class BaseTestCase(TestCase): def setUp(self): super(BaseTestCase, self).setUp() # Alice is a normal user for tests. Alice has team access enabled. self.alice = User(username="******", email="*****@*****.**") self.alice.set_password("password") self.alice.save() self.profile = Profile(user=self.alice, api_key="abc") self.profile.sms_limit = 50 self.profile.save() # Bob is on Alice's team and should have access to her stuff self.bob = User(username="******", email="*****@*****.**") self.bob.set_password("password") self.bob.save() self.bobs_profile = Profile(user=self.bob) self.bobs_profile.current_team = self.profile self.bobs_profile.save() Member.objects.create(team=self.profile, user=self.bob) # Charlie should have no access to Alice's stuff self.charlie = User(username="******", email="*****@*****.**") self.charlie.set_password("password") self.charlie.save() Profile.objects.create(user=self.charlie)
class CheckTokenTestCase(TestCase): def setUp(self): super(CheckTokenTestCase, self).setUp() self.alice = User(username="******", email="*****@*****.**") self.alice.set_password("password") self.alice.save() self.profile = Profile(user=self.alice) self.profile.token = make_password("secret-token") self.profile.save() def test_it_redirects(self): r = self.client.get("/accounts/check_token/alice/secret-token/") self.assertRedirects(r, "/checks/") # After login, token should be blank self.profile.refresh_from_db() self.assertEqual(self.profile.token, "") def test_it_redirects_already_logged_in(self): # Login self.client.login(username="******", password="******") # Login again, when already authenticated r = self.client.get("/accounts/check_token/alice/secret-token/") self.assertRedirects(r, "/checks/") def test_it_redirects_bad_login(self): # Login with a bad token url = "/accounts/check_token/alice/invalid-token/" r = self.client.get(url, follow=True) self.assertRedirects(r, "/accounts/login/") self.assertContains(r, "incorrect or expired")
class CheckTokenTestCase(BaseTestCase): def setUp(self): super(CheckTokenTestCase, self).setUp() self.profile = Profile(user=self.alice) self.profile.token = make_password("secret-token") self.profile.save() def test_it_redirects(self): r = self.client.get("/accounts/check_token/alice/secret-token/") self.assertRedirects(r, "/checks/") # After login, token should be blank self.profile.refresh_from_db() self.assertEqual(self.profile.token, "") def test_it_redirects_already_logged_in(self): # Login self.client.login(username="******", password="******") # Login again, when already authenticated r = self.client.get("/accounts/check_token/alice/secret-token/") self.assertRedirects(r, "/checks/") def test_it_redirects_bad_login(self): # Login with a bad token url = "/accounts/check_token/alice/invalid-token/" r = self.client.get(url, follow=True) self.assertRedirects(r, "/accounts/login/") self.assertContains(r, "incorrect or expired")
def setUp(self): super(BaseTestCase, self).setUp() # Alice is a normal user for tests. Alice has team access enabled. self.alice = User(username="******", email="*****@*****.**") self.alice.set_password("password") self.alice.save() self.profile = Profile(user=self.alice, api_key="abc") self.profile.team_access_allowed = True self.profile.save() # Bob is on Alice's team and should have access to her stuff self.bob = User(username="******", email="*****@*****.**") self.bob.set_password("password") self.bob.save() self.bobs_profile = Profile(user=self.bob) self.bobs_profile.current_team = self.profile self.bobs_profile.save() m = Member(team=self.profile, user=self.bob) m.save() # Charlie should have no access to Alice's stuff self.charlie = User(username="******", email="*****@*****.**") self.charlie.set_password("password") self.charlie.save() charlies_profile = Profile(user=self.charlie) charlies_profile.save()
class CreateCheckTestCase(BaseTestCase): def setUp(self): super(CreateCheckTestCase, self).setUp() self.profile = Profile(user=self.alice, api_key="abc") self.profile.save() def post(self, url, data): return self.client.post(url, json.dumps(data), content_type="application/json") def test_it_works(self): r = self.post("/api/v1/checks/", { "api_key": "abc", "name": "Foo", "tags": "bar,baz", "timeout": 3600, "grace": 60 }) self.assertEqual(r.status_code, 201) self.assertTrue("ping_url" in r.json()) self.assertEqual(Check.objects.count(), 1) check = Check.objects.get() self.assertEqual(check.name, "Foo") self.assertEqual(check.tags, "bar,baz") self.assertEqual(check.timeout.total_seconds(), 3600) self.assertEqual(check.grace.total_seconds(), 60) def test_it_handles_missing_request_body(self): r = self.client.post("/api/v1/checks/", content_type="application/json") self.assertEqual(r.status_code, 400) self.assertEqual(r.json()["error"], "wrong api_key") def test_it_rejects_wrong_api_key(self): r = self.post("/api/v1/checks/", {"api_key": "wrong"}) self.assertEqual(r.json()["error"], "wrong api_key") def test_it_handles_invalid_json(self): r = self.client.post("/api/v1/checks/", "this is not json", content_type="application/json") self.assertEqual(r.json()["error"], "could not parse request body") def test_it_reject_small_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 0}) self.assertEqual(r.json()["error"], "timeout is too small") def test_it_rejects_large_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 604801}) self.assertEqual(r.json()["error"], "timeout is too large") def test_it_rejects_non_number_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": "oops"}) self.assertEqual(r.json()["error"], "timeout is not a number") def test_it_rejects_non_string_name(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "name": False}) self.assertEqual(r.json()["error"], "name is not a string")
def _make_user(email): username = str(uuid.uuid4())[:30] user = User(username=username, email=email) user.set_unusable_password() user.save() profile = Profile(user=user) profile.save() channel = Channel() channel.user = user channel.kind = "email" channel.value = email channel.email_verified = True channel.save() return user
def __call__(self, request): if request.user.is_authenticated: teams_q = Profile.objects.filter(member__user_id=request.user.id) teams_q = teams_q.select_related("user") request.teams = list(teams_q) try: profile = request.user.profile except Profile.DoesNotExist: profile = Profile(user=request.user) profile.save() if profile.current_team: request.team = profile.current_team else: request.team = profile return self.get_response(request)
class ListChecksTestCase(BaseTestCase): def setUp(self): super(ListChecksTestCase, self).setUp() self.profile = Profile(user=self.alice, api_key="abc") self.profile.save() self.checks = [ Check(user=self.alice, name="Alice 1", timeout=td(seconds=3600), grace=td(seconds=900)), Check(user=self.alice, name="Alice 2", timeout=td(seconds=86400), grace=td(seconds=3600)), ] for check in self.checks: check.save() def get(self, url, data): return self.client.generic('GET', url, json.dumps(data), 'application/json') def test_it_works(self): r = self.get("/api/v1/checks/", { "api_key": "abc" }) self.assertEqual(r.status_code, 200) self.assertTrue("checks" in r.json()) self.assertEqual(len(r.json()["checks"]), 2) checks = { check["name"]: check for check in r.json()["checks"] } self.assertEqual(checks["Alice 1"]["timeout"], 3600) self.assertEqual(checks["Alice 1"]["grace"], 900) self.assertEqual(checks["Alice 1"]["url"], self.checks[0].url()) self.assertEqual(checks["Alice 2"]["timeout"], 86400) self.assertEqual(checks["Alice 2"]["grace"], 3600) self.assertEqual(checks["Alice 2"]["url"], self.checks[1].url()) def test_it_shows_only_users_checks(self): bob = User(username="******", email="*****@*****.**") bob.save() bob_check = Check(user=bob, name="Bob 1") r = self.get("/api/v1/checks/", { "api_key": "abc" }) self.assertEqual(len(r.json()["checks"]), 2) checks = { check["name"]: check for check in r.json()["checks"] } self.assertNotIn("Bob 1", checks)
class BaseTestCase(TestCase): def setUp(self): super().setUp() self.csrf_client = Client(enforce_csrf_checks=True) # Alice is a normal user for tests. Alice has team access enabled. self.alice = User(username="******", email="*****@*****.**") self.alice.set_password("password") self.alice.save() self.project = Project(owner=self.alice, api_key="X" * 32) self.project.name = "Alices Project" self.project.badge_key = self.alice.username self.project.ping_key = "p" * 22 self.project.save() self.profile = Profile(user=self.alice) self.profile.sms_limit = 50 self.profile.save() # Bob is on Alice's team and should have access to her stuff self.bob = User(username="******", email="*****@*****.**") self.bob.set_password("password") self.bob.save() self.bobs_project = Project(owner=self.bob) self.bobs_project.badge_key = self.bob.username self.bobs_project.save() self.bobs_profile = Profile(user=self.bob) self.bobs_profile.save() self.bobs_membership = Member.objects.create(user=self.bob, project=self.project, role=Member.Role.REGULAR) # Charlie should have no access to Alice's stuff self.charlie = User(username="******", email="*****@*****.**") self.charlie.set_password("password") self.charlie.save() self.charlies_project = Project(owner=self.charlie) self.charlies_project.badge_key = self.charlie.username self.charlies_project.save() self.charlies_profile = Profile(user=self.charlie) self.charlies_profile.save() self.channels_url = "/projects/%s/integrations/" % self.project.code def set_sudo_flag(self): session = self.client.session session["sudo"] = TimestampSigner().sign("active") session.save()
class BaseTestCase(TestCase): def setUp(self): super(BaseTestCase, self).setUp() # Alice is a normal user for tests. Alice has team access enabled. self.alice = User(username="******", email="*****@*****.**") self.alice.set_password("password") self.alice.save() self.project = Project(owner=self.alice, api_key="X" * 32) self.project.name = "Alice's Project" self.project.badge_key = self.alice.username self.project.save() self.profile = Profile(user=self.alice) self.profile.sms_limit = 50 self.profile.current_project = self.project self.profile.save() # Bob is on Alice's team and should have access to her stuff self.bob = User(username="******", email="*****@*****.**") self.bob.set_password("password") self.bob.save() self.bobs_project = Project(owner=self.bob) self.bobs_project.badge_key = self.bob.username self.bobs_project.save() self.bobs_profile = Profile(user=self.bob) self.bobs_profile.current_project = self.project self.bobs_profile.save() Member.objects.create(user=self.bob, project=self.project) # Charlie should have no access to Alice's stuff self.charlie = User(username="******", email="*****@*****.**") self.charlie.set_password("password") self.charlie.save() self.charlies_project = Project(owner=self.charlie) self.charlies_project.badge_key = self.charlie.username self.charlies_project.save() self.charlies_profile = Profile(user=self.charlie) self.charlies_profile.current_project = self.charlies_project self.charlies_profile.save() self.channels_url = "/projects/%s/integrations/" % self.project.code
class CreateCheckTestCase(BaseTestCase): def setUp(self): super(CreateCheckTestCase, self).setUp() self.profile = Profile(user=self.alice, api_key="abc") self.profile.save() def post(self, url, data): return self.client.post(url, json.dumps(data), content_type="application/json") def test_it_works(self): r = self.post("/api/v1/checks/", { "api_key": "abc", "name": "Foo", "tags": "bar,baz", "timeout": 3600, "grace": 60 }) self.assertEqual(r.status_code, 201) self.assertTrue("ping_url" in r.json()) self.assertEqual(Check.objects.count(), 1) check = Check.objects.get() self.assertEqual(check.name, "Foo") self.assertEqual(check.tags, "bar,baz") self.assertEqual(check.timeout.total_seconds(), 3600) self.assertEqual(check.grace.total_seconds(), 60) def test_it_assigns_channels(self): channel = Channel(user=self.alice) channel.save() r = self.post("/api/v1/checks/", { "api_key": "abc", "channels": "*" }) self.assertEqual(r.status_code, 201) check = Check.objects.get() self.assertEqual(check.channel_set.get(), channel) def test_it_handles_missing_request_body(self): r = self.client.post("/api/v1/checks/", content_type="application/json") self.assertEqual(r.status_code, 400) self.assertEqual(r.json()["error"], "wrong api_key") def test_it_rejects_wrong_api_key(self): r = self.post("/api/v1/checks/", {"api_key": "wrong"}) self.assertEqual(r.json()["error"], "wrong api_key") def test_it_handles_invalid_json(self): r = self.client.post("/api/v1/checks/", "this is not json", content_type="application/json") self.assertEqual(r.json()["error"], "could not parse request body") def test_it_rejects_small_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 0}) self.assertEqual(r.json()["error"], "timeout is too small") def test_it_rejects_large_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": 604801}) self.assertEqual(r.json()["error"], "timeout is too large") def test_it_rejects_non_number_timeout(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "timeout": "oops"}) self.assertEqual(r.json()["error"], "timeout is not a number") def test_it_rejects_non_string_name(self): r = self.post("/api/v1/checks/", {"api_key": "abc", "name": False}) self.assertEqual(r.json()["error"], "name is not a string")