create(
owner=new_user
)
Intake.objects.create(
id=1,
me=new_me,
status=constants.CREATED_STATUS,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/complete_intake/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
me = Intake.objects.get(id=1)
self.assertEqual(me.status, constants.CREATED_STATUS)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_complete_intake_with_owner_user_with_404(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/6666/complete_intake/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
me = Intake.objects.get(id=1)
self.assertEqual(me.status, constants.CREATED_STATUS)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_judge_with_anonymous_user(self):
# Create a new object with our specific test data.
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id,
'is_employee_created': False,
}
response = self.unauthorized_client.put(
'/api/tenantintake/1/judge/?format=json',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
intake = Intake.objects.get(id=1)
self.assertEqual(intake.status, constants.CREATED_STATUS)
self.assertFalse(intake.me.is_in_intake)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_judge_with_employee_user_for_existing_intake_with_note(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
judgement_note=Note.objects.create(
me=self.me,
),
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/judge/?format=json',
json.dumps({
'status': constants.APPROVED_STATUS,
'comment': 'This is a test comment.',
'is_employee_created': False,
}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
intake = Intake.objects.get(id=1)
self.assertEqual(intake.status, constants.APPROVED_STATUS)
self.assertTrue(intake.me.is_in_intake)
note = Note.objects.get(id=1)
self.assertIn('This is a test comment.', note.description)
self.assertEqual(len(mail.outbox), 1) # Test that one message has been sent.
self.assertIn('Accepted', mail.outbox[0].subject)
@transaction.atomic
def test_judge_with_employee_user_for_existing_intake_without_note(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/judge/?format=json',
json.dumps({
'status': constants.REJECTED_STATUS,
'comment': 'This is a test comment.',
'is_employee_created': False,
}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
intake = Intake.objects.get(id=1)
self.assertEqual(intake.status, constants.REJECTED_STATUS)
self.assertFalse(intake.me.is_in_intake)
note = Note.objects.get(id=1)
self.assertIn('This is a test comment.', note.description)
self.assertEqual(len(mail.outbox), 1) # Test that one message has been sent.
self.assertIn('Rejected', mail.outbox[0].subject)
@transaction.atomic
def test_judge_with_employee_user_for_manually_created_intake(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/judge/?format=json',
json.dumps({
'status': constants.APPROVED_STATUS,
'comment': 'This is a test comment.',
'is_employee_created': True,
}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
intake = Intake.objects.get(id=1)
self.assertEqual(intake.status, constants.APPROVED_STATUS)
self.assertTrue(intake.me.is_in_intake)
note = Note.objects.get(id=1)
self.assertIn('This is a test comment.', note.description)
self.assertEqual(len(mail.outbox), 1) # Test that one message has been sent.
@transaction.atomic
def test_judge_with_non_employee_user(self):
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.remove(org_admin_group)
group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(group)
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
)
# Run the test.
response = self.authorized_client.put(
'/api/tenantintake/1/judge/?format=json',
json.dumps({
'status': constants.APPROVED_STATUS,
'comment': 'This is a test comment.',
'is_employee_created': False,
}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
intake = Intake.objects.get(id=1)
self.assertEqual(intake.status, constants.CREATED_STATUS)
self.assertFalse(intake.me.is_in_intake)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_judge_with_owner_user_with_404(self):
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.remove(org_admin_group)
group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(group)
response = self.authorized_client.put(
'/api/tenantintake/666/judge/?format=json',
json.dumps({
'status': constants.APPROVED_STATUS,
'comment': 'This is a test comment.',
'is_employee_created': False,
}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertIn(b'No Intake matches the given query.', response.content)
self.assertEqual(len(mail.outbox), 0) # Test that one message has not been sent.
@transaction.atomic
def test_crm_update_with_anonymous_user(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.PENDING_REVIEW_STATUS,
has_signed_with_name="Ledo"
)
# Run the test and verify.
response = self.unauthorized_client.put(
'/api/tenantintake/1/crm_update/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_crm_update_with_owner_user(self):
# Setup our object.
Intake.objects.create(
id=1,
me=self.me,
status=constants.CREATED_STATUS,
has_signed_with_name="Ledo"
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/crm_update/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_crm_update_with_different_owner_user(self):
# Setup our objects.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
new_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******',
)
new_user.is_active = True
new_user.groups.add(org_admin_group)
new_user.save()
new_me = Me.objects.create(
owner=new_user
)
Intake.objects.create(
id=1,
me=new_me,
status=constants.CREATED_STATUS,
has_signed_with_name="Ledo"
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/1/crm_update/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_crm_update_with_owner_user_with_404(self):
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantintake/6666/crm_update/?format=json',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class APILoginWithPublicSchemaTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test shared_api.tests.views.test_login_views
"""
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
self.c = TenantClient(self.tenant)
call_command('init_app', verbosity=0)
# Create the account.
call_command(
'create_tenant_account',
TEST_SCHEMA_NAME,
constants.MANAGEMENT_GROUP_ID,
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
TEST_USER_TEL_NUM,
TEST_USER_TEL_EX_NUM,
TEST_USER_CELL_NUM,
"CA",
"London",
"Ontario",
"", # Post Offic #
"N6H 1B4",
"78 Riverside Drive",
"", # Extra line.
verbosity=0)
super(APILoginWithPublicSchemaTestCase, self).setUp()
@transaction.atomic
def tearDown(self):
# SharedUser.objects.delete_all() # Is this an error?
del self.c
super(APILoginWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_login_with_success(self):
url = reverse('workery_login_api_endpoint')
data = {
'email_or_username': TEST_USER_USERNAME,
'password': TEST_USER_PASSWORD,
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data['token']) > 0, True)
self.assertEqual(len(response.data['schema_name']) > 0, True)
@transaction.atomic
def test_api_login_with_nonexisting_account(self):
url = reverse('workery_login_api_endpoint')
data = {
'email_or_username': '******',
'password': '******',
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_login_with_inactive_account(self):
# Get our current user and set the user to be inactive.
client = SharedUser.objects.get()
client.is_active = False
client.save()
# Run this test.
url = reverse('workery_login_api_endpoint')
data = {
'email_or_username': TEST_USER_USERNAME,
'password': TEST_USER_PASSWORD,
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_login_with_bad_password(self):
# Get our current user and set the user to be inactive.
client = SharedUser.objects.get()
client.save()
# Run this test.
url = reverse('workery_login_api_endpoint')
data = {
'email_or_username': TEST_USER_USERNAME,
'password': "******",
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class APIActivationTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
user = User.objects.create_user( # Create our User.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APIActivationTestCase, self).setUp()
self.c = TenantClient(self.tenant)
@transaction.atomic
def tearDown(self):
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIActivationTestCase, self).tearDown()
@transaction.atomic
def test_api_activation_with_authentication_success(self):
user = User.objects.get()
self.assertIsNotNone(user)
user.is_active = False
user.save()
token = Token.objects.get(user_id=user.id)
# Activate the user.
url = reverse('api_activate')
data = {
'uid': user.id,
'token': str(token),
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_api_activation_with_stale_token(self):
user = User.objects.get()
self.assertIsNotNone(user)
token = Token.objects.get(user_id=user.id)
# Activate the user to generate a "Stale Token" error.
url = reverse('api_activate')
data = {
'uid': user.id,
'token': str(token),
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_api_activation_with_invalid_uid(self):
# Activate the user to generate a "Stale Token" error.
url = reverse('api_activate')
data = {
'uid': 666,
'token': '',
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_activation_with_invalid_token_1(self):
# Get the user.
user = User.objects.get()
# Activate the user to generate a "Stale Token" error.
url = reverse('api_activate')
data = {
'uid': user.id,
'token': '666',
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_activation_with_invalid_token_2(self):
user = User.objects.get()
user.is_active = False
user.save()
token = Token.objects.get(user_id=user.id)
# Activate the user.
url = reverse('api_activate')
data = {
'uid': user.id,
'token': str(token),
}
# Important: By deleting the token, we are will testing to see
# how the system will re-act.
token.delete()
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class APIBrandWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIBrandWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
Brand.objects.bulk_create([
Brand(owner=self.user),
Brand(owner=self.user),
Brand(owner=self.user),
])
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
Brand.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIBrandWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_to_string(self):
# Create a new object with our specific test data.
brand = Brand.objects.create(
id=2030,
name="Unit Test",
description="Used for unit testing purposes.")
brand.save()
self.assertEqual(str(brand), "Unit Test")
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get('/api/tenantbrand/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/tenantbrand/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post(self):
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.unauthorized_client.post('/api/tenantbrand/',
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authentication(self):
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/tenantbrand/',
data,
format="json")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put(self):
# Delete any previous data.
brands = Brand.objects.all()
for brand in brands.all():
brand.delete()
# Create a new object with our specific test data.
Brand.objects.create(id=1,
name="Unit Test",
description="Used for unit testing purposes.")
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.unauthorized_client.put(
'/api/tenantbrand/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
# Delete any previous data.
brands = Brand.objects.all()
for brand in brands.all():
brand.delete()
# Create a new object with our specific test data.
Brand.objects.create(id=1,
name="Unit Test",
description="Used for unit testing purposes.",
owner_id=self.user.id)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.put('/api/tenantbrand/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
response = self.unauthorized_client.delete('/api/tenantbrand/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication(self):
response = self.authorized_client.delete('/api/tenantbrand/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
class APIRegistrationWithPublicSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APIRegistrationWithPublicSchemaTestCase, self).setUp()
self.c = TenantClient(self.tenant)
@transaction.atomic
def tearDown(self):
users = User.objects.all()
for user in users.all():
user.delete()
groups = Group.objects.all()
for group in groups.all():
group.delete()
super(APIRegistrationWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_registration_with_success_for_org_admin(self):
# Remove the existing user(s) before continuing.
self.assertEqual(User.objects.count(), 1)
for user in User.objects.all():
user.delete()
self.assertEqual(User.objects.count(), 0)
# Perform the Unit-Tests
url = reverse('api_register')
data = {
'username': '******',
'email': '*****@*****.**',
'password': TEST_USER_PASSWORD,
'first_name': 'Transhumanist',
'last_name': '#1'
}
response = self.c.post(url, data, format='json')
# Verify general info.
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(User.objects.count(), 1)
self.assertEqual(User.objects.get().email, '*****@*****.**')
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
# Verify group membership.
is_org_admin = False
for a_group in User.objects.get().groups.all():
if a_group == group:
is_org_admin = True
self.assertEqual(is_org_admin, True)
# Test that one message has been sent.
self.assertEqual(len(mail.outbox), 1)
# Verify that the subject of the first message is correct.
self.assertEqual(mail.outbox[0].subject, 'Account Activation - SME Gurus for your Organization')
@transaction.atomic
def test_api_registration_with_failure(self):
self.assertEqual(User.objects.count(), 1)
url = reverse('api_register')
data = {
'username': TEST_USER_USERNAME,
'email': TEST_USER_EMAIL,
'password': TEST_USER_PASSWORD,
'first_name': 'Ledo',
'last_name': 'Clone #123'
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(User.objects.count(), 1)
self.assertEqual(User.objects.get().email, TEST_USER_EMAIL)
self.assertEqual(len(mail.outbox), 0)
@transaction.atomic
def test_api_registration_with_banned_domain(self):
# Create our Banned Domain
BannedDomain.objects.create(
name='hideauze.com',
reason='They are enemies of humankind!',
)
# Remove the existing user(s) before continuing.
self.assertEqual(User.objects.count(), 1)
for user in User.objects.all():
user.delete()
self.assertEqual(User.objects.count(), 0)
# Perform the Unit-Tests
url = reverse('api_register')
data = {
'username': '******',
'email': '*****@*****.**',
'password': TEST_USER_PASSWORD,
'first_name': 'Transhumanist',
'last_name': '#1'
}
response = self.c.post(url, data, format='json')
# Verify general info.
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(User.objects.count(), 0)
self.assertEqual(len(mail.outbox), 0)
class SharedFranchiseListAPIViewWithPublicSchemaTestCase(
TenantTestCase, TransactionTestCase):
"""
Console:
python manage.py test shared_api.tests.views.test_franchise_list_views
"""
def setUp(self):
translation.activate('en') # Set English
SharedUser.objects.delete_all()
super(SharedFranchiseListAPIViewWithPublicSchemaTestCase, self).setUp()
self.anon_client = TenantClient(self.tenant)
call_command('init_app', verbosity=0)
# Update the tenant.
self.tenant.name = 'Over 55 (London) Inc.',
self.tenant.alternate_name = "Over55",
self.tenant.description = "Located at the Forks of the Thames in ...",
self.tenant.address_country = "CA",
self.tenant.address_locality = "London",
self.tenant.address_region = "Ontario",
self.tenant.post_office_box_number = "", # Post Offic #
self.tenant.postal_code = "N6H 1B4",
self.tenant.street_address = "78 Riverside Drive",
self.tenant.street_address_extra = "", # Extra line.
self.tenant.save()
# Create our test user.
call_command('create_shared_account',
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
verbosity=0)
# Initialize our test data.
self.user = SharedUser.objects.get(email=TEST_USER_EMAIL)
token, orig_iat = get_jwt_token_and_orig_iat(self.user)
self.authorized_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(token))
self.authorized_client.login(username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
def tearDown(self):
SharedUser.objects.delete_all()
del self.anon_client
del self.authorized_client
super(SharedFranchiseListAPIViewWithPublicSchemaTestCase,
self).tearDown()
def test_anonymous_get_with_200(self):
url = reverse('workery_franchise_list_create_api_endpoint')
response = self.anon_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("London", str(response.data))
self.assertIn("Ontario", str(response.data))
def test_anonymous_search_get_with_200_(self):
url = reverse('workery_franchise_list_create_api_endpoint'
) + "?format=json&search=London"
response = self.anon_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("London", str(response.data))
self.assertIn("Ontario", str(response.data))
def test_anonymous_post(self):
url = reverse('workery_franchise_list_create_api_endpoint')
post_data = json.dumps({
"schema_name": "mikasoftware",
"postal_code": "n6j4x4",
"name": "Mika Software Corporation",
"alternate_name": "Mika Software",
"description": "An open source software company.",
"url": "https://mikasoftware.com",
"timezone_name": "America/Toronto",
"address_country": "Canada",
"address_locality": "London",
"address_region": "Ontario",
"postal_code": "N6J4X4",
"street_address": "120 Centre Street",
"street_address_extra": "Unit 102"
})
response = self.anon_client.post(url,
data=post_data,
content_type='application/json')
get_worker().work(
burst=True
) # Processes all BACKGROUND jobs in FOREGROUND then stop. (Note: https://stackoverflow.com/a/12273705)
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
class APINoteWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD,
first_name=TEST_USER_FIRSTNAME,
last_name=TEST_USER_LASTNAME,
)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APINoteWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
self.authorized_client.login(
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
self.tenant.owner = self.user
self.tenant.save()
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
Note.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
groups = Group.objects.all()
for group in groups.all():
group.delete()
# super(APINoteWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list_with_anonymous_user(self):
response = self.unauthorized_client.get('/api/tenantnote/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authenticated_management_group_user(self):
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
response = self.authorized_client.get('/api/tenantnote/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authenticated_advisor_group_user(self):
group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(group)
response = self.authorized_client.get('/api/tenantnote/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authenticated_entrepreneur_group_user(self):
group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(group)
response = self.authorized_client.get('/api/tenantnote/')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'name': 'Test Note',
'description': 'This is a test note',
}
response = self.unauthorized_client.post(
'/api/tenantnote/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authenticated_management_group_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
data = {
'name': 'Test Note',
'description': 'This is a test note',
'me': me.id,
}
response = self.authorized_client.post(
'/api/tenantnote/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_post_with_authenticated_advisor_group_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(group)
data = {
'name': 'Test Note',
'description': 'This is a test note',
'me': me.id,
}
response = self.authorized_client.post(
'/api/tenantnote/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_post_with_authenticated_entrepreneur_group_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(group)
data = {
'name': 'Test Note',
'description': 'This is a test note',
'me': me.id,
}
response = self.authorized_client.post(
'/api/tenantnote/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_put_with_anonymous_user(self):
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
data = {
'id': 1,
'name': 'Test Note',
'description': 'This is a test note',
'me': 1,
}
response = self.unauthorized_client.put(
'/api/tenantnote/1/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authenticated_management_group_user(self):
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
data = {
'id': 1,
'name': 'Test Note',
'description': 'This is a test note',
'me': 1,
}
response = self.authorized_client.put(
'/api/tenantnote/1/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_put_with_authenticated_advisor_group_user(self):
group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
data = {
'id': 1,
'name': 'Test Note',
'description': 'This is a test note',
'me': 1,
}
response = self.authorized_client.put(
'/api/tenantnote/1/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_put_with_authenticated_entrepreneur_group_user(self):
group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
data = {
'id': 1,
'name': 'Test Note',
'description': 'This is a test note',
'me': 1,
}
response = self.authorized_client.put(
'/api/tenantnote/1/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_delete_with_anonymous_user(self):
response = self.unauthorized_client.delete('/api/tenantnote/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authenticated_management_user(self):
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
response = self.authorized_client.delete('/api/tenantnote/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authenticated_advisor_user(self):
group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
response = self.authorized_client.delete('/api/tenantnote/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authenticated_entrepreneur_user(self):
group = Group.objects.get(id=constants.ENTREPRENEUR_GROUP_ID)
self.user.groups.add(group)
Note.objects.create(
id=1,
name='Test Note',
description='This is a test note',
me = Me.objects.create(
id=1,
owner=self.user,
),
)
response = self.authorized_client.delete('/api/tenantnote/1/')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
class APIPostalAdressWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIPostalAdressWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
CountryOption.objects.delete_all()
ProvinceOption.objects.delete_all()
CityOption.objects.delete_all()
PostalAddress.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIPostalAdressWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get('/api/tenantpostaladdress/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/tenantpostaladdress/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Colony Ship #124")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'country': country.id,
'region': province.id,
'locality': city.name
}
response = self.unauthorized_client.post(
'/api/tenantpostaladdress/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authentication(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Colony Ship #124")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'country': country.id,
'region': province.id,
'locality': city.name
}
response = self.authorized_client.post('/api/tenantpostaladdress/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Sector 666")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
PostalAddress.objects.create(
id=1,
name="Unit Test",
description="Used for unit testing purposes.",
owner=self.user,
country=country,
region=province,
locality=city.name,
)
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'country': country.id,
'region': province.id,
'locality': city.name
}
response = self.unauthorized_client.put(
'/api/tenantpostaladdress/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Sector 666")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
PostalAddress.objects.create(
id=1,
name="Unit Test",
description="Used for unit testing purposes.",
owner=self.user,
country=country,
region=province,
locality=city.name,
)
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'owner': self.user.id,
'country': country.id,
'region': province.id,
'locality': city.name
}
response = self.authorized_client.put('/api/tenantpostaladdress/1/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Sector 666")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
PostalAddress.objects.create(
id=1,
name="Unit Test",
description="Used for unit testing purposes.",
owner=self.user,
country=country,
region=province,
locality=city.name,
)
response = self.unauthorized_client.delete(
'/api/tenantpostaladdress/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication(self):
country = CountryOption.objects.create(id=1, name="Avalon")
province = ProvinceOption.objects.create(id=1,
country=country,
name="Sector 666")
city = CityOption.objects.create(id=1,
country=country,
province=province,
name="District 9")
PostalAddress.objects.create(
id=1,
name="Unit Test",
description="Used for unit testing purposes.",
owner=self.user,
country=country,
region=province,
locality=city.name,
)
response = self.authorized_client.delete('/api/tenantpostaladdress/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_rebuild_geo_data_with_anonymous_user(self):
# Create a new object with our specific test data.
country = CountryOption.objects.create(
id=1,
name='Ontario',
)
region = ProvinceOption.objects.create(id=1,
name='Canada',
country=country)
PostalAddress.objects.create(
id=1,
name='Test Address',
owner=self.user,
street_number='120',
street_name='Centre Street',
suite_number='102',
postal_code='N6J4X4',
locality='London',
region=region,
country=country,
)
# Run the test.
response = self.unauthorized_client.put(
'/api/tenantpostaladdress/1/rebuild_geo_data/?format=json',
json.dumps({}),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_rebuild_geo_data_with_authenticated_user(self):
# Create a new object with our specific test data.
country = CountryOption.objects.create(
id=1,
name='Ontario',
)
region = ProvinceOption.objects.create(id=1,
name='Canada',
country=country)
PostalAddress.objects.create(
id=1,
name='Test Address',
owner=self.user,
street_number='120',
street_name='Centre Street',
suite_number='102',
postal_code='N6J4X4',
locality='London',
region=region,
country=country,
)
# Run the test.
response = self.authorized_client.put(
'/api/tenantpostaladdress/1/rebuild_geo_data/?format=json',
json.dumps({}),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
class APIFunctionViewSetWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our User.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIFunctionViewSetWithTenantSchemaTestCase, self).setUp()
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(
self.tenant,
HTTP_AUTHORIZATION='Token ' + token.key,
format='json',
)
@transaction.atomic
def tearDown(self):
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
tokens = Token.objects.all()
# super(APIFunctionViewSetWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_function_finalize_tenant_with_200(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Make User an Employee.
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
user.groups.add(group)
# Begin this unit test.
url = reverse('api_function_finalize_tenant')
response = self.authorized_client.post(url,
json.dumps({}),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_api_function_finalize_tenant_with_403(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Begin this unit test.
url = reverse('api_function_finalize_tenant')
response = self.authorized_client.post(url,
json.dumps({}),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_api_function_finalize_tenant_with_401(self):
# Begin this unit test.
url = reverse('api_function_finalize_tenant')
response = self.unauthorized_client.post(
url, json.dumps({}), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
class APIAuthResetPasswordViewslWithSchemaTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test shared_api.tests.views.test_auth_reset_password_views
"""
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APIAuthResetPasswordViewslWithSchemaTestCase, self).setUp()
self.c = TenantClient(self.tenant)
call_command('init_app', verbosity=0)
call_command(
'create_shared_account',
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
verbosity=0
)
@transaction.atomic
def tearDown(self):
SharedUser.objects.delete_all()
del self.c
super(APIAuthResetPasswordViewslWithSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_endpoint_with_success(self):
# Get credentials
me = SharedUser.objects.get()
pr_access_code = me.generate_pr_code()
# Log out.
url = reverse('workery_reset_password_api_endpoint')
data = {
'password': TEST_USER_PASSWORD,
'password_repeat': TEST_USER_PASSWORD,
'pr_access_code': pr_access_code
}
response = self.c.post(url, json.dumps(data), content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_api_endpoint_with_bad_pr_access_code(self):
# Get credentials
me = SharedUser.objects.get()
pr_access_code = me.generate_pr_code()
# Log out.
url = reverse('workery_reset_password_api_endpoint')
data = {
'password': TEST_USER_PASSWORD,
'password_repeat': TEST_USER_PASSWORD,
'pr_access_code': "some-bad-pr-access-code"
}
response = self.c.post(url, json.dumps(data), content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_endpoint_with_bad_password(self):
# Log out.
url = reverse('workery_reset_password_api_endpoint')
data = {
'password': "******",
'password_repeat': "some-bad-password-plus-mismatching-entry",
'pr_access_code': "some-bad-pr-access-code"
}
response = self.c.post(url, json.dumps(data), content_type='application/json')
# Confirm.
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Verify password error messages.
self.assertIn("Password", str(response.data))
self.assertIn("uppercase", str(response.data))
class APIMessageWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_superuser = True
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIMessageWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
self.authorized_client.login(username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
self.tenant.owner = self.user
self.tenant.save()
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
Message.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIMessageWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list_with_anonymous_user(self):
response = self.unauthorized_client.get(
'/api/tenantmessage/?format=json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authenticated_user(self):
org_admin_group = Group.objects.get(
id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(org_admin_group)
response = self.authorized_client.get(
'/api/tenantmessage/?format=json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'name': 'Unit Test',
'owner': self.user.id,
}
response = self.unauthorized_client.post(
'/api/tenantmessage/?format=json',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(len(mail.outbox), 0)
@transaction.atomic
def test_post_from_sender_to_recipient(self):
# Create our recipient
recipient_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
recipient_user.is_active = True
recipient_user.save()
recipient = Me.objects.create(owner=recipient_user)
# Run the test and verify.
data = {
'name': 'Unit Test',
'recipient': recipient.id,
'description': 'Glory to Galactic Alliance',
}
response = self.authorized_client.post(
'/api/tenantmessage/?format=json',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(len(mail.outbox), 1)
@transaction.atomic
def test_put_with_anonymous_user(self):
# Create a new object with our specific test data.
Message.objects.create(
id=666,
name="Unit Test",
owner=self.user,
)
# Run the test.
data = {
'id': 666,
'name': 'Unit Test',
'owner': self.user.id,
}
response = self.unauthorized_client.put(
'/api/tenantmessage/666/?format=json',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(len(mail.outbox), 0)
@transaction.atomic
def test_put_with_original_sender(self):
# Create our sender.
sender = Me.objects.create(owner=self.user, )
# Create our recipient
recipient_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
recipient_user.is_active = True
recipient_user.save()
recipient = Me.objects.create(owner=recipient_user)
# Create a new object with our specific test data.
Message.objects.create(
id=666,
name="Unit Test #666",
recipient=recipient,
sender=sender,
)
# Run the test.
data = {
'id': 666,
'name': 'Unit Test',
'recipient': recipient.id,
}
response = self.authorized_client.put('/api/tenantmessage/666/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(mail.outbox),
0) # Editing does not qualify for email notification.
@transaction.atomic
def test_put_with_different_sender(self):
# Create our CURRENT sender.
Me.objects.create(owner=self.user, )
# Create our NEW sender.
sender_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
sender_user.is_active = True
sender_user.save()
sender = Me.objects.create(owner=sender_user)
# Create our NEW recipient
recipient_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
recipient_user.is_active = True
recipient_user.save()
recipient = Me.objects.create(owner=recipient_user)
# Create a new object with our specific test data.
Message.objects.create(
id=666,
name="Unit Test #666",
recipient=recipient,
sender=sender,
)
# Run the test.
data = {
'id': 666,
'name': 'Unit Test',
'recipient': recipient.id,
}
response = self.authorized_client.put('/api/tenantmessage/666/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(len(mail.outbox), 0)
@transaction.atomic
def test_delete_with_anonymous_user(self):
# Create our CURRENT sender.
sender = Me.objects.create(owner=self.user, )
# Create a new object with our specific test data.
message = Message.objects.create(
id=666,
name="Unit Test #666",
sender=sender,
)
message.participants.add(sender)
message.save()
# Run our test and verify.
response = self.unauthorized_client.delete(
'/api/tenantmessage/666/?format=json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(Message.objects.all().count(), 1)
message = Message.objects.get(id=666)
self.assertEqual(message.participants.count(), 1)
@transaction.atomic
def test_delete_with_sender(self):
# Create our SENDER user.
sender = Me.objects.create(owner=self.user, )
# Create our RECIPIENT user.
recipient_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
recipient_user.is_active = True
recipient_user.save()
recipient = Me.objects.create(owner=recipient_user)
# Create a new object with our specific test data.
message = Message.objects.create(
id=666,
name="Unit Test #666",
sender=sender,
recipient=recipient,
)
message.participants.add(sender)
message.save()
# Run our test and verify.
response = self.authorized_client.delete(
'/api/tenantmessage/666/?format=json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Message.objects.all().count(),
1) # Check message has not been deleted
message = Message.objects.get(id=666)
self.assertEqual(message.participants.count(), 0)
@transaction.atomic
def test_delete_with_recipient(self):
# Create our CURRENT sender.
recipient = Me.objects.create(owner=self.user, )
# Create our NEW recipient
sender_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
sender_user.is_active = True
sender_user.save()
sender = Me.objects.create(owner=sender_user)
# Create a new object with our specific test data.
message = Message.objects.create(
id=666,
name="Unit Test #666",
sender=sender,
recipient=recipient,
)
message.participants.add(recipient, sender)
message.save()
# Run our test and verify.
response = self.authorized_client.delete(
'/api/tenantmessage/666/?format=json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Message.objects.all().count(),
1) # Check message has not been deleted
message = Message.objects.get(id=666)
self.assertEqual(message.participants.count(), 1)
@transaction.atomic
def test_delete_with_different_sender(self):
# Create our CURRENT sender.
Me.objects.create(owner=self.user, )
# Create our NEW sender.
sender_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
sender_user.is_active = True
sender_user.save()
sender = Me.objects.create(owner=sender_user)
# Create our NEW recipient
recipient_user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password='******')
recipient_user.is_active = True
recipient_user.save()
recipient = Me.objects.create(owner=recipient_user)
# Create a new object with our specific test data.
message = Message.objects.create(
id=666,
name="Unit Test #666",
recipient=recipient,
sender=sender,
)
message.participants.add(recipient, sender)
message.save()
# Run our test and verify.
response = self.authorized_client.delete(
'/api/tenantmessage/666/?format=json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Message.objects.all().count(), 1)
message = Message.objects.get(id=666)
self.assertEqual(message.participants.count(), 2)
class APIImageUploadWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIImageUploadWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
# Initialize our test data.
ImageUpload.objects.bulk_create([
ImageUpload(owner=self.user),
ImageUpload(owner=self.user),
ImageUpload(owner=self.user),
])
@transaction.atomic
def tearDown(self):
"""Delete all the images we uploaded for this Test"""
ImageUpload.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIImageUploadWithTenantSchemaTestCase, self).tearDown()
def _create_test_image(self, path):
# Create the image.
from PIL import Image
width = 2
height = 2
img = Image.new('RGB', (width, height))
img.save(path)
# Open image.
f = open(path, 'rb')
return {'imagefile': f}
@transaction.atomic
def test_to_string(self):
# Create a new object with our specific test data.
upload = ImageUpload.objects.create(
id=2030,
owner=self.user,
)
upload.save()
self.assertEqual(str(upload), "")
@transaction.atomic
def test_post_with_authenticated_user(self):
# Step 1: Set the location variables.
url = reverse('tenantimageupload-list')
data = self._create_test_image('/tmp/test_upload.png')
data['owner'] = self.user.id
# Step 2: Perform a "multiform" post using AJAX.
response = self.authorized_client.post(url, data, format='multipart')
# Step 3: Test & verify.
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn('created', response.data)
@transaction.atomic
def test_post(self):
# Step 1: Set the location variables.
url = reverse('tenantimageupload-list')
data = self._create_test_image('/tmp/test_upload.png')
# Step 2: Perform a "multiform" post using AJAX.
response = self.unauthorized_client.post(url, data, format='multipart')
# Step 3: Test & verify.
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_banning(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')
# Step 2: Ban self.
BannedIP.objects.create(
address='127.0.0.1',
reason='For unit testing purposes.'
)
# Step 3: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_list_with_authenticated_user(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')
# Step 2: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 3)
@transaction.atomic
def test_list(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')
# Step 2: Test & verify.
response = self.unauthorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 3)
@transaction.atomic
def test_get_with_authenticated_user(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')
# Step 2: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data) > 0, True)
@transaction.atomic
def test_get(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')
# Step 2: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data) > 0, True)
@transaction.atomic
def test_put_with_authenticated_user(self):
# Delete any previous data.
uploads = ImageUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Create a new object with our specific test data.
ImageUpload.objects.create(id=1, owner_id=self.user.id,)
# Run the test.
url = reverse('tenantimageupload-list')+'1/'
response = self.authorized_client.put(url, json.dumps({'id': 1, 'owner': self.user.id}), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_put_with_different_owner(self):
# Initialize our test user.
user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
token = Token.objects.get(user=user)
# Perform this unit test.
# Step 1: Log in and get the first ImageUpload object.
client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
# Delete any previous data.
uploads = ImageUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Create a new object with our specific test data.
ImageUpload.objects.create(id=1, owner_id=self.user.id,)
# Run the test.
url = reverse('tenantimageupload-list')+'1/'
response = client.put(url, json.dumps({'id': 1, 'owner': user.id }), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_put(self):
# Step 1: Set the location variables.
url = reverse('tenantimageupload-list')
data = self._create_test_image('/tmp/test_upload.png')
kwargs = {'HTTP_X_REQUESTED_WITH':'XMLHttpRequest'}
# Step 2: Perform a "multiform" post using AJAX.
response = self.unauthorized_client.put(url,{
'id': 1,
'imagefile': data,
}, **kwargs)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authenticated_user(self):
# Step 1: Delete any previous data.
uploads = ImageUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Step 2: Setup variables.
ImageUpload.objects.create(id=1, owner_id=self.user.id,)
url = reverse('tenantimageupload-list')+'1/'
# Step 3: Test & verify.
response = self.authorized_client.delete(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_different_owner(self):
# Step 1: Delete any previous data.
uploads = ImageUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Step 2: Initialize our test user.
ImageUpload.objects.create(id=1, owner_id=self.user.id,)
user = User.objects.create_user( # Create our user.
email='*****@*****.**',
username='******',
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
token = Token.objects.get(user=user)
# Step 3: Connect to the server.
client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
# Step 4: Test & verify.
url = reverse('tenantimageupload-list')+'1/'
response = client.delete(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_delete(self):
# Step 1: Setup variables.
url = reverse('tenantimageupload-list')+'1/'
# Step 2: Test & verify.
response = self.unauthorized_client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(len(response.data) > 0, True)
class APIEmailActivationTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our User.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APIEmailActivationTestCase, self).setUp()
self.c = TenantClient(self.tenant)
@transaction.atomic
def tearDown(self):
users = User.objects.all()
for user in users.all():
user.delete()
# super(APIEmailActivationTestCase, self).tearDown()
@transaction.atomic
def test_api_send_activation(self):
url = reverse('api_emailactivation')
data = {
'email': TEST_USER_EMAIL,
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
from django.core import mail
# Test that one message has been sent.
self.assertEqual(len(mail.outbox), 1)
# Verify that the subject of the first message is correct.
self.assertEqual(mail.outbox[0].subject, 'Den Activation')
@transaction.atomic
def test_api_send_activation_with_no_email(self):
url = reverse('api_emailactivation')
data = {
'email': '*****@*****.**',
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class StaffListCreateAPIViewWithTenantTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test tenant_api.tests.test_staff_view
"""
#------------------#
# Setup Unit Tests #
#------------------#
def setup_tenant(tenant):
"""Tenant Schema"""
tenant.schema_name = TEST_SCHEMA_NAME
tenant.name='Over 55 (London) Inc.',
tenant.alternate_name="Over55",
tenant.description="Located at the Forks of the Thames in ...",
tenant.address_country="CA",
tenant.address_locality="London",
tenant.address_region="Ontario",
tenant.post_office_box_number="", # Post Offic #
tenant.postal_code="N6H 1B4",
tenant.street_address="78 Riverside Drive",
tenant.street_address_extra="", # Extra line.
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(StaffListCreateAPIViewWithTenantTestCase, self).setUp()
# Load up the dependat.
call_command('init_app', verbosity=0)
call_command('populate_tenant_content', TEST_SCHEMA_NAME, verbosity=0)
# Create the account.
call_command(
'create_tenant_account',
TEST_SCHEMA_NAME,
constants.MANAGEMENT_GROUP_ID,
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
TEST_USER_TEL_NUM,
TEST_USER_TEL_EX_NUM,
TEST_USER_CELL_NUM,
"CA",
"London",
"Ontario",
"", # Post Offic #
"N6H 1B4",
"78 Riverside Drive",
"", # Extra line.
verbosity=0
)
# Create the account.
call_command(
'create_tenant_account',
TEST_SCHEMA_NAME,
constants.MANAGEMENT_GROUP_ID,
TEST_ALERNATE_USER_EMAIL,
TEST_USER_PASSWORD,
"Rodolfo",
"Martinez",
TEST_USER_TEL_NUM,
TEST_USER_TEL_EX_NUM,
TEST_USER_CELL_NUM,
"CA",
"London",
"Ontario",
"", # Post Offic #
"N6H 1B4",
"78 Riverside Drive",
"", # Extra line.
verbosity=0
)
# Initialize our test data.
self.user = SharedUser.objects.get(email=TEST_USER_EMAIL)
self.alternate_user = SharedUser.objects.get(email=TEST_ALERNATE_USER_EMAIL)
token, orig_iat = get_jwt_token_and_orig_iat(self.user)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(token))
self.authorized_client.login(
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
# Create our staff.
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
self.staff = Staff.objects.create(
owner=self.user,
given_name="Bart",
last_name="Mika"
)
self.alernate_staff = Staff.objects.create(
owner=self.alternate_user,
given_name="Rodolfo",
last_name="Martinez"
)
@transaction.atomic
def tearDown(self):
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
Staff.objects.delete_all()
del self.unauthorized_client
del self.authorized_client
super(StaffListCreateAPIViewWithTenantTestCase, self).tearDown()
#-------------------#
# List API-endpoint #
#-------------------#
@transaction.atomic
def test_list_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the LIST API-endpoint.
"""
url = reverse('workery_staff_list_create_api_endpoint')+"?format=json"
response = self.unauthorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the list API-endpoint.
"""
url = reverse('workery_staff_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
self.assertNotIn("You do not have permission to access this API-endpoint.", str(response.data))
@transaction.atomic
def test_list_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_staff_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn("You do not have permission to access this API-endpoint.", str(response.data))
#---------------------#
# Create API-endpoint #
#---------------------#
@transaction.atomic
def test_create_with_401_by_permissions(self):
"""
Unit test will test anonymous make a POST request to the create API-endpoint.
"""
url = reverse('workery_staff_list_create_api_endpoint')+"?format=json"
response = self.unauthorized_client.post(url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_create_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
POST request to the create API-endpoint.
"""
# Perform our tests.
url = reverse('workery_staff_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.post(url, data=json.dumps({
'password': '******',
'password_repeat': '123Password!',
'groups': [
constants.MANAGEMENT_GROUP_ID
],
'email': "*****@*****.**",
'given_name': 'Bart',
'middle_name': '',
'last_name': 'Mika',
'address_country': 'CA',
'address_locality': 'London',
'address_region': 'Ontario',
'street_address': '78 Riverside Drive',
'postal_code': 'N6H 1B4',
'telephone': '(123) 456-7890',
'telephone_extension': None,
'fax_number': None,
'other_telephone': '+19876543210',
'extra_comment': "This is a friendly staff.",
'group_membership': 2,
'is_active': True,
'password': '******',
'password_repeat': '123passwordOK!',
'description': 'Some generic desc.',
'telephone_type_of': 1,
'other_telephone_type_of': 1,
'is_ok_to_email': True,
'is_ok_to_text': True,
'tags': [],
'account_type': constants.FRONTLINE_GROUP_ID
}), content_type='application/json')
self.assertIsNotNone(response)
# print(response.data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
self.assertIn("(123) 456-7890", str(response.data))
self.assertIn("(987) 654-3210", str(response.data))
@transaction.atomic
def test_create_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a POST request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_staff_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.post(url, data=json.dumps({}), content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn("You do not have permission to access this API-endpoint.", str(response.data))
#---------------------#
# Update API-endpoint #
#---------------------#
@transaction.atomic
def test_update_with_401_by_permissions(self):
"""
Unit test will test anonymous make a PUT request to the update API-endpoint.
"""
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.unauthorized_client.post(url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_update_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
PUT request to the update API-endpoint.
"""
# Perform our tests.
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.alernate_staff.id])+"?format=json"
response = self.authorized_client.put(url, data=json.dumps({
# 'email': TEST_ALERNATE_USER_EMAIL,
'given_name': 'Rodolfo',
'middle_name': '',
'last_name': 'Martinez',
'address_country': 'CA',
'address_locality': 'Port Frank Herbert',
'address_region': 'Britich Coloumbia',
'street_address': '666 Riverside Drive',
'postal_code': 'N1N 1N1',
'extra_comment': "This is a helpful staff.",
'group_membership': 2,
'is_active': True,
'password': '******',
'password_repeat': '123passwordOK!',
'description': 'Some generic desc.',
'telephone_type_of': 1,
'other_telephone_type_of': 1,
'is_ok_to_email': True,
'is_ok_to_text': True,
'tags': [],
'account_type': constants.FRONTLINE_GROUP_ID
}), content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Rodolfo", str(response.data))
self.assertIn("Martinez", str(response.data))
self.assertIn("666 Riverside Drive", str(response.data))
self.assertIn("N1N 1N1", str(response.data))
self.assertIn("Port Frank Herbert", str(response.data))
# # @transaction.atomic
# # def test_update_with_403_by_permissions(self):
# # """
# # Unit test will test authenticated user, who does not have permission, to
# # make a PUT request to the update API-endpoint.
# # """
# # Permission.objects.all().delete()
# # url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.alernate_staff.id])+"?format=json"
# # response = self.authorized_client.put(url, data=json.dumps({}), content_type='application/json')
# # self.assertIsNotNone(response)
# # self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# # self.assertIn("You do not have permission to access this API-endpoint.", str(response.data))
@transaction.atomic
def test_update_with_200_by_ownership(self):
# Perform our tests.
Permission.objects.all().delete()
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.put(url, data=json.dumps({
# 'email': '*****@*****.**',
'given_name': 'Bartlomiej',
'middle_name': '',
'last_name': 'Mika',
'address_country': 'CA',
'address_locality': 'Port Bart',
'address_region': 'Alberta',
'street_address': '666 Riverside Drive',
'postal_code': 'N1N 1N1',
# 'extra_comment': "This is a helpful staff.",
'group_membership': 2,
'is_active': True,
'password': '******',
'password_repeat': '123passwordOK!',
'description': 'Some generic desc.',
'telephone_type_of': 1,
'other_telephone_type_of': 1,
'is_ok_to_email': True,
'is_ok_to_text': True,
'tags': [],
'account_type': constants.FRONTLINE_GROUP_ID
}), content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bartlomiej", str(response.data))
self.assertIn("Mika", str(response.data))
self.assertIn("666 Riverside Drive", str(response.data))
self.assertIn("N1N 1N1", str(response.data))
self.assertIn("Port Bart", str(response.data))
@transaction.atomic
def test_update_with_200_by_ownership_and_password_change(self):
# Perform our tests.
Permission.objects.all().delete()
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.put(url, data=json.dumps({
'password': '******',
'password_repeat': '123Password!',
# 'email': '*****@*****.**',
'given_name': 'Bartlomiej',
'middle_name': '',
'last_name': 'Mika',
'address_country': 'CA',
'address_locality': 'Port Bart',
'address_region': 'Alberta',
'street_address': '666 Riverside Drive',
'postal_code': 'N1N 1N1',
# 'extra_comment': "This is a helpful staff.",
'group_membership': 2,
'is_active': True,
'password': '******',
'password_repeat': '123passwordOK!',
'description': 'Some generic desc.',
'telephone_type_of': 1,
'other_telephone_type_of': 1,
'is_ok_to_email': True,
'is_ok_to_text': True,
'tags': [],
'account_type': constants.FRONTLINE_GROUP_ID
}), content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bartlomiej", str(response.data))
self.assertIn("Mika", str(response.data))
self.assertIn("666 Riverside Drive", str(response.data))
self.assertIn("N1N 1N1", str(response.data))
self.assertIn("Port Bart", str(response.data))
#-----------------------#
# Retrieve API-endpoint #
#-----------------------#
@transaction.atomic
def test_retrieve_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the retrieve API-endpoint.
"""
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.unauthorized_client.get(url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_retrieve_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the retrieve API-endpoint.
"""
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
@transaction.atomic
def test_retrieve_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the retrieve API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.alernate_staff.id])+"?format=json"
response = self.authorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn("You do not have permission to access this API-endpoint.", str(response.data))
@transaction.atomic
def test_retrieve_with_200_by_ownership(self):
"""
Unit test will test authenticated user, who does not have permission,
but is the OWNER of the object to make a GET request to the retrieve
API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.get(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
#-----------------------#
# Delete API-endpoint #
#-----------------------#
@transaction.atomic
def test_delete_with_401_by_permissions(self):
"""
Unit test will test anonymous make a DELETE request to the delete API-endpoint.
"""
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.unauthorized_client.delete(url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
DELETE request to the delete API-endpoint.
"""
# Add executive group so you can delete.
self.user.groups.add(constants.EXECUTIVE_GROUP_ID)
# Go ahead and delete.
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.delete(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a DELETE request to the delete API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_staff_retrieve_update_destroy_api_endpoint', args=[self.staff.id])+"?format=json"
response = self.authorized_client.delete(url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn("You do not have permission to access this API-endpoint.", str(response.data))
class APITaskBaseWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APITaskBaseWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
self.authorized_client.login(username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
# Initialize our test data.
Task.objects.bulk_create([
Task(owner=self.user),
Task(owner=self.user),
Task(owner=self.user),
])
@transaction.atomic
def tearDown(self):
PostalAddress.objects.delete_all() # Must be above Tasks.
ContactPoint.objects.delete_all() # Must be above Tasks.
CalendarEvent.objects.delete_all()
Task.objects.delete_all()
SortedLogEventByCreated.objects.delete_all()
SortedCommentPostByCreated.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APITaskBaseWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list_with_anonymous_user(self):
response = self.unauthorized_client.get('/api/tenanttask/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authenticated_user(self):
me = Me.objects.create( # Create our models.
id=1,
owner=self.user,
)
task = Task.objects.create(
id=666,
assigned_by=me,
assignee=me,
)
response = self.authorized_client.get(
'/api/tenanttask/') # Run test and verify.
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'assigned_by': me.id,
'assignee': me.id,
'status': constants.OPEN_TASK_STATUS,
}
response = self.unauthorized_client.post(
'/api/tenanttask/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authenticated_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
data = {
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'assigned_by': me.id,
'assignee': me.id,
'status': constants.OPEN_TASK_STATUS,
}
response = self.authorized_client.post('/api/tenanttask/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put_with_anonymous_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
task = Task.objects.create(
id=666,
assigned_by=me,
assignee=me,
)
data = {
'id': task.id,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'assigned_by': me.id,
'assignee': me.id,
'status': constants.OPEN_TASK_STATUS,
}
response = self.unauthorized_client.put(
'/api/tenanttask/666/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_owner_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
task = Task.objects.create(
id=666,
owner=self.user,
assigned_by=me,
assignee=me,
)
data = {
'id': task.id,
'name': 'Unit Test',
'description': 'Used for unit testing purposes.',
'assigned_by': me.id,
'assignee': me.id,
'status': constants.OPEN_TASK_STATUS,
}
response = self.authorized_client.put('/api/tenanttask/666/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_by_anonymous_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
task = Task.objects.create(
id=666,
owner=self.user,
assigned_by=me,
assignee=me,
)
response = self.unauthorized_client.delete('/api/tenanttask/' +
str(task.id) + '/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_by_owner_user(self):
me = Me.objects.create(
id=1,
owner=self.user,
)
calendar_event = CalendarEvent.objects.create(id=666, owner=self.user)
task = Task.objects.create(id=666,
owner=self.user,
assigned_by=me,
assignee=me,
calendar_event=calendar_event)
response = self.authorized_client.delete('/api/tenanttask/' +
str(task.id) + '/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
class APILoginWithPublicSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our User.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APILoginWithPublicSchemaTestCase, self).setUp()
self.c = TenantClient(self.tenant)
@transaction.atomic
def tearDown(self):
users = User.objects.all()
for user in users.all():
user.delete()
super(APILoginWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_login_with_success(self):
url = reverse('api_login')
data = {
'username': TEST_USER_USERNAME,
'password': TEST_USER_PASSWORD,
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['user'] > 0, True)
self.assertEqual(len(response.data['auth_token']) > 0, True)
@transaction.atomic
def test_api_login_with_nonexisting_account(self):
url = reverse('api_login')
data = {
'username': '******',
'password': '******',
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_api_login_with_inactive_account(self):
# Get our current user and set the user to be inactive.
client = User.objects.get()
client.is_active = False
client.save()
# Run this test.
url = reverse('api_login')
data = {
'username': TEST_USER_USERNAME,
'password': TEST_USER_PASSWORD,
}
response = self.c.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class APIPublicFileUploadWithPublicSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIPublicFileUploadWithPublicSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
PublicFileUpload.objects.bulk_create([
PublicFileUpload(owner=self.user),
PublicFileUpload(owner=self.user),
PublicFileUpload(owner=self.user),
])
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
entries = PublicFileUpload.objects.all()
for entry in entries.all():
entry.delete()
users = User.objects.all()
for user in users.all():
user.delete()
super(APIPublicFileUploadWithPublicSchemaTestCase, self).tearDown()
def _create_test_file(self, path):
"""
Creates a simulated file.
Source: https://medium.com/@jxstanford/django-rest-framework-file-upload-e4bc8de669c0#.l8dbmtosq
"""
f = open(path, 'w')
f.write('test123\n')
f.close()
f = open(path, 'rb')
return {'datafile': f}
@transaction.atomic
def test_to_string(self):
# Create a new object with our specific test data.
entry = PublicFileUpload.objects.create(
id=2030,
owner=self.user,
)
entry.save()
self.assertEqual(str(entry), "")
@transaction.atomic
def test_post_with_authenticated_user(self):
# Step 1: Set the location variables.
url = reverse('publicfileupload-list')
data = self._create_test_file('/tmp/test_upload')
data['owner'] = self.user.id
# Step 2: Perform a "multiform" post using AJAX.
response = self.authorized_client.post(url, data, format='multipart')
# Step 3: Test & verify.
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn('created', response.data)
@transaction.atomic
def test_post(self):
# Step 1: Set the location variables.
url = reverse('publicfileupload-list')
data = self._create_test_file('/tmp/test_upload')
# Step 2: Perform a "multiform" post using AJAX.
response = self.unauthorized_client.post(url, data, format='multipart')
# Step 3: Test & verify.
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list(self):
# Step 1: Set the location variables.
url = reverse('publicfileupload-list')
# Step 2: Test & verify.
response = self.unauthorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authentication(self):
# Step 1: Set the location variables.
url = reverse('publicfileupload-list')
# Step 2: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_banning(self):
# Step 1: Setup variables.
url = reverse('publicfileupload-list')
# Step 2: Ban self.
BannedIP.objects.create(address='127.0.0.1',
reason='For unit testing purposes.')
# Step 3: Test & verify.
response = self.authorized_client.get(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_put(self):
# Delete any previous data.
uploads = PublicFileUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Create a new object with our specific test data.
PublicFileUpload.objects.create(id=1, )
# Run the test.
url = reverse('publicfileupload-list') + '1/'
response = self.unauthorized_client.put(
url, json.dumps({
'id': 1,
}), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
# Delete any previous data.
uploads = PublicFileUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Create a new object with our specific test data.
PublicFileUpload.objects.create(
id=1,
owner_id=self.user.id,
)
data = {'id': 1, 'owner': self.user.id}
# Run the test.
url = reverse('publicfileupload-list') + '1/'
response = self.authorized_client.put(url,
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
# Step 1: Set the location variables.
url = reverse('publicfileupload-list') + '1/'
# Step 2: Test & verify.
response = self.unauthorized_client.delete(url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication(self):
# Step 1: Delete any previous data.
uploads = PublicFileUpload.objects.all()
for upload in uploads.all():
upload.delete()
# Step 2: Set the location variables.
PublicFileUpload.objects.create(
id=1,
owner_id=self.user.id,
)
url = reverse('publicfileupload-list') + '1/'
# Step 3: Test & verify.
response = self.authorized_client.delete(url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
class WorkOrderListCreateAPIViewWithTenantTestCase(APITestCase,
TenantTestCase):
"""
Console:
python manage.py test tenant_api.tests.test_order_view
"""
#------------------#
# Setup Unit Tests #
#------------------#
def setup_tenant(tenant):
"""Tenant Schema"""
tenant.schema_name = TEST_SCHEMA_NAME
tenant.name = 'Over 55 (London) Inc.',
tenant.alternate_name = "Over55",
tenant.description = "Located at the Forks of the Thames in ...",
tenant.address_country = "CA",
tenant.address_locality = "London",
tenant.address_region = "Ontario",
tenant.post_office_box_number = "", # Post Offic #
tenant.postal_code = "N6H 1B4",
tenant.street_address = "78 Riverside Drive",
tenant.street_address_extra = "", # Extra line.
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(WorkOrderListCreateAPIViewWithTenantTestCase, self).setUp()
# Load up the dependat.
call_command('init_app', verbosity=0)
call_command('populate_tenant_content', TEST_SCHEMA_NAME, verbosity=0)
call_command('populate_tenant_sample_db',
TEST_SCHEMA_NAME,
verbosity=0)
# Get objects.
self.customer = Customer.objects.get(owner__email='*****@*****.**')
self.associate = Associate.objects.get(
owner__email='*****@*****.**')
# Get users.
exec_user = SharedUser.objects.get(email='*****@*****.**')
manager_user = SharedUser.objects.get(email='*****@*****.**')
frontline_user = SharedUser.objects.get(email='*****@*****.**')
associate_user = SharedUser.objects.get(email='*****@*****.**')
customer_user = SharedUser.objects.get(email='*****@*****.**')
# Get tokens.
exec_token, exec_orig_iat = get_jwt_token_and_orig_iat(exec_user)
manager_token, manager_orig_iat = get_jwt_token_and_orig_iat(
manager_user)
frontline_token, frontline_orig_iat = get_jwt_token_and_orig_iat(
frontline_user)
associate_token, associate_orig_iat = get_jwt_token_and_orig_iat(
associate_user)
customer_token, customer_orig_iat = get_jwt_token_and_orig_iat(
customer_user)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.exec_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(exec_token))
self.exec_client.login(username='******',
password=TEST_USER_PASSWORD)
self.manager_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.manager_client.login(username='******',
password=TEST_USER_PASSWORD)
self.staff_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.staff_client.login(username='******',
password=TEST_USER_PASSWORD)
self.customer_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.customer_client.login(username='******',
password=TEST_USER_PASSWORD)
# Load up the tenant.
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
# Tag
self.tag = Tag.objects.create(text="Test Tag")
# Create our order.
self.order = WorkOrder.objects.create(
customer=Customer.objects.get(owner__email="*****@*****.**"),
associate=Associate.objects.get(
owner__email="*****@*****.**"),
assignment_date=timezone.now(),
created_by=SharedUser.objects.get(email="*****@*****.**"),
last_modified_by=None)
self.order.tags.set([self.tag])
@transaction.atomic
def tearDown(self):
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
Tag.objects.delete_all()
WorkOrder.objects.delete_all()
del self.unauthorized_client
del self.exec_client
del self.manager_client
del self.staff_client
del self.customer_client
super(WorkOrderListCreateAPIViewWithTenantTestCase, self).tearDown()
#-------------------#
# List API-endpoint #
#-------------------#
@transaction.atomic
def test_list_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the LIST API-endpoint.
"""
url = reverse(
'workery_order_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.get(
url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the list API-endpoint.
"""
url = reverse('workery_order_list_create_api_endpoint')
url += "?format=json"
# Executive
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Manager
response = self.manager_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Staff
response = self.staff_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_order_list_create_api_endpoint')
url += "?format=json"
response = self.customer_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Create API-endpoint #
#---------------------#
@transaction.atomic
def test_create_with_401_by_permissions(self):
"""
Unit test will test anonymous make a POST request to the create API-endpoint.
"""
url = reverse(
'workery_order_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_create_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
POST request to the create API-endpoint.
"""
# Fetch our `SkillSet` objects.
skill_set_1 = SkillSet.objects.filter(
category="Carpentry", sub_category="Carpenter").first()
skill_set_2 = SkillSet.objects.filter(
category="Carpentry", sub_category="Deck Construction").first()
skill_set_3 = SkillSet.objects.filter(
category="Ceramic Tile", sub_category="Backsplash only").first()
# Generate the URL.
url = reverse('workery_order_list_create_api_endpoint')
url += "?format=json"
# Executive
response = self.exec_client.post(
url,
data=json.dumps({
'customer':
self.customer.id,
'associate':
self.associate.id,
'given_name':
'Bart',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'assignment_date':
"2018-01-30",
'tags': [self.tag.id],
'extra_comment':
"This is an extra comment.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'invoice_service_fee_amount':
7.99,
'invoice_service_fee':
1
}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("Shinji", str(response.data))
self.assertIn("Ikari", str(response.data))
self.assertIn("Rei", str(response.data))
self.assertIn("Ayanami", str(response.data))
self.assertIn("[1]", str(response.data)) # tags
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
# Manager
response = self.manager_client.post(
url,
data=json.dumps({
'customer':
self.customer.id,
'associate':
self.associate.id,
'given_name':
'Bart',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'assignment_date':
"2018-01-30",
'tags': [],
'extra_comment':
"This is an extra comment.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'invoice_service_fee_amount':
7.99,
'invoice_service_fee':
1
}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("Shinji", str(response.data))
self.assertIn("Ikari", str(response.data))
self.assertIn("Rei", str(response.data))
self.assertIn("Ayanami", str(response.data))
self.assertIn("[]", str(response.data)) # tags
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
# Staff
response = self.staff_client.post(
url,
data=json.dumps({
'customer':
self.customer.id,
'associate':
self.associate.id,
'given_name':
'Bart',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'assignment_date':
"2018-01-30",
'tags': [],
'extra_comment':
"This is an extra comment.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'invoice_service_fee':
1
}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("Shinji", str(response.data))
self.assertIn("Ikari", str(response.data))
self.assertIn("Rei", str(response.data))
self.assertIn("Ayanami", str(response.data))
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
# @transaction.atomic
def test_create_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a POST request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_order_list_create_api_endpoint')
url += "?format=json"
response = self.customer_client.post(url,
data=json.dumps({}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Update API-endpoint #
#---------------------#
@transaction.atomic
def test_update_with_401_by_permissions(self):
"""
Unit test will test anonymous make a PUT request to the update API-endpoint.
"""
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_update_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
PUT request to the update API-endpoint.
"""
# Fetch our `SkillSet` objects.
skill_set_1 = SkillSet.objects.filter(
category="Carpentry", sub_category="Carpenter").first()
skill_set_2 = SkillSet.objects.filter(
category="Carpentry", sub_category="Deck Construction").first()
skill_set_3 = SkillSet.objects.filter(
category="Ceramic Tile", sub_category="Backsplash only").first()
# Generate the URL and data.
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
data = json.dumps({
'customer':
self.customer.id,
'associate':
self.associate.id,
'completion_date':
'2019-01-25',
'assignment_date':
"2018-01-30",
'tags': [self.tag.id],
'extra_comment':
"This is an extra comment.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'invoice_service_fee':
1,
'invoice_service_fee_payment_date':
"2018-01-30",
})
# Executive
response = self.exec_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
# print(response.content)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("2019-01-25", str(response.data))
self.assertIn("2018-01-30", str(response.data))
# self.assertIn("This is an extra comment.", str(response.data))
# Manager
response = self.manager_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("2019-01-25", str(response.data))
self.assertIn("2018-01-30", str(response.data))
# Staff
response = self.staff_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("2019-01-25", str(response.data))
self.assertIn("2018-01-30", str(response.data))
@transaction.atomic
def test_update_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a PUT request to the update API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
data = json.dumps({
'customer': self.customer.id,
'associate': self.associate.id,
'completion_date': '2019-01-25',
'assignment_date': "2018-01-30",
'tags': [],
'comments': []
})
response = self.customer_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#-----------------------#
# Retrieve API-endpoint #
#-----------------------#
@transaction.atomic
def test_retrieve_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the retrieve API-endpoint.
"""
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.unauthorized_client.get(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_retrieve_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the retrieve API-endpoint.
"""
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Rei", str(response.data))
self.assertIn("Shinji", str(response.data))
response = self.manager_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Rei", str(response.data))
self.assertIn("Shinji", str(response.data))
response = self.staff_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Rei", str(response.data))
self.assertIn("Shinji", str(response.data))
@transaction.atomic
def test_retrieve_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the retrieve API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#-----------------------#
# Delete API-endpoint #
#-----------------------#
@transaction.atomic
def test_delete_with_401_by_permissions(self):
"""
Unit test will test anonymous make a DELETE request to the delete API-endpoint.
"""
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.unauthorized_client.delete(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
DELETE request to the delete API-endpoint.
"""
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.exec_client.delete(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a DELETE request to the delete API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_order_retrieve_update_destroy_api_endpoint',
args=[self.order.id]) + "?format=json"
response = self.exec_client.delete(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
class APITagWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_superuser = True
user.is_active = True
user.groups.add(org_admin_group)
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APITagWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
self.authorized_client.login(
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
self.tenant.owner = self.user
self.tenant.save()
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
# Initialize our test data.
Tag.objects.bulk_create([
Tag(name='1'),
Tag(name='2'),
Tag(name='3'),
])
@transaction.atomic
def tearDown(self):
Tag.objects.delete_all()
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Me.objects.delete_all()
users = User.objects.all()
for user in users.all():
user.delete()
# super(APITagWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list_with_anonymous_user(self):
response = self.unauthorized_client.get('/api/tenanttag/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authenticated_management_group_user(self):
response = self.authorized_client.get('/api/tenanttag/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_authenticated_advisor_group_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Test and verify.
response = self.authorized_client.get('/api/tenanttag/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'name': 'Unit Test',
}
response = self.unauthorized_client.post('/api/tenanttag/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authenticated_management_group_user(self):
# Run the test and verify.
data = {
'name': 'Unit Test',
}
response = self.authorized_client.post('/api/tenanttag/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_post_with_authenticated_advisor_group_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Test and verify.
data = {
'name': 'Unit Test',
}
response = self.authorized_client.post('/api/tenanttag/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_put_with_anonymous_user(self):
# Delete any previous data.
items = Tag.objects.all()
for item in items.all():
item.delete()
# Create a new object with our specific test data.
Tag.objects.create(
id=1,
name="Unit Test",
)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
}
response = self.unauthorized_client.put('/api/tenanttag/1/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authenticated_management_user(self):
# Delete any previous data.
items = Tag.objects.all()
for item in items.all():
item.delete()
# Create a new object with our specific test data.
Tag.objects.create(
id=1,
name="Unit Test",
)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
}
response = self.authorized_client.put('/api/tenanttag/1/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_put_with_authenticated_advisor_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Delete any previous data.
items = Tag.objects.all()
for item in items.all():
item.delete()
# Create a new object with our specific test data.
Tag.objects.create(
id=1,
name="Unit Test",
)
# Run the test.
data = {
'id': 1,
'name': 'Unit Test',
}
response = self.authorized_client.put('/api/tenanttag/1/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@transaction.atomic
def test_delete_with_anonymous_user(self):
response = self.unauthorized_client.delete('/api/tenanttag/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authenticated_management_user(self):
response = self.authorized_client.delete('/api/tenanttag/1/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authenticated_advisor_user(self):
# Change Group that the User belongs in.
org_admin_group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
advisor_group = Group.objects.get(id=constants.ADVISOR_GROUP_ID)
self.user.groups.remove(org_admin_group)
self.user.groups.add(advisor_group)
self.user.save()
# Run test and verify.
response = self.authorized_client.delete('/api/tenanttag/1/')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
class AssociateListCreateAPIViewWithTenantTestCase(APITestCase,
TenantTestCase):
"""
Console:
python manage.py test tenant_api.tests.test_associate_view
"""
#------------------#
# Setup Unit Tests #
#------------------#
def setup_tenant(tenant):
"""Tenant Schema"""
tenant.schema_name = TEST_SCHEMA_NAME
tenant.name = 'Over 55 (London) Inc.',
tenant.alternate_name = "Over55",
tenant.description = "Located at the Forks of the Thames in ...",
tenant.address_country = "CA",
tenant.address_locality = "London",
tenant.address_region = "Ontario",
tenant.post_office_box_number = "", # Post Offic #
tenant.postal_code = "N6H 1B4",
tenant.street_address = "78 Riverside Drive",
tenant.street_address_extra = "", # Extra line.
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(AssociateListCreateAPIViewWithTenantTestCase, self).setUp()
# Load up the dependat.
call_command('init_app', verbosity=0)
call_command('populate_tenant_content', TEST_SCHEMA_NAME, verbosity=0)
# Create the account.
call_command(
'create_tenant_account',
TEST_SCHEMA_NAME,
constants.MANAGEMENT_GROUP_ID,
TEST_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
TEST_USER_TEL_NUM,
TEST_USER_TEL_EX_NUM,
TEST_USER_CELL_NUM,
"CA",
"London",
"Ontario",
"", # Post Offic #
"N6H 1B4",
"78 Riverside Drive",
"", # Extra line.
verbosity=0)
# Create the account.
call_command(
'create_tenant_account',
TEST_SCHEMA_NAME,
constants.MANAGEMENT_GROUP_ID,
TEST_ALERNATE_USER_EMAIL,
TEST_USER_PASSWORD,
"Bart",
"Mika",
TEST_USER_TEL_NUM,
TEST_USER_TEL_EX_NUM,
TEST_USER_CELL_NUM,
"CA",
"London",
"Ontario",
"", # Post Offic #
"N6H 1B4",
"78 Riverside Drive",
"", # Extra line.
verbosity=0)
# Initialize our test data.
self.user = SharedUser.objects.get(email=TEST_USER_EMAIL)
token, orig_iat = get_jwt_token_and_orig_iat(self.user)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(token))
self.authorized_client.login(username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
# Create our associate.
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
self.associate = Associate.objects.create(owner=self.user,
given_name="Bart",
last_name="Mika")
self.alernate_associate = Associate.objects.create(
owner=SharedUser.objects.get(email=TEST_ALERNATE_USER_EMAIL),
given_name="Rodolfo",
last_name="Martinez")
@transaction.atomic
def tearDown(self):
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
Associate.objects.delete_all()
del self.unauthorized_client
del self.authorized_client
super(AssociateListCreateAPIViewWithTenantTestCase, self).tearDown()
#-------------------#
# List API-endpoint #
#-------------------#
@transaction.atomic
def test_list_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the LIST API-endpoint.
"""
url = reverse(
'workery_associate_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.get(
url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the list API-endpoint.
"""
url = reverse('workery_associate_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
self.assertNotIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
@transaction.atomic
def test_list_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Create API-endpoint #
#---------------------#
@transaction.atomic
def test_create_with_401_by_permissions(self):
"""
Unit test will test anonymous make a POST request to the create API-endpoint.
"""
url = reverse(
'workery_associate_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_create_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
POST request to the create API-endpoint.
"""
# Fetch our `SkillSet` objects.
skill_set_1 = SkillSet.objects.filter(
category="Carpentry", sub_category="Carpenter").first()
skill_set_2 = SkillSet.objects.filter(
category="Carpentry", sub_category="Deck Construction").first()
skill_set_3 = SkillSet.objects.filter(
category="Ceramic Tile", sub_category="Backsplash only").first()
# Perform our tests.
url = reverse('workery_associate_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.post(
url,
data=json.dumps({
'email':
"*****@*****.**",
'given_name':
'Bart',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'extra_comment':
"This is a friendly associate.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'telephone':
'1231231234',
'is_active':
True,
'password':
'******',
'password_repeat':
'123passwordOK!',
'description':
'Some generic desc.',
'telephone_type_of':
1,
'other_telephone_type_of':
1,
'is_ok_to_email':
True,
'is_ok_to_text':
True,
'vehicle_types': [],
'tags': [],
'hourly_salary_desired':
666,
'how_hear':
1,
'insurance_requirements': [],
'join_date':
'2040-01-01'
}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
@transaction.atomic
def test_create_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a POST request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_list_create_api_endpoint')
url += "?format=json"
response = self.authorized_client.post(url,
data=json.dumps({}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Update API-endpoint #
#---------------------#
@transaction.atomic
def test_update_with_401_by_permissions(self):
"""
Unit test will test anonymous make a PUT request to the update API-endpoint.
"""
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_update_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
PUT request to the update API-endpoint.
"""
# Fetch our `SkillSet` objects.
skill_set_1 = SkillSet.objects.filter(
category="Carpentry", sub_category="Carpenter").first()
skill_set_2 = SkillSet.objects.filter(
category="Carpentry", sub_category="Deck Construction").first()
skill_set_3 = SkillSet.objects.filter(
category="Ceramic Tile", sub_category="Backsplash only").first()
# Perform our tests.
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.put(
url,
data=json.dumps({
'given_name':
'Bartlomiej',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'extra_comment':
"This is a helpful associate.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'telephone':
'1231231234',
'is_active':
True,
'password':
'******',
'password_repeat':
'123passwordOK!',
'description':
'Some generic desc.',
'telephone_type_of':
1,
'other_telephone_type_of':
1,
'is_ok_to_email':
True,
'is_ok_to_text':
True,
'vehicle_types': [],
'tags': [],
'email':
'*****@*****.**',
'hourly_salary_desired':
666,
'how_hear':
1,
'insurance_requirements': [],
'join_date':
'2040-01-01'
}),
content_type='application/json')
self.assertIsNotNone(response)
# print(response.data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bartlomiej", str(response.data))
self.assertIn("Mika", str(response.data))
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
@transaction.atomic
def test_update_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a PUT request to the update API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.alernate_associate.id]) + "?format=json"
response = self.authorized_client.put(url,
data=json.dumps({}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
@transaction.atomic
def test_update_with_200_by_ownership(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a PUT request to the update API-endpoint but has ownership of the
object.
"""
# Fetch our `SkillSet` objects.
skill_set_1 = SkillSet.objects.filter(
category="Carpentry", sub_category="Carpenter").first()
skill_set_2 = SkillSet.objects.filter(
category="Carpentry", sub_category="Deck Construction").first()
skill_set_3 = SkillSet.objects.filter(
category="Ceramic Tile", sub_category="Backsplash only").first()
# Perform our tests.
Permission.objects.all().delete()
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.put(
url,
data=json.dumps({
'given_name':
'Bartlomiej',
'middle_name':
'',
'last_name':
'Mika',
'address_country':
'CA',
'address_locality':
'London',
'address_region':
'Ontario',
'street_address':
'78 Riverside Drive',
'postal_code':
'N6H 1B4',
'extra_comment':
"This is a helpful associate.",
'skill_sets': [skill_set_1.id, skill_set_2.id, skill_set_3.id],
'telephone':
'1231231234',
'is_active':
True,
'password':
'******',
'password_repeat':
'123passwordOK!',
'description':
'Some generic desc.',
'telephone_type_of':
1,
'other_telephone_type_of':
1,
'is_ok_to_email':
True,
'is_ok_to_text':
True,
'vehicle_types': [],
'tags': [],
'email':
'*****@*****.**',
'hourly_salary_desired':
666,
'insurance_requirements': [],
'join_date':
'2040-01-01'
}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bartlomiej", str(response.data))
self.assertIn("Mika", str(response.data))
# self.assertIn("This is a friendly associate.", str(response.data)) # If comments are included then use this.
self.assertIn("[1, 2, 3]", str(response.data)) # Verify skill sets.
# # #-----------------------#
# Retrieve API-endpoint #
#-----------------------#
@transaction.atomic
def test_retrieve_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the retrieve API-endpoint.
"""
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.unauthorized_client.get(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_retrieve_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the retrieve API-endpoint.
"""
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
@transaction.atomic
def test_retrieve_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the retrieve API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.alernate_associate.id]) + "?format=json"
response = self.authorized_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
@transaction.atomic
def test_retrieve_with_200_by_ownership(self):
"""
Unit test will test authenticated user, who does not have permission,
but is the OWNER of the object to make a GET request to the retrieve
API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("Bart", str(response.data))
self.assertIn("Mika", str(response.data))
#-----------------------#
# Delete API-endpoint #
#-----------------------#
@transaction.atomic
def test_delete_with_401_by_permissions(self):
"""
Unit test will test anonymous make a DELETE request to the delete API-endpoint.
"""
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.unauthorized_client.delete(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
DELETE request to the delete API-endpoint.
"""
# Add executive group so you can delete.
self.user.groups.add(constants.EXECUTIVE_GROUP_ID)
# Go ahead and delete.
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.delete(
url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a DELETE request to the delete API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_associate_retrieve_update_destroy_api_endpoint',
args=[self.associate.id]) + "?format=json"
response = self.authorized_client.delete(
url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
class APIMeWithTenantSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Tenant Schema"""
tenant.schema_name = 'galacticalliance'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks=True
tenant.has_mentors=True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(id=constants.ENTREPRENEUR_GROUP_ID, name="Entreprenuer",),
Group(id=constants.MENTOR_GROUP_ID, name="Mentor",),
Group(id=constants.ADVISOR_GROUP_ID, name="Advisor",),
Group(id=constants.ORGANIZATION_MANAGER_GROUP_ID, name="Org Manager",),
Group(id=constants.ORGANIZATION_ADMIN_GROUP_ID, name="Org Admin",),
Group(id=constants.CLIENT_MANAGER_GROUP_ID, name="Client Manager",),
Group(id=constants.SYSTEM_ADMIN_GROUP_ID, name="System Admin",),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIMeWithTenantSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant, HTTP_AUTHORIZATION='Token ' + token.key)
self.authorized_client.login(
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD
)
self.tenant.owner = self.user
self.tenant.save()
# Above taken from:
# http://www.django-rest-framework.org/api-guide/testing/#authenticating
@transaction.atomic
def tearDown(self):
PostalAddress.objects.delete_all()
ContactPoint.objects.delete_all()
Intake.objects.delete_all()
Me.objects.delete_all()
items = User.objects.all()
for item in items.all():
item.delete()
# super(APIMeWithTenantSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get('/api/tenantme/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/tenantme/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post_with_anonymous_user(self):
data = {
'owner': self.user.id
}
response = self.unauthorized_client.post('/api/tenantme/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_authenticated_owner(self):
data = {
'owner': self.user.id,
}
response = self.authorized_client.post(
'/api/tenantme/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
@transaction.atomic
def test_put(self):
# Delete any previous data.
items = Me.objects.delete_all()
# Create a new object with our specific test data.
Me.objects.create(
id=1,
owner=self.user,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id
}
response = self.unauthorized_client.put('/api/tenantme/1/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_put_with_authorization(self):
# Create a new object with our specific test data.
address = PostalAddress.objects.create(
owner=self.user,
name='User #' + str(self.user.id) + ' Address',
)
contact_point = ContactPoint.objects.create(
owner=self.user,
name='User #' + str(self.user.id) + ' Contact Point',
)
Me.objects.create(
id=1,
owner_id=self.user.id,
address=address,
contact_point=contact_point,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id,
'address': address.id,
'contact_point': contact_point.id
}
response = self.authorized_client.put('/api/tenantme/1/', json.dumps(data), content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete(self):
response = self.unauthorized_client.delete('/api/tenantme/1/')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_authentication_case_one(self):
address = PostalAddress.objects.create(
id=1,
owner=self.user,
)
contact_point = ContactPoint.objects.create(
id=1,
owner=self.user,
)
me = Me.objects.create(
id=666,
owner=self.user,
)
Intake.objects.create(
id=1,
me=me,
)
response = self.authorized_client.delete('/api/tenantme/'+str(me.id)+'/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authentication_case_two(self):
me = Me.objects.create(
id=666,
owner=self.user,
)
response = self.authorized_client.delete('/api/tenantme/'+str(me.id)+'/')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
@transaction.atomic
def test_delete_with_authentication_case_three(self):
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
me = Me.objects.create(
id=999,
owner=self.user,
)
response = self.authorized_client.delete('/api/tenantme/'+str(me.id)+'/')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_admit_me_with_entrepreneur_user(self):
# Setup our object.
Me.objects.create(
id=1,
owner=self.user,
is_in_intake=False,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantme/1/admit_me/',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
me = Me.objects.get(id=1)
self.assertFalse(me.is_in_intake)
@transaction.atomic
def test_admit_me_with_org_manager_user(self):
# Setup our object.
Me.objects.create(
id=1,
owner=self.user,
is_in_intake=False,
)
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
self.user.save()
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantme/1/admit_me/',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
me = Me.objects.get(id=1)
self.assertTrue(me.is_in_intake)
@transaction.atomic
def test_expel_me_with_entrepreneur_user(self):
# Setup our object.
Me.objects.create(
id=1,
owner=self.user,
is_in_intake=True,
)
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantme/1/expel_me/',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
me = Me.objects.get(id=1)
self.assertTrue(me.is_in_intake)
@transaction.atomic
def test_expel_me_with_org_manager_user(self):
# Setup our object.
Me.objects.create(
id=1,
owner=self.user,
is_in_intake=True,
)
group = Group.objects.get(id=constants.ORGANIZATION_ADMIN_GROUP_ID)
self.user.groups.add(group)
self.user.save()
# Run the test and verify.
response = self.authorized_client.put(
'/api/tenantme/1/expel_me/',
json.dumps({}),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
me = Me.objects.get(id=1)
self.assertFalse(me.is_in_intake)
@transaction.atomic
def test_unlock_with_success(self):
# Delete any previous data.
items = Me.objects.delete_all()
# Create a new object with our specific test data.
Me.objects.create(
id=1,
owner=self.user,
is_locked=False,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id,
'password': TEST_USER_PASSWORD
}
response = self.authorized_client.put(
'/api/tenantme/1/unlock_me/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_unlock_with_missing_password(self):
# Delete any previous data.
items = Me.objects.delete_all()
# Create a new object with our specific test data.
Me.objects.create(
id=1,
owner=self.user,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id,
}
response = self.authorized_client.put(
'/api/tenantme/1/unlock_me/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_unlock_with_wrong_password(self):
# Delete any previous data.
items = Me.objects.delete_all()
# Create a new object with our specific test data.
Me.objects.create(
id=1,
owner=self.user,
)
# Run the test.
data = {
'id': 1,
'owner': self.user.id,
'password': '******',
}
response = self.authorized_client.put(
'/api/tenantme/1/unlock_me/',
json.dumps(data),
content_type='application/json'
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
class APIFunctionViewSetWithPublicSchemaTestCase(APITestCase, TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our User.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English.
super(APIFunctionViewSetWithPublicSchemaTestCase, self).setUp()
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(
self.tenant,
HTTP_AUTHORIZATION='Token ' + token.key,
format='json',
)
@transaction.atomic
def tearDown(self):
users = User.objects.all()
for user in users.all():
user.delete()
tokens = Token.objects.all()
super(APIFunctionViewSetWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_api_function_is_email_unique_with_true(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Begin this unit test.
url = reverse('api_function_isemailunique')
data = {'email': TEST_USER_EMAIL}
response = self.authorized_client.post(url,
json.dumps(data),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn(b'is_unique', response.content)
self.assertIn(b'false', response.content)
@transaction.atomic
def test_api_function_is_email_unique_with_false(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Begin this unit test.
url = reverse('api_function_isemailunique')
data = {
'email': '*****@*****.**',
}
response = self.authorized_client.post(url,
json.dumps(data),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn(b'is_unique', response.content)
self.assertIn(b'true', response.content)
@transaction.atomic
def test_api_function_is_email_unique_with_400(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Begin this unit test.
url = reverse('api_function_isemailunique')
data = {
'password': '******',
}
response = self.authorized_client.post(url,
json.dumps(data),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertIn(b'email', response.content)
self.assertIn(b'This field is required.', response.content)
@transaction.atomic
def test_api_function_is_email_unique_with_401(self):
# Begin this unit test.
url = reverse('api_function_isemailunique')
data = {'email': TEST_USER_EMAIL}
response = self.unauthorized_client.post(
url,
json.dumps(data),
HTTP_AUTHORIZATION='Token 123',
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_api_function_is_organization_schema_name_unique(self):
# Log in the the account.
user = User.objects.get()
token = Token.objects.get(user_id=user.id)
# Begin this unit test.
url = reverse('api_function_is_organization_schema_name_unique')
data = {'name': 'test'}
response = self.authorized_client.post(url,
json.dumps(data),
HTTP_AUTHORIZATION='Token ' +
token.key,
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn(b'is_unique', response.content)
self.assertIn(b'true', response.content)
class TagListCreateAPIViewWithTenantTestCase(APITestCase, TenantTestCase):
"""
Console:
python manage.py test tenant_api.tests.test_tag_views
"""
#------------------#
# Setup Unit Tests #
#------------------#
def setup_tenant(tenant):
"""Tenant Schema"""
tenant.schema_name = TEST_SCHEMA_NAME
tenant.name = 'Over 55 (London) Inc.',
tenant.alternate_name = "Over55",
tenant.description = "Located at the Forks of the Thames in ...",
tenant.address_country = "CA",
tenant.address_locality = "London",
tenant.address_region = "Ontario",
tenant.post_office_box_number = "", # Post Offic #
tenant.postal_code = "N6H 1B4",
tenant.street_address = "78 Riverside Drive",
tenant.street_address_extra = "", # Extra line.
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(TagListCreateAPIViewWithTenantTestCase, self).setUp()
# Load up the dependat.
call_command('init_app', verbosity=0)
call_command('populate_tenant_content', TEST_SCHEMA_NAME, verbosity=0)
call_command('populate_tenant_sample_db',
TEST_SCHEMA_NAME,
verbosity=0)
# Get objects.
self.customer = Customer.objects.get(owner__email='*****@*****.**')
self.associate = Associate.objects.get(
owner__email='*****@*****.**')
# Get users.
exec_user = SharedUser.objects.get(email='*****@*****.**')
manager_user = SharedUser.objects.get(email='*****@*****.**')
frontline_user = SharedUser.objects.get(email='*****@*****.**')
associate_user = SharedUser.objects.get(email='*****@*****.**')
customer_user = SharedUser.objects.get(email='*****@*****.**')
# Get tokens.
exec_token, exec_orig_iat = get_jwt_token_and_orig_iat(exec_user)
manager_token, manager_orig_iat = get_jwt_token_and_orig_iat(
manager_user)
frontline_token, frontline_orig_iat = get_jwt_token_and_orig_iat(
frontline_user)
associate_token, associate_orig_iat = get_jwt_token_and_orig_iat(
associate_user)
customer_token, customer_orig_iat = get_jwt_token_and_orig_iat(
customer_user)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.exec_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(exec_token))
self.exec_client.login(username='******',
password=TEST_USER_PASSWORD)
self.manager_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.manager_client.login(username='******',
password=TEST_USER_PASSWORD)
self.staff_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.staff_client.login(username='******',
password=TEST_USER_PASSWORD)
self.customer_client = TenantClient(
self.tenant, HTTP_AUTHORIZATION='JWT {0}'.format(manager_token))
self.customer_client.login(username='******',
password=TEST_USER_PASSWORD)
self.tag = Tag.objects.create(text="Some generic text")
@transaction.atomic
def tearDown(self):
connection.set_schema(TEST_SCHEMA_NAME, True) # Switch to Tenant.
Tag.objects.delete_all()
del self.unauthorized_client
del self.exec_client
del self.manager_client
del self.staff_client
del self.customer_client
super(TagListCreateAPIViewWithTenantTestCase, self).tearDown()
#-------------------#
# List API-endpoint #
#-------------------#
@transaction.atomic
def test_list_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the LIST API-endpoint.
"""
url = reverse('workery_tag_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.get(
url, data=None, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the list API-endpoint.
"""
url = reverse('workery_tag_list_create_api_endpoint')
url += "?format=json"
# Executive
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Manager
response = self.manager_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Staff
response = self.staff_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_list_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_tag_list_create_api_endpoint')
url += "?format=json"
response = self.customer_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Create API-endpoint #
#---------------------#
@transaction.atomic
def test_create_with_401_by_permissions(self):
"""
Unit test will test anonymous make a POST request to the create API-endpoint.
"""
url = reverse('workery_tag_list_create_api_endpoint') + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_create_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
POST request to the create API-endpoint.
"""
url = reverse('workery_tag_list_create_api_endpoint')
url += "?format=json"
# Executive
response = self.exec_client.post(url,
data=json.dumps({
'text':
'generic text',
}),
content_type='application/json')
self.assertIsNotNone(response)
# print(response.content)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("generic text", str(response.data))
# Manager
response = self.manager_client.post(url,
data=json.dumps({
'text':
'generic text #2',
}),
content_type='application/json')
self.assertIsNotNone(response)
# print(response.content)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("#2", str(response.data))
# Staff
response = self.staff_client.post(url,
data=json.dumps({
'text':
'generic text #3',
}),
content_type='application/json')
self.assertIsNotNone(response)
# print(response)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertIn("#3", str(response.data))
@transaction.atomic
def test_create_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a POST request to the list API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_tag_list_create_api_endpoint')
url += "?format=json"
response = self.customer_client.post(url,
data=json.dumps({}),
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#---------------------#
# Update API-endpoint #
#---------------------#
@transaction.atomic
def test_update_with_401_by_permissions(self):
"""
Unit test will test anonymous make a PUT request to the update API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.unauthorized_client.post(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_update_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
PUT request to the update API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
data = json.dumps({
'text': 'generic text #1',
})
# Executive
response = self.exec_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text #1", str(response.data))
# Manager
response = self.manager_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text #1", str(response.data))
# Staff
response = self.staff_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text #1", str(response.data))
@transaction.atomic
def test_update_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a PUT request to the update API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
data = json.dumps({
'text': 'generic text',
})
response = self.customer_client.put(url,
data=data,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#-----------------------#
# Retrieve API-endpoint #
#-----------------------#
@transaction.atomic
def test_retrieve_with_401_by_permissions(self):
"""
Unit test will test anonymous make a GET request to the retrieve API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.unauthorized_client.get(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_retrieve_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
GET request to the retrieve API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text", str(response.data))
response = self.manager_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text", str(response.data))
response = self.staff_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("generic text", str(response.data))
@transaction.atomic
def test_retrieve_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a GET request to the retrieve API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.exec_client.get(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
#-----------------------#
# Delete API-endpoint #
#-----------------------#
@transaction.atomic
def test_delete_with_401_by_permissions(self):
"""
Unit test will test anonymous make a DELETE request to the delete API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.unauthorized_client.delete(
url, data={}, content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_delete_with_200_by_permissions(self):
"""
Unit test will test authenticated user, who has permission, to make a
DELETE request to the delete API-endpoint.
"""
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.exec_client.delete(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_delete_with_403_by_permissions(self):
"""
Unit test will test authenticated user, who does not have permission, to
make a DELETE request to the delete API-endpoint.
"""
Permission.objects.all().delete()
url = reverse('workery_tag_retrieve_update_destroy_api_endpoint',
args=[self.tag.id]) + "?format=json"
response = self.exec_client.delete(url,
data=None,
content_type='application/json')
self.assertIsNotNone(response)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertIn(
"You do not have permission to access this API-endpoint.",
str(response.data))
class APIPublicOrganizationWithPublicSchemaTestCase(APITestCase,
TenantTestCase):
fixtures = []
def setup_tenant(self, tenant):
"""Public Schema"""
tenant.schema_name = 'test'
tenant.name = "Galactic Alliance of Humankind"
tenant.has_perks = True
tenant.has_mentors = True
tenant.how_discovered = "Command HQ"
tenant.how_many_served = 1
@classmethod
def setUpTestData(cls):
Group.objects.bulk_create([
Group(
id=constants.ENTREPRENEUR_GROUP_ID,
name="Entreprenuer",
),
Group(
id=constants.MENTOR_GROUP_ID,
name="Mentor",
),
Group(
id=constants.ADVISOR_GROUP_ID,
name="Advisor",
),
Group(
id=constants.ORGANIZATION_MANAGER_GROUP_ID,
name="Org Manager",
),
Group(
id=constants.ORGANIZATION_ADMIN_GROUP_ID,
name="Org Admin",
),
Group(
id=constants.CLIENT_MANAGER_GROUP_ID,
name="Client Manager",
),
Group(
id=constants.SYSTEM_ADMIN_GROUP_ID,
name="System Admin",
),
])
user = User.objects.create_user( # Create our user.
email=TEST_USER_EMAIL,
username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
user.is_active = True
user.save()
@transaction.atomic
def setUp(self):
translation.activate('en') # Set English
super(APIPublicOrganizationWithPublicSchemaTestCase, self).setUp()
# Initialize our test data.
self.user = User.objects.get()
token = Token.objects.get(user__username=TEST_USER_USERNAME)
# Setup.
self.unauthorized_client = TenantClient(self.tenant)
self.authorized_client = TenantClient(self.tenant,
HTTP_AUTHORIZATION='Token ' +
token.key)
self.authorized_client.login(username=TEST_USER_USERNAME,
password=TEST_USER_PASSWORD)
self.tenant.owner = self.user
self.tenant.save()
@transaction.atomic
def tearDown(self):
super(APIPublicOrganizationWithPublicSchemaTestCase, self).tearDown()
@transaction.atomic
def test_list(self):
response = self.unauthorized_client.get(
reverse('publicorganization-list'))
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_list_with_authentication(self):
response = self.authorized_client.get('/api/publicorganization/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
@transaction.atomic
def test_post(self):
data = {
'schema_name': 'galacticalliance',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.unauthorized_client.post(
'/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@transaction.atomic
def test_post_with_upper_case_schema_name(self):
data = {
'schema_name': 'GalacticAlliance',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_post_with_non_alpha_schema_name(self):
data = {
'schema_name': 'ak47',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_post_with_special_characters_in_schema_name(self):
data = {
'schema_name': '*****@*****.**',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_post_with_whitespace_in_schema_name(self):
data = {
'schema_name': 'galactic alliance',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_post_with_reserved_word_in_schema_name(self):
data = {
'schema_name': 'api',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@transaction.atomic
def test_post_with_banned_word_in_schema_name(self):
# Create our BannedWord
BannedWord.objects.create(
text='hideauze',
reason='They are the enemoy of humankind',
)
# Run our test and verify.
data = {
'schema_name': 'hideauze',
'name': 'Galactic Alliance of Humankind',
'description': 'Used for unit testing purposes.',
'owner': self.user.id
}
response = self.authorized_client.post('/api/publicorganization/',
json.dumps(data),
content_type='application/json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
