def test__update_account__offset_without_password(self):
user = factories.UserFactory(email_is_verified=True)
data = {'offset': 0}
response = self._get_update_account_response(data, user)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test__password_reset__confirm(self):
user = factories.UserFactory(email_is_verified=True)
args = (str(user.pk), user.generate_password_reset_token())
data = {'token': '|'.join(args), 'password': '******'}
path = reverse('accounts_password_reset_confirm')
self.assertFalse(user.check_password(data['password']))
request = self.factory.post(path, data=data)
response = views.PasswordResetConfirmView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
user = models.User.objects.get(email=user.email)
self.assertTrue(user.check_password(data['password']))
# Invalid password
data = {'token': '|'.join(args), 'password': '******'}
request = self.factory.post(path, data=data)
response = views.PasswordResetConfirmView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# Invalid data separator
args = (str(user.pk), user.generate_password_reset_token())
data = {'token': ','.join(args), 'password': '******'}
request = self.factory.post(path, data=data)
response = views.PasswordResetConfirmView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__update_account__ok(self, emails):
user = factories.UserFactory(email_is_verified=True)
data_set = [
dict(email='*****@*****.**', old_password='******'),
dict(password='******', old_password='******'),
dict(offset=12 * 60, old_password='******'),
dict(offset=-12 * 60),
dict(),
dict(email='*****@*****.**',
password='******',
old_password='******',
offset=0),
]
for data in data_set:
response = self._get_update_account_response(data, user)
fresh_user = models.User.objects.get(pk=user.pk)
self.assertEqual(response.status_code, status.HTTP_200_OK, data)
self.assertFalse(fresh_user.email_is_verified)
self.assertDictEqual(
response.data,
serializers.UpdateUserSerializer(fresh_user).data,
msg=data)
self.assertEqual(emails.verification.call_count, 2)
def test__get_report_api_incorrect_request(self):
site = factories.SiteFactory()
begin_date, end_date = get_begin_end_date_timestamp()
params = {
'begin_date': begin_date,
'end_date': end_date,
'events': 'clicks'
}
# Generate 400 (empty site id)
url = '/api/v1/reports?%s' % urllib.urlencode(params)
request = self.factory.get(url)
self._authenticate_request(request, user=site.user)
response = archive_views.GetReport.as_view()(request)
self.assertEqual(response.status_code, 400)
# Generate 404 (nonexistent site id)
url = '/api/v1/reports?%s&site=404' % urllib.urlencode(params)
request = self.factory.get(url)
self._authenticate_request(request, user=site.user)
response = archive_views.GetDigest.as_view()(request)
self.assertEqual(response.status_code, 404)
# Generate 403 (site's user != user)
user = factories.UserFactory()
url = '/api/v1/reports?%s&site=%s' % (urllib.urlencode(params),
site.pk)
request = self.factory.get(url)
self._authenticate_request(request, user=user)
response = archive_views.GetReport.as_view()(request)
self.assertEqual(response.status_code, 403)
def test__obtain_token__ok(self):
user = factories.UserFactory(email_is_verified=True)
data = {'email': user.email, 'password': '******'}
request = self.factory.post(reverse('accounts_token'), data=data)
response = views.ObtainJSONWebToken.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test__obtain_token__invalid_pass(self):
data = {'email': factories.UserFactory().email, 'password': '******'}
request = self.factory.post(reverse('accounts_token'), data=data)
response = views.ObtainJSONWebToken.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertNotIn('token', response.data)
def test__obtain_token_inactive_user(self):
user = factories.UserFactory(is_active=False, email_is_verified=True)
data = {'email': user.email, 'password': user.password}
request = self.factory.post(reverse('accounts_token'), data=data)
response = views.ObtainJSONWebToken.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertNotIn('token', response.data)
def test__obtain_token_not_email_verified_user(self):
user = factories.UserFactory(is_active=True, email_is_verified=False)
data = {'email': user.email, 'password': user.password}
request = self.factory.post(reverse('accounts_token'), data=data)
response = views.ObtainJSONWebToken.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['non_field_errors'],
['Unable to login with provided credentials.'])
def test__update_account__wrong_offset(self):
user = factories.UserFactory(email_is_verified=True)
for offset in (15 * 60, -13 * 60):
data = {'offset': offset}
response = self._get_update_account_response(data, user)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['offset'],
['Invalid timezone offset'])
def test__obtain_token_incomplete_credentials(self):
user = factories.UserFactory(is_active=True, email_is_verified=True)
data = {'email': user.email}
request = self.factory.post(reverse('accounts_token'), data=data)
response = views.ObtainJSONWebToken.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data,
{'password': ['This field is required.']})
self.assertNotIn('token', response.data)
def test__password_reset__attempt(self, emails):
user = factories.UserFactory(email_is_verified=True)
data = {'email': user.email}
path = reverse('accounts_password_reset_attempt')
request = self.factory.post(path, data=data)
response = views.PasswordResetAttemptView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
emails.password_reset_attempt.assert_called_once_with(user)
# Case when password reset's data is invalid
data = {'email': 'invalid_email'}
request = self.factory.post(path, data=data)
response = views.PasswordResetAttemptView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# email not found
data = {'email': '*****@*****.**'}
request = self.factory.post(path, data=data)
response = views.PasswordResetAttemptView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# inactive user
user = factories.UserFactory(is_active=False)
data = {'email': user.email}
request = self.factory.post(path, data=data)
response = views.PasswordResetAttemptView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
# email verified == False
user = factories.UserFactory(email_is_verified=False)
data = {'email': user.email}
request = self.factory.post(path, data=data)
response = views.PasswordResetAttemptView.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__widgets__create__more_than_one_disallowed(self):
user1 = factories.UserFactory()
user2 = factories.UserFactory()
site1 = factories.SiteFactory(user=user1)
site2 = factories.SiteFactory(user=user1)
site3 = factories.SiteFactory(user=user2)
disallow_many_widgets = [
constants.WIDGET_CONFIGURATION_COPY_PASTE,
constants.WIDGET_CONFIGURATION_NEWSLETTER,
constants.WIDGET_CONFIGURATION_MOBILE,
constants.WIDGET_CONFIGURATION_VERTICAL_FLOAT
]
self.data.update({
'position': constants.WIDGET_LEFT_POSITION,
'page_title': 'Page title',
'page_url': 'http://example.com',
'media_url': 'http://media.com',
'min_width': 0,
})
for widget_type in disallow_many_widgets:
self.data['type'] = widget_type
# First creation
response, _ = self._create_widget(site=site1)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Second creation fails for the same user and the same site
self.data['name'] += '1'
response, _ = self._create_widget(site=site1)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(
response.data['non_field_errors'],
['You can not create more than one widget of this type.'])
# Second creation doesn't fail for the same user and another site
self.data['name'] += '2'
response, _ = self._create_widget(site=site2)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Second creation doesn't fail for another user
self.data['name'] += '3'
response, _ = self._create_widget(site=site3)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test__update_account__wrong_password(self):
user = factories.UserFactory(email_is_verified=True)
data = {
'email': user.email + '.info',
'password': '******',
'old_password': '******'
}
response = self._get_update_account_response(data, user)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(response.data['old_password'],
['Password is incorrect'])
def test__widgets__create__more_than_one_allowed(self):
user1 = factories.UserFactory()
user2 = factories.UserFactory()
site1 = factories.SiteFactory(user=user1)
site2 = factories.SiteFactory(user=user1)
site3 = factories.SiteFactory(user=user2)
allow_many_widgets = [
constants.WIDGET_CONFIGURATION_SHARING_BUTTONS,
constants.WIDGET_CONFIGURATION_ORIGIN_BUTTONS,
constants.WIDGET_CONFIGURATION_FOLLOW
]
self.data.update({
'position': constants.WIDGET_LEFT_POSITION,
'page_title': 'Page title',
'page_url': 'http://example.com',
'media_url': 'http://media.com',
'min_width': 0,
})
for widget_type in allow_many_widgets:
self.data['type'] = widget_type
# First creation
response, _ = self._create_widget(site=site1)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Second creation for the same user and the same site
self.data['name'] += '1'
response, _ = self._create_widget(site=site1)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Second creation for the same user and another site
self.data['name'] += '2'
response, _ = self._create_widget(site=site2)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Second creation for another user
self.data['name'] += '3'
response, _ = self._create_widget(site=site3)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test__verify_email(self):
user = factories.UserFactory()
user.email_is_verified = False
self.assertFalse(user.email_is_verified)
args = (user.generate_email_token(), )
path = reverse('accounts_email_verification', args=args)
request = self.factory.get(path)
response = views.EmailVerificationView.as_view()(request, *args)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertTrue(models.User.objects.get(pk=user.pk).email_is_verified)
# validate_email_token == False
with patch('addnow.apps.accounts.models.User.validate_email_token',
MagicMock(return_value=False)):
request = self.factory.get(path)
response = views.EmailVerificationView.as_view()(request, *args)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__encouraging_email(self, send_email):
user = factories.UserFactory()
encouraging_email(user, 'template_name')
send_email.assert_called_once()
def test__password_reset_attempt(self, send_email):
user = factories.UserFactory()
password_reset_attempt(user)
send_email.assert_called_once()
def test__verification(self, send_email):
user = factories.UserFactory()
verification(user)
send_email.assert_called_once()
def test__update_account__email_without_password(self, emails):
user = factories.UserFactory(email_is_verified=True)
data = {'email': '*****@*****.**'}
response = self._get_update_account_response(data, user)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def _authenticate_request(self, request, user=None):
user = user or factories.UserFactory(email_is_verified=True)
token = factories.ApiTokenFactory(user=user)
force_authenticate(request, user=token['user'], token=token)
return token
