def refresh(request):
# refresh_token_credentials = request.query_params.get('refresh_token', None)
credentials = request.data
refresh_token_credentials = credentials.get('refresh_token', None)
if not refresh_token_credentials:
raise AuthenticationFailed(
"Invalid token name. 'refresh_token' - required")
try:
payload = jwt.decode(refresh_token_credentials,
settings.SECRET_KEY,
algorithms=['HS256'])
except jwt.InvalidTokenError:
raise AuthenticationFailed('Invalid token header')
id_ = payload.get('id', None)
user = CustomUser.objects.get(pk=id_)
if not user:
raise AuthenticationFailed('User not found')
refresh_token = user.refresh_token
if refresh_token != refresh_token_credentials:
raise AuthenticationFailed('Token not match')
payload = {'id': user.id, 'email': user.email}
access_token = create_token(payload, token_type='access')
refresh_token = create_token(payload, token_type='refresh')
user.refresh_token = refresh_token
user.save()
return Response(data={'access': access_token, 'refresh': refresh_token})
def post(self, request, *args, **kwargs):
uidb64 = self.kwargs.get('uidb64')
token = self.kwargs.get('token')
if uidb64 is not None and token is not None:
uid = force_text(urlsafe_base64_decode(uidb64))
try:
user = User.objects.get(uuid=uid)
if default_token_generator.check_token(
user, token) and user.is_active == False:
user.is_active = True
user.is_email_verified = True
user.save()
token = create_token(user)
return Response(
data={
'username': user.username,
'token': token,
'first_name': user.first_name,
'last_name': user.last_name
})
return Response(data={'message': 'Token Is Not Valid'},
status=status.HTTP_400_BAD_REQUEST)
except:
return Response(data={'message': 'Something Went Wrong'},
status=status.HTTP_400_BAD_REQUEST)
return Response(data={'message': 'Token Has Not Been Provided'},
status=status.HTTP_400_BAD_REQUEST)
def test_backend_2(self):
url = reverse('users-list')
access_token = create_token({'id': -1,
'email': '*****@*****.**'}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_do_not_allow_to_user_delete_any_user(self):
user_id = self.test_user_1.id
url = reverse('users-detail', kwargs={'pk': user_id + 1})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.delete(url, foramt='json')
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
def test_creating_a_new_recommendation_list_with_no_recommendations(self):
access_token = create_token(
{
'id': self.test_user_1.id,
'email': self.test_user_1.email
}, 'access')
url = reverse('recommendation_list-list')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
data = {'is_draft': 'true', 'category': 'music', 'header': 'header'}
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_get_user_profile_me(self):
url = reverse('users-detail', kwargs={'pk': 'me'})
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['id'], self.test_user_1.id)
def test_do_not_allow_to_user_to_change_own_email(self):
user_id = self.test_user_1.id
url = reverse('users-detail', kwargs={'pk': user_id})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
data = {'email': 'new_email'}
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data, foramt='json')
self.assertEqual(self.test_user_1.email, response.data['email'])
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_tags_adding_or_updating(self):
user_id = self.test_user_1.id
url = reverse('recommendation_list-detail',
kwargs={'pk': self.recommendation_list_1.id})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
data = {'tags': [{'name': 'test1'}, {'name': 'test2'}]}
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data=data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_trying_send_text_instead_of_image(self):
user_id = self.test_user_1.id
url = reverse('users-detail', kwargs={'pk': user_id})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
im = open('./test_media/avatars/false.rtf', 'rb')
data = {'avatar': im}
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data, foramt='multipart')
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_user_trying_update_foreign_list(self):
url = reverse('recommendation_list-detail',
kwargs={'pk': self.recommendation_list_1.id})
data = {'is_draft': 'true'}
access_token = create_token(
{
'id': self.test_user_2.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data=data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_get_drafts_me(self):
url = reverse('users-drafts', kwargs={'pk': 'me'})
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.get(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.data),
self.test_user_1.lists.filter(is_draft=True).count())
def test_user_can_change_own_avatar(self):
user_id = self.test_user_1.id
url = reverse('users-detail', kwargs={'pk': user_id})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
im = open('./test_media/avatars/im2.jpg', 'rb')
data = {'avatar': im}
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data, foramt='multipart')
self.assertEqual(response.status_code, status.HTTP_200_OK)
def setUp(self) -> None:
super().setUp()
u = CustomUser.objects.create(username='******',
password='******',
email='*****@*****.**',
first_name='first_name',
last_name='last_name')
u.refresh_token = create_token({'id': u.id,
'username': u.username,
'email': u.email}, 'refresh')
self.test_user = u
self.test_user.save()
def login(request):
credentials = request.data
authorization_serializer = AuthorizationSerializer(data=credentials)
authorization_serializer.is_valid(raise_exception=True)
username = credentials['username']
password = credentials['password']
user = CustomUser.objects.filter(username=username).first()
if not user:
raise AuthenticationFailed()
if not check_password(password, user.password):
raise AuthenticationFailed()
payload = {'id': user.id, 'email': user.email}
access_token = create_token(payload, token_type='access')
refresh_token = create_token(payload, token_type='refresh')
user.refresh_token = refresh_token
user.save()
return Response(data={'access': access_token, 'refresh': refresh_token})
def test_adding_to_favorites(self):
url = reverse('recommendation_list-favorites',
kwargs={'pk': self.recommendation_list_1.id})
count = Favorites.objects.all().count()
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.post(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(count + 1, Favorites.objects.all().count())
def test_like_unauthorized(self):
url = reverse('recommendation_list-like',
kwargs={'pk': self.recommendation_list_1.id})
count = self.recommendation_list_1.likes.count()
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.post(url, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(count + 1, self.recommendation_list_1.likes.count())
def test_soring_by_update_date_desc(self):
url = reverse('recommendation_list-list')
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.get(url, {'order': '-updated'}, format='json')
ordered_by_update = [i['id'] for i in response.data['results']]
expected_order = [
self.recommendation_list_2.id, self.recommendation_list_1.id
]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(ordered_by_update, expected_order)
def test_user_can_change_own_data(self):
user_id = self.test_user_1.id
url = reverse('users-detail', kwargs={'pk': user_id})
data = {
'username': '******',
'password': '******',
'first_name': 'first_name',
'last_name': 'last_name'
}
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_adding_photos_to_recommendations(self):
user_id = self.test_user_1.id
url = reverse('recommendation_detailing-detail',
kwargs={
'recommendation_list_pk':
self.recommendation_list_1.id,
'pk': self.recommendation_1.id
})
access_token = create_token({
'id': user_id,
'email': '*****@*****.**'
}, 'access')
im = open('./test_media/recommendation_list_images/im2.jpg', 'rb')
data = {'photo': im}
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.patch(url, data=data, foramt='multipart')
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_do_not_allow_to_user_add_new_user(self):
url = reverse('users-list')
data = {
'username': '******',
'password': '******',
'email': '*****@*****.**',
'first_name': 'first_name',
'last_name': 'last_name'
}
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
def test_creating_a_new_recommendation_list_valid_info(self):
user_id = self.test_user_1.id
access_token = create_token(
{
'id': user_id,
'email': self.test_user_1.email
}, 'access')
url = reverse('recommendation_list-list')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
data = {
'recommendations': [{
'text': 'test_text'
}],
'is_draft': 'true',
'category': 'music',
'header': 'header'
}
response = self.client.post(url, data=data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_sorting_by_adding_to_favorites_date_desc(self):
url = reverse('users-favorites', kwargs={'pk': self.test_user_2.id})
access_token = create_token(
{
'id': self.test_user_1.id,
'email': '*****@*****.**'
}, 'access')
self.client.credentials(HTTP_AUTHORIZATION='jwt ' + access_token)
Favorites.objects.create(
user_id=self.test_user_2.id,
recommendation_list_id=self.recommendation_list_1.id)
Favorites.objects.create(
user_id=self.test_user_2.id,
recommendation_list_id=self.recommendation_list_2.id)
response = self.client.get(url, {'order': '-create'}, format='json')
ordered_by_date = [i['id'] for i in response.data]
expected_order = [
self.recommendation_list_2.id, self.recommendation_list_1.id
]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(ordered_by_date, expected_order)
def post(self, request, *args, **kwargs):
uidb64 = self.kwargs.get('uidb64')
token = self.kwargs.get('token')
if uidb64 is not None and token is not None:
try:
uid = force_text(urlsafe_base64_decode(uidb64))
user = User.objects.get(uuid=uid)
password_reset = PasswordReset.objects.get(user=user, is_used=False)
password_reset.is_used = True
password_reset.save()
if default_token_generator.check_token(user, token):
login_token = create_token(user)
return Response(data={'token': login_token})
return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST)
except PasswordReset.DoesNotExist:
return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
return Response(data={'message': 'Token Is Not Valid'}, status=status.HTTP_400_BAD_REQUEST)
except:
return Response(data={'message': 'Something went wrong'}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return Response(data={'message': 'Password reset token has not been provided'},
status=status.HTTP_400_BAD_REQUEST)
