class ViewPermDecoratorCase(TestCase): def setUp(self): self.client=Client(enforce_csrf_checks=True) self.passwd=''.join(random.sample(string.ascii_letters,10)) self.superuser=User.objects.create_superuser( username='******', email='*****@*****.**', password=self.passwd) self.normaluser=User.objects.create_user( username='******', email='*****@*****.**', password=self.passwd) self.anonuser=AnonymousUser() def test_all_methods(self): methods=('GET','POST','HEAD','PUT','DELETE','OPTIONS','TRACE','PATCH') self.assertTrue(self.client.login(username='******',password=self.passwd)) self.assertEqual(self.client.get('/test',follow=True).status_code,200) self.assertEqual(self.client.post('/test',follow=True).status_code,200) self.assertEqual(self.client.head('/test',follow=True).status_code,200) self.assertEqual(self.client.put('/test',follow=True).status_code,200) self.assertEqual(self.client.delete('/test',follow=True).status_code,200) self.assertEqual(self.client.options('/test',follow=True).status_code,200) self.assertEqual(self.client.patch('/test',follow=True).status_code,200) self.assertTrue(self.client.login(username='******',password=self.passwd)) self.assertEqual(self.client.get('/test',follow=True).status_code,403) self.assertEqual(self.client.post('/test',follow=True).status_code,403) self.assertEqual(self.client.head('/test',follow=True).status_code,403) self.assertEqual(self.client.put('/test',follow=True).status_code,403) self.assertEqual(self.client.delete('/test',follow=True).status_code,403) self.assertEqual(self.client.options('/test',follow=True).status_code,403) self.assertEqual(self.client.patch('/test',follow=True).status_code,403)
def test_requires_get_or_post(self): client = Client(enforce_csrf_checks=True) with override_settings(DEBUG=False): self.assertEquals(client.get(self.str_uri).status_code, 403) self.assertEquals(client.post(self.str_uri).status_code, 403) self.assertEquals(client.head(self.str_uri).status_code, 405) self.assertEquals(client.options(self.str_uri).status_code, 405) self.assertEquals(client.put(self.str_uri).status_code, 405) self.assertEquals(client.delete(self.str_uri).status_code, 405) self.assertEquals(client.get(self.str_class_uri).status_code, 403) self.assertEquals(client.post(self.str_class_uri).status_code, 403) self.assertEquals(client.head(self.str_class_uri).status_code, 405) self.assertEquals(client.put(self.str_class_uri).status_code, 405) self.assertEquals(client.delete(self.str_class_uri).status_code, 405) with override_settings(DEBUG=True): self.assertEquals(client.get(self.str_uri).status_code, 200) self.assertEquals(client.post(self.str_uri).status_code, 200) self.assertEquals(client.head(self.str_uri).status_code, 200) self.assertEquals(client.options(self.str_uri).status_code, 200) self.assertEquals(client.put(self.str_uri).status_code, 200) self.assertEquals(client.delete(self.str_uri).status_code, 200) self.assertEquals(client.get(self.str_class_uri).status_code, 200) self.assertEquals(client.post(self.str_class_uri).status_code, 200) self.assertEquals(client.head(self.str_class_uri).status_code, 200)
def test_requires_get_or_post(self): client = Client(enforce_csrf_checks=True) with override_settings(DEBUG=False): self.assertEquals(client.get(self.str_uri).status_code, 403) self.assertEquals(client.post(self.str_uri).status_code, 403) self.assertEquals(client.head(self.str_uri).status_code, 405) self.assertEquals(client.options(self.str_uri).status_code, 405) self.assertEquals(client.put(self.str_uri).status_code, 405) self.assertEquals(client.delete(self.str_uri).status_code, 405) self.assertEquals(client.get(self.str_class_uri).status_code, 403) self.assertEquals(client.post(self.str_class_uri).status_code, 403) self.assertEquals(client.head(self.str_class_uri).status_code, 405) self.assertEquals(client.put(self.str_class_uri).status_code, 405) self.assertEquals( client.delete(self.str_class_uri).status_code, 405) with override_settings(DEBUG=True): self.assertEquals(client.get(self.str_uri).status_code, 200) self.assertEquals(client.post(self.str_uri).status_code, 200) self.assertEquals(client.head(self.str_uri).status_code, 200) self.assertEquals(client.options(self.str_uri).status_code, 200) self.assertEquals(client.put(self.str_uri).status_code, 200) self.assertEquals(client.delete(self.str_uri).status_code, 200) self.assertEquals(client.get(self.str_class_uri).status_code, 200) self.assertEquals(client.post(self.str_class_uri).status_code, 200) self.assertEquals(client.head(self.str_class_uri).status_code, 200)
def test_signout(self): client = Client() # not get response = client.options('/api/signout/') self.assertEqual(response.status_code, 405) # create test user response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') # log in response = client.post('/api/signin/', { 'username': '******', 'password': '******' }, content_type='application/json') # regular signout self.assertTrue(get_user(client).is_authenticated) response = client.get('/api/signout/') self.assertEqual(response.status_code, 204) self.assertFalse(get_user(client).is_authenticated) # signout while signed out is an error response = client.get('/api/signout/') self.assertEqual(response.status_code, 401)
def test_signin(self): client = Client() # not post response = client.options('/api/signin/') self.assertEqual(response.status_code, 405) # bad json response = client.post('/api/signin/', {'invalid': 'payload'}) self.assertEqual(response.status_code, 400) # test user response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') # incorrect response = client.post('/api/signin/', { 'username': '******', 'password': '******' }, content_type='application/json') self.assertEqual(response.status_code, 401) self.assertFalse(get_user(client).is_authenticated) # correct password response = client.post('/api/signin/', { 'username': '******', 'password': '******' }, content_type='application/json') self.assertEqual(response.status_code, 204) self.assertTrue(get_user(client).is_authenticated)
def test_csrf(self): client = Client(enforce_csrf_checks=True) # not get response = client.options('/api/token/') self.assertEqual(response.status_code, 405) # no csrf response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') self.assertEqual(response.status_code, 403) # add csrf response = client.get('/api/token/') self.assertEqual(response.status_code, 204) csrftoken = response.cookies['csrftoken'].value # re-request response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json', HTTP_X_CSRFTOKEN=csrftoken) self.assertEqual(response.status_code, 201)
def test_unused_image_methods(self): """ Tests that the following methods are correctly rejected by the image endpoint """ """ These fail as disallowed methods, so should return 405 status codes """ c = Client() response = c.get("/api/image") self.assertEqual(response.status_code, 405) c = Client() response = c.put("/api/image", {}) self.assertEqual(response.status_code, 405) c = Client() response = c.delete("/api/image") self.assertEqual(response.status_code, 405) c = Client() response = c.options("/api/image") self.assertEqual(response.status_code, 405) """ This has bad post syntax, so should return 400 """ c = Client() response = c.post("/api/image", {}) self.assertEqual(response.status_code, 400) """
def test_signup(self): client = Client() # not post response = client.options('/api/signup/') self.assertEqual(response.status_code, 405) # bad json response = client.post('/api/signup/', {'invalid': 'payload'}) self.assertEqual(response.status_code, 400) # normal signup resposne = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') self.assertEqual(resposne.status_code, 201) # duplicate user resposne = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') self.assertEqual(resposne.status_code, 400)
def test_article_comments(self): client = Client() # not get,post response = client.options('/api/article/1/comment/') self.assertEqual(response.status_code, 405) # not signed in response = client.get('/api/article/1/comment/') self.assertEqual(response.status_code, 403) # test user response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') # log in response = client.post('/api/signin/', { 'username': '******', 'password': '******' }, content_type='application/json') # nonexistent response = client.get('/api/article/1/comment/') self.assertEqual(response.status_code, 404) # test article response = client.post('/api/article/', { 'title': 'title', 'content': 'content' }, content_type='application/json') article = response.json() # bad json response = client.post(f'/api/article/{article["id"]}/comment/', {'invalid': 'payload'}) self.assertEqual(response.status_code, 400) # create response = client.post(f'/api/article/{article["id"]}/comment/', {'content': 'content'}, content_type='application/json') self.assertEqual(response.status_code, 201) new_comment = response.json() self.assertEqual(new_comment['article'], article['id']) self.assertEqual(new_comment['content'], 'content') self.assertEqual(new_comment['article'], get_user(client).id) # retrieve comment response = client.get(f'/api/article/{article["id"]}/comment/') self.assertEqual(response.status_code, 200) self.assertEqual(len(response.json()), 1) self.assertEqual(response.json()[0], new_comment)
def test_supports_cors(self): client = Client() response = client.options('/', HTTP_ORIGIN='https://example.com/', secure=True) self.assertEqual(response.status_code, 200) self.assertEqual(response['Access-Control-Allow-Origin'], '*')
class BasicAPIPageTest(TestCase): """Test the basic views""" fixtures = ["judge_judy.json", "test_objects_search.json"] def setUp(self): self.client = Client() def test_api_index(self): r = self.client.get(reverse("api_index")) self.assertEqual(r.status_code, 200) def test_swagger_interface(self): r = self.client.get(reverse("swagger_schema")) self.assertEqual(r.status_code, 200) def test_options_request(self): r = self.client.options(reverse("court_index")) self.assertEqual(r.status_code, 200) def test_court_index(self): r = self.client.get(reverse("court_index")) self.assertEqual(r.status_code, 200) def test_rest_docs(self): r = self.client.get(reverse("rest_docs")) self.assertEqual(r.status_code, 200) def test_bulk_data_index(self): r = self.client.get(reverse("bulk_data_index")) self.assertEqual(r.status_code, 200) def test_coverage_api(self): r = self.client.get( reverse("coverage_data", kwargs={ "version": 2, "court": "ca1" })) self.assertEqual(r.status_code, 200) def test_coverage_api_via_url(self): r = self.client.get("/api/rest/v2/coverage/ca1/") self.assertEqual(r.status_code, 200) def test_api_info_page_displays_latest_rest_docs_by_default(self): response = self.client.get(reverse("rest_docs")) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "rest-docs-vlatest.html") def test_api_info_page_can_display_different_versions_of_rest_docs(self): for version in ["v1", "v2"]: response = self.client.get( reverse("rest_docs", kwargs={"version": version})) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "rest-docs-%s.html" % (version, )) header = "REST API – %s" % (version.upper(), ) self.assertContains(response, header)
def test_requires_get_or_post(self): c = Client(enforce_csrf_checks=True) with override_settings(DEBUG=False): for uri in self.uris: self._assertStatusCode(c.get(uri).status_code, 403, uri) self._assertStatusCode(c.post(uri).status_code, 403, uri) self._assertStatusCode(c.head(uri).status_code, 405, uri) self._assertStatusCode(c.options(uri).status_code, 405, uri) self._assertStatusCode(c.put(uri).status_code, 405, uri) self._assertStatusCode(c.delete(uri).status_code, 405, uri)
class TestEnibarImport(TestCase): def setUp(self): self.client = Client() super().setUp() def test_note_import_404(self): response = self.client.options("/enibar/note/", "{}") self.assertEqual(response.status_code, 404) response = self.client.put("/enibar/note", "pouet") self.assertEqual(response.status_code, 404) def test_note_put_403(self): response = self.client.put("/enibar/note", '{"id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 52.2}') self.assertEqual(response.status_code, 403) def test_note_delete_403(self): response = self.client.delete("/enibar/note", '{"id": 2}') self.assertEqual(response.status_code, 403) def test_import_note_put(self): response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 52.2}') self.assertEqual(response.status_code, 200) note = Note.objects.get(foreign_id=1) self.assertEqual(note.foreign_id, 1) self.assertEqual(note.nickname, "coucou") self.assertEqual(note.mail, "*****@*****.**") self.assertEqual(note.note, Decimal("52.2")) response = self.client.put("/enibar/note", '{"token": "changeme", "id": 1, "nickname": "coucou", "mail": "*****@*****.**", "note": 50.2}') self.assertEqual(response.status_code, 200) note = Note.objects.get(foreign_id=1) self.assertEqual(note.foreign_id, 1) self.assertEqual(note.nickname, "coucou") self.assertEqual(note.mail, "*****@*****.**") self.assertEqual(note.note, Decimal("50.2")) def test_import_note_delete(self): Note.objects.create(foreign_id=2, nickname="toto", mail="*****@*****.**", note=Decimal("10")) response = self.client.delete("/enibar/note", '{"token": "changeme", "id": 2}') self.assertEqual(response.status_code, 200) with self.assertRaises(Note.DoesNotExist): Note.objects.get(foreign_id=2) def test_get_note(self): Note.objects.create(foreign_id=2, nickname="toto", mail="*****@*****.**", note=Decimal("10")) Note.objects.create(foreign_id=3, nickname="toto2", mail="*****@*****.**", note=Decimal("11")) response = self.client.get("/enibar/note") self.assertEqual(response.json(), [{'note': '10.00', 'nickname': 'toto', 'foreign_id': 2, 'mail': '*****@*****.**'}, {'note': '11.00', 'nickname': 'toto2', 'foreign_id': 3, 'mail': '*****@*****.**'}]) response = self.client.get("/enibar/note", {"foreign_id": 2}) self.assertEqual(response.json(), [{'mail': '*****@*****.**', 'note': '10.00', 'nickname': 'toto', 'foreign_id': 2}]) response = self.client.get("/enibar/note", {"pouet": 2}) self.assertEqual(response.status_code, 404)
def test_all_return_statuses_when_debug_true(self): c = Client(enforce_csrf_checks=True) with override_settings(DEBUG=True): for uri in self.uris: self._assertStatusCode(c.get(uri).status_code, 200, uri) self._assertStatusCode(c.post(uri).status_code, 200, uri) self._assertStatusCode(c.head(uri).status_code, 200, uri) self._assertStatusCode(c.options(uri).status_code, 200, uri) if uri.endswith('class_view/'): self._assertStatusCode(c.put(uri).status_code, 405, uri) self._assertStatusCode(c.delete(uri).status_code, 405, uri) else: self._assertStatusCode(c.put(uri).status_code, 200, uri) self._assertStatusCode(c.delete(uri).status_code, 200, uri)
def test_comments(self): client = Client() # not get, put, delete response = client.options('/api/comment/1/') self.assertEqual(response.status_code, 405) # not signed in response = client.get('/api/comment/1/') self.assertEqual(response.status_code, 403) # test user response = client.post('/api/signup/', { 'username': '******', 'password': '******' }, content_type='application/json') # log in response = client.post('/api/signin/', { 'username': '******', 'password': '******' }, content_type='application/json') # nonexistent response = client.get('/api/comment/1/') self.assertEqual(response.status_code, 404) # test article response = client.post('/api/article/', { 'title': 'title', 'content': 'content' }, content_type='application/json') article = response.json() # test comment response = client.post(f'/api/article/{article["id"]}/comment/', {'content': 'content'}, content_type='application/json') comment = response.json() # retrieve comments response = client.get(f'/api/comment/{comment["id"]}/') self.assertEqual(response.status_code, 200) self.assertEqual(response.json(), comment)
def send_options(self, user_string="user_1", do_auth=True, enforce_csrf_checks=False, *args, **kwargs): """ Send an OPTIONS request to the configured URL endpoint on behalf of the given user. :param user_string: The user to send the request as. :param do_auth: Whether or not to log the user in if the view requires authentication. :param enforce_csrf_checks: Whether or not to enforce CSRF checks in the HTTP client. :param args: Positional arguments for client.options. :param kwargs: Keyword arguments for client.options. :return: The HTTP response. """ client = Client(enforce_csrf_checks=enforce_csrf_checks) if self.requires_auth and do_auth: user = SaFaker.get_user(user_string) client.force_login(user) return client.options( self.get_url_path(user=user_string), *args, **kwargs )
class ZipContentTestCase(TestCase): """ Testcase for zipcontent endpoint """ index_name = "index.html" index_str = "<html></html>" other_name = "other.html" other_str = "<html><head></head></html>" script_name = "script.html" script_str = "<html><head><script>test</script></head></html>" async_script_name = "async_script.html" async_script_str = ( '<html><head><script async src="url/url.js"></script></head></html>') empty_html_name = "empty.html" empty_html_str = "" test_name_1 = "testfile1.txt" test_str_1 = "This is a test!" test_name_2 = "testfile2.txt" test_str_2 = "And another test..." test_name_3 = "testfile3.json" test_str_3 = "A test of image placeholder replacement ${placeholder}".format( placeholder=exercises.IMG_PLACEHOLDER) def setUp(self): self.client = Client() provision_device() self.hash = hashlib.md5("DUMMYDATA".encode()).hexdigest() self.extension = "zip" self.filename = "{}.{}".format(self.hash, self.extension) self.zip_path = get_content_storage_file_path(self.filename) zip_path_dir = os.path.dirname(self.zip_path) if not os.path.exists(zip_path_dir): os.makedirs(zip_path_dir) with zipfile.ZipFile(self.zip_path, "w") as zf: zf.writestr(self.index_name, self.index_str) zf.writestr(self.other_name, self.other_str) zf.writestr(self.script_name, self.script_str) zf.writestr(self.async_script_name, self.async_script_str) zf.writestr(self.empty_html_name, self.empty_html_str) zf.writestr(self.test_name_1, self.test_str_1) zf.writestr(self.test_name_2, self.test_str_2) zf.writestr(self.test_name_3, self.test_str_3) self.zip_file_obj = LocalFile(id=self.hash, extension=self.extension, available=True) self.zip_file_base_url = self.zip_file_obj.get_storage_url() def test_zip_file_url_reversal(self, filename_patch): file = LocalFile(id=self.hash, extension=self.extension, available=True) self.assertEqual(file.get_storage_url(), "/zipcontent/{}/".format(self.filename)) def test_non_zip_file_url_reversal(self, filename_patch): file = LocalFile(id=self.hash, extension="otherextension", available=True) filename = file.get_filename() self.assertEqual( file.get_storage_url(), "/content/storage/{}/{}/{}".format(filename[0], filename[1], filename), ) def test_zip_file_internal_file_access(self, filename_patch): # test reading the data from file #1 inside the zip response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual( next(response.streaming_content).decode(), self.test_str_1) # test reading the data from file #2 inside the zip response = self.client.get(self.zip_file_base_url + self.test_name_2) self.assertEqual( next(response.streaming_content).decode(), self.test_str_2) def test_nonexistent_zip_file_access(self, filename_patch): bad_base_url = self.zip_file_base_url.replace( self.zip_file_base_url[20:25], "aaaaa") response = self.client.get(bad_base_url + self.test_name_1) self.assertEqual(response.status_code, 404) def test_zip_file_nonexistent_internal_file_access(self, filename_patch): response = self.client.get(self.zip_file_base_url + "qqq" + self.test_name_1) self.assertEqual(response.status_code, 404) def test_non_allowed_file_internal_file_access(self, filename_patch): response = self.client.get( self.zip_file_base_url.replace("zip", "png") + self.test_name_1) self.assertEqual(response.status_code, 404) def test_not_modified_response_when_if_modified_since_header_set( self, filename_patch): caching_client = Client( HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT") response = caching_client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.status_code, 304) def test_content_security_policy_header(self, filename_patch): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual( response.get("Content-Security-Policy"), "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://testserver", ) def test_content_security_policy_header_http_referer(self, filename_patch): response = self.client.get( self.zip_file_base_url + self.test_name_1, HTTP_REFERER= "http://testserver:1234/iam/a/real/path/#thatsomeonemightuse", ) self.assertEqual( response.get("Content-Security-Policy"), "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://testserver:1234", ) def test_access_control_allow_origin_header(self, filename_patch): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("Access-Control-Allow-Origin"), "*") response = self.client.options(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("Access-Control-Allow-Origin"), "*") def test_x_frame_options_header(self, filename_patch): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("X-Frame-Options", ""), "") def test_access_control_allow_headers(self, filename_patch): headerval = "X-Penguin-Dance-Party" response = self.client.options( self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval, ) self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval) response = self.client.get( self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval, ) self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval) def test_json_image_replacement_http_referer_header(self, filename_patch): server_name = "http://testserver" response = self.client.get(self.zip_file_base_url + self.test_name_3, HTTP_REFERER=server_name) self.assertEqual( response.content.decode("utf-8"), self.test_str_3.replace( "$" + exercises.IMG_PLACEHOLDER, (server_name.replace("http:", "") + self.zip_file_base_url), ).strip("/"), ) def test_json_image_replacement_no_http_referer_header( self, filename_patch): server_name = "http://testserver" response = self.client.get(self.zip_file_base_url + self.test_name_3) self.assertEqual( response.content.decode("utf-8"), self.test_str_3.replace( "$" + exercises.IMG_PLACEHOLDER, (server_name.replace("http:", "") + self.zip_file_base_url), ).strip("/"), ) def test_request_for_html_no_head_return_hashi_modified_html( self, filename_patch): response = self.client.get(self.zip_file_base_url) content = '<html><head></head><body><script src="/static/content/hashi123.js"></script></body></html>' self.assertEqual(response.content.decode("utf-8"), content) def test_request_for_html_body_no_script_return_hashi_modified_html( self, filename_patch): response = self.client.get(self.zip_file_base_url + self.other_name) self.assertEqual(response.content.decode("utf-8"), empty_content) def test_request_for_html_body_script_return_hashi_modified_html( self, filename_patch): response = self.client.get(self.zip_file_base_url + self.script_name) content = ( '<html><head><template hashi-script="true"><script>test</script></template></head>' + '<body><script src="/static/content/hashi123.js"></script></body></html>' ) self.assertEqual(response.content.decode("utf-8"), content) def test_request_for_html_body_script_return_correct_length_header( self, filename_patch): response = self.client.get(self.zip_file_base_url + self.script_name) file_size = len( '<html><head><template hashi-script="true"><script>test</script></template></head>' + '<body><script src="/static/content/hashi123.js"></script></body></html>' ) self.assertEqual(int(response["Content-Length"]), file_size) def test_request_for_html_body_async_script_return_hashi_modified_html( self, filename_patch): response = self.client.get(self.zip_file_base_url + self.async_script_name) soup = BeautifulSoup(response.content, "html.parser") template = soup.find("template") self.assertEqual(template.attrs["async"], "true") def test_request_for_html_empty_html_no_modification(self, filename_patch): response = self.client.get(self.zip_file_base_url + self.empty_html_name) self.assertEqual(response.content.decode("utf-8"), empty_content) def test_not_modified_response_when_if_modified_since_header_set_index_file( self, filename_patch): caching_client = Client( HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT") response = caching_client.get(self.zip_file_base_url) self.assertEqual(response.status_code, 304) def test_not_modified_response_when_if_modified_since_header_set_other_html_file( self, filename_patch): caching_client = Client( HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT") response = caching_client.get(self.zip_file_base_url + self.other_name) self.assertEqual(response.status_code, 304)
def test_cors(self): c = Client() resp = c.options('/api/v1/events/') self.assertTrue(resp.has_header('access-control-allow-headers')) self.assertTrue(resp.get('access-control-allow-origin', '*'))
class RegisterTestCase(TestCase): def setUp(self): self.client = Client() def test_success_register(self): response = self.client.post( r'/account/register', { 'username': '******', 'email': '*****@*****.**', 'password': '******', 'password2': '1234', 'first_name': 'john', 'last_name': 'doe', }) self.assertEquals(response.status_code, status.HTTP_200_OK) def test_user_already_exists(self): self.client.post( r'/account/register', { 'username': '******', 'email': '*****@*****.**', 'password': '******', 'password2': '1234', 'first_name': 'john', 'last_name': 'doe', }) response = self.client.post( r'/account/register', { 'username': '******', 'email': '*****@*****.**', 'password': '******', 'password2': '1234', 'first_name': 'john', 'last_name': 'doe', }) self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertJSONEqual(str(response.content, encoding='utf-8'), {'username': ['User john_doe1 already exists']}) def test_invalid_email(self): response = self.client.post( r'/account/register', { 'username': '******', 'email': 'not_valid_email', 'password': '******', 'password2': '1234', 'first_name': 'john', 'last_name': 'doe', }) self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertJSONEqual(str(response.content, encoding='utf-8'), {'email': ['Enter a valid email address.']}) def test_different_passwords(self): response = self.client.post( r'/account/register', { 'username': '******', 'email': 'not_valid_email', 'password': '******', 'password2': '12345', 'first_name': 'john', 'last_name': 'doe', }) self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertJSONEqual(str(response.content, encoding='utf-8'), {'email': ['Enter a valid email address.']}) def test_empty_fields(self): response = self.client.post(r'/account/register') self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertJSONEqual( str(response.content, encoding='utf-8'), { 'email': ['This field is required.'], 'first_name': ['This field is required.'], 'last_name': ['This field is required.'], 'password': ['This field is required.'], 'password2': ['This field is required.'], 'username': ['This field is required.'], }) def test_only_post_allowed(self): response = self.client.get('/account/register') self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) response = self.client.delete('/account/register') self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) response = self.client.put('/account/register') self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) response = self.client.head('/account/register') self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) response = self.client.options('/account/register') self.assertEquals(response.status_code, status.HTTP_401_UNAUTHORIZED) response = self.client.trace('/account/register') self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class TwilioViewTestCase(TestCase): fixtures = ['django_twilio.json'] urls = 'django_twilio.tests.urls' def setUp(self): self.client = Client(enforce_csrf_checks=True) self.factory = RequestFactory(enforce_csrf_checks=True) # Test URIs. self.uri = 'http://testserver/tests/decorators' self.str_uri = '/tests/decorators/str_view/' self.verb_uri = '/tests/decorators/verb_view/' self.response_uri = '/tests/decorators/response_view/' # Guarantee a value for the required configuration settings after each # test case. django_twilio_settings.TWILIO_ACCOUNT_SID = 'xxx' django_twilio_settings.TWILIO_AUTH_TOKEN = 'xxx' # Pre-calculate Twilio signatures for our test views. self.response_signature = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/response_view/' % self.uri, sha1).digest()).strip() self.str_signature = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/' % self.uri, sha1).digest()).strip() self.sig_with_from_field_normal_caller = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/From+12222222222' % self.uri, sha1).digest()).strip() self.sig_with_from_field_blacklisted_caller = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/From+13333333333' % self.uri, sha1).digest()).strip() self.verb_signature = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/verb_view/' % self.uri, sha1).digest()).strip() def test_requires_post(self): debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.get(self.str_uri).status_code, 405) self.assertEquals(self.client.head(self.str_uri).status_code, 405) self.assertEquals(self.client.options(self.str_uri).status_code, 405) self.assertEquals(self.client.put(self.str_uri).status_code, 405) self.assertEquals(self.client.delete(self.str_uri).status_code, 405) settings.DEBUG = True self.assertEquals(self.client.get(self.str_uri).status_code, 200) self.assertEquals(self.client.head(self.str_uri).status_code, 200) self.assertEquals(self.client.options(self.str_uri).status_code, 200) self.assertEquals(self.client.put(self.str_uri).status_code, 200) self.assertEquals(self.client.delete(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_allows_post(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertEquals(str_view(request).status_code, 200) def test_decorator_preserves_metadata(self): self.assertEqual(str_view.__name__, 'str_view') def test_missing_settings_return_forbidden(self): del django_twilio_settings.TWILIO_ACCOUNT_SID del django_twilio_settings.TWILIO_AUTH_TOKEN debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.post(self.str_uri).status_code, 403) settings.DEBUG = True self.assertEquals(self.client.post(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_missing_signature_returns_forbidden(self): debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.post(self.str_uri).status_code, 403) settings.DEBUG = True self.assertEquals(self.client.post(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_incorrect_signature_returns_forbidden(self): debug_orig = settings.DEBUG settings.DEBUG = False request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE='fakesignature') self.assertEquals(str_view(request).status_code, 403) settings.DEBUG = True self.assertEquals(str_view(request).status_code, 200) settings.DEBUG = debug_orig def test_no_from_field(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertEquals(str_view(request).status_code, 200) def test_from_field_no_caller(self): request = self.factory.post( self.str_uri, {'From': '+12222222222'}, HTTP_X_TWILIO_SIGNATURE=self.sig_with_from_field_normal_caller) self.assertEquals(str_view(request).status_code, 200) def test_blacklist_works(self): debug_orig = settings.DEBUG settings.DEBUG = False request = self.factory.post(self.str_uri, {'From': '+13333333333'}, HTTP_X_TWILIO_SIGNATURE=self. sig_with_from_field_blacklisted_caller) response = str_view(request) r = Response() r.reject() self.assertEquals(response.content, str(r)) settings.DEBUG = True request = self.factory.post(self.str_uri, {'From': '+13333333333'}, HTTP_X_TWILIO_SIGNATURE=self. sig_with_from_field_blacklisted_caller) response = str_view(request) r = Response() r.reject() self.assertEquals(response.content, str(r)) settings.DEBUG = debug_orig def test_decorator_modifies_str(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertTrue(isinstance(str_view(request), HttpResponse)) def test_decorator_modifies_verb(self): request = self.factory.post( self.verb_uri, HTTP_X_TWILIO_SIGNATURE=self.verb_signature) self.assertTrue(isinstance(verb_view(request), HttpResponse)) def test_decorator_preserves_httpresponse(self): request = self.factory.post( self.response_uri, HTTP_X_TWILIO_SIGNATURE=self.response_signature) self.assertTrue(isinstance(response_view(request), HttpResponse)) def test_override_forgery_protection_off_debug_off(self): with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=False, DEBUG=False): request = self.factory.post(self.str_uri) self.assertEquals(str_view(request).status_code, 200) def test_override_forgery_protection_off_debug_on(self): with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=False, DEBUG=True): request = self.factory.post(self.str_uri) self.assertEquals(str_view(request).status_code, 200) def test_override_forgery_protection_on_debug_off(self): with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=True, DEBUG=False): request = self.factory.post(self.str_uri) self.assertEquals(str_view(request).status_code, 403) def test_override_forgery_protection_on_debug_on(self): with override_settings(DJANGO_TWILIO_FORGERY_PROTECTION=True, DEBUG=True): request = self.factory.post(self.str_uri) self.assertEquals(str_view(request).status_code, 403)
def setUp(self): client = Client() self.response = client.options('/', {}, **{'HTTP_ORIGIN': 'https://www.example.com/'})
class ChallengeTest(TestCase): def setUp(self): self.client = Client() self.user = User.objects.create_user(username="******", email="*****@*****.**", challenge="randomstring", encrypted_challenge="encryptedrandomstring") def test_get_challenge_invalid_parameters(self): response = self.client.get("/challenge/") self.assertEqual(response.status_code, 400) def test_get_challenge_invalid_username(self): response = self.client.get("/challenge/", {"username":"******"}) self.assertEqual(response.status_code, 404) def test_get_challenge_valid_username(self): response = self.client.get("/challenge/", {"username":"******"}) self.assertEqual(response.status_code, 200) def test_get_challenge_valid_json(self): response = self.client.get("/challenge/", {"username":"******", 'format':'json'}) try: json.loads(response.content) except ValueError: self.fail("Bad JSON format") def test_get_challenge_invalid_format(self): response = self.client.get("/challenge/", {"username":"******", 'format':'invalidformat'}) self.assertEqual(response.status_code, 400) def test_get_challenge_valid_encrypted_challenge(self): response = self.client.get("/challenge/", {"username":"******", 'format':'json'}) try: challenge_json = json.loads(response.content) self.assertEqual("encrypted_challenge" in challenge_json, True) self.assertEqual(challenge_json["encrypted_challenge"], "encryptedrandomstring") except ValueError: self.fail("Bad JSON format") def test_post_challenge_invalid_parameters(self): response = self.client.post("/challenge/") self.assertEqual(response.status_code, 400) response = self.client.post("/challenge/", {"username":"******"}) self.assertEqual(response.status_code, 400) response = self.client.post("/challenge/", {"challenge":"randomstring"}) self.assertEqual(response.status_code, 400) def test_post_challenge_valid_parameters(self): response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring"}) self.assertEqual(response.status_code, 200) def test_get_challenge_valid_json(self): response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring", 'format':'json'}) try: rsa_json = json.loads(response.content) self.assertEqual("rsa_public" in rsa_json, True) except ValueError: self.fail("Bad JSON format") def test_post_challenge_invalid_format(self): response = self.client.post("/challenge/", {"username":"******", "challenge":"randomstring", "format":"invalidformat"}) self.assertEqual(response.status_code, 400) def test_post_challenge_invalid_credentials(self): response = self.client.post("/challenge/", {"username":"******", "challenge":"invalidchallenge"}) self.assertEqual(response.status_code, 403) def test_challenge_invalid_methods(self): response = self.client.head("/challenge/") self.assertEqual(response.status_code, 405) response = self.client.options("/challenge/", {}) self.assertEqual(response.status_code, 405) response = self.client.put("/challenge/", {}) self.assertEqual(response.status_code, 405) response = self.client.delete("/challenge/", {}) self.assertEqual(response.status_code, 405)
class ZipContentTestCase(TestCase): """ Testcase for zipcontent endpoint """ test_name_1 = "testfile1.txt" test_str_1 = "This is a test!" test_name_2 = "testfile2.txt" test_str_2 = "And another test..." def setUp(self): self.client = Client() provision_device() self.hash = hashlib.md5("DUMMYDATA".encode()).hexdigest() self.extension = "zip" self.filename = "{}.{}".format(self.hash, self.extension) self.zip_path = get_content_storage_file_path(self.filename) zip_path_dir = os.path.dirname(self.zip_path) if not os.path.exists(zip_path_dir): os.makedirs(zip_path_dir) with zipfile.ZipFile(self.zip_path, "w") as zf: zf.writestr(self.test_name_1, self.test_str_1) zf.writestr(self.test_name_2, self.test_str_2) self.zip_file_obj = LocalFile(id=self.hash, extension=self.extension, available=True) self.zip_file_base_url = self.zip_file_obj.get_storage_url() def test_zip_file_url_reversal(self): file = LocalFile(id=self.hash, extension=self.extension, available=True) self.assertEqual(file.get_storage_url(), "/zipcontent/{}/".format(self.filename)) def test_non_zip_file_url_reversal(self): file = LocalFile(id=self.hash, extension="otherextension", available=True) filename = file.get_filename() self.assertEqual(file.get_storage_url(), "/content/storage/{}/{}/{}".format(filename[0], filename[1], filename)) def test_zip_file_internal_file_access(self): # test reading the data from file #1 inside the zip response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(next(response.streaming_content).decode(), self.test_str_1) # test reading the data from file #2 inside the zip response = self.client.get(self.zip_file_base_url + self.test_name_2) self.assertEqual(next(response.streaming_content).decode(), self.test_str_2) def test_nonexistent_zip_file_access(self): bad_base_url = self.zip_file_base_url.replace(self.zip_file_base_url[20:25], "aaaaa") response = self.client.get(bad_base_url + self.test_name_1) self.assertEqual(response.status_code, 404) def test_zip_file_nonexistent_internal_file_access(self): response = self.client.get(self.zip_file_base_url + "qqq" + self.test_name_1) self.assertEqual(response.status_code, 404) def test_not_modified_response_when_if_modified_since_header_set(self): caching_client = Client(HTTP_IF_MODIFIED_SINCE="Sat, 10-Sep-2016 19:14:07 GMT") response = caching_client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.status_code, 304) def test_content_security_policy_header(self): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("Content-Security-Policy"), "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://testserver") def test_access_control_allow_origin_header(self): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("Access-Control-Allow-Origin"), "*") response = self.client.options(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("Access-Control-Allow-Origin"), "*") def test_x_frame_options_header(self): response = self.client.get(self.zip_file_base_url + self.test_name_1) self.assertEqual(response.get("X-Frame-Options", ""), "") def test_access_control_allow_headers(self): headerval = "X-Penguin-Dance-Party" response = self.client.options(self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval) self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval) response = self.client.get(self.zip_file_base_url + self.test_name_1, HTTP_ACCESS_CONTROL_REQUEST_HEADERS=headerval) self.assertEqual(response.get("Access-Control-Allow-Headers", ""), headerval)
def setUp(self): client = Client() self.response = client.options( '/', {}, **{'HTTP_ORIGIN': 'https://www.example.com/'})
class TwilioViewTestCase(TestCase): fixtures = ['django_twilio.json'] urls = 'django_twilio.tests.urls' def setUp(self): self.client = Client(enforce_csrf_checks=True) self.factory = RequestFactory(enforce_csrf_checks=True) # Test URIs. self.uri = 'http://testserver/tests/decorators' self.str_uri = '/tests/decorators/str_view/' self.verb_uri = '/tests/decorators/verb_view/' self.response_uri = '/tests/decorators/response_view/' # Guarantee a value for the required configuration settings after each # test case. django_twilio_settings.TWILIO_ACCOUNT_SID = 'xxx' django_twilio_settings.TWILIO_AUTH_TOKEN = 'xxx' # Pre-calculate Twilio signatures for our test views. self.response_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/response_view/' % self.uri, sha1).digest()).strip() self.str_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/' % self.uri, sha1).digest()).strip() self.str_signature_with_from_field_normal_caller = encodestring(new( django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/From+12222222222' % self.uri, sha1).digest()).strip() self.str_signature_with_from_field_blacklisted_caller = encodestring( new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/str_view/From+13333333333' % self.uri, sha1).digest()).strip() self.verb_signature = encodestring(new(django_twilio_settings.TWILIO_AUTH_TOKEN, '%s/verb_view/' % self.uri, sha1).digest()).strip() def test_is_csrf_exempt(self): self.assertTrue(self.client.post(self.str_uri).csrf_exempt) def test_requires_post(self): debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.get(self.str_uri).status_code, 405) self.assertEquals(self.client.head(self.str_uri).status_code, 405) self.assertEquals(self.client.options(self.str_uri).status_code, 405) self.assertEquals(self.client.put(self.str_uri).status_code, 405) self.assertEquals(self.client.delete(self.str_uri).status_code, 405) settings.DEBUG = True self.assertEquals(self.client.get(self.str_uri).status_code, 200) self.assertEquals(self.client.head(self.str_uri).status_code, 200) self.assertEquals(self.client.options(self.str_uri).status_code, 200) self.assertEquals(self.client.put(self.str_uri).status_code, 200) self.assertEquals(self.client.delete(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_allows_post(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertEquals(str_view(request).status_code, 200) def test_decorator_preserves_metadata(self): self.assertEqual(str_view.__name__, 'str_view') def test_missing_settings_return_forbidden(self): del django_twilio_settings.TWILIO_ACCOUNT_SID del django_twilio_settings.TWILIO_AUTH_TOKEN debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.post(self.str_uri).status_code, 403) settings.DEBUG = True self.assertEquals(self.client.post(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_missing_signature_returns_forbidden(self): debug_orig = settings.DEBUG settings.DEBUG = False self.assertEquals(self.client.post(self.str_uri).status_code, 403) settings.DEBUG = True self.assertEquals(self.client.post(self.str_uri).status_code, 200) settings.DEBUG = debug_orig def test_incorrect_signature_returns_forbidden(self): debug_orig = settings.DEBUG settings.DEBUG = False request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE='fakesignature') self.assertEquals(str_view(request).status_code, 403) settings.DEBUG = True self.assertEquals(str_view(request).status_code, 200) settings.DEBUG = debug_orig def test_no_from_field(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertEquals(str_view(request).status_code, 200) def test_from_field_no_caller(self): request = self.factory.post(self.str_uri, {'From': '+12222222222'}, HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_normal_caller) self.assertEquals(str_view(request).status_code, 200) def test_blacklist_works(self): debug_orig = settings.DEBUG settings.DEBUG = False request = self.factory.post(self.str_uri, {'From': '+13333333333'}, HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller) response = str_view(request) r = Response() r.reject() self.assertEquals(response.content, str(r)) settings.DEBUG = True request = self.factory.post(self.str_uri, {'From': '+13333333333'}, HTTP_X_TWILIO_SIGNATURE=self.str_signature_with_from_field_blacklisted_caller) response = str_view(request) r = Response() r.reject() self.assertEquals(response.content, str(r)) settings.DEBUG = debug_orig def test_decorator_modifies_str(self): request = self.factory.post(self.str_uri, HTTP_X_TWILIO_SIGNATURE=self.str_signature) self.assertTrue(isinstance(str_view(request), HttpResponse)) def test_decorator_modifies_verb(self): request = self.factory.post(self.verb_uri, HTTP_X_TWILIO_SIGNATURE=self.verb_signature) self.assertTrue(isinstance(verb_view(request), HttpResponse)) def test_decorator_preserves_httpresponse(self): request = self.factory.post(self.response_uri, HTTP_X_TWILIO_SIGNATURE=self.response_signature) self.assertTrue(isinstance(response_view(request), HttpResponse))
class ChallengeTest(TestCase): def setUp(self): self.client = Client() self.user = User.objects.create_user( username="******", email="*****@*****.**", challenge="randomstring", encrypted_challenge="encryptedrandomstring") def test_get_challenge_invalid_parameters(self): response = self.client.get("/challenge/") self.assertEqual(response.status_code, 400) def test_get_challenge_invalid_username(self): response = self.client.get("/challenge/", {"username": "******"}) self.assertEqual(response.status_code, 404) def test_get_challenge_valid_username(self): response = self.client.get("/challenge/", {"username": "******"}) self.assertEqual(response.status_code, 200) def test_get_challenge_valid_json(self): response = self.client.get("/challenge/", { "username": "******", 'format': 'json' }) try: json.loads(response.content) except ValueError: self.fail("Bad JSON format") def test_get_challenge_invalid_format(self): response = self.client.get("/challenge/", { "username": "******", 'format': 'invalidformat' }) self.assertEqual(response.status_code, 400) def test_get_challenge_valid_encrypted_challenge(self): response = self.client.get("/challenge/", { "username": "******", 'format': 'json' }) try: challenge_json = json.loads(response.content) self.assertEqual("encrypted_challenge" in challenge_json, True) self.assertEqual(challenge_json["encrypted_challenge"], "encryptedrandomstring") except ValueError: self.fail("Bad JSON format") def test_post_challenge_invalid_parameters(self): response = self.client.post("/challenge/") self.assertEqual(response.status_code, 400) response = self.client.post("/challenge/", {"username": "******"}) self.assertEqual(response.status_code, 400) response = self.client.post("/challenge/", {"challenge": "randomstring"}) self.assertEqual(response.status_code, 400) def test_post_challenge_valid_parameters(self): response = self.client.post("/challenge/", { "username": "******", "challenge": "randomstring" }) self.assertEqual(response.status_code, 200) def test_get_challenge_valid_json(self): response = self.client.post("/challenge/", { "username": "******", "challenge": "randomstring", 'format': 'json' }) try: rsa_json = json.loads(response.content) self.assertEqual("rsa_public" in rsa_json, True) except ValueError: self.fail("Bad JSON format") def test_post_challenge_invalid_format(self): response = self.client.post( "/challenge/", { "username": "******", "challenge": "randomstring", "format": "invalidformat" }) self.assertEqual(response.status_code, 400) def test_post_challenge_invalid_credentials(self): response = self.client.post("/challenge/", { "username": "******", "challenge": "invalidchallenge" }) self.assertEqual(response.status_code, 403) def test_challenge_invalid_methods(self): response = self.client.head("/challenge/") self.assertEqual(response.status_code, 405) response = self.client.options("/challenge/", {}) self.assertEqual(response.status_code, 405) response = self.client.put("/challenge/", {}) self.assertEqual(response.status_code, 405) response = self.client.delete("/challenge/", {}) self.assertEqual(response.status_code, 405)