def test_refresh_with_access_token(self, client, access_token): response = client.post(TOKEN_REFRESH_URL, { 'refresh': access_token, }) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response('Token has wrong type')
def test_refresh_with_invalid_refresh_token(self, client): response = client.post(TOKEN_REFRESH_URL, { 'refresh': 'invalid_token', }) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response( 'Token is invalid or expired')
def test_refresh_without_token(self, client): response = client.post(TOKEN_REFRESH_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'refresh': 'This field is required.', })
def test_invalid_credentials(self, client, user): response = client.post(LOGIN_URL, { 'email': user.email + 'a', 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response( 'No active account found with the given credentials')
def test_invalid_field(self, client): response = client.post(CHECK_FIELD_TAKEN_URL, { 'field': 'invalid_field', 'value': fake.safe_email(), }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( {'field': '"invalid_field" is not a valid choice.'})
def test_invalid_uidb64(self, client): response = client.post(ACTIVATE_ACCOUNT_URL, { 'token': 'incorrect_token', 'uidb64': 'incorrect_uidb64', }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.')
def test_register_email_taken(self, client, user): response = client.post(REGISTRATION_URL, { 'email': user.email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( {'email': 'Email is already taken.'})
def test_empty_data(self, client): response = client.post(REGISTRATION_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'email': 'This field is required.', 'password': '******', })
def test_without_credentials(self, client): response = client.post(LOGIN_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'email': 'This field is required.', 'password': '******', })
def test_invalid_user_id(self, client): response = client.post( ACTIVATE_ACCOUNT_URL, { 'token': 'incorrect_token', 'uidb64': urlsafe_base64_encode(force_bytes(888)), }) assert response.status_code == status.HTTP_404_NOT_FOUND assert response.data == test_error_response( 'No User matches the given query.')
def test_empty_data(self, client): response = client.post(ACTIVATE_ACCOUNT_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'uidb64': 'This field is required.', 'token': 'This field is required.', })
def test_invalid_uidb64(self, client): response = client.post( PASSWORD_RESET_URL, { 'token': 'incorrect_token', 'uidb64': 'incorrect_uidb64', 'new_password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.')
def test_invalid_uid(self, client, user): response = client.post( PASSWORD_RESET_URL, { 'token': 'invalid_token', 'uidb64': urlsafe_base64_encode(force_bytes(user.id)), 'new_password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.')
def test_another_user_token(self, client, users): response = client.post( PASSWORD_RESET_URL, { 'token': default_token_generator.make_token(users[0]), 'uidb64': urlsafe_base64_encode(force_bytes(users[1].id)), 'new_password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.')
def test_invalid_user_id(self, client): response = client.post( PASSWORD_RESET_URL, { 'token': 'incorrect_token', 'uidb64': urlsafe_base64_encode(force_bytes(888)), 'new_password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_404_NOT_FOUND assert response.data == test_error_response( 'No User matches the given query.')
def test_another_user_token(self, client, users): users[0].update(is_email_verified=False) users[1].update(is_email_verified=False) response = client.post( ACTIVATE_ACCOUNT_URL, { 'token': default_token_generator.make_token(users[0]), 'uidb64': urlsafe_base64_encode(force_bytes(users[1].id)), }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.')
def test_empty_data(self, client): response = client.post(PASSWORD_RESET_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'uidb64': 'This field is required.', 'token': 'This field is required.', 'new_password': '******', })
def test_change_password_with_invalid_old_password(self, authorised_client): response = authorised_client.put( PASSWORD_URL, { 'old_password': DEFAULT_USER_PASSWORD + '!', 'new_password': DEFAULT_USER_PASSWORD + 'a', }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'old_password': '******', })
def test_invalid_uid(self, client, user): user.update(is_email_verified=False) response = client.post( ACTIVATE_ACCOUNT_URL, { 'token': 'invalid_token', 'uidb64': urlsafe_base64_encode(force_bytes(user.id)), }) user.refresh_from_db() assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( 'Link is invalid or expired.') assert not user.is_email_verified
def test_refresh_with_expired_token(self, client, user): time1, time2 = '2100-01-01 00:00:00', '2100-01-08 00:00:01' with freeze_time(time1): refresh_token = str(RefreshToken.for_user(user)) with freeze_time(time2): response = client.post(TOKEN_REFRESH_URL, { 'refresh': refresh_token, }) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response( 'Token is invalid or expired')
def test_get_inactive_account(self, authorised_client): authorised_client.user.update(is_active=False) response = authorised_client.get(ME_URL) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response('User not found')
def test_no_credentials(self, client): response = client.get(ME_URL) assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.data == test_error_response( 'Authentication credentials were not provided.')
class TestRegistrationView: def test_empty_data(self, client): response = client.post(REGISTRATION_URL) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response({ 'email': 'This field is required.', 'password': '******', }) def test_register_email_taken(self, client, user): response = client.post(REGISTRATION_URL, { 'email': user.email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == test_error_response( {'email': 'Email is already taken.'}) @pytest.mark.parametrize('password, expected_response', [ ( 'short', test_error_response({ 'password': '******' }), ), ( '123456789513241241234', test_error_response( {'password': '******'}), ), ( 'qwerty123', test_error_response({'password': '******'}), ), ]) def test_register_wrong_password(self, password, expected_response, client): response = client.post(REGISTRATION_URL, { 'email': fake.safe_email(), 'password': password, }) assert response.status_code == status.HTTP_400_BAD_REQUEST assert response.data == expected_response def test_register(self, client): email = fake.safe_email() response = client.post(REGISTRATION_URL, { 'email': email, 'password': DEFAULT_USER_PASSWORD, }) assert response.status_code == status.HTTP_200_OK assert 'access' in response.data assert 'refresh' in response.data user = User.all.get(email=email) assert user.check_password(DEFAULT_USER_PASSWORD) assert not user.is_email_verified def test_register_with_read_only_fields(self, client): email = fake.safe_email() response = client.post( REGISTRATION_URL, { 'id': 0, 'is_staff': True, 'is_superuser': True, 'email': email, 'password': DEFAULT_USER_PASSWORD, }) user = User.all.get(email=email) assert response.status_code == status.HTTP_200_OK assert user.id != 0 assert not user.is_staff assert not user.is_superuser