class PowerReportResourceTest(ResourceTestCase): fixtures = ['test_data.json'] def setUp(self): super(PowerReportResourceTest, self).setUp() # Create a user. self.username = u'john' self.password = u'doe' self.user = User.objects.create_user(self.username, '*****@*****.**', self.password) self.api_key = self.user.api_key.key self.c = Client() self.post_data = { "area": "/api/v1/areas/1/", "happened_at": "2012-06-14 12:37:50", "has_experienced_outage": True, "duration": 60 } # Fetch the ``Entry`` object we'll use in testing. # Note that we aren't using PKs because they can change depending # on what other tests are running. self.power_report_1 = PowerReport.objects.get(duration=121) # We also build a detail URI, since we will be using it all over. # DRY, baby. DRY. self.detail_url = '/api/v1/reports/{0}/'.format(self.power_report_1.pk) def get_credentials(self): return {"username": self.username, "api_key": self.api_key} def test_get_list_unauthorizied(self): """Get reports from the API without authenticated""" self.assertHttpUnauthorized(self.c.get('/api/v1/reports/')) def test_get_list_json(self): """Get reports from the API with authenticated. With checks if all keys are available""" resp = self.c.get('/api/v1/reports/', self.get_credentials()) self.assertValidJSONResponse(resp) nb = PowerReport.objects.count() # Scope out the data for correctness. self.assertEqual(len(self.deserialize(resp)['objects']), nb) # Here we're checking an entire structure for the expected data. self.assertKeys(self.deserialize(resp)['objects'][0], { 'area': '/api/v1/areas/1/', 'happened_at': '2012-06-13T12:37:50+00:00', 'has_experienced_outage': True, 'location': None, 'duration': 240, 'quality': '1.00', 'resource_uri': '/api/v1/reports/2/', 'contributor': None, 'device': None }) def test_header_auth(self): resp = self.c.get(self.detail_url, **{'HTTP_AUTHORIZATION': 'ApiKey ' + self.username + ':' + self.api_key}) self.assertValidJSONResponse(resp) # We use ``assertKeys`` here to just verify the keys, not all the data. #self.assertKeys(self.deserialize(resp), ['area', 'device', 'happened_at', 'has_experienced_outage', 'contributor', 'location', 'duration', 'quality']) self.assertEqual(self.deserialize(resp)['duration'], 121) def test_get_detail_unauthenticated(self): """Try to Get a single report from the API without authenticated""" self.assertHttpUnauthorized(self.c.get(self.detail_url)) def test_get_detail_json(self): """Get a single report from the API with authenticated. With checks if all keys are available""" resp = self.c.get(self.detail_url, self.get_credentials()) self.assertValidJSONResponse(resp) # We use ``assertKeys`` here to just verify the keys, not all the data. #self.assertKeys(self.deserialize(resp), ['area', 'happened_at', 'has_experienced_outage', 'contributor', 'location', 'duration', 'quality', 'resource_uri']) self.assertEqual(self.deserialize(resp)['duration'], 121) def test_post_list_unauthenticated(self): """Try to Post a single report to the API without authenticated""" self.assertHttpUnauthorized(self.c.post('/api/v1/reports/', data=self.post_data)) def test_post_list_without_permissions(self): """Post a single report to the API with authenticated and without add permissions""" add_powerreport = Permission.objects.get(codename="add_powerreport") self.user.user_permissions.remove(add_powerreport) nb = PowerReport.objects.count() self.assertHttpUnauthorized(self.c.post('/api/v1/reports/?username='******'&api_key=' + self.api_key, data=json.dumps(self.post_data), content_type="application/json")) # Verify that nothing was added to the db self.assertEqual(PowerReport.objects.count(), nb) def test_post_list_with_permissions(self): """Post a single report to the API with authenticated and with add permissions""" add_powerreport = Permission.objects.get(codename="add_powerreport") self.user.user_permissions.add(add_powerreport) # Check how many there are first. nb = PowerReport.objects.count() self.assertHttpCreated(self.c.post('/api/v1/reports/?username=%s&api_key=%s' % (self.username, self.api_key), data=json.dumps(self.post_data), content_type="application/json")) # Verify that no report has been added self.assertEqual(PowerReport.objects.count(), nb) def test_post_list_with_permissions_and_polled_today(self): """Post a single report to the API with authenticated and with add permissions""" add_powerreport = Permission.objects.get(codename="add_powerreport") self.user.user_permissions.add(add_powerreport) # Set enquiry to today - so that the contribution is accepted self.contributor_1 = Contributor(name="Marc", email="*****@*****.**") self.contributor_1.set_password("marc") self.contributor_1.enquiry = datetime.today().date() self.contributor_1.save() # Check how many there are first. nb = PowerReport.objects.count() rt = PowerReport(has_experienced_outage=True, duration=153, contributor=self.contributor_1, area=Area.objects.get(pk=1), happened_at=datetime.today().date()) rt.save() # Verify that a new report has been added. self.assertEqual(PowerReport.objects.count(), nb + 1) def test_put_detail_unauthenticated(self): """Put a single report is not allowed from the API with authenticated""" self.assertHttpMethodNotAllowed(self.c.put(self.detail_url)) def test_put_detail(self): """Put a single report is not allowed from the API with authenticated""" self.assertHttpMethodNotAllowed(self.c.put(self.detail_url, self.get_credentials())) def test_delete_detail_unauthenticated(self): """Delete a single report is not allowed from the API without authenticated""" self.assertHttpMethodNotAllowed(self.c.delete(self.detail_url)) def test_delete_detail(self): """Delete a single report is not allowed from the API with authenticated""" self.assertHttpMethodNotAllowed(self.c.delete(self.detail_url, self.get_credentials()))
class ContributorResourceTest(ResourceTestCase): def setUp(self): super(ContributorResourceTest, self).setUp() # Create a user. self.username = u'john' self.password = u'doe' self.email = u'*****@*****.**' self.user = User.objects.create_user(self.username, self.email, self.password) self.api_key = self.user.api_key.key self.c = Client() self.post_data = { 'name': 'james', 'email': '*****@*****.**', 'password': self.user.__dict__["password"], 'language': 'DE' } self.put_data = { 'email': '*****@*****.**', 'language': 'DE' } # Fetch the ``Entry`` object we'll use in testing. # Note that we aren't using PKs because they can change depending # on what other tests are running. self.contributor_1 = Contributor(name="Tobias", email="*****@*****.**") self.contributor_1.set_password("tobias") self.contributor_1.save() # We also build a detail URI, since we will be using it all over. # DRY, baby. DRY. self.list_url = '/api/v1/contributors/' self.detail_url = '{0}{1}/'.format(self.list_url, self.contributor_1.pk) def get_credentials(self): return {"username": self.username, "api_key": self.api_key} def test_get_list_unauthorzied(self): """Get areas from the API without authenticated""" self.assertHttpUnauthorized(self.c.get(self.list_url)) def test_get_list_json(self): """Get users from the API with authenticated. With checks if all keys are available""" resp = self.c.get(self.list_url, self.get_credentials()) self.assertValidJSONResponse(resp) # Scope out the data for correctness. self.assertEqual(len(self.deserialize(resp)['objects']), 1) # Here, we're checking an entire structure for the expected data. self.assertEqual(self.deserialize(resp)['objects'][0], { 'id': '1', 'name': 'Tobias', 'email': '*****@*****.**', 'password': settings.DUMMY_PASSWORD, 'resource_uri': self.detail_url, 'language': 'EN', # EN is the default value 'frequency': 1, 'enquiry': None, 'response': None, 'resource_uri': '/api/v1/contributors/1/' }) def test_get_detail_unauthenticated(self): """Try to Get a single user from the API without authenticated""" self.assertHttpUnauthorized(self.c.get(self.detail_url)) def test_get_detail_json(self): """Get a single user from the API with authenticated. With checks if all keys are available""" resp = self.c.get(self.detail_url, self.get_credentials()) self.assertValidJSONResponse(resp) # We use ``assertKeys`` here to just verify the keys, not all the data. self.assertKeys(self.deserialize(resp), ['id', 'email', 'password', 'name', 'language', 'frequency', 'response', 'enquiry', 'resource_uri']) self.assertEqual(self.deserialize(resp)['name'], "Tobias") def test_post_list_unauthenticated(self): """Try to Post a single user to the API without authenticated""" self.assertHttpUnauthorized(self.c.post(self.list_url, data=self.post_data)) def test_post_list_without_permissions(self): """Try to Post a single user to the API with authenticated and without permission""" self.assertHttpUnauthorized(self.c.post(self.list_url + '?username='******'&api_key=' + self.api_key, data=json.dumps(self.post_data), content_type="application/json")) def test_post_list_with_permissions(self): """Try to Post a single user to the API with authenticated and permission""" add_contributor = Permission.objects.get(codename="add_contributor") self.user.user_permissions.add(add_contributor) self.assertEqual(Contributor.objects.count(), 1) self.assertHttpCreated(self.c.post(self.list_url + '?username='******'&api_key=' + self.api_key, data=json.dumps(self.post_data), content_type="application/json")) self.assertEqual(Contributor.objects.count(), 2) def test_put_detail_unauthenticated(self): """Try to Put a single user is not allowed from the API with authenticated""" self.assertHttpUnauthorized(self.c.put(self.detail_url)) def test_put_detail_without_permission(self): """Try to Put a single user is not allowed from the API with authenticated and without permission""" self.assertHttpUnauthorized(self.c.put(self.detail_url, self.get_credentials())) def test_put_detail_with_permission(self): """Try to Put a single user is not allowed from the API with authenticated abd permission""" change_contributor = Permission.objects.get(codename="change_contributor") self.user.user_permissions.add(change_contributor) self.assertEqual(Contributor.objects.count(), 1) self.assertHttpAccepted(self.c.put(self.detail_url + '?username='******'&api_key=' + self.api_key, data=json.dumps(self.put_data), content_type="application/json")) self.assertEqual(Contributor.objects.count(), 1) self.assertEqual(Contributor.objects.get(pk=self.contributor_1.pk).email, self.put_data.get("email")) def test_delete_detail_unauthenticated(self): """Delete a single user is not allowed from the API without authenticated""" self.assertHttpUnauthorized(self.c.delete(self.detail_url)) def test_delete_detail_without_permission(self): """Delete a single user is allowed from the API with authenticated""" self.assertEqual(Contributor.objects.count(), 1) self.assertHttpUnauthorized(self.c.delete(self.detail_url, self.get_credentials())) self.assertEqual(Contributor.objects.count(), 1) def test_delete_detail_with_permision(self): """Delete a single user is allowed from the API with authenticated""" delete_contributor = Permission.objects.get(codename="delete_contributor") self.user.user_permissions.add(delete_contributor) self.assertEqual(Contributor.objects.count(), 1) self.assertHttpAccepted(self.c.delete(self.detail_url, self.get_credentials())) self.assertEqual(Contributor.objects.count(), 0) def test_check_password(self): """Check that the password of the Contributor is right""" check_password_url = self.detail_url + "check_password/" credentials = self.get_credentials() # Check if only authorized can access this url self.assertHttpUnauthorized(self.c.get(check_password_url)) # Test with credentials and wrong password credentials_and_wrong_password = credentials credentials_and_wrong_password.update({"password": "******"}) resp = self.c.get(check_password_url, credentials_and_wrong_password) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['password_valid'], False) # Test with credentials and right password credentials_and_password = credentials credentials_and_password.update({"password": "******"}) resp = self.c.get(check_password_url, credentials_and_password) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['password_valid'], True) # Update password with put and chek password again change_contributor = Permission.objects.get(codename="change_contributor") self.user.user_permissions.add(change_contributor) self.assertHttpAccepted(self.c.put(self.detail_url + '?username='******'&api_key=' + self.api_key, data=json.dumps({"password": "******"}), content_type="application/json")) credentials_and_updated_password = credentials credentials_and_updated_password.update({"password": "******"}) resp = self.c.get(check_password_url, credentials_and_updated_password) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['password_valid'], True)