def test_read_only(self):
"""Check all read-only objects/methods are really read only"""
journal = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test')
journal.save()
self.client.force_authenticate(user=self.user1)
# Not allowed to change UID
journal2 = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test')
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal2).data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(journal, models.Journal.objects.get(uid=journal.uid))
# Not allowed to change version
journal.version = 137
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal2).data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(journal, models.Journal.objects.get(uid=journal.uid))
def test_version(self):
"""Check version behaves correctly"""
journal = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test')
journal.save()
self.client.force_authenticate(user=self.user1)
# Default version is 1
response = self.client.get(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Saving version works
journal = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test',
version=12)
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(journal.version,
models.Journal.objects.get(uid=journal.uid).version)
# Version readonly is handled in test_read_only
pass
def test_read_only(self):
"""Tests for read only JournalMembers"""
journal1 = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'user1')
journal1.save()
journal2 = models.Journal(owner=self.user2,
uid=self.get_random_hash(),
content=b'user2')
journal2.save()
# List
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
self.client.force_authenticate(user=self.user2)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
# Give user1 read only access to user2's journal2
journal_member = models.JournalMember(user=self.user1,
key=b'somekey',
readOnly=True)
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Adding an entry when have read only access
self.client.force_authenticate(user=self.user1)
entry = models.Entry(uid=self.get_random_hash(), content=b'test')
response = self.client.post(
reverse('journal-entries-list',
kwargs={'journal_uid': journal2.uid}),
serializers.EntrySerializer(entry).data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# Adding an entry when owner and there's a read only member
self.client.force_authenticate(user=self.user2)
entry = models.Entry(uid=self.get_random_hash(), content=b'test')
response = self.client.post(
reverse('journal-entries-list',
kwargs={'journal_uid': journal2.uid}),
serializers.EntrySerializer(entry).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Verify the entries list is actually shared with a read only user
self.client.force_authenticate(user=self.user1)
response = self.client.get(
reverse('journal-entries-list',
kwargs={'journal_uid': journal2.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
def create_journals():
"""
Creates a set of dummy journals for testing
:return: a 2-tuple of two journals
"""
journal_one = journal_models.Journal(code="TST", domain="testserver")
journal_one.save()
journal_two = journal_models.Journal(code="TSA", domain="journal2.localhost")
journal_two.save()
return journal_one, journal_two
def setUp(self):
super().setUp()
self.serializer = serializers.EntrySerializer
self.journal = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test')
self.journal.save()
def handle(self, *args, **options):
"""Installs Janeway
:param args: None
:param options: None
:return: None
"""
call_command('makemigrations', 'sites')
call_command('migrate')
print("Please answer the following questions.\n")
translation.activate('en')
with transaction.atomic():
test_one = press_models.Press.objects.all()
if not test_one:
press = press_models.Press()
press.name = input('Press name: ')
press.domain = input('Press domain: ')
press.main_contact = input('Press main contact (email): ')
press.save()
print("Thanks! We will now set up out first journal.\n")
journal = journal_models.Journal()
journal.code = input('Journal #1 code: ')
journal.domain = input('Journal #1 domain: ')
journal.save()
print("Installing settings fixtures... ", end="")
update_settings(journal, management_command=False)
print("[okay]")
print("Installing license fixtures... ", end="")
update_license(journal, management_command=False)
print("[okay]")
print("Installing role fixtures")
roles_path = os.path.join(settings.BASE_DIR, ROLES_RELATIVE_PATH)
call_command('loaddata', roles_path)
journal.name = input('Journal #1 name: ')
journal.description = input('Journal #1 description: ')
journal.save()
journal.setup_directory()
print("Thanks, Journal #1 has been saved.\n")
call_command('show_configured_journals')
call_command('sync_journals_to_sites')
call_command('build_assets')
print("Installing plugins.")
call_command('install_plugins')
print("Installing Cron jobs")
try:
call_command('install_cron')
except FileNotFoundError:
self.stderr.write("Error Installing cron")
print('Create a super user.')
call_command('createsuperuser')
print(
'Open your browser to your new journal domain {domain}/install/ to continue this setup process.'
.format(domain=journal.domain))
print(JANEWAY_ASCII)
def create_journal():
"""
Creates a dummy journal for testing
:return: a journal
"""
journal_one = journal_models.Journal(code="TST", domain="testserver")
journal_one.save()
return journal_one
def create_journal():
"""
Creates a dummy journal for testing
:return: a journal
"""
update_xsl_files()
journal_one = journal_models.Journal(code="TST", domain="testserver")
journal_one.title = "Test Journal: A journal of tests"
journal_one.save()
update_settings(journal_one, management_command=False)
return journal_one
def create_journals():
"""
Creates a set of dummy journals for testing
:return: a 2-tuple of two journals
"""
journal_one = journal_models.Journal(code="TST", domain="testserver")
journal_one.save()
journal_two = journal_models.Journal(code="TSA",
domain="journal2.localhost")
journal_two.save()
out = StringIO()
sys.stdout = out
call_command('load_default_settings', stdout=out)
journal_one.name = 'Journal One'
journal_two.name = 'Journal Two'
return journal_one, journal_two
def handle(self, *args, **options):
"""Installs Janeway
:param args: None
:param options: None
:return: None
"""
call_command('makemigrations')
call_command('migrate')
print("Please answer the following questions.\n")
translation.activate('en')
test_one = press_models.Press.objects.all()
if not test_one:
press = press_models.Press()
press.name = input('Press name: ')
press.domain = input('Press domain: ')
press.main_contact = input('Press main contact (email): ')
press.save()
print("Thanks! We will now set up out first journal.\n")
journal = journal_models.Journal()
journal.code = input('Journal #1 code: ')
journal.domain = input('Journal #1 domain: ')
journal.save()
install.update_settings(journal, management_command=True)
install.update_license(journal, management_command=True)
journal.name = input('Journal #1 name: ')
journal.description = input('Journal #1 description: ')
journal.save()
print("Thanks, Journal #1 has been saved.\n")
call_command('show_configured_journals')
call_command('sync_journals_to_sites')
call_command('build_assets')
call_command('install_plugins')
call_command('install_cron')
call_command('loaddata', 'utils/install/roles.json')
print('Create a super user.')
call_command('createsuperuser')
print(
'Open your browser to your domain /install/ to continue this setup process.'
)
def test_errors_basic(self):
"""Test basic validation errors"""
# Not saved on purpose
journal = models.Journal(content=b'test')
self.client.force_authenticate(user=self.user1)
# Put bad/empty uid
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
journal.uid = "12"
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Put none/empty content
journal.uid = self.get_random_hash()
journal.content = b''
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
# FIXME self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
journal.content = None
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
# FIXME self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Put existing uid
journal.uid = self.get_random_hash()
journal.content = b'test'
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_basic(self):
"""Basic tests for JournalMembers"""
journal1 = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'user1')
journal1.save()
journal2 = models.Journal(owner=self.user2,
uid=self.get_random_hash(),
content=b'user2')
journal2.save()
# List
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
self.client.force_authenticate(user=self.user2)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
# Give access to yourself which updates the key, but doesn't show in list
journal_member = models.JournalMember(user=self.user2, key=b'somekey')
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = self.client.get(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 0)
# Give user1 access to user2's journal2
journal_member = models.JournalMember(user=self.user1, key=b'somekey')
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Give a user access to non-existent journal
self.client.force_authenticate(user=self.user1)
response = self.client.post(
reverse('journal-members-list', kwargs={'journal_uid': 'aaa'}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# List
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 2)
self.client.force_authenticate(user=self.user2)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
# Journals return different owners
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
owners = {}
for journal in response.data:
owners[journal['owner']] = journal
self.assertIn(self.user1.username, owners)
self.assertIn(self.user2.username, owners)
# Check key is set as expected
self.assertIs(owners[self.user1.username]['key'], None)
self.assertIsNot(owners[self.user2.username]['key'], None)
# Get the members of own journal vs someone else's
self.client.force_authenticate(user=self.user1)
response = self.client.get(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.client.force_authenticate(user=self.user2)
response = self.client.get(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['user'], self.user1.username)
# Get the members of a non-existent journal
self.client.force_authenticate(user=self.user1)
response = self.client.get(
reverse('journal-members-list', kwargs={'journal_uid': 'aaaa'}))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Try to edit a journal when not owner but have access
self.client.force_authenticate(user=self.user1)
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal2.uid}),
serializers.JournalSerializer(journal2).data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# Adding an entry when have access
self.client.force_authenticate(user=self.user1)
entry = models.Entry(uid=self.get_random_hash(), content=b'test')
response = self.client.post(
reverse('journal-entries-list',
kwargs={'journal_uid': journal2.uid}),
serializers.EntrySerializer(entry).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Trying to give a user with access access again
journal_member_user = getattr(journal_member.user, User.USERNAME_FIELD)
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Patch is not allowed
self.client.force_authenticate(user=self.user2)
response = self.client.patch(
reverse('journal-members-detail',
kwargs={
'journal_uid': journal2.uid,
'username': journal_member_user
}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
# Revoking access
self.client.force_authenticate(user=self.user2)
response = self.client.delete(
reverse('journal-members-detail',
kwargs={
'journal_uid': journal2.uid,
'username': journal_member_user
}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# Try to edit a journal when not owner and don't have access
self.client.force_authenticate(user=self.user1)
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal2.uid}),
serializers.JournalSerializer(journal2).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Adding an entry when no access
self.client.force_authenticate(user=self.user1)
entry = models.Entry(uid=self.get_random_hash(), content=b'test')
response = self.client.post(
reverse('journal-entries-list',
kwargs={'journal_uid': journal2.uid}),
serializers.EntrySerializer(entry).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Revoking when there's nothingto revoke
response = self.client.delete(
reverse('journal-members-detail',
kwargs={
'journal_uid': journal2.uid,
'username': journal_member_user
}),
self.serializer(journal_member).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Making sure access was really revoked but journal still exists
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
self.client.force_authenticate(user=self.user2)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
# Invalid json request
journal_member = models.JournalMember(user=self.user1, key=b'somekey')
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-members-list',
kwargs={'journal_uid': journal2.uid}), {})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Just to complete coverage
str(journal_member)
def test_only_owner(self):
"""Check all the endpoints correctly require authentication"""
journal = models.Journal(owner=self.user1,
uid=self.get_random_hash(),
content=b'test')
journal.save()
# List
self.client.force_authenticate(user=self.user1)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 1)
self.client.force_authenticate(user=self.user2)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertListEqual(response.data, [])
# Get
self.client.force_authenticate(user=self.user1)
response = self.client.get(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.client.force_authenticate(user=self.user2)
response = self.client.get(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Update
self.client.force_authenticate(user=self.user1)
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.client.force_authenticate(user=self.user2)
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Destroy
self.client.force_authenticate(user=self.user2)
response = self.client.delete(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
## This actuall destroys the object, so has to be last.
self.client.force_authenticate(user=self.user1)
response = self.client.delete(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# Post directly (without it existing)
journal.uid = self.get_random_hash()
self.client.force_authenticate(user=self.user1)
response = self.client.post(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
journal.uid = self.get_random_hash()
self.client.force_authenticate(user=self.user2)
response = self.client.post(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
def test_filler(self):
"""Extra calls to cheat coverage (things we don't really care about)"""
str(models.Journal(uid=self.get_random_hash(), content=b'1'))
def test_crud_basic(self):
"""Test adding/removing/changing journals"""
# Not saved
journal = models.Journal(uid=self.get_random_hash(),
content=b'test',
owner=self.user1)
self.client.force_authenticate(user=self.user1)
# Add
response = self.client.post(reverse('journal-list'),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Get
response = self.client.get(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictEqual(response.data, self.serializer(journal).data)
response = self.client.get(
reverse('journal-detail', kwargs={'uid': self.get_random_hash()}))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Update
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# Partial update
response = self.client.patch(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# List
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictEqual(response.data[0], self.serializer(journal).data)
# Destroy
## This actually destroys the object, so has to be last.
response = self.client.delete(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
## Verify not returned in api but still in db (both list and get)
response = self.client.get(
reverse('journal-detail', kwargs={'uid': journal.uid}))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
response = self.client.get(reverse('journal-list'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data), 0)
## And that we can't update it
journal2 = models.Journal.objects.get(uid=journal.uid)
journal2.content = b'different'
response = self.client.put(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal2).data)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
journal2 = models.Journal.objects.get(uid=journal.uid)
self.assertEqual(journal.content, journal2.content)
journal = models.Journal.objects.get(uid=journal.uid)
self.assertEqual(journal.deleted, True)
# Put directly (without it existing)
journal.uid = self.get_random_hash()
self.client.force_authenticate(user=self.user1)
response = self.client.post(
reverse('journal-detail', kwargs={'uid': journal.uid}),
self.serializer(journal).data)
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
