def test_update_password(self):
test_user = self.http_req.user
# make sure user who is shooting the request has proper permission to
# update an user's attributes, whatever itself or others.
user_should_have_perm(test_user, 'auth.change_user')
user_new_attrs = self.user_new_attrs.copy()
new_password = '******'
user_new_attrs['password'] = new_password
try:
XUser.update(self.http_req, user_new_attrs, test_user.pk)
except Fault as e:
self.assertEqual(
e.faultCode, 403, 'Old password was not provided, ' +
'PermissionDenied should be catched.')
user_new_attrs['old_password'] = '******'
try:
XUser.update(self.http_req, user_new_attrs, test_user.pk)
except Fault as e:
self.assertEqual(
e.faultCode, 403, 'Invalid old password was provided. ' +
'PermissionDenied should be catched.')
user_new_attrs['old_password'] = test_user.username
data = XUser.update(self.http_req, user_new_attrs, test_user.pk)
self.assert_('password' not in data)
self.assertEqual(data['first_name'], user_new_attrs['first_name'])
self.assertEqual(data['last_name'], user_new_attrs['last_name'])
self.assertEqual(data['email'], user_new_attrs['email'])
user = User.objects.get(pk=test_user.pk)
self.assert_(user.check_password(new_password))
def test_update_password(self):
test_user = self.http_req.user
# make sure user who is shooting the request has proper permission to
# update an user's attributes, whatever itself or others.
user_should_have_perm(test_user, 'auth.change_user')
user_new_attrs = self.user_new_attrs.copy()
new_password = '******'
user_new_attrs['password'] = new_password
try:
XUser.update(self.http_req, user_new_attrs, test_user.pk)
except Fault as e:
self.assertEqual(e.faultCode, 403,
'Old password was not provided, ' +
'PermissionDenied should be catched.')
user_new_attrs['old_password'] = '******'
try:
XUser.update(self.http_req, user_new_attrs, test_user.pk)
except Fault as e:
self.assertEqual(e.faultCode, 403,
'Invalid old password was provided. ' +
'PermissionDenied should be catched.')
user_new_attrs['old_password'] = test_user.username
data = XUser.update(self.http_req, user_new_attrs, test_user.pk)
self.assert_('password' not in data)
self.assertEqual(data['first_name'], user_new_attrs['first_name'])
self.assertEqual(data['last_name'], user_new_attrs['last_name'])
self.assertEqual(data['email'], user_new_attrs['email'])
user = User.objects.get(pk=test_user.pk)
self.assert_(user.check_password(new_password))
def test_do_nothing(self):
original_user = self.http_req.user
XUser.update(self.http_req)
updated_user = User.objects.get(pk=self.http_req.user.pk)
self.assertEqual(original_user.first_name, updated_user.first_name)
self.assertEqual(original_user.last_name, updated_user.last_name)
self.assertEqual(original_user.email, updated_user.email)
self.assertEqual(original_user.password, updated_user.password)
def test_update_password(self):
test_user = self.http_req.user
# make sure user who is shooting the request has proper permission to
# update an user's attributes, whatever itself or others.
user_should_have_perm(test_user, 'auth.change_user')
user_new_attrs = self.user_new_attrs.copy()
new_password = '******'
user_new_attrs['password'] = new_password
self.assertXmlrpcFaultForbidden(XUser.update, self.http_req,
user_new_attrs, test_user.pk)
user_new_attrs['old_password'] = '******'
self.assertXmlrpcFaultForbidden(XUser.update, self.http_req,
user_new_attrs, test_user.pk)
user_new_attrs['old_password'] = test_user.username
data = XUser.update(self.http_req, user_new_attrs, test_user.pk)
self.assertNotIn('password', data)
self.assertEqual(data['first_name'], user_new_attrs['first_name'])
self.assertEqual(data['last_name'], user_new_attrs['last_name'])
self.assertEqual(data['email'], user_new_attrs['email'])
user = User.objects.get(pk=test_user.pk)
self.assertTrue(user.check_password(new_password))
def test_update_password(self):
test_user = self.http_req.user
# make sure user who is shooting the request has proper permission to
# update an user's attributes, whatever itself or others.
user_should_have_perm(test_user, 'auth.change_user')
user_new_attrs = self.user_new_attrs.copy()
new_password = '******'
user_new_attrs['password'] = new_password
self.assertRaisesXmlrpcFault(FORBIDDEN, XUser.update,
self.http_req, user_new_attrs, test_user.pk)
user_new_attrs['old_password'] = '******'
self.assertRaisesXmlrpcFault(FORBIDDEN, XUser.update,
self.http_req, user_new_attrs, test_user.pk)
user_new_attrs['old_password'] = test_user.username
data = XUser.update(self.http_req, user_new_attrs, test_user.pk)
self.assert_('password' not in data)
self.assertEqual(data['first_name'], user_new_attrs['first_name'])
self.assertEqual(data['last_name'], user_new_attrs['last_name'])
self.assertEqual(data['email'], user_new_attrs['email'])
user = User.objects.get(pk=test_user.pk)
self.assert_(user.check_password(new_password))
def test_update_other_with_proper_permission(self):
user_should_have_perm(self.http_req.user, 'auth.change_user')
data = XUser.update(self.http_req, self.user_new_attrs, self.user.pk)
updated_user = User.objects.get(pk=self.user.pk)
self.assertEqual(data['first_name'], updated_user.first_name)
self.assertEqual(data['last_name'], updated_user.last_name)
self.assertEqual(data['email'], updated_user.email)
def test_update_other_with_proper_permission(self):
user_should_have_perm(self.http_req.user, 'auth.change_user')
data = XUser.update(self.http_req, self.user_new_attrs, self.user.pk)
updated_user = User.objects.get(pk=self.user.pk)
self.assertEqual(data['first_name'], updated_user.first_name)
self.assertEqual(data['last_name'], updated_user.last_name)
self.assertEqual(data['email'], updated_user.email)
def test_update_myself_without_passing_id(self):
data = XUser.update(self.http_req, self.user_new_attrs)
self.assertEqual(data['first_name'], self.user_new_attrs['first_name'])
self.assertEqual(data['last_name'], self.user_new_attrs['last_name'])
self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_myself(self):
data = XUser.update(self.http_req, self.user_new_attrs,
self.http_req.user.pk)
self.assertEqual(data['first_name'], self.user_new_attrs['first_name'])
self.assertEqual(data['last_name'], self.user_new_attrs['last_name'])
self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_myself_without_passing_id(self):
data = XUser.update(self.http_req, self.user_new_attrs)
self.assertEqual(data['first_name'], self.user_new_attrs['first_name'])
self.assertEqual(data['last_name'], self.user_new_attrs['last_name'])
self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_myself(self):
data = XUser.update(self.http_req,
self.user_new_attrs, self.http_req.user.pk)
self.assertEqual(data['first_name'], self.user_new_attrs['first_name'])
self.assertEqual(data['last_name'], self.user_new_attrs['last_name'])
self.assertEqual(data['email'], self.user_new_attrs['email'])
def test_update_other_missing_permission(self):
new_values = {'some_attr': 'xxx'}
try:
XUser.update(self.http_req, new_values, self.user.pk)
except Fault as e:
self.assertEqual(e.faultCode, 403)
def test_update_other_missing_permission(self):
new_values = {'some_attr': 'xxx'}
try:
XUser.update(self.http_req, new_values, self.user.pk)
except Fault as e:
self.assertEqual(e.faultCode, 403)
