def test_point_update(self): """ Test that a point can be updated. Checks: - trying to update the point without authentication gives a 401 - trying to update the point as a different user gives a 403 - valid PUT response status is 200 - trying to update the point without a latitude gives a 400 - trying to update the point without a longitude gives a 400 - trying to update the point with an invalid latitude gives a 400 - trying to update the point with an invalid longitude gives a 400 """ user = User(username='******', location='Test') user.set_password('tester') user.save() user2 = User(username='******', location='Test') user2.set_password('tester2') user2.save() point = Point.objects.create(name='test', description='testing', latitude=12.123, longitude=45.456, creator=user) url = reverse('point-detail', args=[point.id]) data = { 'name': 'updated point', 'description': 'hello', 'latitude': -12.123, 'longitude': -45.456 } unauthorized_response = self.client.put(url, data) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2')) forbidden_response = self.client.put(url, data) self.assertEqual(forbidden_response.status_code, status.HTTP_403_FORBIDDEN) self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.put(url, data) self.assertEqual(response.status_code, status.HTTP_200_OK) no_latitude_data = { 'name': 'updated point again', 'longitude': 45.456789 } no_latitude_response = self.client.put(url, no_latitude_data) self.assertEqual(no_latitude_response.status_code, status.HTTP_400_BAD_REQUEST) no_longitude_data = { 'name': 'updated point again', 'latitude': 12.123456 } no_longitude_response = self.client.put(url, no_longitude_data) self.assertEqual(no_longitude_response.status_code, status.HTTP_400_BAD_REQUEST) invalid_latitude_data = { 'name': 'update it', 'latitude': 'hello', 'longitude': 45.123 } invalid_latitude_response = self.client.put(url, invalid_latitude_data) self.assertEqual(invalid_latitude_response.status_code, status.HTTP_400_BAD_REQUEST) invalid_longitude_data = { 'name': 'update it', 'latitude': 12.123, 'longitude': '0x123' } invalid_longitude_response = self.client.put(url, invalid_longitude_data) self.assertEqual(invalid_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
def test_tag_create(self): """ Test that a new tag for a point can be created. Checks: - trying to create a tag without authentication gives a 401 - trying to create a tag as a non-creator gives a 403 - valid POST response status is 201 - response data attributes match the ones sent in the request - creator, point, _url and _parent links are valid (accessible with a GET request) """ user = User(username='******', location='Test') user.set_password('tester') user.save() user2 = User(username='******', location='Test') user2.set_password('tester2') user2.save() point = Point.objects.create(name='test', description='testing', latitude=12.123, longitude=45.456, creator=user) data = { 'name': 'camping', } url = reverse('point-tag-list', args=[point.id]) unauthorized_response = self.client.post(url, data) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2')) forbidden_response = self.client.post(url, data) self.assertEqual(forbidden_response.status_code, status.HTTP_403_FORBIDDEN) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.post(url, data) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(response.data['name'], 'camping') self.assertTrue(utils.check_point_get(self.client, response.data)) self.assertTrue(utils.check_creator_get(self.client, response.data)) self.assertTrue(utils.check_url_get(self.client, response.data)) self.assertTrue(utils.check_parent_get(self.client, response.data))
def test_point_delete(self): """ Test that a point can be deleted. Checks: - trying to delete the point without authentication gives a 401 - valid DELETE response status is 204 - trying to delete the same point again gives a 404 """ user = User(username='******', location='Test') user.set_password('tester') user.save() point = Point.objects.create(name='test', description='testing', latitude=12.123, longitude=45.456, creator=user) url = reverse('point-detail', args=[point.id]) unauthorized_response = self.client.delete(url) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.delete(url) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) not_found_response = self.client.delete(url) self.assertEqual(not_found_response.status_code, status.HTTP_404_NOT_FOUND)
def test_comment_update(self): """ Test that a comment can be updated. Checks: - trying to update the comment without authentication gives a 401 - trying to update the comment as a different user gives a 403 - valid PUT response status is 200 """ user = User(username='******', location='Test') user.set_password('tester') user.save() user2 = User(username='******', location='Test') user2.set_password('tester2') user2.save() point = Point.objects.create(name='test', description='testing', latitude=12.123, longitude=45.456, creator=user) comment = Comment.objects.create(content='hello world', creator=user, point=point) url = reverse('point-comment-detail', args=[point.id, comment.id]) data = { 'content': 'updated comment', } unauthorized_response = self.client.put(url, data) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2')) forbidden_response = self.client.put(url, data) self.assertEqual(forbidden_response.status_code, status.HTTP_403_FORBIDDEN) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.put(url, data) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_delete(self): """ Test that a user can be deleted. Checks: - trying to delete the user without authentication gives a 401 - trying to delete the user as another user gives a 403 - trying to delete a non-existing user gives a 404 - valid DELETE response status is 204 - trying to delete the same user again gives a 401 (as the user is deleted and no longer authenticated) """ user = User(username='******', location='Test') user.set_password('tester') user.save() another_user = User(username='******', location='Test2') another_user.set_password('tester2') another_user.save() url = reverse('user-detail', args=[user.id]) unauthorized_response = self.client.delete(url) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2')) forbidden_response = self.client.delete(url) self.assertEqual(forbidden_response.status_code, status.HTTP_403_FORBIDDEN) not_found_response = self.client.delete(url + '1') self.assertEqual(not_found_response.status_code, status.HTTP_404_NOT_FOUND) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.delete(url) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) deleted_response = self.client.delete(url) self.assertEqual(deleted_response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_star_create(self): """ Test that a new star for a point can be created. Checks: - trying to create a star without authentication gives a 401 - valid POST response status is 201 - response data attributes match the ones sent in the request - creator, point, _url and _parent links are valid (accessible with a GET request) - trying to create a star twice as the same user gives a 409 """ user = User(username='******', location='Test') user.set_password('tester') user.save() point = Point.objects.create(name='test', description='testing', latitude=12.123, longitude=45.456, creator=user) url = reverse('point-star-list', args=[point.id]) unauthorized_response = self.client.post(url) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.post(url) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertTrue(utils.check_point_get(self.client, response.data)) self.assertTrue(utils.check_creator_get(self.client, response.data)) self.assertTrue(utils.check_url_get(self.client, response.data)) self.assertTrue(utils.check_parent_get(self.client, response.data)) duplicate_response = self.client.post(url) self.assertEqual(duplicate_response.status_code, status.HTTP_409_CONFLICT)
def test_point_create(self): """ Test that a new point can be created. Checks: - trying to create a point without authentication gives a 401 - valid POST response status is 201 - response data attributes match the ones sent in the request - creator, _url and _parent links are valid (accessible with a GET request) - trying to create a point with the same name by the same creator gives a 409 - trying to create a point with an invalid latitude value gives a 400 - trying to create a point with an invalid longitude value gives a 400 - trying to create a point with a too big latitude value gives a 400 - trying to create a point with a too small longitude value gives a 400 - trying to create a point without a latitude gives a 400 - trying to create a point without a longitude gives a 400 """ user = User(username='******', location='Test') user.set_password('tester') user.save() data = { 'name': 'test', 'description': 'testing', 'latitude': 12.123456, 'longitude': 45.456789, } url = reverse('point-list') unauthorized_response = self.client.post(url, data) self.assertEqual(unauthorized_response.status_code, status.HTTP_401_UNAUTHORIZED) self.client.credentials(HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.post(url, data) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(response.data['name'], 'test') self.assertEqual(response.data['description'], 'testing') self.assertEqual(response.data['latitude'], '12.123456') self.assertEqual(response.data['longitude'], '45.456789') self.assertTrue(utils.check_creator_get(self.client, response.data)) self.assertTrue(utils.check_url_get(self.client, response.data)) self.assertTrue(utils.check_parent_get(self.client, response.data)) duplicate_response = self.client.post(url, data) self.assertEqual(duplicate_response.status_code, status.HTTP_409_CONFLICT) no_name_data = { 'latitude': 12.123456, 'longitude': 45.456789 } no_name_response = self.client.post(url, no_name_data) self.assertEqual(no_name_response.status_code, status.HTTP_400_BAD_REQUEST) invalid_latitude_data = { 'name': 'test2', 'latitude': '12.3a5', 'longitude': 45.456789 } invalid_latitude_response = self.client.post(url, invalid_latitude_data) self.assertEqual(invalid_latitude_response.status_code, status.HTTP_400_BAD_REQUEST) invalid_longitude_data = { 'name': 'test2', 'latitude': 12.345, 'longitude': ''} invalid_longitude_response = self.client.post(url, invalid_longitude_data) self.assertEqual(invalid_longitude_response.status_code, status.HTTP_400_BAD_REQUEST) # latitude larger than max (90) too_large_latitude_data = { 'name': 'test2', 'latitude': 90.345, 'longitude': -10} too_large_latitude_response = self.client.post(url, too_large_latitude_data) self.assertEqual(too_large_latitude_response.status_code, status.HTTP_400_BAD_REQUEST) # longitude smaller than min (-180) too_small_longitude_data = { 'name': 'test2', 'latitude': 80.345, 'longitude': -181} too_small_longitude_data = self.client.post(url, too_small_longitude_data) self.assertEqual(too_small_longitude_data.status_code, status.HTTP_400_BAD_REQUEST) no_latitude_data = { 'name': 'test2', 'longitude': 45.456789 } no_latitude_response = self.client.post(url, no_latitude_data) self.assertEqual(no_latitude_response.status_code, status.HTTP_400_BAD_REQUEST) no_longitude_data = { 'name': 'test2', 'latitude': 12.123456 } no_longitude_response = self.client.post(url, no_longitude_data) self.assertEqual(no_longitude_response.status_code, status.HTTP_400_BAD_REQUEST)
def test_user_update(self): """ Test that a user can be updated. Checks: - valid PUT response status is 200 - response data attributes match the ones sent in the request - _url and _parent links are valid (accessible with a GET request) - trying to update a username with the same name gives a 403 - trying to update a user without a username gives a 400 - trying to update a user without a password gives a 400 """ user = User(username='******', location='Original') user.set_password('original') user.save() user2 = User(username='******', location='Test') user2.set_password('tester') user2.save() url = reverse('user-detail', args=[user2.id]) data = { 'username': '******', 'password': '******', 'location': 'Oulu' } self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester:tester')) response = self.client.put(url, data) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['username'], 'tester2') self.assertEqual(response.data['location'], 'Oulu') # update user authentication details self.client.credentials( HTTP_AUTHORIZATION=utils.get_basic_auth_header('tester2:tester2')) self.assertTrue(utils.check_url_get(self.client, response.data)) self.assertTrue(utils.check_parent_get(self.client, response.data)) existing_user_url = reverse('user-detail', args=[user.id]) existing_user_data = { 'username': '******', 'password': '******', 'location': 'Oulu' } existing_user_response = self.client.put(existing_user_url, existing_user_data) self.assertEqual(existing_user_response.status_code, status.HTTP_403_FORBIDDEN) no_username_data = {'password': '******'} no_username_response = self.client.put(url, no_username_data) self.assertEqual(no_username_response.status_code, status.HTTP_400_BAD_REQUEST) no_password_data = {'username': '******'} no_password_response = self.client.put(url, no_password_data) self.assertEqual(no_password_response.status_code, status.HTTP_400_BAD_REQUEST)