def test_user_invalid_old_password(self, user_password_change_mock):
with self.assertRaises(ValidationError):
password_new = fake.password()
self.service(user_id=self.user.id,
password1=password_new,
password2=password_new,
old_password=fake.password())
def test_api_invalid_old_password(self):
user = self.create_user()
self.client.login(email=user['email'], password=user['password'])
url = reverse('api:auth:password_change',
kwargs={'user_id': BaseUser.objects.first().id})
data_password_change = {
'old_password': fake.password(),
'password1': fake.password(),
'password2': fake.password()
}
response_password_change = self.client.post(url, data_password_change)
self.assertEqual(400, response_password_change.status_code)
def test_token_invalid(self, user_password_reset_check_mock):
user = user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None)
# Obtain token and user
user_password_reset(email=user.email)
# Code no valid in check
password = fake.password()
token = fake.sha1()
with self.assertRaises(ValidationError):
self.service(token=token, password=password)
def test_api_user_create_with_avatar(self):
image = Image.new("RGB", (100, 100))
with NamedTemporaryFile(suffix=".png", mode="w+b") as tmp_file:
image.save(tmp_file, format="png")
tmp_file.seek(0)
byio = io.BytesIO(tmp_file.read())
inm_file = InMemoryUploadedFile(
file=byio,
field_name="avatar",
name="testImage.png",
content_type="image/png",
size=byio.getbuffer().nbytes,
charset=None,
)
data = {
'first_name': fake.first_name(),
'last_name': fake.last_name(),
'avatar': inm_file,
'email': fake.email(),
'password': fake.password()
}
response = self.client.post(self.url, data, format='multipart')
self.assertEqual(1, BaseUser.objects.count())
self.assertEqual(201, response.status_code)
def test_api_user_login_credentials_invalid(self):
data = {
'email': fake.email(),
'password': fake.password()
}
response = self.client.post(self.url, data)
self.assertEqual(401, response.status_code)
def test_user_common_password(self, user_password_change_mock):
with self.assertRaises(ValidationError):
password_vulnerable = fake.password(length=5, digits=False)
self.service(user_id=self.user.id,
password1=password_vulnerable,
password2=password_vulnerable,
old_password=self.password)
def setUp(self):
self.password = fake.password()
self.user = user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
password=self.password,
email=fake.email(),
avatar=None)
self.service = user_password_change
def test_token_valid_with_vulnerable_password(
self, user_password_reset_check_mock):
user = user_create(
first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None,
)
# Obtain token and user
data = user_password_reset(email=user.email)
# Token valid with invalid password
password_vulnerable = fake.password(length=5, digits=False)
with self.assertRaises(ValidationError):
self.service(token=data['token'], password=password_vulnerable)
def test_service_success_and_call_event(
self, user_password_change_send_email_mock):
password_new = fake.password()
self.service(user_id=self.user.id,
password1=password_new,
password2=password_new,
old_password=self.password)
user_password_change_send_email_mock.assert_called()
def create_user(self):
email = fake.email()
password = fake.password()
user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
email=email,
avatar=None,
password=password)
return {'email': email, 'password': password}
def test_api_user_create_data_omit_avatar(self):
data = {
'first_name': fake.first_name(),
'last_name': fake.last_name(),
'email': fake.email(),
'password': fake.password(),
}
response = self.client.post(self.url, data)
self.assertEqual(1, BaseUser.objects.count())
self.assertEqual(201, response.status_code)
def test_user_create_and_call_event(self, user_create_send_email_mock):
self.service(
first_name=fake.first_name(),
last_name=fake.last_name(),
avatar=None,
password=fake.password(),
email=fake.email()
)
user_create_send_email_mock.assert_called()
def test_api_valid_email(self):
user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
email=fake.email(),
avatar=None,
password=fake.password())
self.assertEqual(1, BaseUser.objects.count())
data = {'email': BaseUser.objects.first().email}
response = self.client.post(self.url, data)
self.assertEqual(201, response.status_code)
def test_user_create_without_avatar(self, user_create_mock):
self.service(
first_name=fake.first_name(),
last_name=fake.last_name(),
avatar=None,
password=fake.password(),
email=fake.email()
)
self.assertEqual(1, BaseUser.objects.count())
def test_api_with_invalid_avatar_not_image(self):
filename = fake.file_name(category='image')
text_file = SimpleUploadedFile(
filename, b'this is some text - not an image')
data = {
'first_name': fake.first_name(),
'last_name': fake.last_name(),
'email': fake.email(),
'password': fake.password(),
'avatar': text_file
}
response = self.client.post(self.url, data)
self.assertEqual(400, response.status_code)
def test_user_with_capitalize_email_cannot_created(self, user_create_mock):
# Generate email and apply upper [email protected] -> [email protected]
email = fake.email()
email_upper = email.upper()
self.service(
first_name=fake.first_name(),
last_name=fake.last_name(),
avatar=None,
password=fake.password(),
email=email
)
with self.assertRaises(ValidationError):
self.service(
first_name=fake.first_name(),
last_name=fake.last_name(),
avatar=None,
password=fake.password(),
email=email_upper
)
self.assertEqual(1, BaseUser.objects.count())
def test_user_password_reset_success_and_call_event(
self, user_password_reset_check_send_email_mock):
password = fake.password()
user = user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
password=password,
email=fake.email(),
avatar=None)
# Obtain token and user
data = user_password_reset(email=user.email)
self.service(token=data['token'], password=password)
user_password_reset_check_send_email_mock.assert_called()
def test_user_with_vulnerable_password(self, user_create_mock):
"""Validate password with common cases:
UserAttributeSimilarityValidator
MinimumLengthValidator
CommonPasswordValidator
NumericPasswordValidator
"""
with self.assertRaises(ValidationError):
user = self.service(
first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(length=5, digits=False),
avatar=None,
email=fake.email()
)
def test_api_valid_old_password_with_vulnerable_password(self):
user = self.create_user()
self.client.login(email=user['email'], password=user['password'])
url = reverse('api:auth:password_change',
kwargs={'user_id': BaseUser.objects.first().id})
new_password = fake.password(length=5, digits=False)
data_password_change = {
'old_password': user['password'],
'password1': new_password,
'password2': new_password
}
response_password_change = self.client.post(url, data_password_change)
self.assertEqual(400, response_password_change.status_code)
def test_service_return_token_and_call_event(
self, user_password_reset_send_email_mock):
user = user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None)
user_profile = self.service(email=user.email)
# 'alcr3d-93e02ecaf523d3332a99462eb93989fb_NQ']
result = list(user_profile)
# Match length result -> Token
self.assertEqual(1, len(result))
user_password_reset_send_email_mock.assert_called()
def test_api_user_login_valid_return_data(self):
email = fake.email()
password = fake.password()
user_create(
first_name=fake.first_name(),
last_name=fake.last_name(),
email=email,
password=password,
avatar=None
)
self.assertEqual(1, BaseUser.objects.count())
data = {
'email': email,
'password': password
}
response = self.client.post(self.url, data)
self.assertEqual(200, response.status_code)
# User login return dict with session and data user
self.assertTrue(response.data)
def create_user(self):
user_create(first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None)
def test_user_not_match_passwords(self, user_password_change_mock):
with self.assertRaises(ValidationError):
self.service(user_id=self.user.id,
password1=fake.password(),
password2=fake.password(),
old_password=self.password)
def test_api_return_users_data_filter_with_pagination(self):
user1 = user_create(
first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None)
user2 = user_create(
first_name=fake.first_name(),
last_name=fake.last_name(),
password=fake.password(),
email=fake.email(),
avatar=None)
# Filter api with parameters
first_response = self.client.get(self.url, data={'is_active': True})
expect_first_response = OrderedDict({
"limit": 1,
"offset": 0,
"count": BaseUser.objects.count(),
"next": 'http://testserver/api/users/list/?is_active=True&limit=1&offset=1',
"previous": None,
"results": [
OrderedDict({
"id": user1.id,
"first_name": user1.first_name,
"last_name": user1.last_name,
"email": user1.email,
"avatar": None,
"is_active": True,
"is_superuser": False
})
]
})
self.assertEqual(expect_first_response, first_response.data)
# Next response to request api
next_response = self.client.get(
self.url,
data={'is_active': True, 'limit': 1, 'offset': 1})
expect_next_response = OrderedDict({
"limit": 1,
"offset": 1,
"count": BaseUser.objects.count(),
"next": None,
"previous": 'http://testserver/api/users/list/?is_active=True&limit=1',
"results": [
OrderedDict({
"id": user2.id,
"first_name": user2.first_name,
"last_name": user2.last_name,
"email": user2.email,
"avatar": None,
"is_active": True,
"is_superuser": False
})
]
})
self.assertEqual(expect_next_response, next_response.data)
