def test_post_with_render_avatars_at(self):
"""Testing the POST <URL> API with render_avatars_at=..."""
self.client.login(username='******', password='******')
avatar_services.register(SimpleRenderAvatarService)
avatar_services.enable_service(SimpleRenderAvatarService, save=False)
avatar_services.set_default_service(SimpleRenderAvatarService)
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**',
'render_avatars_at': '24,abc,48,,128',
},
expected_mimetype=user_item_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(
rsp['user']['avatar_html'],
{
'24': '<div class="avatar" data-size="24">myuser</div>',
'48': '<div class="avatar" data-size="48">myuser</div>',
'128': '<div class="avatar" data-size="128">myuser</div>',
})
def test_get_users_with_site(self):
"""Testing the GET users/ API with a local site"""
self._login_user(local_site=True)
local_site = LocalSite.objects.get(name=self.local_site_name)
rsp = self.apiGet(get_user_list_url(self.local_site_name),
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(len(rsp['users']), local_site.users.count())
def setup_basic_get_test(self, user, with_local_site, local_site_name,
populate_items):
if not populate_items:
items = []
elif with_local_site:
local_site = self.get_local_site(name=local_site_name)
items = list(local_site.users.all())
else:
items = list(User.objects.all())
return (get_user_list_url(local_site_name), user_list_mimetype, items)
def setup_basic_get_test(self, user, with_local_site, local_site_name,
populate_items):
if not populate_items:
items = []
elif with_local_site:
local_site = self.get_local_site(name=local_site_name)
items = list(local_site.users.all())
else:
items = list(User.objects.all())
return (get_user_list_url(local_site_name),
user_list_mimetype,
items)
def test_post_duplicate_username(self):
"""Testing the POST <URL> API for a username that already exists"""
self.client.login(username='******', password='******')
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=400)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('username', rsp['fields'])
def test_post_superuser(self):
"""Testing the POST <URL> API as a superuser"""
self.client.login(username='******', password='******')
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['user'], User.objects.get(username='******'))
def test_get_filter_inactive(self):
"""Testing the GET <URL> API filters out inactive users by default"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_list_url(),
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_pks = [user['id'] for user in rsp['users']]
returned_users = set(User.objects.filter(pk__in=user_pks))
expected_users = set(User.objects.filter(is_active=True))
self.assertEqual(returned_users, expected_users)
def test_get_filter_inactive(self):
"""Testing the GET <URL> API filters out inactive users by default"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_list_url(),
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_pks = [user['id'] for user in rsp['users']]
returned_users = set(User.objects.filter(pk__in=user_pks))
expected_users = set(User.objects.filter(is_active=True))
self.assertEqual(returned_users, expected_users)
def test_post_invalid_email(self):
"""Testing the POST <URL> API for an invalid e-mail address"""
self.client.login(username='******', password='******')
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': 'invalid e-mail',
},
expected_status=400)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('email', rsp['fields'])
def test_post(self):
"""Testing the POST <URL> API as a regular user"""
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=403)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 101)
def test_post_anonymous(self):
"""Testing the POST <URL> API as an anonymous user"""
self.client.logout()
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_status=401)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 103)
def test_get_include_inactive_true(self):
"""Testing the GET <URL>/?include-inactive=true API includes inactive
users
"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_list_url(), {'include-inactive': 'true'},
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_pks = [user['id'] for user in rsp['users']]
self.assertEqual(set(User.objects.filter(pk__in=user_pks)),
set(User.objects.all()))
def test_get_include_inactive(self):
"""Testing the GET <URL>/?include-inactive=1 API includes inactive
users
"""
dopey = User.objects.get(username='******')
dopey.is_active = False
dopey.save()
rsp = self.api_get(get_user_list_url(), {'include-inactive': '1'},
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
user_pks = [user['id'] for user in rsp['users']]
self.assertEqual(set(User.objects.filter(pk__in=user_pks)),
set(User.objects.all()))
def test_post_invalid_email(self):
"""Testing the POST <URL> API for an invalid e-mail address"""
self.client.login(username='******', password='******')
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': 'invalid e-mail',
},
expected_status=400)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('email', rsp['fields'])
def test_post_duplicate_username(self):
"""Testing the POST <URL> API for a username that already exists"""
self.client.login(username='******', password='******')
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=400)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('fields', rsp)
self.assertIn('username', rsp['fields'])
def test_post_superuser(self):
"""Testing the POST <URL> API as a superuser"""
self.client.login(username='******', password='******')
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['user'], User.objects.get(username='******'))
def test_post(self):
"""Testing the POST <URL> API as a regular user"""
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=403)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 101)
def test_post_local_site(self):
"""Testing the POST <URL> API with a local site"""
local_site = LocalSite.objects.create(name='test', public=True)
self.client.login(username='******', password='******')
rsp = self.api_post(get_user_list_url(local_site.name), {
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=403)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 101)
def test_post_anonymous(self):
"""Testing the POST <URL> API as an anonymous user"""
self.client.logout()
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_status=401)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 103)
def test_get_with_render_avatars_at(self):
"""Testing the GET <URL> API with ?render-avatars-at=..."""
avatar_services.register(SimpleRenderAvatarService)
avatar_services.enable_service(SimpleRenderAvatarService, save=False)
avatar_services.set_default_service(SimpleRenderAvatarService)
rsp = self.api_get(
get_user_list_url(),
{
'render-avatars-at': '24,abc,48,,128',
},
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(len(rsp['users']), 4)
self.assertEqual(
rsp['users'][0]['avatar_html'],
{
'24': '<div class="avatar" data-size="24">admin</div>',
'48': '<div class="avatar" data-size="48">admin</div>',
'128': '<div class="avatar" data-size="128">admin</div>',
})
self.assertEqual(
rsp['users'][1]['avatar_html'],
{
'24': '<div class="avatar" data-size="24">doc</div>',
'48': '<div class="avatar" data-size="48">doc</div>',
'128': '<div class="avatar" data-size="128">doc</div>',
})
self.assertEqual(
rsp['users'][2]['avatar_html'],
{
'24': '<div class="avatar" data-size="24">dopey</div>',
'48': '<div class="avatar" data-size="48">dopey</div>',
'128': '<div class="avatar" data-size="128">dopey</div>',
})
self.assertEqual(
rsp['users'][3]['avatar_html'],
{
'24': '<div class="avatar" data-size="24">grumpy</div>',
'48': '<div class="avatar" data-size="48">grumpy</div>',
'128': '<div class="avatar" data-size="128">grumpy</div>',
})
def test_post_auth_add_user_perm(self):
"""Testing the POST <URL> API as a user with the auth.add_user
permission
"""
self.user.user_permissions.add(
Permission.objects.get(content_type__app_label='auth',
codename='add_user'))
rsp = self.api_post(get_user_list_url(), {
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['user'], User.objects.get(username='******'))
def test_post_local_site(self):
"""Testing the POST <URL> API with a local site"""
local_site = LocalSite.objects.create(name='test', public=True)
self.client.login(username='******', password='******')
rsp = self.api_post(
get_user_list_url(local_site.name),
{
'username': '******',
'password': '******',
'email': '*****@*****.**'
},
expected_status=403)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'fail')
self.assertIn('err', rsp)
self.assertIn('code', rsp['err'])
self.assertEqual(rsp['err']['code'], 101)
def test_post_auth_add_user_perm(self):
"""Testing the POST <URL> API as a user with the auth.add_user
permission
"""
self.user.user_permissions.add(
Permission.objects.get(content_type__app_label='auth',
codename='add_user'))
rsp = self.api_post(
get_user_list_url(),
{
'username': '******',
'password': '******',
'email': '*****@*****.**',
},
expected_mimetype=user_item_mimetype)
self.assertIn('stat', rsp)
self.assertEqual(rsp['stat'], 'ok')
self.compare_item(rsp['user'], User.objects.get(username='******'))
def test_search_users_auth_backend(self):
"""Testing the GET users/?q= API
with AuthBackend.search_users failure
"""
class SandboxAuthBackend(AuthBackend):
backend_id = 'test-id'
name = 'test'
def search_users(self, query, request):
raise Exception
backend = SandboxAuthBackend()
self.spy_on(get_enabled_auth_backends, call_fake=lambda: [backend])
self.spy_on(backend.search_users)
rsp = self.api_get(get_user_list_url(), {'q': 'gru'},
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertTrue(backend.search_users.called)
def test_get_users(self):
"""Testing the GET users/ API"""
rsp = self.apiGet(get_user_list_url(),
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(len(rsp['users']), User.objects.count())
def test_get_users_with_site_no_access(self):
"""Testing the GET users/ API with a local site and Permission Denied error"""
self.apiGet(get_user_list_url(self.local_site_name),
expected_status=403)
def test_get_with_q(self):
"""Testing the GET users/?q= API"""
rsp = self.api_get(get_user_list_url(), {'q': 'gru'},
expected_mimetype=user_list_mimetype)
self.assertEqual(rsp['stat'], 'ok')
self.assertEqual(len(rsp['users']), 1) # grumpy
def setup_http_not_allowed_list_test(self, user):
return get_user_list_url()