class ServicesTests(APITestCase): def setUp(self): self.user = UserFactory() self.payment_profile = PaymentProfile.objects.create( name="Test profile", owner=self.user, external_api_id="123", external_api_url="https://api.test.paysafe.com/customervault/v1/" "profiles/", ) self.order = Order.objects.create( user=self.user, transaction_date=timezone.now(), authorization_id=1, settlement_id=1, reference_number=751, ) self.coupon = Coupon.objects.create( value=13, code="ABCDEFGH", start_time=LOCAL_TIMEZONE.localize(datetime.now() - timedelta(weeks=5)), end_time=LOCAL_TIMEZONE.localize(datetime.now() + timedelta(weeks=5)), max_use=100, max_use_per_user=2, details="Any package for clients", owner=self.user, ) self.package_type = ContentType.objects.get_for_model(Package) self.package = Package.objects.create( name="extreme_package", details="100 reservations package", available=True, price=600, reservations=100, ) self.package_2 = Package.objects.create( name="extreme_package", details="100 reservations package", available=True, price=400, reservations=100, ) self.package_most_exp_product = Package.objects.create( name="extreme_package", details="100 reservations package", available=True, price=9999, reservations=100, ) self.package_less_exp_product = Package.objects.create( name="extreme_package", details="100 reservations package", available=True, price=1, reservations=100, ) self.coupon.applicable_product_types.add(self.package_type) self.order_line = OrderLine.objects.create( order=self.order, quantity=1, content_type=self.package_type, object_id=self.package.id) self.order_line_2 = OrderLine.objects.create( order=self.order, quantity=1, content_type=self.package_type, object_id=self.package_2.id) @responses.activate def test_get_external_payment_profile(self): """ Ensure we can get a user's external payment profile. """ responses.add( responses.GET, "http://example.com/customervault/v1/profiles/123?fields=cards", json=SAMPLE_PROFILE_RESPONSE, status=200) response = get_external_payment_profile( self.payment_profile.external_api_id) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(json.loads(response.content), SAMPLE_PROFILE_RESPONSE) @responses.activate def test_create_external_payment_profile(self): """ Ensure we can create a user's external payment profile. """ responses.add(responses.POST, "http://example.com/customervault/v1/profiles/", json=SAMPLE_PROFILE_RESPONSE, status=201) response = create_external_payment_profile(self.user) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(json.loads(response.content), SAMPLE_PROFILE_RESPONSE) @responses.activate def test_update_external_card(self): """ Ensure we can update a user's card. """ responses.add( responses.PUT, "http://example.com/customervault/v1/profiles/123/cards/456", json=SAMPLE_PROFILE_RESPONSE, status=200) response = update_external_card( self.payment_profile.external_api_id, SAMPLE_PROFILE_RESPONSE['cards'][0]['id'], SINGLE_USE_TOKEN, ) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(json.loads(response.content), SAMPLE_PROFILE_RESPONSE) @responses.activate def test_delete_external_card(self): """ Ensure we can delete a user's card. """ responses.add( responses.DELETE, "http://example.com/customervault/v1/profiles/123/cards/456", json='', status=204) response = delete_external_card( self.payment_profile.external_api_id, SAMPLE_PROFILE_RESPONSE['cards'][0]['id'], ) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) @responses.activate def test_create_external_card(self): """ Ensure we can create a new card for a user. """ responses.add( responses.POST, "http://example.com/customervault/v1/profiles/123/cards/", json=SAMPLE_PROFILE_RESPONSE, status=200) response = create_external_card( self.payment_profile.external_api_id, SINGLE_USE_TOKEN, ) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(json.loads(response.content), SAMPLE_PROFILE_RESPONSE) @responses.activate def test_charge_payment(self): """ Ensure we can charge a user. """ responses.add( responses.POST, "http://example.com/cardpayments/v1/accounts/0123456789/auths/", json=SAMPLE_PROFILE_RESPONSE, status=200) response = charge_payment(1000, PAYMENT_TOKEN, "123") self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(json.loads(response.content), SAMPLE_PROFILE_RESPONSE) @responses.activate def test_unknown_external_api_exception(self): """ Ensure we catch unhandled errors of the external API. """ responses.add( responses.POST, "http://example.com/cardpayments/v1/accounts/0123456789/auths/", json=UNKNOWN_EXCEPTION, status=400) responses.add( responses.POST, "http://example.com/customervault/v1/profiles/123/cards/", json=UNKNOWN_EXCEPTION, status=400) responses.add( responses.PUT, "http://example.com/customervault/v1/profiles/123/cards/456", json=UNKNOWN_EXCEPTION, status=400) responses.add(responses.POST, "http://example.com/customervault/v1/profiles/", json=UNKNOWN_EXCEPTION, status=400) responses.add( responses.GET, "http://example.com/customervault/v1/profiles/123?fields=cards", json=UNKNOWN_EXCEPTION, status=400) self.assertRaises(PaymentAPIError, charge_payment, 1000, PAYMENT_TOKEN, "123") self.assertRaises(PaymentAPIError, create_external_card, self.payment_profile.external_api_id, SINGLE_USE_TOKEN) self.assertRaises(PaymentAPIError, update_external_card, self.payment_profile.external_api_id, SAMPLE_PROFILE_RESPONSE['cards'][0]['id'], SINGLE_USE_TOKEN) self.assertRaises(PaymentAPIError, create_external_payment_profile, self.user) self.assertRaises(PaymentAPIError, get_external_payment_profile, self.payment_profile.external_api_id) @responses.activate def test_known_external_api_exception(self): """ Ensure we catch and handle some errors of the external API. """ responses.add( responses.POST, "http://example.com/cardpayments/v1/accounts/0123456789/auths/", json=SAMPLE_INVALID_PAYMENT_TOKEN, status=400) responses.add( responses.POST, "http://example.com/customervault/v1/profiles/123/cards/", json=SAMPLE_INVALID_PAYMENT_TOKEN, status=400) responses.add( responses.PUT, "http://example.com/customervault/v1/profiles/123/cards/456", json=SAMPLE_INVALID_PAYMENT_TOKEN, status=400) responses.add(responses.POST, "http://example.com/customervault/v1/profiles/", json=SAMPLE_INVALID_PAYMENT_TOKEN, status=400) responses.add( responses.GET, "http://example.com/customervault/v1/profiles/123?fields=cards", json=SAMPLE_INVALID_PAYMENT_TOKEN, status=400) self.assertRaises(PaymentAPIError, charge_payment, 1000, PAYMENT_TOKEN, "123") self.assertRaises(PaymentAPIError, create_external_card, self.payment_profile.external_api_id, SINGLE_USE_TOKEN) self.assertRaises(PaymentAPIError, update_external_card, self.payment_profile.external_api_id, SAMPLE_PROFILE_RESPONSE['cards'][0]['id'], SINGLE_USE_TOKEN) self.assertRaises(PaymentAPIError, create_external_payment_profile, self.user) self.assertRaises(PaymentAPIError, get_external_payment_profile, self.payment_profile.external_api_id) def test_validate_coupon_for_order_with_most_exp_product(self): self.user.faculty = "Random faculty" self.user.student_number = "Random code" self.user.academic_program_code = "Random code" self.user.save() order_line_most_exp_product = OrderLine.objects.create( order=self.order, quantity=1, content_type=self.package_type, object_id=self.package_most_exp_product.id) order_line_les_exp_product = OrderLine.objects.create( order=self.order, quantity=1, content_type=self.package_type, object_id=self.package_less_exp_product.id) coupon_info = validate_coupon_for_order(self.coupon, self.order) error = coupon_info.get('error') self.assertIsNone(error) coupon_info_order_line = coupon_info.get('orderline') self.assertIsNotNone(coupon_info_order_line) self.assertEqual(coupon_info_order_line.id, order_line_most_exp_product.id)
class ObtainTemporaryAuthTokenTests(APITestCase): def setUp(self): self.client = APIClient() self.user = UserFactory() self.user.set_password('Test123!') self.user.save() self.url = reverse('token_api') def test_authenticate_username(self): """ Ensure we can authenticate on the platform. """ data = { 'username': self.user.username, 'password': '******' } response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) token = TemporaryToken.objects.get( user__username=self.user.username, ) self.assertContains(response, token) def test_authenticate_email(self): """ Ensure we can authenticate on the platform. """ data = { 'username': self.user.email, 'password': '******' } response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) token = TemporaryToken.objects.get( user__username=self.user.username, ) self.assertContains(response, token) def test_authenticate_expired_token(self): """ Ensure we can authenticate on the platform when token is expired. """ data = { 'username': self.user.username, 'password': '******' } response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) token_old = TemporaryToken.objects.get( user__username=self.user.username, ) token_old.expire() response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) token_new = TemporaryToken.objects.get( user__username=self.user.username, ) self.assertNotContains(response, token_old) self.assertContains(response, token_new) def test_authenticate_bad_password(self): """ Ensure we can't authenticate with a wrong password' """ data = { 'username': self.user.username, 'password': '******' # No caps on the first letter } response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) tokens = TemporaryToken.objects.filter( user__username='******' ).count() self.assertEqual(0, tokens) def test_authenticate_bad_username(self): """ Ensure we can't authenticate with a wrong username """ data = { 'username': '******', # Forget the `h` in `John` 'password': '******' } response = self.client.post(self.url, data, format='json') self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) tokens = TemporaryToken.objects.filter( user__username='******' ).count() self.assertEqual(0, tokens) def test_authenticate_inactive(self): """ Ensure we can't authenticate if user is inactive """ data = { 'username': self.user.username, 'password': '******' } User.objects.filter(id=self.user.id).update(is_active=False) response = self.client.post(self.url, data, format='json') content = { "non_field_errors": [ "Unable to log in with provided credentials." ] } self.assertEqual(json.loads(response.content), content) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) tokens = TemporaryToken.objects.filter( user__username=self.user.username ).count() self.assertEqual(0, tokens) def test_authenticate_missing_parameter(self): """ Ensure we can't authenticate if "username" or "password" are not provided. """ response = self.client.post(self.url, {}, format='json') content = { 'password': ['This field is required.'], 'username': ['This field is required.'] } self.assertEqual(json.loads(response.content), content) self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) tokens = TemporaryToken.objects.filter( user__username=self.user.username ).count() self.assertEqual(0, tokens)