def handle(self, *args, **options):
if not len(args):
user = User.objects(username='******').first() or User(
username='******').save()
user.group = Group.objects(name='Administrator').first()
user.set_password('password')
location = Location.objects(type='district').first() or Location(
name='Kampala', type='district').save()
profile = UserProfile.objects(phone='N/A').first() or UserProfile(
phone='N/A',
name='Admin',
location=location,
email='*****@*****.**').save()
profile.user = user
profile.save()
else:
user = User.objects(username=args[0]).first() or User(
username=args[0]).save()
user.group = Group.objects(name='Administrator').first()
user.set_password(args[1])
location = Location.objects(name=args[4]).first() or Location(
name=args[4], type='district').save()
profile = UserProfile.objects(
phone=args[5]).first() or UserProfile(
phone=args[5],
name=args[3],
location=location,
email=args[2]).save().save()
profile.user = user
profile.save()
self.stdout.write('Successfully created superuser')
def test_updating_profile_with_photo_file(self):
attr = self.mobile_user_to_post.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775019511'
attr['user'] = User(username='******', password='******').save()
profile = UserProfile(**attr)
user_photo = open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg',
'rb')
profile.photo.put(user_photo, content_type='image/content_type')
profile.save()
with open(settings.PROJECT_ROOT + '/../dms/tests/test2.jpg',
'rb') as test_image:
attr['file'] = test_image
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/', attr)
self.assertEqual(200, response.status_code)
retrieved_user = User.objects(username='******').first()
reloaded_profile = UserProfile.objects(user=retrieved_user).first()
self.assertEqual(
reloaded_profile.photo.read(),
open(settings.PROJECT_ROOT + '/../dms/tests/test2.jpg',
'rb').read())
self.assertEqual(reloaded_profile.photo.content_type, 'image/jpeg')
self.assertEqual(reloaded_profile.photo_uri(),
'/api/v1/photo/' + str(reloaded_profile.id))
def test_should_reset_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) +
'/password_reset/')
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertFalse(
(User.objects(username=self.user.username)).first().check_password(
self.initial_password))
def test_user_must_be_logged_in_to_change_their_password(self):
profile = UserProfile(**(self.mobile_user_attr.copy())).save()
self.client.logout()
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/password/', self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(self.password_data['old_password']))
def test_user_can_only_change_their_password(self):
attr = self.mobile_user_attr.copy()
del attr['user']
profile = UserProfile(**attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/password/', self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(self.password_data['old_password']))
def test_post_with_group_associates_user_to_group(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
group = Group.objects().first()
attr['group'] = str(group.id)
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user = User.objects(username='******').first()
self.assertEqual(group, retrieved_user.group)
def test_post_with_group_associates_user_to_group(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
group = Group.objects().first()
attr['group'] = str(group.id)
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user = User.objects(username='******').first()
self.assertEqual(group, retrieved_user.group)
def handle(self, *args, **options):
if not len(args):
user = User.objects(username='******').first() or User(username='******').save()
user.group = Group.objects(name='Administrator').first()
user.set_password('password')
location = Location.objects(type='district').first() or Location(name='Kampala', type='district').save()
profile = UserProfile.objects(phone='N/A').first() or UserProfile(phone='N/A', name='Admin', location=location, email='*****@*****.**').save()
profile.user = user
profile.save()
else:
user = User.objects(username=args[0]).first() or User(username=args[0]).save()
user.group = Group.objects(name='Administrator').first()
user.set_password(args[1])
location = Location.objects(name=args[4]).first() or Location(name=args[4], type='district').save()
profile = UserProfile.objects(phone=args[5]).first() or UserProfile(phone=args[5], name=args[3], location=location, email=args[2]).save().save()
profile.user = user
profile.save()
self.stdout.write('Successfully created superuser')
def test_post_with_non_empty_username_creates_system_user(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user_profile = UserProfile.objects(name='tim')
self.assertEqual(1, retrieved_user_profile.count())
retrieved_user = User.objects(username='******')
self.assertEqual(1, retrieved_user.count())
self.assertEqual(retrieved_user.first(), retrieved_user_profile.first().user)
def test_user_must_be_logged_in_to_change_their_password(self):
profile = UserProfile(**(self.mobile_user_attr.copy())).save()
self.client.logout()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(
self.password_data['old_password']))
def test_user_can_only_change_their_password(self):
attr = self.mobile_user_attr.copy()
del attr['user']
profile = UserProfile(**attr).save()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
users = User.objects(username=self.user.username)
self.assertEqual(403, response.status_code)
self.assertTrue(users.first().check_password(
self.password_data['old_password']))
def handle(self, *args, **options):
if len(args):
user = User.objects(username=args[0], email=args[2]).first() or User(username=args[0], email=args[2])
if len(args) > 3:
ct = ContentType(app_label='dms', model=str(uuid.uuid4()), name=str(uuid.uuid4())).save()
permission = Permission(name=args[3], codename=args[3], content_type=ct.id).save()
group = Group(name=str(uuid.uuid4()), permissions=[permission]).save()
user.group = group
user.set_password(args[1])
self.stdout.write('Successfully created user')
def test_post_with_non_empty_username_creates_system_user(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user_profile = UserProfile.objects(name='tim')
self.assertEqual(1, retrieved_user_profile.count())
retrieved_user = User.objects(username='******')
self.assertEqual(1, retrieved_user.count())
self.assertEqual(retrieved_user.first(),
retrieved_user_profile.first().user)
def test_post_with_photo_file(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
with open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg', 'rb') as test_image:
attr['file'] = test_image
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user = User.objects(username='******').first()
reloaded_profile = UserProfile.objects(user=retrieved_user).first()
self.assertEqual(reloaded_profile.photo.read(), None)
def test_update_with_group_associates_user_to_new_group(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
group = Group.objects().first()
attr['group'] = str(group.id)
self.client.post(self.API_ENDPOINT, data=attr)
retrieved_user = User.objects(username='******').first()
retrieved_user_profile = UserProfile.objects(user=retrieved_user).first()
new_group = Group.objects().all()[2]
new_attr = self.mobile_user_to_post.copy()
new_attr['username'] = '******'
new_attr['location'] = str(new_attr['location'])
new_attr['group'] = str(new_group.id)
new_attr['id'] = str(retrieved_user_profile.id)
url = self.API_ENDPOINT + str(retrieved_user_profile.id) + '/'
response = self.client.post(url,
data=new_attr)
self.assertEqual(200, response.status_code)
retrieved_user = User.objects(username='******').first()
self.assertEqual(new_group, retrieved_user.group)
def test_post_with_photo_file(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
with open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg',
'rb') as test_image:
attr['file'] = test_image
response = self.client.post(self.API_ENDPOINT, data=attr)
self.assertEqual(201, response.status_code)
retrieved_user = User.objects(username='******').first()
reloaded_profile = UserProfile.objects(user=retrieved_user).first()
self.assertEqual(reloaded_profile.photo.read(), None)
def test_update_with_group_associates_user_to_new_group(self):
attr = self.mobile_user_to_post.copy()
attr['username'] = '******'
group = Group.objects().first()
attr['group'] = str(group.id)
self.client.post(self.API_ENDPOINT, data=attr)
retrieved_user = User.objects(username='******').first()
retrieved_user_profile = UserProfile.objects(
user=retrieved_user).first()
new_group = Group.objects().all()[2]
new_attr = self.mobile_user_to_post.copy()
new_attr['username'] = '******'
new_attr['location'] = str(new_attr['location'])
new_attr['group'] = str(new_group.id)
new_attr['id'] = str(retrieved_user_profile.id)
url = self.API_ENDPOINT + str(retrieved_user_profile.id) + '/'
response = self.client.post(url, data=new_attr)
self.assertEqual(200, response.status_code)
retrieved_user = User.objects(username='******').first()
self.assertEqual(new_group, retrieved_user.group)
def post(self, request, *args, **kwargs):
if request.POST.get('resetPass', None):
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects(username=form.cleaned_data['username'],
email=form.cleaned_data['email']).first()
profile = UserProfile.objects(user=user).first()
if user:
name = profile.name if profile else 'DMS User'
phone = profile.phone if profile else ''
subject = 'NECOC Password Reset Request'
from_email = settings.DEFAULT_FROM_EMAIL
hostname = settings.HOSTNAME
admin_email = settings.ADMIN_EMAIL
password = UserManager().make_random_password()
user.set_password(password)
user.save()
message = settings.RESET_PASSWORD_MESSAGE % {
'name': name,
'hostname': hostname,
'password': password,
'admin_email': admin_email
}
recipient_list = [user.email]
send_email.delay(subject, message, from_email,
recipient_list)
if phone and getattr(settings, 'SENDSMS_ON_PASSWORD_RESET',
False):
text = 'Your NECOC password for user: %s has been reset to %s' % (
user.username, password)
send_one_sms.delay(None, phone, text)
else:
form.add_error(None,
'No user with matching Username and Email')
else:
form.add_error(None, 'Invalid data')
return render(request, 'login.html', {'form': form})
else:
login_form = LoginForm(request.POST)
if login_form.is_valid():
user = authenticate(
username=(login_form.cleaned_data['username']),
password=(login_form.cleaned_data['password']))
if user:
login(request, user)
return redirect('/')
login_form.add_error(None, 'Username or Password is invalid')
return render(request, 'login.html', {'login_form': login_form})
def test_should_update_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/password/', self.password_data)
profiles = UserProfile.objects()
users = User.objects(username=self.user.username)
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertEqual(1, profiles.count())
self.assertEqual(1, users.count())
self.assertTrue(users.first().check_password(self.password_data['new_password']))
response = self.client.login(username=self.user.username, password=self.password_data['new_password'])
self.assertTrue(response)
def test_handling_photo_update_exception(self):
attr = self.mobile_user_to_post.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775019511'
attr['user'] = User(username='******', password='******').save()
profile = UserProfile(**attr)
user_photo = open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg', 'rb')
profile.photo.put(user_photo, content_type='image/content_type')
profile.save()
with open(settings.PROJECT_ROOT + '/../dms/tests/test2.jpg', 'rb') as test_image:
attr['file'] = test_image
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/', attr)
self.assertEqual(200, response.status_code)
retrieved_user = User.objects(username='******').first()
reloaded_profile = UserProfile.objects(user=retrieved_user).first()
self.assertEqual(reloaded_profile.photo.read(), None)
def post(self, request, *args, **kwargs):
if request.POST.get('resetPass', None):
form = PasswordForm(request.POST)
if form.is_valid():
user = User.objects(username=form.cleaned_data['username'],
email=form.cleaned_data['email']).first()
profile = UserProfile.objects(user=user).first()
if user:
name = profile.name if profile else 'DMS User'
phone = profile.phone if profile else ''
subject = 'NECOC Password Reset Request'
from_email = settings.DEFAULT_FROM_EMAIL
hostname = settings.HOSTNAME
admin_email = settings.ADMIN_EMAIL
password = UserManager().make_random_password()
user.set_password(password)
user.save()
message = settings.RESET_PASSWORD_MESSAGE % {
'name': name,
'hostname': hostname,
'password': password,
'admin_email': admin_email}
recipient_list = [user.email]
send_email.delay(subject, message, from_email, recipient_list)
if phone and getattr(settings, 'SENDSMS_ON_PASSWORD_RESET', False):
text = 'Your NECOC password has been reset to %s' % password
send_one_sms.delay(None, phone, text)
else:
form.add_error(None, 'No user with matching Username and Email')
else:
form.add_error(None, 'Invalid data')
return render(request, 'login.html', {'form': form})
else:
login_form = LoginForm(request.POST)
if login_form.is_valid():
user = authenticate(username=(login_form.cleaned_data['username']),
password=(login_form.cleaned_data['password']))
if user:
login(request, user)
return redirect('/')
login_form.add_error(None, 'Username or Password is invalid')
return render(request, 'login.html', {'login_form': login_form})
def test_should_update_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(
self.API_ENDPOINT + str(profile.id) + '/password/',
self.password_data)
profiles = UserProfile.objects()
users = User.objects(username=self.user.username)
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertEqual(1, profiles.count())
self.assertEqual(1, users.count())
self.assertTrue(users.first().check_password(
self.password_data['new_password']))
response = self.client.login(
username=self.user.username,
password=self.password_data['new_password'])
self.assertTrue(response)
def test_should_reset_password_of_user(self):
profile = UserProfile(**self.mobile_user_attr).save()
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/password_reset/')
self.assertEqual(200, response.status_code)
self.assertEqual({}, response.data)
self.assertFalse((User.objects(username=self.user.username)).first().check_password(self.initial_password))
def validate_username(self, attrs, source):
username = attrs.get(source)
updated_value = not (self.object and username == self.object.username())
self.__check_uniqueness(attrs, 'username', User.objects(username=username), updated_value)
return attrs