def test_get_delete_link_local_site(self): """Testing GET <URL> API contains the correct DELETE link with a local site """ doc = User.objects.get(username='******') local_site = self.get_local_site(name=self.local_site_name) local_site.users.add(self.user) local_site.users.add(doc) group = self.create_review_group(local_site=local_site) group.users.add(doc) rsp = self.api_get( get_review_group_user_item_url(group.name, doc.username, local_site.name), expected_mimetype=review_group_user_item_mimetype) delete_href = \ rsp['user']['links']['delete']['href'][len(self.base_url):] self.assertEqual( delete_href, get_review_group_user_item_url(group.name, doc.username, local_site.name)) self.assertNotEqual(delete_href, get_user_item_url(doc.username, local_site.name))
def test_get_delete_link_local_site(self): """Testing GET <URL> API contains the correct DELETE link with a local site """ doc = User.objects.get(username='******') local_site = self.get_local_site(name=self.local_site_name) local_site.users.add(self.user) local_site.users.add(doc) group = self.create_review_group(local_site=local_site) group.users.add(doc) rsp = self.api_get(get_review_group_user_item_url( group.name, doc.username, local_site.name), expected_mimetype=review_group_user_item_mimetype) delete_href = \ rsp['user']['links']['delete']['href'][len(self.base_url):] self.assertEqual( delete_href, get_review_group_user_item_url(group.name, doc.username, local_site.name)) self.assertNotEqual(delete_href, get_user_item_url(doc.username, local_site.name))
def test_put_is_active_as_user_with_perm(self): """Testing the PUT <URL> API with profile fields as user with auth.change_user permission """ user = self.create_user(username='******', password='******') self.create_user(username='******', password='******', perms=[('auth', 'change_user')]) self.assertTrue(self.client.login(username='******', password='******')) rsp = self.api_put( get_user_item_url(user.username), { 'is_active': 'false', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') user_rsp = rsp['user'] self.assertFalse(user_rsp['is_active']) user = User.objects.get(pk=user.pk) self.assertFalse(user.is_active)
def test_put_with_email_and_no_backend_support(self): """Testing the PUT <URL> API with setting email with auth_backend.supports_change_email == False """ self.spy_on(get_enabled_auth_backends, call_fake=lambda: [NoProfileAuthBackend()]) user = self.create_user(username='******', password='******') self.assertTrue( self.client.login(username='******', password='******')) rsp = self.api_put(get_user_item_url(user.username), { 'email': '*****@*****.**', }, expected_status=400) self.assertEqual(rsp['stat'], 'fail') self.assertIn('fields', rsp) self.assertEqual( rsp['fields'], { 'email': [ 'The configured auth backend does not allow e-mail ' 'addresses to be changed.' ], })
def test_put_with_render_avatars_at(self): """Testing the PUT <URL> API with render_avatars_at=...""" avatar_services.register(SimpleRenderAvatarService) avatar_services.enable_service(SimpleRenderAvatarService, save=False) avatar_services.set_default_service(SimpleRenderAvatarService) user = self.create_user(username='******', password='******') self.assertTrue(self.client.login(username='******', password='******')) rsp = self.api_put( get_user_item_url(user.username), { 'first_name': 'new-name', 'render_avatars_at': '24,abc,48,,128', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['user']['avatar_html'], { '24': '<div class="avatar" data-size="24">test-user</div>', '48': '<div class="avatar" data-size="48">test-user</div>', '128': '<div class="avatar" data-size="128">test-user</div>', })
def test_put_with_update_email_failure(self): """Testing the PUT <URL> API with auth_backend.update_email() failure """ auth_backend = BrokenUpdateProfileAuthBackend() logger = logging.getLogger('reviewboard.webapi.resources.user') self.spy_on(get_enabled_auth_backends, call_fake=lambda: [auth_backend]) self.spy_on(logger.exception) user = self.create_user(username='******', password='******') self.assertTrue( self.client.login(username='******', password='******')) rsp = self.api_put(get_user_item_url(user.username), { 'email': '*****@*****.**', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['user']['email'], '*****@*****.**') user = User.objects.get(pk=user.pk) self.assertEqual(user.email, '*****@*****.**') self.assertTrue( logger.exception.called_with( 'Error when calling update_email for auth backend %r for user ' 'ID %s: %s', auth_backend, user.pk))
def test_put_profile_fields_as_superuser(self): """Testing the PUT <URL> API with profile fields as superuser""" auth_backend = get_enabled_auth_backends()[0] self.spy_on(auth_backend.update_name) self.spy_on(auth_backend.update_email) user = self.create_user(username='******', password='******') self._login_user(admin=True) rsp = self.api_put(get_user_item_url(user.username), { 'first_name': 'new-first-name', 'last_name': 'new-last-name', 'email': '*****@*****.**', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') user_rsp = rsp['user'] self.assertEqual(user_rsp['first_name'], 'new-first-name') self.assertEqual(user_rsp['last_name'], 'new-last-name') self.assertEqual(user_rsp['email'], '*****@*****.**') user = User.objects.get(pk=user.pk) self.assertEqual(user.first_name, 'new-first-name') self.assertEqual(user.last_name, 'new-last-name') self.assertEqual(user.email, '*****@*****.**') self.assertTrue(auth_backend.update_name.called_with(user)) self.assertTrue(auth_backend.update_email.called_with(user))
def test_put_is_active_as_same_user(self): """Testing the PUT <URL> API with is_active field as user being modified """ user = self.create_user(username='******', password='******') self.assertTrue( self.client.login(username='******', password='******')) rsp = self.api_put(get_user_item_url(user.username), { 'is_active': 'false', }, expected_status=400) self.assertEqual(rsp['stat'], 'fail') self.assertIn('fields', rsp) self.assertEqual( rsp['fields'], { 'is_active': [ 'This field can only be set by administrators and users ' 'with the auth.change_user permission.' ], }) user = User.objects.get(pk=user.pk) self.assertTrue(user.is_active)
def test_get_inactive_user(self): """Testing the GET <URL> API for an inactive user""" dopey = User.objects.get(username='******') dopey.is_active = False dopey.save() rsp = self.api_get(get_user_item_url('dopey'), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['is_active'], False)
def test_put_with_user_not_found(self): """Testing the PUT <URL> API with username not found""" self._login_user(admin=True) rsp = self.api_put(get_user_item_url('bad-username'), { 'first_name': 'new-first-name', }, expected_status=404) self.assertEqual(rsp['stat'], 'fail') self.assertEqual(rsp['err']['code'], DOES_NOT_EXIST.code)
def test_put_profile_fields_as_other_user(self): """Testing the PUT <URL> API with profile fields as other user""" user = self.create_user(username='******', password='******') rsp = self.api_put(get_user_item_url(user.username), { 'first_name': 'new-first-name', 'last_name': 'new-last-name', 'email': '*****@*****.**', }, expected_status=403) self.assertEqual(rsp['stat'], 'fail')
def test_get_user(self): """Testing the GET users/<username>/ API""" username = '******' user = User.objects.get(username=username) self.assertFalse(user.get_profile().is_private) rsp = self.apiGet(get_user_item_url(username), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertEqual(rsp['user']['first_name'], user.first_name) self.assertEqual(rsp['user']['last_name'], user.last_name) self.assertEqual(rsp['user']['id'], user.id) self.assertEqual(rsp['user']['email'], user.email)
def test_put_with_invalid_email_field(self): """Testing the PUT <URL> API with invalid e-mail field""" user = self.create_user(username='******', password='******') self.assertTrue( self.client.login(username='******', password='******')) rsp = self.api_put(get_user_item_url(user.username), { 'email': 'bad-email', }, expected_status=400) self.assertEqual(rsp['stat'], 'fail') self.assertIn('fields', rsp) self.assertEqual(rsp['fields'], { 'email': ['Enter a valid email address.'], })
def test_get_with_site(self): """Testing the GET users/<username>/ API with a local site""" self._login_user(local_site=True) username = '******' user = User.objects.get(username=username) profile = Profile.objects.get(user=user) self.assertFalse(profile.is_private) rsp = self.apiGet(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertEqual(rsp['user']['first_name'], user.first_name) self.assertEqual(rsp['user']['last_name'], user.last_name) self.assertEqual(rsp['user']['id'], user.id) self.assertEqual(rsp['user']['email'], user.email)
def test_put_is_active_as_superuser(self): """Testing the PUT <URL> API with is_active field as superuser""" user = self.create_user(username='******', password='******') self._login_user(admin=True) rsp = self.api_put(get_user_item_url(user.username), { 'is_active': 'false', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') user_rsp = rsp['user'] self.assertFalse(user_rsp['is_active']) user = User.objects.get(pk=user.pk) self.assertFalse(user.is_active)
def test_get_with_render_avatars_at(self): """Testing the GET <URL> API with ?render-avatars-at=...""" avatar_services.register(SimpleRenderAvatarService) avatar_services.enable_service(SimpleRenderAvatarService, save=False) avatar_services.set_default_service(SimpleRenderAvatarService) rsp = self.api_get(get_user_item_url('dopey'), { 'render-avatars-at': '24,abc,48,,128', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['user']['avatar_html'], { '24': '<div class="avatar" data-size="24">dopey</div>', '48': '<div class="avatar" data-size="48">dopey</div>', '128': '<div class="avatar" data-size="128">dopey</div>', })
def test_get_with_profile_private_and_only_fields(self): """Testing the GET <URL> API with a private profile and ?only-fields= """ username = '******' user = User.objects.get(username=username) profile = user.get_profile() profile.is_private = True profile.save(update_fields=('is_private', )) rsp = self.api_get('%s?only-fields=username' % get_user_item_url(username), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertNotIn('first_name', rsp['user']) self.assertNotIn('last_name', rsp['user']) self.assertNotIn('email', rsp['user'])
def test_get_user_with_site_and_profile_private(self): """Testing the GET users/<username>/ API with a local site and private profile""" self._login_user(local_site=True) username = '******' user = User.objects.get(username=username) profile = user.get_profile() profile.is_private = True profile.save() rsp = self.apiGet(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertFalse('first_name' in rsp['user']) self.assertFalse('last_name' in rsp['user']) self.assertFalse('email' in rsp['user'])
def test_get_with_profile_private_and_only_fields(self): """Testing the GET <URL> API with a private profile and ?only-fields= """ username = '******' user = User.objects.get(username=username) profile, is_new = Profile.objects.get_or_create(user=user) profile.is_private = True profile.save() rsp = self.api_get( '%s?only-fields=username' % get_user_item_url(username), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertNotIn('first_name', rsp['user']) self.assertNotIn('last_name', rsp['user']) self.assertNotIn('email', rsp['user'])
def test_get_avatar_service_no_urls(self): """Testing the GET <URL> API when the avatar service returns no URLs """ avatar_services.register(NoURLAvatarService) avatar_services.enable_service(NoURLAvatarService, save=False) dopey = User.objects.get(username='******') settings_mgr = avatar_services.settings_manager_class(dopey) settings_mgr.avatar_service_id = NoURLAvatarService.avatar_service_id settings_mgr.save() rsp = self.api_get(get_user_item_url('dopey'), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') user_rsp = rsp['user'] self.assertIn('avatar_url', user_rsp) self.assertIsNone(user_rsp['avatar_url']) self.assertIn('avatar_urls', user_rsp) self.assertEqual(user_rsp['avatar_urls'], {})
def test_get_with_site_and_profile_private(self): """Testing the GET users/<username>/ API with a local site and private profile """ username = '******' user = User.objects.get(username=username) site = LocalSite.objects.create(name=self.local_site_name) site.users = [user, self.user] profile = user.get_profile() profile.is_private = True profile.save(update_fields=('is_private', )) rsp = self.api_get(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertNotIn('first_name', rsp['user']) self.assertNotIn('last_name', rsp['user']) self.assertNotIn('email', rsp['user'])
def test_get_with_render_avatars_at(self): """Testing the GET <URL> API with ?render-avatars-at=...""" avatar_services.register(SimpleRenderAvatarService) avatar_services.enable_service(SimpleRenderAvatarService, save=False) avatar_services.set_default_service(SimpleRenderAvatarService) rsp = self.api_get( get_user_item_url('dopey'), { 'render-avatars-at': '24,abc,48,,128', }, expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['user']['avatar_html'], { '24': '<div class="avatar" data-size="24">dopey</div>', '48': '<div class="avatar" data-size="48">dopey</div>', '128': '<div class="avatar" data-size="128">dopey</div>', })
def test_get_with_site_and_profile_private_as_site_admin(self): """Testing the GET users/<username>/ API with a local site and private profile as a LocalSite admin """ self._login_user(local_site=True) username = '******' user = User.objects.get(username=username) profile = user.get_profile() profile.is_private = True profile.save(update_fields=('is_private',)) rsp = self.api_get(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') item_rsp = rsp['user'] self.assertEqual(item_rsp['username'], user.username) self.assertEqual(item_rsp['first_name'], user.first_name) self.assertEqual(item_rsp['last_name'], user.last_name) self.assertEqual(item_rsp['email'], user.email)
def test_get_with_site_and_profile_private(self): """Testing the GET users/<username>/ API with a local site and private profile """ username = '******' user = User.objects.get(username=username) site = LocalSite.objects.create(name=self.local_site_name) site.users = [user, self.user] profile = user.get_profile() profile.is_private = True profile.save(update_fields=('is_private',)) rsp = self.api_get(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual(rsp['user']['username'], user.username) self.assertNotIn('first_name', rsp['user']) self.assertNotIn('last_name', rsp['user']) self.assertNotIn('email', rsp['user'])
def test_get_with_site_and_profile_private_as_site_admin(self): """Testing the GET users/<username>/ API with a local site and private profile as a LocalSite admin """ self._login_user(local_site=True) username = '******' user = User.objects.get(username=username) profile = user.get_profile() profile.is_private = True profile.save(update_fields=('is_private', )) rsp = self.api_get(get_user_item_url(username, self.local_site_name), expected_mimetype=user_item_mimetype) self.assertEqual(rsp['stat'], 'ok') item_rsp = rsp['user'] self.assertEqual(item_rsp['username'], user.username) self.assertEqual(item_rsp['first_name'], user.first_name) self.assertEqual(item_rsp['last_name'], user.last_name) self.assertEqual(item_rsp['email'], user.email)
def _test_post_with_submit_as(self, local_site=None): submit_as_username = '******' self.assertNotEqual(self.user.username, submit_as_username) if local_site: local_site_name = local_site.name local_site.users.add(User.objects.get(username=submit_as_username)) else: local_site_name = None rsp = self.apiPost(get_review_request_list_url(local_site_name), { 'submit_as': submit_as_username, }, expected_mimetype=review_request_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['review_request']['links']['submitter']['href'], self.base_url + get_user_item_url(submit_as_username, local_site_name)) ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def test_post_reviewrequests_with_submit_as(self): """Testing the POST review-requests/?submit_as= API""" self.user.is_superuser = True self.user.save() repository = self.create_repository() rsp = self.apiPost( get_review_request_list_url(), { 'repository': repository.path, 'submit_as': 'doc', }, expected_mimetype=review_request_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['review_request']['links']['repository']['href'], self.base_url + get_repository_item_url(repository)) self.assertEqual( rsp['review_request']['links']['submitter']['href'], self.base_url + get_user_item_url('doc')) ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def _test_post_with_submit_as(self, local_site=None): if local_site: local_site_name = local_site.name else: local_site_name = None submit_as_username = '******' self.assertNotEqual(self.user.username, submit_as_username) rsp = self.apiPost( get_review_request_list_url(local_site_name), { 'submit_as': submit_as_username, }, expected_mimetype=review_request_item_mimetype) self.assertEqual(rsp['stat'], 'ok') self.assertEqual( rsp['review_request']['links']['submitter']['href'], self.base_url + get_user_item_url(submit_as_username, local_site_name)) ReviewRequest.objects.get(pk=rsp['review_request']['id'])
def test_get_missing_user_with_site(self): """Testing the GET users/<username>/ API with a local site""" self._login_user(local_site=True) self.api_get(get_user_item_url('dopey', self.local_site_name), expected_status=404)
def test_get_not_modified(self): """Testing the GET users/<username>/ API with Not Modified response""" self._testHttpCaching(get_user_item_url('doc'), check_etags=True)
def setup_basic_get_test(self, user, with_local_site, local_site_name): return (get_user_item_url(user.username, local_site_name), user_item_mimetype, user)
def setup_http_not_allowed_item_test(self, user): return get_user_item_url(user.username)
def test_get_user_with_site_no_access(self): """Testing the GET users/<username>/ API with a local site and Permission Denied error.""" print self.fixtures self.apiGet(get_user_item_url('doc', self.local_site_name), expected_status=403)