def test_channel_based_user_creation(self): """ Test user channel based user creation """ create_user() self.assertEqual(User.objects.last().channel.slug, "default") create_user(headers={"HTTP_X_OVP_CHANNEL": "test-channel"}) self.assertEqual(User.objects.last().channel.slug, "test-channel") response = create_user(headers={"HTTP_X_OVP_CHANNEL": "test-channel"}) self.assertEqual(response.data, {"email": ["An user with this email is already registered."]})
def test_can_update_to_same_or_old_password(self): """ Assert that it's possible to update to the same or old password """ response = create_user('*****@*****.**', 'old_password') user = models.User.objects.get(uuid=response.data['uuid']) client = APIClient() client.force_authenticate(user=user) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200)
def test_can_recover_password(self): """Assert the user can recover his password with a valid token""" # request token user = create_user('*****@*****.**') mail.outbox = [] # clear outbox response = create_token('*****@*****.**') # get token from mailbox email_content = mail.outbox[0].alternatives[0][0] token = re.search( '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', email_content).group(0) # recover password data = { 'email': '*****@*****.**', 'token': token, 'new_password': '******' } client = APIClient() response = client.post(reverse('recover-password-list'), data, format="json") self.assertTrue(response.data['message'] == 'Password updated.') # Test authentication new password auth = authenticate('*****@*****.**', 'newpwvalidpw*') self.assertTrue(auth.data['access_token'] != None)
def test_cant_recover_with_empty_password(self): """Assert that it's impossible to update password through recovery to an empty password""" # Request token user = create_user('*****@*****.**') mail.outbox = [] # Clear outbox response = create_token('*****@*****.**') # Get Token from mailbox email_content = mail.outbox[0].alternatives[0][0] token = re.search( '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}', email_content).group(0) # Recover Password data = { 'email': '*****@*****.**', 'token': token, 'new_password': '' } client = APIClient() response = client.post(reverse('recover-password-list'), data, format="json") self.assertTrue( response.data['message'] == 'Empty password not allowed.') self.assertTrue(response.status_code == 400)
def test_can_recover_to_same_or_old_password(self): """ Assert that it's possible to recover to the same or old password """ response = create_user('*****@*****.**', 'old_password') client = APIClient() create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200)
def test_cant_create_6_tokens(self): """Assert that it's impossible to create more than 5 tokens in less than 60 minutes""" user = create_user('*****@*****.**') response = None for i in range(6): response = create_token('*****@*****.**') self.assertFalse(response.data.get('success', False) == True)
def test_public_bookmarks(self): """ Assert user bookmarks are public """ response = create_user() client = APIClient() response = client.get(reverse('public-users-detail', [response.data['slug']]), format="json") self.assertTrue(type(response.data["bookmarked_projects"]) is list)
def test_cant_retrieve_hidden_user(self): """ Assert it's not possible to retrieve a hidden profile """ response = create_user(extra_data={'public': False}) client = APIClient() response = client.get(reverse('public-users-detail', [response.data['slug']]), format="json") self.assertTrue(response.status_code == 404)
def test_cant_login_wrong_password(self): """ Assert that it's not possible to login with wrong password """ user = create_user('*****@*****.**', 'invalidpassword') response = authenticate() self.assertTrue( response.data == { "error": "invalid_grant", "error_description": "Invalid credentials given." })
def test_can_retrieve_public_user(self): """ Assert it's possible to retrieve a public profile """ response = create_user() client = APIClient() response = client.get(reverse('public-users-detail', [response.data['slug']]), format="json") self.assertTrue(response.data['slug']) self.assertTrue("applies" in response.data)
def test_cant_recover_to_same_or_old_password_if_in_settings(self): """ Assert that it's not possible to recover to the same or old password if configured """ ChannelSetting.objects.create(key="CANT_REUSE_LAST_PASSWORDS", value="2", object_channel="default") cache.clear() response = create_user('*****@*****.**', 'old_password') client = APIClient() create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 400) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 400) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200) create_token('*****@*****.**') response = client.post( reverse('recover-password-list'), { 'new_password': '******', 'token': PasswordRecoveryToken.objects.last().token }, format="json") self.assertTrue(response.status_code == 200)
def test_can_create_user_with_valid_passwords(self): """Assert that it's possible to create an user with a series of valid passwords""" passwords = [ 'thisisapassword', 'password with spaces', '83721904', '837 283', '!!#$*&()+=', ' thisisapassword ' ] for i, password in enumerate(passwords): response = create_user('testvalidpassword{}@test.com'.format(i), password) self.assertTrue(response.data['uuid']) self.assertTrue("password" not in response.data)
def test_can_set_user_to_hidden(self): """Assert that it's possible to set public user to hidden user""" response = create_user() self.assertTrue(response.data['public'] == True) user = models.User.objects.get(uuid=response.data['uuid']) client = APIClient() client.force_authenticate(user=user) response = client.patch(reverse('user-current-user'), {'public': False}, format="json") self.assertTrue(response.data['public'] == False)
def test_can_get_current_user(self): """Assert that authenticated users can get associated info""" user = create_user('*****@*****.**', 'validpassword') client = APIClient() client.login(username='******', password='******', channel='default') response = client.get(reverse('user-current-user'), {}, format="json") self.assertTrue(response.data.get('email', None)) self.assertTrue(response.data.get('name', None)) self.assertTrue("expired_password" not in response.data)
def test_hidden_bookmarks(self): """ Assert user bookmarks are are hidden bookmarks if setting applied """ ChannelSetting.objects.create( key="ENABLE_PUBLIC_USER_BOOKMARKED_PROJECTS", value="0", object_channel="default") response = create_user() client = APIClient() response = client.get(reverse('public-users-detail', [response.data['slug']]), format="json") self.assertTrue(response.data["bookmarked_projects"] == None)
def test_cant_patch_password_without_current_password(self): """Assert that it's not possible to update user password without the current password""" response = create_user('*****@*****.**', 'abcabcabc') u = models.User.objects.get(uuid=response.data['uuid']) data = {'password': '******'} client = APIClient() client.force_authenticate(user=u) response = client.patch(reverse('user-current-user'), data, format="json") self.assertTrue(response.status_code == 400) self.assertTrue( response.data["current_password"] == ["Invalid password."])
def test_cant_update_to_same_or_old_password_if_in_settings(self): """ Assert that it's not possible to update to the same or old password if configured """ ChannelSetting.objects.create(key="CANT_REUSE_LAST_PASSWORDS", value="2", object_channel="default") cache.clear() response = create_user('*****@*****.**', 'old_password') user = models.User.objects.get(uuid=response.data['uuid']) client = APIClient() client.force_authenticate(user=user) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 400) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 400) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200) response = client.patch(reverse('user-current-user'), { 'password': '******', 'current_password': '******' }, format="json") self.assertTrue(response.status_code == 200)
def test_can_patch_password(self): """Assert that it's possible to update user password""" response = create_user('*****@*****.**', 'abcabcabc') u = models.User.objects.get(uuid=response.data['uuid']) data = {'password': '******', 'current_password': '******'} client = APIClient() client.force_authenticate(user=u) response = client.patch(reverse('user-current-user'), data, format="json") self.assertTrue(response.status_code == 200) self.assertTrue("password" not in response.data) response = authenticate('*****@*****.**', data['password']) self.assertTrue(response.data['access_token'] != None)
def test_cant_update_invalid_password(self): """Assert that it's impossible to update user password to a invalid password""" response = create_user('*****@*****.**', 'abcabcabc') u = models.User.objects.get(uuid=response.data['uuid']) data = { 'name': 'abc', 'password': '******', 'current_password': '******' } client = APIClient() client.force_authenticate(user=u) response = client.patch(reverse('user-current-user'), data, format="json") self.assertTrue(response.status_code == 400) self.assertTrue(len(response.data['password']) > 0) self.assertTrue(isinstance(response.data['password'], list))
def test_cant_recover_invalid_token(self): """Assert that it's impossible to update password through recovery with an invalid user token""" # Request token user = create_user('*****@*****.**') response = create_token('*****@*****.**') # Recover Password data = { 'email': '*****@*****.**', 'token': 'invalid_token', 'new_password': '******' } client = APIClient() response = client.post(reverse('recover-password-list'), data, format="json") self.assertTrue(response.data['message'] == 'Invalid token.') self.assertTrue(response.status_code == 401)
def test_expired_password_fields(self): """Assert that password expired field works""" ChannelSetting.objects.create(key="EXPIRE_PASSWORD_IN", value="{}".format(60 * 60), object_channel="default") cache.clear() user = create_user('*****@*****.**', 'validpassword') client = APIClient() client.login(username='******', password='******', channel='default') response = client.get(reverse('user-current-user'), {}, format="json") self.assertTrue(response.data['expired_password'] == False) entry = models.PasswordHistory.objects.last() entry.created_date = entry.created_date - relativedelta(hours=1) entry.save() response = client.get(reverse('user-current-user'), {}, format="json") self.assertTrue(response.data['expired_password'] == True)
def test_can_login(self): """ Assert that it's possible to login """ user = create_user('*****@*****.**', 'validpassword') response = authenticate() self.assertTrue(response.data['access_token'] != None)
def test_doesnt_return_password_on_user_creation(self): """Assert that the serializer does not return user hashed password """ response = create_user() self.assertTrue(response.data.get('password', None) == None)
def test_can_create_token(self): """Assert that it's possible to create an recovery token""" user = create_user('*****@*****.**') response = create_token() self.assertTrue(response.data['success'] == True)
def test_cant_create_user_invalid_password(self): """Assert that it's not possible to create an user with a repeated email""" response = create_user('*****@*****.**', 'abc') self.assertTrue(len(response.data['password']) > 0) self.assertTrue(isinstance(response.data['password'], list))
def test_cant_create_user_duplicated_email(self): """Assert that it's not possible to create an user with a repeated email""" response = create_user() self.assertTrue(response.data['uuid'])
def test_can_create_hidden_user(self): """Assert that it's possible to create a hidden user""" response = create_user(extra_data={'public': False}) self.assertTrue(response.data['public'] == False)
def test_can_create_user(self): """Assert that it's possible to create an user""" response = create_user() self.assertTrue(response.data['uuid']) self.assertTrue("password" not in response.data)