def testRejectInvite(self): """ Test that one user rejecting elimintes the invite. The user objects returned should each have no relationship with each other after an invite + reject. """ c1 = TestApiClient() c1.client.login(username=self.u1, password=self.p1) r1 = c1.post('/api/v1/user/invite', format="json", data={'email': self.e2}) self.assertValidJSONResponse(r1) c2 = TestApiClient() c2.client.login(username=self.u2, password=self.p2) r2 = c2.post('/api/v1/user/reject', format="json", data={'email': self.e1}) self.assertValidJSONResponse(r2) self.assertListEqual(list(get_collaborators(self.owner)), []) self.assertListEqual(list(get_collaborators(self.other)), []) self.assertListEqual(list(get_invites(self.owner)), []) self.assertListEqual(list(get_inviteds(self.other)), [])
def testLoggingOutViaAPI(self): """ Check logging out via API method. Check both the user object and genesets. """ client = TestApiClient() # Log in client.post('/api/v1/user/login', format="json", data={ 'username': self.username, 'password': self.password }) # Now, log out client.post('/api/v1/user/logout', format="json", data={}) # Check for access to that user object resp = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['objects'], []) # Also check access that there is no access to user geneset r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual(self.deserialize(r2)['objects'], [])
class HandleBounces(ResourceTestCase): def setUp(self): super(HandleBounces, self).setUp() call_command('loaddata', 'example_data', verbosity=0) self.api_client = TestApiClient() self.user = User.objects.get(id=1) self.outbound_message = OutboundMessage.objects.get(id=1) self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message) def get_credentials(self): credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) return credentials def test_handle_bounces_endpoint(self): url = '/api/v1/handle_bounce/' bounce_data = { 'key': self.identifier.key, } resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials()) self.assertHttpCreated(resp) def test_handle_bounces_sets_the_contact_to_bounced(self): url = '/api/v1/handle_bounce/' bounce_data = { 'key': self.identifier.key, } self.api_client.post(url, data=bounce_data, authentication=self.get_credentials()) self.assertTrue(self.outbound_message.contact.is_bounced)
class HandleBounces(ResourceTestCase): def setUp(self): super(HandleBounces, self).setUp() call_command('loaddata', 'example_data', verbosity=0) self.api_client = TestApiClient() self.user = User.objects.all()[0] self.outbound_message = OutboundMessage.objects.all()[0] self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message) def get_credentials(self): credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) return credentials def test_handle_bounces_endpoint(self): url = '/api/v1/handle_bounce/' bounce_data = { 'key':self.identifier.key } resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials()) self.assertHttpCreated(resp) def test_handle_bounces_sets_the_contact_to_bounced(self): url = '/api/v1/handle_bounce/' bounce_data = { 'key':self.identifier.key } resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials()) self.assertTrue(self.outbound_message.contact.is_bounced)
def testCheckUserPassword(self): """ Check that users have no access to user objects they just created if they supply the correct username but wrong password (This checks that the password is being set correctly when creating the user). """ client = TestApiClient() client.post('/api/v1/user', format="json", data=self.post_user_data) client.client.login(username=self.post_user_data['username'], password='******') resp = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['objects'], [])
def testCreatingGenesetNotLoggedIn(self): """ Test that this fails and returns an Unauthorized response """ client = TestApiClient() post_geneset_data = { # Does not need user info because the API automatically gathers that from the request 'title': 'TestGeneset2', 'organism': '/api/v1/organism/h**o-sapiens', 'abstract': 'Second test geneset created by user.', 'public': False, 'annotations': { 55982: [20671152, 19583951], 18091: [8887666], 67087: [], 22410: [] }, 'xrdb': 'Entrez', 'description': 'First version.', } # Try to create a geneset without being logged in, check for Unauthorized response r1 = client.post('/api/v1/geneset', format="json", data=post_geneset_data) self.assertHttpUnauthorized(r1)
class CreateOrListGroupsTest(ResourceTestCase): serializer = Serializer() def setUp(self): self.api_client = TestApiClient() self.user = hydroshare.create_account( '*****@*****.**', username='******', first_name='User0_FirstName', last_name='User0_LastName', superuser=True, password='******' ) g0=hydroshare.create_group(name="group0") g1=hydroshare.create_group(name="group1") g2=hydroshare.create_group(name="group2") self.user.groups.add(g0,g1,g2) self.g_ids=[g0.id,g1.id,g2.id] self.groups_url_base = '/hsapi/groups/' self.api_client.client.login(username=self.user.username, password=self.user.password) def tearDown(self): Group.objects.all().delete() User.objects.all().delete() def test_create_group(self): post_data = {'name': 'newgroup'} resp = self.api_client.post(self.groups_url_base, data=post_data) self.assertHttpCreated(resp) grouplist = Group.objects.all() num_of_groups=len(grouplist) self.assertTrue(any(Group.objects.filter(name='newgroup'))) self.assertEqual(num_of_groups, 4) def test_list_groups(self): query = self.serialize({'user': self.user.id}) get_data = {'query': query} resp = self.api_client.get(self.groups_url_base, data=get_data) print resp self.assertEqual(resp.status_code, 200) groups = self.deserialize(resp) new_ids = [] for num in range(len(groups)): new_ids.append(groups[num]['id']) self.assertTrue(Group.objects.filter(user='******'.format(num)).exists()) self.assertEqual(str(groups[num]['name']), 'group{0}'.format(num))c self.assertEqual(sorted(self.g_ids), sorted(new_ids))
def testCollaboration(self): """ Test that both users confirming results in a collaboration. The user objects returned should each be collaborators with each other. """ c1 = TestApiClient() c1.client.login(username=self.u1, password=self.p1) r1 = c1.post('/api/v1/user/invite', format="json", data={'email': self.e2}) self.assertValidJSONResponse(r1) c2 = TestApiClient() c2.client.login(username=self.u2, password=self.p2) r2 = c2.post('/api/v1/user/invite', format="json", data={'email': self.e1}) self.assertValidJSONResponse(r2) self.assertListEqual(list(get_collaborators(self.owner)), [self.other]) self.assertListEqual(list(get_collaborators(self.other)), [self.owner]) self.assertListEqual(list(get_invites(self.owner)), []) self.assertListEqual(list(get_inviteds(self.other)), [])
def testInviteNoContent(self): """ Test invite with a logged in user but no content. The user object should be returned without any invites. """ client = TestApiClient() client.client.login(username=self.u1, password=self.p1) resp = client.post('/api/v1/user/invite', format="json") self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['invites'], [])
def test_post_queue(self): """ Performs POST request to queue """ client = TestApiClient() response = client.post('/api/queue/', data={ 'ip': '127.0.0.1', 'place': 997 }) # 201 == Created self.assertEqual(response.status_code, 201)
def testLoggingInWrongCredentials1(self): """ Check trying (and failing) to authenticate with a previously created user via the API login method. Check both the user object and genesets. """ client = TestApiClient() client.post('/api/v1/user/login', format="json", data={ 'username': self.username, 'password': '******' }) r1 = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(r1) self.assertEqual(self.deserialize(r1)['objects'], []) # Also check that there is no access to user geneset r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual(self.deserialize(r2)['objects'], [])
def testCreatingAndAccessingGenesetWithCorrectLogin(self): client = TestApiClient() # Create the second user and log in client.post('/api/v1/user', format="json", data=self.post_user2_data) client.post('/api/v1/user/login', format="json", data=self.post_user2_data) # Create a geneset, check for '201 Created' response post_geneset_data = { # Does not need user info because the API automatically gathers that from the request 'title': 'TestGeneset2', 'organism': '/api/v1/organism/h**o-sapiens', 'abstract': 'Second test geneset created by user.', 'public': False, 'annotations': { 55982: [20671152, 19583951], 18091: [8887666], 67087: [], 22410: [] }, 'xrdb': 'Entrez', 'description': 'First version.', } r1 = client.post('/api/v1/geneset', format="json", data=post_geneset_data) self.assertHttpCreated(r1) # Check that the title for geneset we created matches r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual( self.deserialize(r2)['objects'][0]['title'], post_geneset_data['title']) # And finally, check that this user only has access to the geneset they created, not the first geneset (created in the setUp method by user1) self.assertEqual(len(self.deserialize(r2)['objects']), 1)
def testLoggingInWrongCredentials2(self): """ Test logging in with wrong credentials for a user that was created through the API. """ client = TestApiClient() client.post('/api/v1/user', format="json", data=self.post_user2_data) client.post('/api/v1/user/login', format="json", data={ 'username': self.post_user2_data['username'], 'password': '******' }) resp = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['objects'], []) # Also check that there is no access to user geneset r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual(self.deserialize(r2)['objects'], [])
class JobTest(ResourceTestCase): def setUp(self): super(JobTest, self).setUp() self.client = TestApiClient() self.endpoint = '/api/v1/jobs/' self.format = 'json' # Create one user self.user = User(username="******") self.user.save() # Create on token self.token = UserToken(user=self.user) self.token.save() # create a job self.job = Job(user=self.user, application=Application.objects.all()[0]) self.job.save() def test_get_job_list(self): url = "%s?token=%s" % (self.endpoint, self.token.token) request = self.client.get(url, self.format) self.assertValidJSONResponse(request) def test_get_job_detail(self): url = "%s%d/?token=%s" % (self.endpoint, self.job.id, self.token.token) request = self.client.get(url, self.format) self.assertValidJSONResponse(request) def test_post_job(self): data = {"application" : "/api/v1/apps/1/"} url = "%s?token=%s" % (self.endpoint, self.token.token) self.assertHttpCreated(self.client.post(url, self.format, data=data)) def test_patch_job(self): job = Job(user=self.user, application=Application.objects.all()[0]) job.save() data = {"progress":"50"} url = "%s%d/?token=%s" % (self.endpoint, job.id, self.token.token) resp = self.client.patch(url, self.format, data=data) self.assertHttpAccepted(resp) def test_delete_job(self): job = Job(user=self.user, application=Application.objects.all()[0]) job.save() url = "%s%d/?token=%s" % (self.endpoint, job.id, self.token.token) self.assertHttpAccepted(self.client.delete(url, self.format))
def testPOSTInvite(self): """ Test POST invite with a logged in user. The user object should be returned with u2 in invites. """ client = TestApiClient() client.client.login(username=self.u1, password=self.p1) resp = client.post('/api/v1/user/invite', format="json", data={'email': self.e2}) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['invites'], [self.expected_other]) self.assertListEqual(list(get_invites(self.owner)), [self.other]) self.assertListEqual(list(get_inviteds(self.other)), [self.owner]) self.assertListEqual(list(get_collaborators(self.owner)), []) self.assertListEqual(list(get_collaborators(self.other)), [])
def testCreatingGenesetWithNewUser(self): client = TestApiClient() # Create user and log in client.post('/api/v1/user', format="json", data=self.post_user_data) client.client.login(username=self.post_user_data['username'], password=self.post_user_data['password']) post_geneset_data = { # Does not need user info because the API automatically gathers that from the request 'title': 'TestGeneset2', 'organism': '/api/v1/organism/h**o-sapiens', 'abstract': 'Second test geneset created by user.', 'public': False, 'annotations': { 55982: [20671152, 19583951], 18091: [8887666], 67087: [], 22410: [] }, 'xrdb': 'Entrez', 'description': 'First version.', } # Create a geneset, check for '201 Created' response r1 = client.post('/api/v1/geneset', format="json", data=post_geneset_data) self.assertHttpCreated(r1) # Check that the title for geneset we created matches r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual( self.deserialize(r2)['objects'][0]['title'], post_geneset_data['title'])
def testLoggingInWithPreCreatedUser(self): """ Check logging in through API with previously created user. Check access to user object AND user's geneset (self.geneset1, which is not public) """ client = TestApiClient() client.post('/api/v1/user/login', format="json", data={ 'username': self.username, 'password': self.password }) r1 = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(r1) self.assertEqual( self.deserialize(r1)['objects'][0]['username'], self.username) # Check access to user geneset r2 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r2) self.assertEqual( self.deserialize(r2)['objects'][0]['title'], self.geneset1.title)
def testLoggingInWithAPICreatedUser(self): """ Check logging in through API with user created through API. Enforcing csrf checks through Django/Tastypie test client is not really possible. """ client = TestApiClient() # Create new user through API r1 = client.post('/api/v1/user', format="json", data=self.post_user2_data) self.assertHttpCreated(r1) # Login through API client.post('/api/v1/user/login', format="json", data=self.post_user2_data) resp = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(resp) self.assertEqual( self.deserialize(resp)['objects'][0]['username'], self.post_user2_data['username'])
def testLoggingOutNotLoggedIn(self): """ Test that this just returns Unauthorized and gives users no access to user objects or genesets. """ client = TestApiClient() # Try to log out without logging in, check for Unauthorized response r1 = client.post('/api/v1/user/logout', format="json", data={}) self.assertHttpUnauthorized(r1) self.assertEqual(self.deserialize(r1)['success'], False) # Check that whoever makes this request still has no access to user objects r2 = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(r2) self.assertEqual(self.deserialize(r2)['objects'], []) # Also check access that there is no access to user geneset r3 = client.get('/api/v1/geneset', format="json") self.assertValidJSONResponse(r3) self.assertEqual(self.deserialize(r3)['objects'], [])
def testCreateUserObj(self): """ Check that the end-user can create a user through the API. Check that: a) they have access to this user object they just created via the API if they are logged in (using the test-client login method), and b) the user object is what we expect. """ client = TestApiClient() resp = client.post('/api/v1/user', format="json", data=self.post_user_data) self.assertHttpCreated(resp) client.client.login(username=self.post_user_data['username'], password=self.post_user_data['password']) resp = client.get('/api/v1/user', format="json") self.assertValidJSONResponse(resp) self.assertEqual( self.deserialize(resp)['objects'][0]['username'], self.post_user_data['username'])
class RunTriggersTestCase(BaseProcessorTestCase, PreparedData): def setUp(self): super(RunTriggersTestCase, self).setUp() self.api_client = TestApiClient() self.d = self.run_processor('test:triggers:create-file') t = Trigger() t.name = 'test.trigger' t.type = 'data:test:triggers:create:' t.author_id = str(self.admin.pk) t.trigger_input = 'in_file' t.input = {'in_file': 'INPUT'} t.processor_name = 'test:triggers:check-file' t.case_id = str(self.case2.id) t.autorun = True t.save() @override_settings(TESTING=False) def test_copy_before_triggers(self): login_user(self.api_client, self.admin) resp = self.api_client.post( '/api/v1/data/{}/copy/'.format(self.d.id), format='json', data={'case_ids': [self.case2.id]}) self.assertEqual(resp.status_code, 201) # pylint: disable=no-member all_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk)) error_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk), status=Data.STATUS_ERROR) # done_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk), # status=Data.STATUS_DONE) self.assertEqual(len(all_objs), 2) self.assertEqual(len(error_objs), 0)
def mock_request(obj, method, url, **kwargs): client = TestApiClient() authentication = 'Basic %s' % base64.b64encode(':'.join([ get_setting('SUPERUSER_USERNAME', None), get_setting('SUPERUSER_PASSWORD', None), ])) if method == 'GET': data = kwargs.get('params', {}) djresponse = client.get(url, data=data, authentication=authentication) elif method == 'POST': data = json.loads(kwargs.get('data', '{}')) djresponse = client.post(url, data=data, authentication=authentication) elif method == 'PUT': data = json.loads(kwargs.get('data', '{}')) djresponse = client.put(url, data=data, authentication=authentication) elif method == 'PATCH': data = json.loads(kwargs.get('data', '{}')) djresponse = client.patch(url, data=data, authentication=authentication) elif method == 'DELETE': data = kwargs.get('params', {}) djresponse = client.delete(url, data=data, authentication=authentication) # convert django.http.HttpResponse to requests.models.Response response = requests.models.Response() response.status_code = djresponse.status_code response.headers = {} try: response.headers['content-type'] = djresponse['content-type'] response.headers['location'] = djresponse['location'] except: pass response.encoding = requests.utils.get_encoding_from_headers(response.headers) response._content = djresponse.content return response
def handle(self, *args, **options): logger.info(u'Старт') api_client = TestApiClient() test_email = '*****@*****.**' User.objects.filter(email=test_email).delete() user = User.objects.create(email=test_email, first_name=u'Тест', patronymic='Тестович') api_key = 'ApiKey {}:{}'.format(user.email, user.api_key.key) logger.info(u'Создал пользователя') Card.objects.create(user=user, article='777') logger.info(u'Привязал карту') data = {'user': '******'.format(user.id)} api_client.post('/api/v1/reserve/', data=data, authentication=api_key) reserve = Reserve.objects.get(user=user) logger.info(u'Создал Бронь № {}'.format(reserve.id)) ea1 = EA.objects.filter(count_in__gte=2).first() data = { 'reserve': '/api/v1/reserve/{}/'.format(reserve.id), 'ea': '/api/v1/ea/{}/'.format(ea1.id), 'count': 2 } api_client.post('/api/v1/reserve_item/', data=data, authentication=api_key) ea2 = EA.objects.filter(count_in__gte=1).exclude(id=ea1.id).first() data = { 'reserve': '/api/v1/reserve/{}/'.format(reserve.id), 'ea': '/api/v1/ea/{}/'.format(ea2.id), 'count': 1 } api_client.post('/api/v1/reserve_item/', data=data, authentication=api_key) logger.info(u'Добавил в бронь 3 вещи') logger.info(u'Конец')
class InstanceResourceTestCase(ResourceTestCase): def setUp(self): super(InstanceResourceTestCase, self).setUp() call_command('loaddata', 'example_data', verbosity=0) self.user = User.objects.get(id=1) self.writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=self.user) self.api_client = TestApiClient() self.data = {'format': 'json', 'username': self.user.username, 'api_key': self.user.api_key.key} def get_credentials(self): credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) return credentials def test_api_exists(self): url = '/api/v1/' resp = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(resp) def test_api_needs_authentication(self): url = '/api/v1/instance/' response = self.api_client.get(url) self.assertHttpUnauthorized(response) def test_get_list_of_instances(self): url = '/api/v1/instance/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) instances = self.deserialize(response)['objects'] self.assertEqual(len(instances), WriteItInstance.objects.count()) # All the instances first_instance = instances[0] self.assertEqual(first_instance['messages_uri'], '/api/v1/instance/{0}/messages/'.format(first_instance['id'])) def test_get_detail_of_an_instance(self): url = '/api/v1/instance/{0}/'.format(self.writeitinstance.id) response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) def test_get_persons_of_an_instance(self): writeitinstance = WriteItInstance.objects.get(id=1) url = '/api/v1/instance/{0}/'.format(writeitinstance.id) response = self.api_client.get(url, data=self.data) instance = self.deserialize(response) self.assertIn('persons', instance) pedro = Person.objects.get(id=1) self.assertIn(pedro.popit_url, instance['persons']) def test_create_a_new_instance(self): instance_data = { 'name': 'The instance', 'slug': 'the-instance', } url = '/api/v1/instance/' response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location']) self.assertIsNotNone(match_id) instance_id = match_id.group('id') instance = WriteItInstance.objects.get(id=instance_id) self.assertValidJSON(force_text(response.content)) instance_as_json = force_text(response.content) self.assertIn('resource_uri', instance_as_json) self.assertEquals(instance.name, instance_data['name']) self.assertEquals(instance.slug, instance_data['slug']) self.assertEquals(instance.owner, self.user) @skipUnless(settings.LOCAL_POPIT, "No local popit running") def test_create_a_new_instance_with_only_name(self): instance_data = { 'name': 'The instance', } url = '/api/v1/instance/' response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location']) self.assertIsNotNone(match_id) instance_id = match_id.group('id') instance = WriteItInstance.objects.get(id=instance_id) self.assertEquals(instance.name, instance_data['name']) self.assertEquals(instance.owner, self.user) self.assertTrue(instance.slug) def test_does_not_create_a_user_if_not_logged(self): instance_data = { 'name': 'The instance', 'slug': 'the-instance', } url = '/api/v1/instance/' response = self.api_client.post(url, data=instance_data, format='json') self.assertHttpUnauthorized(response) @skipUnless(settings.LOCAL_POPIT, "No local popit running") def test_create_and_pull_people_from_a_popit_api(self): # loading data into the popit-api popit_load_data() instance_data = { 'name': 'The instance', 'slug': 'the-instance', 'popit-api': settings.TEST_POPIT_API_URL, } url = '/api/v1/instance/' response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location']) instance = WriteItInstance.objects.get(id=match_id.group('id')) self.assertEquals(instance.persons.count(), 2) #this should not break raton = Person.objects.get(name=u'Ratón Inteligente') fiera = Person.objects.get(name=u"Fiera Feroz") self.assertIn(raton, [r for r in instance.persons.all()]) self.assertIn(fiera, [r for r in instance.persons.all()])
class ToDoAppTestCase(TestCase): def setUp(self): self.client = TestApiClient() def test_task_creation(self): due_date = date.today() - timedelta(days=2) for i in range(16): response = self.client.post('/api/v1/task/', data={ "title": "test task 1", "due_date": due_date, "status": "Pending" }) due_date = due_date + timedelta(days=1) self.assertEqual(response.status_code, 201) def test_today_task_fetch(self): self.test_task_creation() response = self.client.get('/api/v1/filter/', data={"during": "today"}) res_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(res_obj.get('objects')), 1) def test_this_week_task_fetch(self): self.test_task_creation() response = self.client.get('/api/v1/filter/', data={"during": "this_week"}) res_obj = response.json() today = date.today() start = today week_start = today - timedelta(days=today.weekday()) end = week_start + timedelta(days=6) count = (end - start).days + 1 self.assertEqual(response.status_code, 200) self.assertEqual(len(res_obj.get('objects')), count) def test_next_week_task_fetch(self): self.test_task_creation() response = self.client.get('/api/v1/filter/', data={"during": "next_week"}) res_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(res_obj.get('objects')), 7) def test_overdue_task_fetch(self): self.test_task_creation() response = self.client.get('/api/v1/filter/', data={"during": "overdue"}) res_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(res_obj.get('objects')), 2) def test_subtask_creation(self): self.test_today_task_fetch() due_date = date.today() response = self.client.post('/api/v1/task/', data={ "title": "test sub task 1", "due_date": due_date, "status": "Pending", "parent": "/api/v1/task/1/" }) self.assertEqual(response.status_code, 201) def test_delete_task(self): self.test_subtask_creation() response = self.client.put('/api/v1/task/2/', data={ "deleted": True, "deletion_date": date.today() }) self.assertEqual(response.status_code, 204) def test_fetch_deleted_task(self): self.test_delete_task() response = self.client.get('/api/v1/deleted/') res_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(res_obj.get('objects')), 1)
class TestCampaignResource(ResourceTestCase): def setUp(self): # Tastypie stuff super(TestCampaignResource, self).setUp() self.bob_api_client = TestApiClient() self.bill_api_client = TestApiClient() self.anon_api_client = TestApiClient() # Create a user bob. self.user_bob_username = "******" self.user_bob_password = "******" self.user_bob = User.objects.create_user(self.user_bob_username, "*****@*****.**", self.user_bob_password) # Create a user bob. self.user_bill_username = "******" self.user_bill_password = "******" self.user_bill = User.objects.create_user( self.user_bill_username, "*****@*****.**", self.user_bill_password ) self.bob_api_client.client.login(username="******", password="******") self.bill_api_client.client.login(username="******", password="******") # assign users to the Public group public_group, created = Group.objects.get_or_create(name="Public") self.user_bob.groups.add(public_group) self.user_bill.groups.add(public_group) guardian.utils.get_anonymous_user().groups.add(public_group) # make a couple of campaigns and save self.campaign_bobs = mommy.make_one("catamidb.Campaign") self.campaign_bills = mommy.make_one("catamidb.Campaign") # assign this one to bob authorization.apply_campaign_permissions(self.user_bob, self.campaign_bobs) # assign this one to bill authorization.apply_campaign_permissions(self.user_bill, self.campaign_bills) # the API url for campaigns self.campaign_url = "/api/dev/campaign/" # some post data for testing campaign creation self.post_data = { "short_name": "Blah", "description": "Blah", "associated_researchers": "Blah", "associated_publications": "Blah", "associated_research_grant": "Blah", "date_start": "2012-05-01", "date_end": "2012-05-01", "contact_person": "Blah", } # can only do GET at this stage def test_campaign_operations_disabled(self): # test that we are unauthorized to create self.assertHttpUnauthorized(self.anon_api_client.post(self.campaign_url, format="json", data=self.post_data)) # test that we can NOT modify self.assertHttpMethodNotAllowed( self.anon_api_client.put(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json", data={}) ) # test that we can NOT delete self.assertHttpMethodNotAllowed( self.anon_api_client.delete(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json") ) # test that we can NOT modify authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.put(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json", data={}) ) # test that we can NOT delete authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.delete(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json") ) # test can get a list of campaigns authorised def test_campaigns_operations_as_authorised_users(self): # create a campaign that only bill can see bills_campaign = mommy.make_one("catamidb.Campaign") assign("view_campaign", self.user_bill, bills_campaign) # check that bill can see via the API response = self.bill_api_client.get(self.campaign_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 3) # check that bill can get to the object itself response = self.bill_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json") self.assertValidJSONResponse(response) # check that bob can not see - now we know tastypie API has correct # permission validation response = self.bob_api_client.get(self.campaign_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 2) # check bob can NOT get to the hidden object response = self.bob_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json") self.assertHttpUnauthorized(response) # check that anonymous can see public ones as well response = self.anon_api_client.get(self.campaign_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 2) # check anonymous can NOT get to the hidden object response = self.anon_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json") self.assertHttpUnauthorized(response) # create via the API auth_post_data = { "short_name": "AuthBlah", "description": "AuthBlah", "associated_researchers": "AuthBlah", "associated_publications": "AuthBlah", "associated_research_grant": "AuthBlah", "date_start": "2012-05-01", "date_end": "2012-05-01", "contact_person": "AuthBlah", } # test that we can create authenticated self.assertHttpCreated(self.bob_api_client.post(self.campaign_url, format="json", data=auth_post_data)) # check that ones we created via API are there response = self.bill_api_client.get(self.campaign_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 4) # check public can see it too response = self.anon_api_client.get(self.campaign_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 3)
class ResourceTest(ResourceTestCase): serializer= Serializer() def setUp(self): self.api_client = TestApiClient() self.username = '******' self.password = '******' self.user = hydroshare.create_account( '*****@*****.**', username=self.username, password=self.password, first_name='User0_FirstName', last_name='User0_LastName', ) self.api_client.client.login(username=self.username, password=self.password) self.url_proto = '/hsapi/resource/{0}/files/{1}/' self.filename = 'test.txt' def tearDown(self): User.objects.all().delete() GenericResource.objects.all().delete() def test_resource_file_get(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_put(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) mynewfile = open(self.filename, 'w') mynewfile.write('anyone there?\n') mynewfile.close() mynewfile = open(self.filename, 'r') url = self.url_proto.format(res1.short_id, self.filename) put_data = { 'resource_file': mynewfile } resp = self.api_client.put(url, data=put_data) self.assertHttpAccepted(resp) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_post(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') post_data = { 'resource_file': myfile } url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.post(url, data=post_data) self.assertHttpAccepted(resp) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_delete(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.delete(url) self.assertIn(resp.status_code, [200, 202, 204]) self.assertHttpNotFound( self.api_client.get(url, format='json') )
class UserTestBase(ResourceTestCase): def setUp(self): load_states() load_statutes() settings.DEBUG = True self.api_client = TestApiClient() self.get_credentials() #user creates all the groups and requests initially, user should always have edit perms unless another user takes that away self.user = User.objects.create_user('john', '*****@*****.**', 'secret') self.user.is_staff = True#someone has to be responsible self.user.save() self.usertwo = User.objects.create_user('yoko', '*****@*****.**', 'secret') self.userthree = User.objects.create_user('ringo', '*****@*****.**', 'secret') self.post_data = { 'name': 'A TEST GROUP' } self.up, created = UserProfile.objects.get_or_create(user=self.user) self.uptwo, created = UserProfile.objects.get_or_create(user=self.usertwo) self.upthree, created = UserProfile.objects.get_or_create(user=self.userthree) self.groupJSON = None self.group = None self.request = None self.agency = None self.agencyJSON = None self.contact = None self.contactJSON = None self.government = None self.governmentJSON = None def tearDown(self): Request.objects.all().delete() Contact.objects.all_them().delete() Agency.objects.all_them().delete() FeeExemptionOther.objects.all_them().delete() Statute.objects.all_them().delete() Government.objects.all().delete() Group.objects.all().delete() User.objects.all().delete() def get_user_group(self, userToGet): #each user has their own group named after then which they are the sole member of for group in userToGet.groups.all(): if group.name == userToGet.username: return group def create_group(self): #creates the default group and sets default json if self.groupJSON is not None: return self.groupJSON resp = self.api_client.post('/api/v1/group/', format='json', data=self.post_data, authentication=self.get_credentials()) self.group = Group.objects.get(name=self.post_data['name']) self.groupJSON = json.loads(resp.content) return resp def get_group_json(self, group): #gets json for a group resp = self.api_client.get('/api/v1/group/%s/' % group.id, format='json', data={}, authentication=self.get_credentials()) return json.loads(resp.content) def get_user_json(self, userToGet): users_resp = self.api_client.get("/api/v1/user/%s/" % userToGet.id, format='json', authentication=self.get_credentials()) return json.loads(users_resp.content) def add_user_to_group(self, userToAdd): self.create_group() users = self.get_user_json(userToAdd) groupjson = self.groupJSON.copy() groupjson['users'].append(users) update_resp = self.api_client.put(self.groupJSON['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) def create_request(self, username=None): request_data = { 'contacts': [], 'free_edit_body': "<p>Something respectable, and testable!</p>", 'private': True, 'title': "test bangarang" } if username is None: self.api_client.post('/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials()) else: self.api_client.post('/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials_other(username)) self.request = Request.objects.get(title=request_data['title']) def get_credentials(self): #log in with self.user credentials result = self.api_client.client.login(username='******', password='******') return result def get_credentials_other(self, username): #log in with self.user credentials result = self.api_client.client.login(username=username, password='******') return result def create_agency(self): self.agencyData = { 'government': Government.objects.get(name="United States of America").id, 'name': "A test agency", 'hidden': False } resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials()) return resp def create_agency(self): if self.agencyJSON is not None: return self.agencyJSON self.agencyData = { 'government': Government.objects.get(name="United States of America").id, 'name': "A test agency", 'hidden': False } resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials()) self.agency = Agency.objects.get(name='A test agency') self.agencyJSON = json.loads(resp.content) return self.agencyJSON def create_contact(self, data=None): if self.agency is None: self.create_agency() if self.contactJSON is not None: return self.contactJSON self.contactData = { 'first_name': "Testy", "last_name": "McTester", "dob": "1990-07-19", "notes": ["nothing much"], "phone_numbers": ["999-999-9999"], "titles": ["Public Information Officer"], "emails": ["*****@*****.**"], "addresses": ["1600 Penn. Washington DC 99999"], "agencyId": self.agency.id } if data is not None: self.contactData = data resp = self.api_client.post('/api/v1/contact/', format='json', data=self.contactData, authentication=self.get_credentials()) self.contactJSON = json.loads(resp.content) self.contact = Contact.objects.get(first_name=self.contactData['first_name'], last_name=self.contactData['last_name']) return self.contactJSON
class ApiV2TestCase(ResourceTestCase): def setUp(self): super(ApiV2TestCase, self).setUp() self.user = User.objects.create_user(username='******', password='******', email='*****@*****.**') self.user2 = User.objects.create_user(username='******', password='******', email='*****@*****.**') # delete all elections Election.objects.filter(owner=self.user).delete() #create an election self.election, created = Election.objects.get_or_create(name='Election user 1', owner=self.user, slug='name-of-election', published=True) self.election2, created = Election.objects.get_or_create(name='Election user 2', owner=self.user2, slug='election-user-2', published=True) #delete category created by default self.election.category_set.all().delete() self.election2.category_set.all().delete() self.personal_data1 = PersonalData.objects.create( label = u"Age", election = self.election) self.personal_data2 = PersonalData.objects.create( label = u"Le Profession", election = self.election) self.candidate = Candidate.objects.create( name = u"Le Candidate 01", election = self.election ) self.candidate2 = Candidate.objects.create( name = u"Candidate 02", election = self.election ) self.category1 = Category.objects.create( name = u"Category 01", election = self.election, slug = "category-01") self.category2 = Category.objects.create( name = u"Another category", election = self.election, slug = "another-category") self.question_category_1 = Question.objects.create( category = self.category1, question = u"Te gusta the beatles?") self.question_category_2 = Question.objects.create( category = self.category2, question = u"Comerías limón con ají?") self.answer_for_question_1 = Answer.objects.create( question = self.question_category_1, caption = u"Si") self.answer_for_question_3 = Answer.objects.create( question = self.question_category_1, caption = u"No") self.answer_for_question_2 = Answer.objects.create( question = self.question_category_2, caption = u"Talvez") self.answer_for_question_4 = Answer.objects.create( question = self.question_category_2, caption = u"Quizás") self.age = PersonalDataCandidate.objects.create( personal_data = self.personal_data1, candidate = self.candidate, value = u"31") self.profession = PersonalDataCandidate.objects.create( personal_data = self.personal_data2, candidate = self.candidate, value = u"Constructor") self.background_category_education = BackgroundCategory.objects.create( name = u"Education", election = self.election ) self.background_school = Background.objects.create( name = u"School", category = self.background_category_education ) self.background_candidate = BackgroundCandidate.objects.create( candidate = self.candidate, background = self.background_school, value = u"Primary High School Musical" ) self.link_twitter = Link.objects.create( name = u"Twitter", url = u"https://www.twitter.com/#el_twitter", candidate = self.candidate) self.candidate.associate_answer(self.answer_for_question_1) self.candidate.associate_answer(self.answer_for_question_2) self.api_client = TestApiClient() #self.data = {'format': 'json', 'username': self.user.username, 'api_key':self.user.api_key.key} def get_credentials(self): return self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) def test_get_all_my_elections_unauthorized(self): response = self.api_client.get('/api/v2/election/', format='json') self.assertHttpUnauthorized(response) def test_get_elections_valid_json(self): response = self.api_client.get( '/api/v2/election/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(response) def test_get_my_elections(self): response = self.api_client.get( '/api/v2/election/', format='json', authentication=self.get_credentials()) elections = self.deserialize(response)['objects'] self.assertEquals(len(elections),1) the_election = elections[0] # print the_election["background"] self.assertEquals(the_election['id'],self.election.id) self.assertTrue(the_election.has_key('candidates')) self.assertTrue(isinstance(the_election["candidates"][0], unicode)) self.assertTrue(the_election.has_key('categories')) self.assertTrue(isinstance(the_election["categories"][0], unicode)) self.assertTrue(the_election.has_key('background_categories')) self.assertTrue(isinstance(the_election["background_categories"][0], unicode)) self.assertTrue(the_election.has_key('personal_data')) self.assertTrue(isinstance(the_election["personal_data"][0], unicode)) #categories def test_get_categories_valid_json(self): response = self.api_client.get( '/api/v2/category/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(response) #@skip('aun no es testetado') def test_get_all_categories(self): response = self.api_client.get( '/api/v2/category/', format='json', authentication=self.get_credentials()) categories = self.deserialize(response)['objects'] self.assertEquals(len(categories),2) the_category = categories[0] self.assertEquals(the_category['id'],self.category1.id) self.assertEquals(the_category['name'],self.category1.name) the_category2 = categories[1] self.assertEquals(the_category2['id'],self.category2.id) self.assertEquals(the_category2['name'],self.category2.name) self.assertTrue(the_category.has_key("questions")) self.assertTrue(isinstance(the_category["questions"][0], unicode)) def test_get_all_questions(self): response = self.api_client.get( '/api/v2/question/', format='json', authentication=self.get_credentials()) questions = self.deserialize(response)['objects'] self.assertEquals(len(questions),2) the_question = questions[0] self.assertTrue(the_question.has_key('question')) self.assertTrue(the_question.has_key('resource_uri')) self.assertEqual(the_question["resource_uri"], "/api/v2/question/{0}/".format(self.question_category_1.id)) self.assertTrue(the_question.has_key('category')) self.assertTrue(isinstance(the_question["category"], unicode)) self.assertEquals(the_question["category"], "/api/v2/category/{0}/".format(self.question_category_1.category.id)) def test_get_all_answers(self): self.candidate.associate_answer(self.answer_for_question_1) response = self.api_client.get( '/api/v2/answer/', format='json', authentication=self.get_credentials()) answers = self.deserialize(response)['objects'] self.assertEquals(len(answers),Answer.objects.count()) the_answer = answers[0] self.assertTrue(the_answer.has_key('caption')) self.assertTrue(the_answer.has_key('resource_uri')) self.assertEqual(the_answer["resource_uri"], "/api/v2/answer/{0}/".format(self.answer_for_question_1.id)) self.assertTrue(the_answer.has_key('candidates')) self.assertEquals(len(the_answer["candidates"]), 1) self.assertTrue(isinstance(the_answer["candidates"][0], unicode)) self.assertTrue(the_answer.has_key('question')) self.assertTrue(isinstance(the_answer["question"], unicode)) self.assertEquals(the_answer["question"], "/api/v2/question/{0}/".format(self.answer_for_question_1.question.id)) def test_get_personal_data_candidate(self): response = self.api_client.get( '/api/v2/personal_data_candidate/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) personal_data_candidate = self.deserialize(response)['objects'] # print personal_data_candidate[0] self.assertTrue(personal_data_candidate[0].has_key('candidate')) self.assertTrue(personal_data_candidate[0]['candidate']) self.assertTrue(personal_data_candidate[0].has_key('personal_data')) self.assertTrue(personal_data_candidate[0]['personal_data']) self.assertTrue(personal_data_candidate[0].has_key('value')) def test_get_personal_data(self): response = self.api_client.get( '/api/v2/personal_data/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) def test_get_background(self): response = self.api_client.get( '/api/v2/background/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) background = self.deserialize(response)['objects'] self.assertIn('background_category', background[0]) def test_get_first_background(self): response = self.api_client.get( '/api/v2/background/{0}/'.format(self.background_school.id), format='json', authentication=self.get_credentials()) self.assertHttpOK(response) background = self.deserialize(response) expected_resource_uri = "/api/v2/background_category/{0}/".format( self.background_school.category.id ) self.assertEquals(background["background_category"],expected_resource_uri) def test_get_backgrounds_candidate(self): response = self.api_client.get( '/api/v2/backgrounds_candidate/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) backgrounds_candidate = self.deserialize(response)['objects'] # print(backgrounds_candidate) self.assertTrue(backgrounds_candidate[0].has_key('value')) self.assertIn('background', backgrounds_candidate[0]) def test_backgrounds_candidate_detail(self): response = self.api_client.get( '/api/v2/backgrounds_candidate/{0}/'.format(self.background_candidate.id), format='json', authentication=self.get_credentials()) self.assertHttpOK(response) the_background_candidate = self.deserialize(response) self.assertEqual(the_background_candidate['value'], self.background_candidate.value) self.assertIn("background",the_background_candidate) # @skip('alguna razon') def test_get_all_candidates(self): response = self.api_client.get( '/api/v2/candidate/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) candidates = self.deserialize(response)['objects'] self.assertEquals(len(candidates),2) the_candidate = candidates[0] # print(the_candidate) self.assertTrue(the_candidate.has_key('slug')) self.assertFalse(the_candidate.has_key('personal_data')) self.assertTrue(the_candidate.has_key('personal_data_candidate')) self.assertTrue(isinstance(the_candidate["personal_data_candidate"][0], unicode)) self.assertFalse(the_candidate.has_key('backgrounds')) self.assertTrue(the_candidate.has_key('backgrounds_candidate')) self.assertTrue(isinstance(the_candidate["backgrounds_candidate"][0], unicode)) self.assertTrue(the_candidate.has_key('links')) self.assertTrue(isinstance(the_candidate["links"][0], unicode)) self.assertTrue(the_candidate.has_key('answers')) self.assertTrue(isinstance(the_candidate["answers"][0], unicode)) def test_get_background_category(self): response = self.api_client.get( '/api/v2/background_category/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) background_category = self.deserialize(response)['objects'] the_background_category = background_category[0] self.assertTrue(the_background_category.has_key('name')) self.assertTrue(the_background_category.has_key('background')) self.assertTrue(isinstance(the_background_category["background"][0], unicode)) def test_get_links(self): response = self.api_client.get( '/api/v2/link/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) link = self.deserialize(response)['objects'] # print link the_link = link[0] self.assertTrue(the_link.has_key('name')) self.assertTrue(the_link.has_key('url')) def test_answer_filtering(self): filter_data = { 'question': self.question_category_1.id } response = self.api_client.get( '/api/v2/answer/', format='json', authentication=self.get_credentials(), data=filter_data) self.assertHttpOK(response) answer = self.deserialize(response)['objects'] self.assertEquals(len(answer), Answer.objects.filter(question=self.question_category_1).count()) self.assertEquals( answer[0]['id'] , self.answer_for_question_1.id ) # @skip('ignore') def test_answer_filtering_two_param(self): filter_data = { # 'question': self.question_category_1.id, 'candidate__id': self.candidate.id } response = self.api_client.get( '/api/v2/answer/', format='json', authentication=self.get_credentials(), data=filter_data) # print response self.assertHttpOK(response) answer = self.deserialize(response)['objects'] # self.assertEquals(len(answer), 1) self.assertEquals( answer[0]['id'] , self.answer_for_question_1.id ) def test_filter_candidate(self): filter_data = { 'id' : self.candidate.id } response = self.api_client.get( '/api/v2/candidate/', format='json', authentication=self.get_credentials(), data=filter_data) self.assertHttpOK(response) candidate = self.deserialize(response)['objects'] self.assertEquals( len(candidate), 1) self.assertEquals( candidate[0]['id'], self.candidate.id ) #@skip('') def test_media_naranja_post(self): answers = [self.answer_for_question_1.pk, self.answer_for_question_2.pk] questions_ids = [self.question_category_1.id, self.question_category_2.id] importances = [5, 3] importances_by_category = [5, 3] factor_question1 = (answers[0] == self.answer_for_question_1.pk) * importances[0] factor_question2 = (answers[1] == self.answer_for_question_2.pk) * importances[1] score_category1 = factor_question1 * 100.0 / importances_by_category[0] score_category2 = factor_question2 * 100.0 / importances_by_category[1] global_score = (factor_question1 + factor_question2) * 100.0 / sum(importances_by_category) response = self.api_client.post('/api/v2/medianaranja/', format='json', authentication=self.get_credentials(), data = { 'data' : { 'question-0': answers[0], 'question-1': answers[1], \ 'importance-0': importances[0], 'importance-1': importances[1],\ 'question-id-0': questions_ids[0], 'question-id-1': questions_ids[1] },\ 'election-id' : self.election.id } ) expected_winner = { 'global_score':global_score, 'category_score':[ { 'category':self.question_category_1.category.name, 'score': score_category1 }, { 'category':self.question_category_2.category.name, 'score': score_category2 }, ], 'candidate':self.candidate.id } expected_others = [ { 'global_score':0.0, 'category_score':[ { 'category':self.question_category_1.category.name, 'score': 0.0 }, { 'category':self.question_category_2.category.name, 'score': 0.0 }, ], 'candidate':self.candidate2.id } ] #de nuevo self.assertHttpCreated(response) self.assertValidJSON(response.content) candidates = self.deserialize(response) self.assertIn('winner', candidates) self.assertEquals(candidates['winner'],expected_winner) self.assertEquals(candidates['others'],expected_others) def test_media_naranja_post_jsonp(self): answers = [self.answer_for_question_1.pk, self.answer_for_question_2.pk] questions_ids = [self.question_category_1.id, self.question_category_2.id] importances = [5, 3] importances_by_category = [5, 3] factor_question1 = (answers[0] == self.answer_for_question_1.pk) * importances[0] factor_question2 = (answers[1] == self.answer_for_question_2.pk) * importances[1] score_category1 = factor_question1 * 100.0 / importances_by_category[0] score_category2 = factor_question2 * 100.0 / importances_by_category[1] global_score = (factor_question1 + factor_question2) * 100.0 / sum(importances_by_category) response = self.api_client.post('/api/v2/medianaranja/?callback=callback', format='json', authentication=self.get_credentials(), data = { 'data' : { 'question-0': answers[0], 'question-1': answers[1], \ 'importance-0': importances[0], 'importance-1': importances[1],\ 'question-id-0': questions_ids[0], 'question-id-1': questions_ids[1] },\ 'election-id' : self.election.id } ) expected_winner = { 'global_score':global_score, 'category_score':[ { 'category':self.question_category_1.category.name, 'score': score_category1 }, { 'category':self.question_category_2.category.name, 'score': score_category2 }, ], 'candidate':self.candidate.id } expected_others = [ { 'global_score':0.0, 'category_score':[ { 'category':self.question_category_1.category.name, 'score': 0.0 }, { 'category':self.question_category_2.category.name, 'score': 0.0 }, ], 'candidate':self.candidate2.id } ] self.assertTrue(response.content.startswith("callback(")) content = response.content content = content.strip("callback(") def test_get_information_source(self): information_source = InformationSource.objects.create( candidate=self.candidate, question=self.question_category_1, content=u"Tomé esta información desde una página web") response = self.api_client.get( '/api/v2/information_source/', format='json', authentication=self.get_credentials()) self.assertHttpOK(response) information_source_dict = self.deserialize(response)['objects'][0] self.assertEquals(information_source_dict['candidate'], '/api/v2/candidate/{0}/'.format(self.candidate.id)) self.assertEquals(information_source_dict['question'], '/api/v2/question/{0}/'.format(self.question_category_1.id)) self.assertEquals(information_source_dict['content'], information_source.content) response_question = self.api_client.get( information_source_dict['question'], format='json', authentication=self.get_credentials()) self.assertHttpOK(response_question) question_dict = self.deserialize(response_question) self.assertIn('information_sources', question_dict) self.assertEquals(len(question_dict['information_sources']), 1) self.assertEquals(question_dict['information_sources'][0], '/api/v2/information_source/{0}/'.format(information_source.id))
class ResourceTest(ResourceTestCase): def setUp(self): self.logger = logging.getLogger(__name__) self.api_client = TestApiClient() self.username = '******' self.password = '******' # create a user to be used for creating the resource self.user_creator = hydroshare.create_account( '*****@*****.**', username=self.username, first_name='Creator_FirstName', last_name='Creator_LastName', superuser=False, password=self.password, groups=[]) self.user_url = '/hsapi/accounts/{0}/'.format( self.user_creator.username) self.api_client.client.login(username=self.username, password=self.password) # create a resource self.resource = hydroshare.create_resource( resource_type='GenericResource', title='My resource', owner=self.user_creator, last_changed_by=self.user_creator) self.resource_url_base = '/hsapi/resource/' self.resource_url = '{0}{1}/'.format(self.resource_url_base, self.resource.short_id) self.post_data = { 'title': 'My REST API-created resource', 'resource_type': 'GenericResource' } def tearDown(self): User.objects.all().delete() GenericResource.objects.all().delete() def get_credentials(self): k = self.create_basic(username=self.username, password=self.password) print k return k def test_resource_get(self): resp = self.api_client.get(self.resource_url) self.assertTrue(resp['Location'].endswith('.zip')) def test_resource_post(self): resp = self.api_client.post(self.resource_url_base, data=self.post_data) self.assertIn(resp.status_code, [201, 200]) # PID comes back as body of response, but API client doesn't seem to be # parsing the response for us pid = str(resp).split('\n')[-1] new_resource_url = '{0}{1}/'.format(self.resource_url_base, pid) # Fetch the newly created resource resp = self.api_client.get(new_resource_url) self.assertTrue(resp['Location'].endswith('.zip')) def test_resource_put(self): new_data = {} new_data['title'] = 'My UPDATED REST API-created resource' resp = self.api_client.put(self.resource_url, data=new_data) self.assertIn(resp.status_code, ['202', '204']) def test_resource_delete(self): x = self.api_client.delete(self.resource_url, format='json') self.assertIn(x.status_code, [202, 204, 301]) self.assertHttpNotFound( self.api_client.get(self.resource_url, format='json'))
class ApiTestCase(ResourceTestCase): fixtures = ['app/detective/fixtures/default_topics.json', 'app/detective/fixtures/search_terms.json',] def setUp(self): super(ApiTestCase, self).setUp() # Use custom api client self.api_client = TestApiClient() self.salt = SaltMixin.salt self.super_username = '******' self.super_password = '******' self.super_email = '*****@*****.**' self.contrib_username = '******' self.contrib_password = '******' self.contrib_email = '*****@*****.**' self.lambda_username = '******' self.lambda_password = '******' self.lambda_email = '*****@*****.**' contributors = Group.objects.get(name='energy_contributor') # Create the new user users super_user = User.objects.create( username=self.super_username, email=self.super_email, is_staff=True, is_superuser = True ) super_user.set_password(self.super_password) super_user.save() self.super_user = super_user contrib_user = User.objects.create( username=self.contrib_username, email=self.contrib_email, is_active=True ) contrib_user.groups.add(contributors) contrib_user.set_password(self.contrib_password) contrib_user.save() self.contrib_user = contrib_user lambda_user = User.objects.create( username=self.lambda_username, email=self.lambda_email, ) lambda_user.set_password(self.lambda_password) lambda_user.save() self.lambda_user = lambda_user # Create related objects self.jpp = Organization(name=u"Journalism++") self.jpp._author = [super_user.pk] self.jpp.founded = datetime(2011, 4, 3) self.jpp.website_url = 'http://jplusplus.com' self.jpp.save() self.jg = Organization(name=u"Journalism Grant") self.jg._author = [super_user.pk] self.jg.save() self.fra = Country(name=u"France", isoa3=u"FRA") self.fra.save() self.pr = Person(name=u"Pierre Roméra") self.pr.based_in.add(self.fra) self.pr.activity_in_organization.add(self.jpp) self.pr.save() self.pb = Person(name=u"Pierre Bellon") self.pb.based_in.add(self.fra) self.pb.activity_in_organization.add(self.jpp) self.pb.save() # Creates Christmas topic ontology = File(open(settings.DATA_ROOT + "/ontology-v5.7.owl")) self.christmas = Topic(slug=u"christmas", title="It's christmas!", ontology_as_owl=ontology, author=super_user) self.christmas.save() # Creates Thanksgiving topic self.thanksgiving = Topic(slug=u"thanksgiving", title="It's thanksgiving!", ontology_as_owl=ontology, author=super_user) self.thanksgiving.save() self.post_data_simple = { "name": "Lorem ispum TEST", "twitter_handle": "loremipsum" } self.post_data_related = { "name": "Lorem ispum TEST RELATED", "owner": [ { "id": self.jpp.id }, { "id": self.jg.id } ], "activity_in_country": [ { "id": self.fra.id } ] } self.rdf_jpp = { "label": u"Person that has activity in Journalism++", "object": { "id": self.jpp.id, "model": u"Organization", "name": u"Journalism++" }, "predicate": { "label": u"has activity in", "name": u"activity_in_organization", "subject": u"Person" }, "subject": { "label": u"Person", "name": u"Person" } } def cleanModel(self, model_instance): if model_instance: model_instance.delete() def tearDown(self): # Clean & delete generated data # individuals self.cleanModel(self.jpp) # organization self.cleanModel(self.jg) # organization self.cleanModel(self.fra) # country self.cleanModel(self.pr) # people self.cleanModel(self.pb) # people # Simply flush the database management.call_command('flush', verbosity=0, interactive=False) # Utility functions (Auth, operation etc.) def login(self, username, password): return self.api_client.client.login(username=username, password=password) def get_super_credentials(self): return self.login(self.super_username, self.super_password) def get_contrib_credentials(self): return self.login(self.contrib_username, self.contrib_password) def get_lambda_credentials(self): return self.login(self.lambda_username, self.lambda_password) def signup_user(self, user_dict): """ Utility method to signup through API """ return self.api_client.post('/api/common/v1/user/signup/', format='json', data=user_dict) def patch_individual(self, scope=None, model_name=None, model_id=None, patch_data=None, auth=None, skip_auth=False): if not skip_auth and not auth: auth = self.get_super_credentials() url = '/api/%s/v1/%s/%d/patch/' % (scope, model_name, model_id) return self.api_client.post(url, format='json', data=patch_data, authentication=auth) def check_permissions(self, permissions=None, user=None): user_permissions = list(user.get_all_permissions()) self.assertEqual(len(user_permissions), len(permissions)) for perm in user_permissions: self.assertTrue(perm in permissions) # All test functions def test_user_signup_succeed(self): """ Test with proper data to signup user Expected: HTTT 201 (Created) """ user_dict = dict(username=u"newuser", password=u"newuser", email=u"*****@*****.**") resp = self.signup_user(user_dict) self.assertHttpCreated(resp) def test_user_signup_empty_data(self): """ Test with empty data to signup user Expected: HTTP 400 (BadRequest) """ user_dict = dict(username=u"", password=u"", email=u"") resp = self.signup_user(user_dict) self.assertHttpBadRequest(resp) def test_user_signup_no_data(self): resp = self.api_client.post('/api/common/v1/user/signup/', format='json') self.assertHttpBadRequest(resp) def test_user_signup_existing_user(self): user_dict = dict(username=self.super_username, password=self.super_password, email=self.super_email) resp = self.signup_user(user_dict) self.assertHttpForbidden(resp) def test_user_activate_succeed(self): user_dict = dict(username='******', password='******', email='*****@*****.**') self.assertHttpCreated(self.signup_user(user_dict)) innactive_user = User.objects.get(email=user_dict.get('email')) activation_profile = RegistrationProfile.objects.get(user=innactive_user) activation_key = activation_profile.activation_key resp_activate = self.api_client.get('/api/common/v1/user/activate/?token=%s' % activation_key) self.assertHttpOK(resp_activate) user = User.objects.get(email=user_dict.get('email')) self.assertTrue(user.is_active) def test_user_activate_fake_token(self): resp = self.api_client.get('/api/common/v1/user/activate/?token=FAKE') self.assertHttpForbidden(resp) def test_user_activate_no_token(self): resp = self.api_client.get('/api/common/v1/user/activate/') self.assertHttpBadRequest(resp) def test_user_activate_empty_token(self): resp = self.api_client.get('/api/common/v1/user/activate/?token') self.assertHttpBadRequest(resp) def test_user_contrib_login_succeed(self): auth = dict(username=self.contrib_username, password=self.contrib_password) resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) data = json.loads(resp.content) self.assertTrue(data["success"]) self.check_permissions(permissions=data.get("permissions"), user=self.contrib_user) def test_user_login_succeed(self): auth = dict(username=self.super_username, password=self.super_password) resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_login_failed(self): auth = dict(username=self.super_username, password=u"awrongpassword") resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_logout_succeed(self): # First login auth = dict(username=self.super_username, password=self.super_password) self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) # Then logout resp = self.api_client.get('/api/common/v1/user/logout/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_logout_failed(self): resp = self.api_client.get('/api/common/v1/user/logout/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_permissions_is_logged(self): auth = dict(username=self.contrib_username, password=self.contrib_password) self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) resp = self.api_client.get('/api/common/v1/user/permissions/', format='json') self.assertValidJSON(resp.content) data = json.loads(resp.content) self.check_permissions(permissions=data.get("permissions"), user=self.contrib_user) def test_user_permissions_isnt_logged(self): resp = self.api_client.get('/api/common/v1/user/permissions/', format='json') self.assertHttpUnauthorized(resp) def test_user_status_isnt_logged(self): resp = self.api_client.get('/api/common/v1/user/status/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], False) def test_user_status_is_logged(self): # Log in auth = dict(username=self.super_username, password=self.super_password) resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) data = json.loads(resp.content) self.assertTrue(data['success']) resp = self.api_client.get('/api/common/v1/user/status/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], True) def test_contrib_user_status_is_logged(self): # Log in auth = dict(username=self.contrib_username, password=self.contrib_password, remember_me=True) resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) data = json.loads(resp.content) self.assertTrue(data['success']) resp = self.api_client.get('/api/common/v1/user/status/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], True) def test_reset_password_success(self): email = dict(email=self.super_email) resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertTrue(data['success']) def test_reset_password_wrong_email(self): email = dict(email="*****@*****.**") resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email) self.assertEqual(resp.status_code in [302, 404], True) def test_reset_password_no_data(self): resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json') self.assertHttpBadRequest(resp) def test_reset_password_empty_email(self): resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=dict(email='')) self.assertHttpBadRequest(resp) def test_reset_password_confirm_succes(self): """ Test to successfuly reset a password with a new one. Expected: HTTP 200 - OK """ token = signing.dumps(self.super_user.pk, salt=self.salt) password = "******" auth = dict(password=password, token=token) resp = self.api_client.post( '/api/common/v1/user/reset_password_confirm/', format='json', data=auth ) self.assertValidJSON(resp.content) data = json.loads(resp.content) self.assertTrue(data['success']) # we query users to get the latest user object (updated with password) user = User.objects.get(email=self.super_user.email) self.assertTrue(user.check_password(password)) def test_reset_password_confirm_no_data(self): """ Test on reset_password_confirm API endpoint without any data. Expected response: HTTP 400 (BadRequest). Explanation: Every request on /reset_password_confirm/ must have a JSON data payload. { password: ... // the password to reset" token: ... // the reset password token (received by emai) } """ resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json') self.assertHttpBadRequest(resp) self.assertIsNotNone(resp.content) def test_reset_password_confirm_empty_data(self): """ Test on reset_password_confirm API endpoint with empty data: { password: "" token: "" } Expected result: HTTP 400 (BadRequest) Explanation: A reset_password_confirm request must have a password and should be authenticated with a token. """ auth = dict(password='', token='') resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json', data=auth) self.assertHttpBadRequest(resp) def test_reset_password_confirm_fake_token(self): """ Test on reset_password_confirm API endpoint with empty data: { password: "" token: "" } Expected result: HTTP 403 (Forbidden) Explanation: A reset_password_confirm request should be authenticated with a valid token. """ fake_token = 'f4k:t0k3N' auth = dict(password='******', token=fake_token) resp = self.api_client.post( '/api/common/v1/user/reset_password_confirm/', format='json', data=auth ) self.assertHttpForbidden(resp) def test_get_list_json(self): resp = self.api_client.get('/api/energy/v1/energyproject/?limit=20', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Number of element on the first page count = min(20, EnergyProject.objects.count()) self.assertEqual( len(self.deserialize(resp)['objects']), count) def test_post_list_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple)) def test_post_list_staff(self): # Check how many are there first. count = EnergyProject.objects.count() self.assertHttpCreated( self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple, authentication=self.get_super_credentials() ) ) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count+1) def test_post_list_contributor(self): # Check how many are there first. count = EnergyProject.objects.count() self.assertHttpCreated( self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple, authentication=self.get_contrib_credentials() ) ) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count+1) def test_post_list_lambda(self): self.assertHttpUnauthorized( self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple, authentication=self.get_lambda_credentials() ) ) def test_post_list_related(self): # Check how many are there first. count = EnergyProject.objects.count() # Record API response to extract data resp = self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_related, authentication=self.get_super_credentials() ) # Vertify the request status self.assertHttpCreated(resp) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count+1) # Are the data readable? self.assertValidJSON(resp.content) # Parse data to verify relationship data = json.loads(resp.content) self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"])) self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"])) def test_mine(self): resp = self.api_client.get('/api/energy/v1/organization/mine/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual( len(data["objects"]), 2) def test_mine_empty(self): resp = self.api_client.get('/api/energy/v1/organization/mine/', format='json') self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual( len(data["objects"]), 0) def test_search_organization(self): resp = self.api_client.get('/api/energy/v1/organization/search/?q=Journalism', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater( len(data.items()), 1 ) def test_search_organization_wrong_page(self): resp = self.api_client.get('/api/energy/v1/organization/search/?q=Roméra&page=10000', format='json', authentication=self.get_super_credentials()) self.assertEqual(resp.status_code in [302, 404], True) def test_cypher_detail(self): resp = self.api_client.get('/api/common/v1/cypher/111/', format='json', authentication=self.get_super_credentials()) self.assertTrue(resp.status_code in [302, 404]) def test_cypher_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json')) def test_cypher_unauthorized(self): # Ensure the user isn't authorized to process cypher request self.super_user.is_staff = True self.super_user.is_superuser = False self.super_user.save() self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_super_credentials())) def test_cypher_authorized(self): # Ensure the user IS authorized to process cypher request self.super_user.is_superuser = True self.super_user.save() self.assertValidJSONResponse(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_super_credentials())) def test_summary_list(self): resp = self.api_client.get('/api/common/v1/summary/', format='json') self.assertEqual(resp.status_code in [302, 404], True) def test_summary_mine_success(self): resp = self.api_client.get('/api/energy/v1/summary/mine/', authentication=self.get_super_credentials(), format='json') self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) objects = data['objects'] self.assertIsNotNone(find(lambda x: x['label'] == self.jpp.name, objects)) self.assertIsNotNone(find(lambda x: x['label'] == self.jg.name, objects)) def test_summary_mine_unauthenticated(self): resp = self.api_client.get('/api/energy/v1/summary/mine/', format='json') self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) objects = data['objects'] self.assertEqual(len(objects), 0) def test_countries_summary(self): resp = self.api_client.get('/api/energy/v1/summary/countries/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # Only France is present self.assertGreater(len(data), 0) # We added 1 relation to France self.assertEqual("count" in data["FRA"], True) def test_forms_summary(self): resp = self.api_client.get('/api/energy/v1/summary/forms/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # As many descriptors as models self.assertEqual( 11, len(data.items()) ) def test_types_summary(self): resp = self.api_client.get('/api/energy/v1/summary/types/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) def test_search_summary(self): resp = self.api_client.get('/api/energy/v1/summary/search/?q=Journalism', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater( len(data.items()), 1 ) def test_search_summary_wrong_offset(self): resp = self.api_client.get('/api/energy/v1/summary/search/?q=Journalism&offset=-1', format='json', authentication=self.get_super_credentials()) self.assertEqual(resp.status_code in [302, 404], True) def test_summary_human_search(self): query = "Person activity in Journalism" resp = self.api_client.get('/api/energy/v1/summary/human/?q=%s' % query, format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) data = json.loads(resp.content) self.assertGreater(len(data['objects']), 1) def test_rdf_search(self): # RDF object for persons that have activity in J++, we need to urlencode # the JSON string to avoid '+' loss rdf_str = urllib.quote(json.dumps(self.rdf_jpp)) url = '/api/energy/v1/summary/rdf_search/?limit=20&offset=0&q=%s' % rdf_str resp = self.api_client.get(url, format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) data = json.loads(resp.content) objects = data['objects'] self.assertIsNotNone(find(lambda x: x['name'] == self.pr.name, objects)) self.assertIsNotNone(find(lambda x: x['name'] == self.pb.name, objects)) def test_patch_individual_date_staff(self): """ Test a patch request on an invidividual's date attribute. Request: /api/energy/v1/organization/ Expected: HTTP 200 (OK) """ # date are subject to special process with patch method. new_date = datetime(2011, 4, 1, 0, 0, 0, 0) data = { 'founded': new_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'), } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data } resp = self.patch_individual(**args) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) updated_jpp = Organization.objects.get(name=self.jpp.name) self.assertEqual(timezone.make_naive(updated_jpp.founded), new_date) def test_patch_individual_website_staff(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data } resp = self.patch_individual(**args) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) updated_jpp = Organization.objects.get(name=self.jpp.name) self.assertEqual(updated_jpp.website_url, jpp_url) def test_patch_individual_website_unauthenticated(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data, 'skip_auth' : True, } resp = self.patch_individual(**args) self.assertHttpUnauthorized(resp) def test_patch_individual_website_contributor(self): jpp_url = 'http://www.jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data, 'auth' : self.get_contrib_credentials(), } resp = self.patch_individual(**args) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) updated_jpp = Organization.objects.filter(name=self.jpp.name)[0] self.assertEqual(updated_jpp.website_url, jpp_url) def test_patch_individual_website_lambda(self): jpp_url = 'http://bam.jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data, 'auth' : self.get_lambda_credentials(), } resp = self.patch_individual(**args) self.assertHttpUnauthorized(resp) def test_patch_individual_not_found(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : 1337, 'model_name' : 'organization', 'patch_data' : data, } resp = self.patch_individual(**args) self.assertEqual(resp.status_code in [302, 404], True) def test_topic_endpoint_exists(self): resp = self.api_client.get('/api/common/v1/topic/?slug=christmas', follow=True, format='json') # Parse data to check the number of result data = json.loads(resp.content) # 1 result self.assertEqual( len( data["objects"] ), 1 ) def test_topic_api_exists(self): resp = self.api_client.get('/api/christmas/v1/', format='json') self.assertValidJSONResponse(resp) def test_topic_has_person(self): resp = self.api_client.get('/api/christmas/v1/', format='json') self.assertValidJSONResponse(resp) def test_topic_multiple_api(self): # API 1 resp = self.api_client.get('/api/christmas/v1/', format='json') self.assertValidJSONResponse(resp) # API 2 resp = self.api_client.get('/api/thanksgiving/v1/', format='json') self.assertValidJSONResponse(resp) def test_topic_has_summary_syntax_from_ontology(self): resp = self.api_client.get('/api/christmas/v1/summary/syntax/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp) def test_topic_has_summary_syntax_from_file(self): resp = self.api_client.get('/api/energy/v1/summary/syntax/', format='json', authentication=self.get_super_credentials()) self.assertValidJSONResponse(resp)
class Partner_v1__PhotoResourceTest(ResourceTestCase): fixtures = [ 'api_accounts_and_keys.json', 'packages.json', 'accounts_and_users.json', 'events.json', 'guests.json', 'photos.json' ] def setUp(self): super(Partner_v1__PhotoResourceTest, self).setUp() # we need a custom serializer for multipart uploads self.api_client = TestApiClient(serializer=MultipartSerializer()) self.api_key = 'key123_partner' self.api_secret = 'sec123_partner' self.api_account_1 = ApiAccount.objects.all()[0] self.events = Event.objects.filter( account__api_account=self.api_account_1) self.photos = Photo.objects.filter( event__account__api_account=self.api_account_1) self.photo_1 = self.photos[0] # The data we'll send on POST requests filename = 'trashcat.jpg' filepath = os.path.join(settings.PROJECT_PATH, 'api', 'assets', filename) f = open(filepath, 'rb') self.post_data = { 'event': '/partner_v1/event/{0}/'.format(self.events[0].pk), 'caption': 'My super awesome caption!', 'image': { 'filename': filename, 'data': f.read(), } } def get_credentials(self, method, uri): return DatabaseAuthentication.create_signature(self.api_key, self.api_secret, method, uri) def test_get_photos(self): uri = '/partner_v1/photo/' resp = self.api_client.get(uri, format='json', authentication=self.get_credentials( 'GET', uri)) # make sure the resource is valid self.assertValidJSONResponse(resp) # make sure we have the right number of objects self.assertNotEqual(Photo.objects.all().count(), self.photos.count()) self.assertEqual( self.deserialize(resp)['meta']['total_count'], self.photos.count()) def test_get_photo(self): uri = '/partner_v1/photo/{0}/'.format(self.photo_1.pk) resp = self.api_client.get(uri, format='json', authentication=self.get_credentials( 'GET', uri)) # make sure the resource is valid self.assertValidJSONResponse(resp) # test to make sure all the keys are in the response self.assertKeys(self.deserialize(resp), [ 'caption', 'created_at', 'event', 'guest', 'resource_uri', ]) def test_post_photo(self): uri = '/partner_v1/photo/' resp = self.api_client.post(uri, data=self.post_data, format='multipart', authentication=self.get_credentials( 'POST', uri)) # make sure the resource was created self.assertHttpCreated(resp) # test to make sure all the keys are in the response self.assertKeys(self.deserialize(resp), [ 'caption', 'created_at', 'event', 'guest', 'resource_uri', ])
class ApiTestCase(ResourceTestCase): ''' Testing custom integrity checks for the Move model. ''' def setUp(self): self.api_client = TestApiClient() player_1 = Player.objects.create(name="Person1", is_human=True) player_2 = Player.objects.create(name="Person2", is_human=False) Game.objects.create(player_1=player_1, player_2=player_2) def move_dict(self, game_id, player_id, x, y): return {"game": { "id": game_id }, "player": { "id": player_id }, "position_x": x, "position_y": y} def test_winner_found(self): ''' Tests winner and is_over are updated on game when three coordinates in a row are one player's. Tests winner and is_over are not updated before that. ''' self.api_client.get('/api/v1/move/', format='json') game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=1, position_y=1).save() Move(game=game, player=player2, position_x=0, position_y=0).save() Move(game=game, player=player1, position_x=1, position_y=0).save() move_post = self.move_dict(game.id, player2.id, 0, 2) self.api_client.post('/api/v1/move/', data=move_post) game = Game.objects.get(id=1) self.assertFalse(game.is_over or game.winner) move_post = self.move_dict(game.id, player1.id, 1, 2) self.api_client.post('/api/v1/move/', data=move_post) self.api_client.get('/api/v1/move/', format='json') resp = json.loads(self.api_client.get('/api/v1/game/1/', format='json').content) game = Game.objects.get(id=1) self.assertTrue(game.is_over) self.assertTrue(resp['is_over']) self.assertEqual(game.winner, player1) self.assertEqual(resp['winner']['name'], player1.name) def test_tie(self): ''' Tests is_over is updated on game when all coordinates have been taken. Tests is_over is not updated before that. Tests that winner is never set for this scenario. ''' self.api_client.get('/api/v1/move/', format='json') game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=1, position_y=1).save() Move(game=game, player=player2, position_x=1, position_y=0).save() Move(game=game, player=player1, position_x=2, position_y=0).save() Move(game=game, player=player2, position_x=2, position_y=2).save() Move(game=game, player=player1, position_x=0, position_y=0).save() Move(game=game, player=player2, position_x=0, position_y=1).save() Move(game=game, player=player1, position_x=1, position_y=2).save() move_post = self.move_dict(game.id, player2.id, 0, 2) self.api_client.post('/api/v1/move/', data=move_post) game = Game.objects.get(id=1) self.assertFalse(game.is_over or game.winner) move_post = self.move_dict(game.id, player1.id, 2, 1) self.api_client.post('/api/v1/move/', data=move_post) resp = json.loads(self.api_client.get('/api/v1/game/1/', format='json').content) game = Game.objects.get(id=1) self.assertTrue(game.is_over) self.assertTrue(resp['is_over']) self.assertFalse(game.winner) self.assertFalse(resp['winner']) def test_computer_turn(self): ''' Tests that a computer turn is taken automatically when computer's turn is next and POST is made wtih Move object. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) move_post = self.move_dict(game.id, player1.id, 0, 0) self.api_client.post('/api/v1/move/', data=move_post) computer_move = json.loads(self.api_client.get('/api/v1/move/2/', format='json').content) self.assertTrue(computer_move) self.assertEqual(computer_move['player']['name'], player2.name) def test_computer_turn_not_after_win(self): ''' Tests that after a human player wins a turn, the automatic play of the computer does not occur. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=0, position_y=0).save() Move(game=game, player=player2, position_x=1, position_y=0).save() Move(game=game, player=player1, position_x=1, position_y=1).save() Move(game=game, player=player2, position_x=2, position_y=0).save() move_post = self.move_dict(game.id, player1.id, 2, 2) self.api_client.post('/api/v1/move/', data=move_post) moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content) self.assertEquals(len(moves['objects']), 5) self.assertEquals(moves['objects'][0]['player']['name'], player1.name) def test_computer_selects_middle(self): ''' Tests that if available, computer selects middle coordinate. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) move_post = self.move_dict(game.id, player1.id, 2, 2) self.api_client.post('/api/v1/move/', data=move_post) moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content) self.assertEquals(len(moves['objects']), 2) x = moves['objects'][0]['position_x'] y = moves['objects'][0]['position_y'] self.assertEquals((x,y), (1,1)) def test_computer_wins_if_possible(self): ''' Tests that computer will make winning move if possible. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=0, position_y=0).save() Move(game=game, player=player2, position_x=1, position_y=1).save() Move(game=game, player=player1, position_x=2, position_y=1).save() Move(game=game, player=player2, position_x=1, position_y=2).save() move_post = self.move_dict(game.id, player1.id, 0, 2) self.api_client.post('/api/v1/move/', data=move_post) moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content) self.assertEquals(len(moves['objects']), 6) self.assertEquals(moves['objects'][0]['player']['name'], player2.name) x = moves['objects'][0]['position_x'] y = moves['objects'][0]['position_y'] self.assertEquals((x,y), (1,0)) game = Game.objects.get(id=1) self.assertTrue(game.is_over) self.assertEquals(game.winner.name, player2.name) def test_computer_prevents_user_win(self): ''' Tests that computer will prevent a user's win. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=0, position_y=0).save() Move(game=game, player=player2, position_x=1, position_y=1).save() move_post = self.move_dict(game.id, player1.id, 0, 2) self.api_client.post('/api/v1/move/', data=move_post) moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content) self.assertEquals(len(moves['objects']), 4) x = moves['objects'][0]['position_x'] y = moves['objects'][0]['position_y'] self.assertEquals((x,y), (0,1)) def test_computer_finishes_tie(self): ''' Tests that computer makes selections until the game is over. ''' game = Game.objects.get(id=1) player1 = Player.objects.get(id=1) player2 = Player.objects.get(id=2) Move(game=game, player=player1, position_x=0, position_y=0).save() Move(game=game, player=player2, position_x=1, position_y=1).save() Move(game=game, player=player1, position_x=2, position_y=2).save() Move(game=game, player=player2, position_x=1, position_y=0).save() Move(game=game, player=player1, position_x=1, position_y=2).save() Move(game=game, player=player2, position_x=0, position_y=2).save() move_post = self.move_dict(game.id, player1.id, 2, 0) self.api_client.post('/api/v1/move/', data=move_post) moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content) self.assertEquals(len(moves['objects']), 8)
class PostResourceTest(ResourceTestCase): fixtures = [ 'group.json', 'group_permission.json', 'user_group.json', 'user.json', 'user_project.json', 'project_part.json', 'project.json', 'profile.json', 'post.json', 'comment.json' ] def setUp(self): # Generic self.api_client = TestApiClient() self.serializer = Serializer() # API List data self.list_url = '/api/v1/post/' # API requests data self.project_part_id = 1 self.post_id = 1 self.detail_url = '/api/v1/post/{0}/'.format(self.post_id) self.project_part_query = '='.join( ['?project_part', str(self.project_part_id)]) self.post_data = { 'content': 'My post', 'project_part': { 'pk': self.project_part_id } } # Open API request data self.open_project_part_id = 2 self.open_post_id = 2 self.open_detail_url = '/api/v1/post/{0}/'.format(self.open_post_id) self.open_project_part_query = '='.join( ['?project_part', str(self.open_project_part_id)]) self.open_post_data = { 'content': 'My post', 'project_part': { 'pk': self.open_project_part_id } } def get_credentials(self): result = self.api_client.client.login(email='*****@*****.**', password='******') def test_post_list(self): self.get_credentials() self.assertIn('_auth_user_id', self.api_client.client.session) self.assertEqual(self.api_client.client.session['_auth_user_id'], 1) self.assertEqual(Post.objects.count(), 2) self.assertHttpCreated( self.api_client.post(self.list_url, format='json', data=self.post_data)) self.assertEqual(Post.objects.count(), 3) def test_get_list_unauthorzied(self): self.assertHttpUnauthorized( self.api_client.get(self.list_url, format='json')) def test_get_list(self): self.get_credentials() resp = self.api_client.get(''.join( [self.list_url, self.project_part_query]), format='json') self.assertValidJSONResponse(resp) self.assertEqual(len(json.loads(resp.content)['objects']), 1) def test_get_detail_unauthenticated(self): self.assertHttpUnauthorized( self.api_client.get(self.detail_url, format='json')) def test_get_detail(self): self.get_credentials() resp = self.api_client.get(self.detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['content'], 'hola') # def test_post_list_unauthenticated(self): # self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json', # data=self.post_data)) def test_put_detail_unauthenticated(self): self.assertHttpUnauthorized( self.api_client.put(self.detail_url, format='json', data={})) def test_put_detail(self): self.get_credentials() original_data = json.loads( self.api_client.get(self.detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Post' self.assertEqual(Post.objects.count(), 2) self.assertHttpAccepted( self.api_client.put(self.detail_url, format='json', data=new_data)) # Make sure the count hasn't changed & we did an update. self.assertEqual(Post.objects.count(), 2) def test_delete_detail_unauthenticated(self): self.assertHttpUnauthorized( self.api_client.delete(self.detail_url, format='json')) def test_delete_detail(self): self.get_credentials() self.assertEqual(Post.objects.count(), 2) resp = self.api_client.delete(self.detail_url, format='json') self.assertHttpAccepted(resp) self.assertEqual(Post.objects.count(), 1) # Open Projects # FIXME It fails because tastypie is not accessing authorization # before calling obj_create # def test_post_list_open(self): # self.assertEqual(Post.objects.count(), 2) # resp = self.api_client.post(self.list_url, # format='json', # data=self.open_post_data) # self.assertHttpUnauthorized(resp) def test_get_detail_open(self): resp = self.api_client.get(self.open_detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['content'], 'hola') def test_delete_detail_open(self): self.assertEqual(Post.objects.count(), 2) resp = self.api_client.delete(self.open_detail_url, format='json') self.assertHttpUnauthorized(resp) def test_put_detail_open(self): original_data = json.loads( self.api_client.get(self.open_detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Post' self.assertEqual(Post.objects.count(), 2) resp = self.api_client.put(self.open_detail_url, format='json', data=new_data) self.assertHttpUnauthorized(resp)
class UserTestBase(ResourceTestCase): def setUp(self): load_states() load_statutes() settings.DEBUG = True self.api_client = TestApiClient() self.get_credentials() #user creates all the groups and requests initially, user should always have edit perms unless another user takes that away self.user = User.objects.create_user('john', '*****@*****.**', 'secret') self.user.is_staff = True #someone has to be responsible self.user.save() self.usertwo = User.objects.create_user('yoko', '*****@*****.**', 'secret') self.userthree = User.objects.create_user('ringo', '*****@*****.**', 'secret') self.post_data = {'name': 'A TEST GROUP'} self.up, created = UserProfile.objects.get_or_create(user=self.user) self.uptwo, created = UserProfile.objects.get_or_create( user=self.usertwo) self.upthree, created = UserProfile.objects.get_or_create( user=self.userthree) self.groupJSON = None self.group = None self.request = None self.agency = None self.agencyJSON = None self.contact = None self.contactJSON = None self.government = None self.governmentJSON = None def tearDown(self): Request.objects.all().delete() Contact.objects.all_them().delete() Agency.objects.all_them().delete() FeeExemptionOther.objects.all_them().delete() Statute.objects.all_them().delete() Government.objects.all().delete() Group.objects.all().delete() User.objects.all().delete() def get_user_group(self, userToGet): #each user has their own group named after then which they are the sole member of for group in userToGet.groups.all(): if group.name == userToGet.username: return group def create_group(self): #creates the default group and sets default json if self.groupJSON is not None: return self.groupJSON resp = self.api_client.post('/api/v1/group/', format='json', data=self.post_data, authentication=self.get_credentials()) self.group = Group.objects.get(name=self.post_data['name']) self.groupJSON = json.loads(resp.content) return resp def get_group_json(self, group): #gets json for a group resp = self.api_client.get('/api/v1/group/%s/' % group.id, format='json', data={}, authentication=self.get_credentials()) return json.loads(resp.content) def get_user_json(self, userToGet): users_resp = self.api_client.get("/api/v1/user/%s/" % userToGet.id, format='json', authentication=self.get_credentials()) return json.loads(users_resp.content) def add_user_to_group(self, userToAdd): self.create_group() users = self.get_user_json(userToAdd) groupjson = self.groupJSON.copy() groupjson['users'].append(users) update_resp = self.api_client.put( self.groupJSON['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) def create_request(self, username=None): request_data = { 'contacts': [], 'free_edit_body': "<p>Something respectable, and testable!</p>", 'private': True, 'title': "test bangarang" } if username is None: self.api_client.post('/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials()) else: self.api_client.post( '/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials_other(username)) self.request = Request.objects.get(title=request_data['title']) def get_credentials(self): #log in with self.user credentials result = self.api_client.client.login(username='******', password='******') return result def get_credentials_other(self, username): #log in with self.user credentials result = self.api_client.client.login(username=username, password='******') return result def create_agency(self): self.agencyData = { 'government': Government.objects.get(name="United States of America").id, 'name': "A test agency", 'hidden': False } resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials()) return resp def create_agency(self): if self.agencyJSON is not None: return self.agencyJSON self.agencyData = { 'government': Government.objects.get(name="United States of America").id, 'name': "A test agency", 'hidden': False } resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials()) self.agency = Agency.objects.get(name='A test agency') self.agencyJSON = json.loads(resp.content) return self.agencyJSON def create_contact(self, data=None): if self.agency is None: self.create_agency() if self.contactJSON is not None: return self.contactJSON self.contactData = { 'first_name': "Testy", "last_name": "McTester", "dob": "1990-07-19", "notes": ["nothing much"], "phone_numbers": ["999-999-9999"], "titles": ["Public Information Officer"], "emails": ["*****@*****.**"], "addresses": ["1600 Penn. Washington DC 99999"], "agencyId": self.agency.id } if data is not None: self.contactData = data resp = self.api_client.post('/api/v1/contact/', format='json', data=self.contactData, authentication=self.get_credentials()) self.contactJSON = json.loads(resp.content) self.contact = Contact.objects.get( first_name=self.contactData['first_name'], last_name=self.contactData['last_name']) return self.contactJSON
class ResourceTest(ResourceTestCase): def setUp(self): self.logger = logging.getLogger(__name__) self.api_client = TestApiClient() self.username = "******" self.password = "******" # create a user to be used for creating the resource self.user_creator = hydroshare.create_account( "*****@*****.**", username=self.username, first_name="Creator_FirstName", last_name="Creator_LastName", superuser=False, password=self.password, groups=[], ) self.user_url = "/hsapi/accounts/{0}/".format(self.user_creator.username) self.api_client.client.login(username=self.username, password=self.password) # create a resource self.resource = hydroshare.create_resource( resource_type="GenericResource", title="My resource", owner=self.user_creator, last_changed_by=self.user_creator, ) self.resource_url_base = "/hsapi/resource/" self.resource_url = "{0}{1}/".format(self.resource_url_base, self.resource.short_id) self.post_data = {"title": "My REST API-created resource", "resource_type": "GenericResource"} def tearDown(self): User.objects.all().delete() GenericResource.objects.all().delete() def get_credentials(self): k = self.create_basic(username=self.username, password=self.password) print k return k def test_resource_get(self): resp = self.api_client.get(self.resource_url) self.assertTrue(resp["Location"].endswith(".zip")) def test_resource_post(self): resp = self.api_client.post(self.resource_url_base, data=self.post_data) self.assertIn(resp.status_code, [201, 200]) # PID comes back as body of response, but API client doesn't seem to be # parsing the response for us pid = str(resp).split("\n")[-1] new_resource_url = "{0}{1}/".format(self.resource_url_base, pid) # Fetch the newly created resource resp = self.api_client.get(new_resource_url) self.assertTrue(resp["Location"].endswith(".zip")) def test_resource_put(self): new_data = {} new_data["title"] = "My UPDATED REST API-created resource" resp = self.api_client.put(self.resource_url, data=new_data) self.assertIn(resp.status_code, ["202", "204"]) def test_resource_delete(self): x = self.api_client.delete(self.resource_url, format="json") self.assertIn(x.status_code, [202, 204, 301]) self.assertHttpNotFound(self.api_client.get(self.resource_url, format="json"))
class AuthResourceTest(ResourceTestCase): fixtures = ['test_auth.json'] def setUp(self): super(AuthResourceTest, self).setUp() self.client = TestApiClient() self.endpoint = '/api/v1/auth/' self.format = 'json' # Get user 1 and token 1 from fixture self.user = User.objects.all()[0] self.token = self.user.usertoken_set.all()[0] self.password = '******' self.detail = '/api/v1/auth/{0}/'.format(self.token.id) # Get user 2 and token 2 from fixture self.user2 = User.objects.all()[1] self.token2 = self.user2.usertoken_set.all()[0] self.detail2 = '/api/v1/auth/{0}/'.format(self.token2.id) def get_credentials(self): return self.create_basic(username=self.user.username, password=self.password) # Try to get tokens without credentials def test_get_keys_unauthorzied(self): self.assertHttpUnauthorized(self.client.get(self.endpoint, self.format)) # Try to create a token (POST) def test_create_token_json(self): post_data = {} credentials = self.get_credentials() self.assertHttpCreated(self.client.post(self.endpoint, self.format, data=post_data, authentication=credentials)) # Try to get all tokens (GET) def test_get_keys_json(self): credentials = self.get_credentials() resp = self.client.get(self.endpoint, self.format, authentication=credentials) self.assertValidJSONResponse(resp) # Try to delete a token (DELETE) def test_delete_token_json(self): credentials = self.get_credentials() self.assertEqual(UserToken.objects.count(), 2) resp = self.client.delete(self.detail, format=self.format, authentication=credentials) self.assertHttpAccepted(resp) self.assertEqual(UserToken.objects.count(), 1) # User 1 try to delete user 2 token def test_delete_another_token(self): credentials = self.get_credentials() self.assertHttpNotFound(self.client.delete(self.detail2, format=self.format, authentication=credentials)) # Try to create a token (POST) with wrong credentials def test_create_token_with_wrong_credentials_json(self): post_data = {} credentials = self.create_basic(username=self.user.username, password="******") self.assertHttpUnauthorized(self.client.post(self.endpoint, self.format, data=post_data, authentication=credentials))
class AnswerCreationResource(ResourceTestCase): def setUp(self): super(AnswerCreationResource, self).setUp() call_command('loaddata', 'example_data', verbosity=0) self.outbound_message = OutboundMessage.objects.all()[0] self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message) self.api_client = TestApiClient() self.user = User.objects.all()[0] self.data = {'format': 'json', 'username': self.user.username, 'api_key':self.user.api_key.key} def get_credentials(self): credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) return credentials def test_I_can_create_an_answer_with_only_an_identifier_and_a_content(self): url = '/api/v1/create_answer/' content = 'Fiera tiene una pulga' answer_data = { 'key':self.identifier.key, 'content':content } previous_answers = Answer.objects.count() response = self.api_client.post(url, data = answer_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) answers_count = Answer.objects.count() self.assertEquals(answers_count, previous_answers + 1) def test_authorization_using_api_key(self): url = '/api/v1/create_answer/' content = 'una sola' answer_data = { 'key':self.identifier.key, 'content':content } response = self.api_client.post(url, data = answer_data, format='json') self.assertHttpUnauthorized(response) def test_only_the_owner_can_create_an_answer(self): not_the_owner = User.objects.create(username='******') his_api_key = not_the_owner.api_key credentials = self.create_apikey(username=not_the_owner.username, api_key=his_api_key.key) url = '/api/v1/create_answer/' content = 'una sola' answer_data = { 'key':self.identifier.key, 'content':content } response = self.api_client.post(url, data = answer_data, format='json', authentication=credentials) self.assertHttpUnauthorized(response) def test_only_post_endpoint(self): url = '/api/v1/create_answer/' content = 'una sola' answer_data = { 'key':self.identifier.key, 'content':content } response = self.api_client.get(url) self.assertHttpMethodNotAllowed(response) response = self.api_client.put(url, data = answer_data) self.assertHttpMethodNotAllowed(response) response = self.api_client.patch(url, data = answer_data) self.assertHttpMethodNotAllowed(response)
class ApiTestCase(ResourceTestCase): def setUp(self): super(ApiTestCase, self).setUp() # Use custom api client self.api_client = TestApiClient() # Look for the test user self.username = u'tester' self.password = u'tester' self.email = u'*****@*****.**' self.salt = SaltMixin.salt try: self.user = User.objects.get(username=self.username) self.jpp = jpp = Organization.objects.get(name=u"Journalism++") self.jg = jg = Organization.objects.get(name=u"Journalism Grant") self.fra = fra = Country.objects.get(name=u"France") self.pr = pr = Person.objects.get(name=u"Pierre Roméra") self.pb = pb = Person.objects.get(name=u"Pierre Bellon") except ObjectDoesNotExist: # Create the new user self.user = User.objects.create_user(self.username, self.email, self.password) self.user.is_staff = True self.user.is_superuser = True self.user.save() # Create related objects self.jpp = jpp = Organization(name=u"Journalism++") jpp._author = [self.user.pk] jpp.founded = datetime(2011, 4, 3) jpp.website_url = 'http://jplusplus.com' jpp.save() self.jg = jg = Organization(name=u"Journalism Grant") jg._author = [self.user.pk] jg.save() self.fra = fra = Country(name=u"France", isoa3=u"FRA") fra.save() self.pr = pr = Person(name=u"Pierre Roméra") pr.based_in.add(fra) pr.activity_in_organization.add(jpp) pr.save() self.pb = pb = Person(name=u"Pierre Bellon") pb.based_in.add(fra) pb.activity_in_organization.add(jpp) pb.save() self.post_data_simple = { "name": "Lorem ispum TEST", "twitter_handle": "loremipsum" } self.post_data_related = { "name": "Lorem ispum TEST RELATED", "owner": [ { "id": jpp.id }, { "id": jg.id } ], "activity_in_country": [ { "id": fra.id } ] } self.rdf_jpp = { "label": u"Person that has activity in Journalism++", "object": { "id": 283, "model": u"common:Organization", "name": u"Journalism++" }, "predicate": { "label": u"has activity in", "name": u"person_has_activity_in_organization+", "subject": u"energy:Person" }, "subject": { "label": u"Person", "name": u"energy:Person" } } def tearDown(self): if self.user: self.user.delete() if self.jpp: self.jpp.delete() if self.jg: self.jg.delete() if self.fra: self.fra.delete() if self.pr: self.pr.delete() if self.pb: self.pb.delete() # Utility functions (Auth, operation etc.) def get_credentials(self): return self.api_client.client.login(username=self.username, password=self.password) def signup_user(self, user_dict): """ Utility method to signup through API """ return self.api_client.post('/api/common/v1/user/signup/', format='json', data=user_dict) def patch_individual(self, scope=None, model_name=None, model_id=None, patch_data=None, auth=None, skipAuth=False): if not skipAuth and not auth: auth = self.get_credentials() url = '/api/%s/v1/%s/%d/patch/' % (scope, model_name, model_id) return self.api_client.post(url, format='json', data=patch_data, authentication=auth) # All test functions def test_user_signup_succeed(self): """ Test with proper data to signup user Expected: HTTT 201 (Created) """ user_dict = dict(username=u"newuser", password=u"newuser", email=u"*****@*****.**") resp = self.signup_user(user_dict) self.assertHttpCreated(resp) def test_user_signup_empty_data(self): """ Test with empty data to signup user Expected: HTTP 400 (BadRequest) """ user_dict = dict(username=u"", password=u"", email=u"") resp = self.signup_user(user_dict) self.assertHttpBadRequest(resp) def test_user_signup_no_data(self): resp = self.api_client.post('/api/common/v1/user/signup/', format='json') self.assertHttpBadRequest(resp) def test_user_signup_existing_user(self): user_dict = dict(username=self.username, password=self.password, email=self.email) resp = self.signup_user(user_dict) self.assertHttpForbidden(resp) def test_user_activate_succeed(self): user_dict = dict(username='******', password='******', email='*****@*****.**') self.assertHttpCreated(self.signup_user(user_dict)) innactive_user = User.objects.get(email=user_dict.get('email')) activation_profile = RegistrationProfile.objects.get(user=innactive_user) activation_key = activation_profile.activation_key resp_activate = self.api_client.get('/api/common/v1/user/activate/?token=%s' % activation_key) self.assertHttpOK(resp_activate) user = User.objects.get(email=user_dict.get('email')) self.assertTrue(user.is_active) def test_user_activate_fake_token(self): resp = self.api_client.get('/api/common/v1/user/activate/?token=FAKE') self.assertHttpForbidden(resp) def test_user_activate_no_token(self): resp = self.api_client.get('/api/common/v1/user/activate/') self.assertHttpBadRequest(resp) def test_user_activate_empty_token(self): resp = self.api_client.get('/api/common/v1/user/activate/?token') self.assertHttpBadRequest(resp) def test_user_login_succeed(self): auth = dict(username=u"tester", password=u"tester") resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_login_failed(self): auth = dict(username=u"tester", password=u"wrong") resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_logout_succeed(self): # First login auth = dict(username=u"tester", password=u"tester") self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) # Then logout resp = self.api_client.get('/api/common/v1/user/logout/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_logout_failed(self): resp = self.api_client.get('/api/common/v1/user/logout/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_status_isnt_logged(self): resp = self.api_client.get('/api/common/v1/user/status/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], False) def test_user_status_is_logged(self): # Log in auth = dict(username=u"tester", password=u"tester") self.api_client.post('/api/common/v1/user/login/', format='json', data=auth) resp = self.api_client.get('/api/common/v1/user/status/', format='json') self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], True) def test_reset_password_success(self): email = dict(email="*****@*****.**") resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertTrue(data['success']) def test_reset_password_wrong_email(self): email = dict(email="*****@*****.**") resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email) self.assertEqual(resp.status_code in [302, 404], True) def test_reset_password_no_data(self): resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json') self.assertHttpBadRequest(resp) def test_reset_password_empty_email(self): resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=dict(email='')) self.assertHttpBadRequest(resp) def test_reset_password_confirm_succes(self): """ Test to successfuly reset a password with a new one. Expected: HTTP 200 - OK """ token = signing.dumps(self.user.pk, salt=self.salt) password = "******" auth = dict(password=password, token=token) resp = self.api_client.post( '/api/common/v1/user/reset_password_confirm/', format='json', data=auth ) self.assertValidJSON(resp.content) data = json.loads(resp.content) self.assertTrue(data['success']) # we query users to get the latest user object (updated with password) user = User.objects.get(email=self.user.email) self.assertTrue(user.check_password(password)) def test_reset_password_confirm_no_data(self): """ Test on reset_password_confirm API endpoint without any data. Expected response: HTTP 400 (BadRequest). Explanation: Every request on /reset_password_confirm/ must have a JSON data payload. { password: ... // the password to reset" token: ... // the reset password token (received by emai) } """ resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json') self.assertHttpBadRequest(resp) self.assertIsNotNone(resp.content) def test_reset_password_confirm_empty_data(self): """ Test on reset_password_confirm API endpoint with empty data: { password: "" token: "" } Expected result: HTTP 400 (BadRequest) Explanation: A reset_password_confirm request must have a password and should be authenticated with a token. """ auth = dict(password='', token='') resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json', data=auth) self.assertHttpBadRequest(resp) def test_reset_password_confirm_fake_token(self): """ Test on reset_password_confirm API endpoint with empty data: { password: "" token: "" } Expected result: HTTP 403 (Forbidden) Explanation: A reset_password_confirm request should be authenticated with a valid token. """ fake_token = 'f4k:t0k3N' auth = dict(password='******', token=fake_token) resp = self.api_client.post( '/api/common/v1/user/reset_password_confirm/', format='json', data=auth ) self.assertHttpForbidden(resp) def test_get_list_json(self): resp = self.api_client.get('/api/energy/v1/energyproject/?limit=20', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Number of element on the first page count = min(20, EnergyProject.objects.count() ) self.assertEqual( len(self.deserialize(resp)['objects']), count) def test_post_list_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple)) def test_post_list(self): # Check how many are there first. count = EnergyProject.objects.count() self.assertHttpCreated( self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple, authentication=self.get_credentials() ) ) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count+1) def test_post_list_related(self): # Check how many are there first. count = EnergyProject.objects.count() # Record API response to extract data resp = self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_related, authentication=self.get_credentials() ) # Vertify the request status self.assertHttpCreated(resp) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count+1) # Are the data readable? self.assertValidJSON(resp.content) # Parse data to verify relationship data = json.loads(resp.content) self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"])) self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"])) def test_mine(self): resp = self.api_client.get('/api/energy/v1/energyproject/mine/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual( min(20, len(data["objects"])), EnergyProject.objects.filter(_author__contains=self.user.id).count() ) def test_search_organization(self): resp = self.api_client.get('/api/energy/v1/organization/search/?q=Journalism', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater( len(data.items()), 1 ) def test_search_organization_wrong_page(self): resp = self.api_client.get('/api/energy/v1/organization/search/?q=Roméra&page=10000', format='json', authentication=self.get_credentials()) self.assertEqual(resp.status_code in [302, 404], True) def test_cypher_detail(self): resp = self.api_client.get('/api/common/v1/cypher/111/', format='json', authentication=self.get_credentials()) self.assertEqual(resp.status_code in [302, 404], True) def test_cypher_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json')) def test_cypher_unauthorized(self): # Ensure the user isn't authorized to process cypher request self.user.is_staff = True self.user.is_superuser = False self.user.save() self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_credentials())) def test_cypher_authorized(self): # Ensure the user IS authorized to process cypher request self.user.is_superuser = True self.user.save() self.assertValidJSONResponse(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_credentials())) def test_summary_list(self): resp = self.api_client.get('/api/common/v1/summary/', format='json') self.assertEqual(resp.status_code in [302, 404], True) def test_summary_mine_success(self): resp = self.api_client.get('/api/common/v1/summary/mine/', authentication=self.get_credentials(), format='json') self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) objects = data['objects'] jpp_t = find(lambda x: x['label'] == self.jpp.name, objects) jg_t = find(lambda x: x['label'] == self.jg.name, objects) self.assertIsNotNone(jpp_t) self.assertIsNotNone(jg_t) def test_summary_mine_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/summary/mine/', format='json')) def test_countries_summary(self): resp = self.api_client.get('/api/common/v1/summary/countries/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # Only France is present self.assertGreater(len(data), 0) # We added 1 relation to France self.assertEqual("count" in data["FRA"], True) def test_forms_summary(self): resp = self.api_client.get('/api/common/v1/summary/forms/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # As many descriptors as models self.assertEqual( 11, len(data.items()) ) def test_types_summary(self): resp = self.api_client.get('/api/common/v1/summary/types/', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) def test_search_summary(self): resp = self.api_client.get('/api/common/v1/summary/search/?q=Journalism', format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater( len(data.items()), 1 ) def test_search_summary_wrong_page(self): resp = self.api_client.get('/api/common/v1/summary/search/?q=Journalism&page=-1', format='json', authentication=self.get_credentials()) self.assertEqual(resp.status_code in [302, 404], True) def test_summary_human_search(self): query = "Person activity in Journalism" resp = self.api_client.get('/api/common/v1/summary/human/?q=%s' % query, format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) data = json.loads(resp.content) self.assertGreater(len(data['objects']), 1) def test_rdf_search(self): # RDF object for persons that have activity in J++, we need to urlencode # the JSON string to avoid '+' loss rdf_str = urllib.quote(json.dumps(self.rdf_jpp)) url = '/api/common/v1/summary/rdf_search/?limit=20&offset=0&q=%s' % rdf_str resp = self.api_client.get(url, format='json', authentication=self.get_credentials()) self.assertValidJSONResponse(resp) data = json.loads(resp.content) objects = data['objects'] pr_t = find(lambda x: x['name'] == self.pr.name, objects) pb_t = find(lambda x: x['name'] == self.pb.name, objects) self.assertIsNotNone(pr_t) self.assertIsNotNone(pb_t) def test_patch_individual_date(self): """ Test a patch request on an invidividual's date attribute. Request: /api/energy/v1/organization/ Expected: HTTP 200 (OK) """ # date are subject to special process with patch method. new_date = datetime(2011, 4, 1, 0, 0, 0, 0) data = { 'founded': new_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'), } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data } resp = self.patch_individual(**args) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) updated_jpp = Organization.objects.get(name=self.jpp.name) self.assertEqual(timezone.make_naive(updated_jpp.founded), new_date) def test_patch_individual_website(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data } resp = self.patch_individual(**args) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) updated_jpp = Organization.objects.get(name=self.jpp.name) self.assertEqual(updated_jpp.website_url, jpp_url) def test_patch_individual_unauthorized(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : self.jpp.id, 'model_name' : 'organization', 'patch_data' : data, 'skipAuth' : True, } resp = self.patch_individual(**args) self.assertHttpUnauthorized(resp) def test_patch_individual_not_found(self): jpp_url = 'http://jplusplus.org' data = { 'website_url': jpp_url, } args = { 'scope' : 'energy', 'model_id' : 1337, 'model_name' : 'organization', 'patch_data' : data, } resp = self.patch_individual(**args) self.assertEqual(resp.status_code in [302, 404], True)
class MessageResourceTestCase(ResourceTestCase): def setUp(self): super(MessageResourceTestCase, self).setUp() call_command('loaddata', 'example_data', verbosity=0) self.user = User.objects.get(id=1) self.writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=self.user) self.api_client = TestApiClient() self.data = {'format': 'json', 'username': self.user.username, 'api_key': self.user.api_key.key} def get_credentials(self): credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key) return credentials def test_get_list_of_messages(self): url = '/api/v1/message/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) messages = self.deserialize(response)['objects'] # Only listing my messages expected_messages = Message.public_objects.filter(writeitinstance__in=self.user.writeitinstances.all()) self.assertEqual(len(messages), expected_messages.count()) # Only my instances first_message = messages[0] self.assertNotIn('author_email', first_message.keys()) def test_only_listing_my_messages(self): not_me = User.objects.create_user(username='******', password='******') writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=not_me) person1 = Person.objects.get(id=1) writeitinstance.add_person(person1) i_should_not_see_this_message = Message.objects.create( content='Content 1 Public message', author_name='Felipe', author_email="*****@*****.**", subject='Fiera es una perra feroz', writeitinstance=writeitinstance, persons=[person1], ) Confirmation.objects.create(message=i_should_not_see_this_message) i_should_not_see_this_message.recently_confirmated() self.assertTrue(i_should_not_see_this_message.public) expected_messages = Message.public_objects.filter(writeitinstance__in=self.user.writeitinstances.all()) self.assertNotIn(i_should_not_see_this_message, expected_messages) self.assertIn(i_should_not_see_this_message, Message.public_objects.all()) url = '/api/v1/message/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) messages = self.deserialize(response)['objects'] i_should_not_see_this_message_as_json = None # Seriously, this can be done in a more elegant way # I'll keep on working with this and I'll return to this test # later for message in messages: if message['id'] == i_should_not_see_this_message.id: i_should_not_see_this_message_as_json = message self.assertIsNone(i_should_not_see_this_message_as_json) # The detail of a message url = '/api/v1/message/{0}/'.format(i_should_not_see_this_message.id) response = self.api_client.get(url, data=self.data) self.assertHttpUnauthorized(response) def test_list_of_messages_is_ordered(self): """ The list of messages shown in the API is ordered by created date""" # Preparing the test Message.objects.all().delete() person1 = Person.objects.get(id=1) # cleaning up the database before message1 = Message.objects.create( content=u'Content 1', author_name=u'Felipe', author_email=u"*****@*****.**", subject=u'Fiera es una perra feroz 1', writeitinstance=self.writeitinstance, persons=[person1], ) Confirmation.objects.create(message=message1) message1.recently_confirmated() message2 = Message.objects.create( content=u'Content 2', author_name=u'Felipe', author_email=u"*****@*****.**", subject=u'Fiera es una perra feroz 2', writeitinstance=self.writeitinstance, persons=[person1], ) Confirmation.objects.create(message=message2) message2.recently_confirmated() url = '/api/v1/message/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) messages = self.deserialize(response)['objects'] self.assertEquals(messages[0]['id'], message2.id) self.assertEquals(messages[1]['id'], message1.id) def test_authentication(self): url = '/api/v1/message/' response = self.api_client.get(url) self.assertHttpUnauthorized(response) def test_a_list_of_messages_have_answers(self): url = '/api/v1/message/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) messages = self.deserialize(response)['objects'] self.assertTrue('answers' in messages[0]) def test_the_message_has_the_people_it_was_sent_to(self): url = '/api/v1/message/' response = self.api_client.get(url, data=self.data) self.assertValidJSONResponse(response) messages = self.deserialize(response)['objects'] self.assertTrue('persons' in messages[0]) message_from_the_api = messages[0] message = Message.objects.get(id=messages[0]['id']) for person in message_from_the_api['people']: self.assertIn('popit_url', person) self.assertIn( Person.objects.get(id=person['id']), message.people.all(), ) self.assertEquals(len(message_from_the_api['people']), message.people.count()) def test_create_a_new_message(self): writeitinstance = WriteItInstance.objects.get(id=1) message_data = { 'author_name': 'Felipipoo', 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': [writeitinstance.persons.all()[0].popit_url], } url = '/api/v1/message/' previous_amount_of_messages = Message.objects.count() response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) self.assertValidJSON(force_text(response.content)) message_as_json = force_text(response.content) self.assertIn('resource_uri', message_as_json) post_amount_of_messages = Message.objects.count() self.assertEquals(post_amount_of_messages, previous_amount_of_messages + 1) the_message = Message.objects.get(author_name='Felipipoo') outbound_messages = the_message.outboundmessage_set.all() self.assertTrue(outbound_messages.count() > 0) for outbound_message in outbound_messages: self.assertEquals(outbound_message.status, 'ready') def test_create_a_new_message_in_not_my_instance(self): not_me = User.objects.create_user(username='******', password='******') writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=not_me) person1 = Person.objects.get(id=1) writeitinstance.add_person(person1) message_data = { 'author_name': 'Felipipoo', 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': [person1.popit_url], } url = '/api/v1/message/' response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials()) self.assertHttpUnauthorized(response) def test_create_a_new_message_with_a_non_existing_person(self): writeitinstance = WriteItInstance.objects.get(id=1) message_data = { 'author_name': 'Felipipoo', 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': [ writeitinstance.persons.all()[0].popit_url, 'http://this.person.does.not.exist', ], } url = '/api/v1/message/' response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials()) self.assertHttpCreated(response) the_message = Message.objects.get(author_name='Felipipoo') outbound_messages = the_message.outboundmessage_set.all() self.assertEquals(outbound_messages.count(), 1) self.assertEquals(outbound_messages[0].contact.person, writeitinstance.persons.all()[0]) def test_create_a_new_message_confirmated(self): writeitinstance = WriteItInstance.objects.get(id=1) message_data = { 'author_name': 'Felipipoo', 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': [writeitinstance.persons.all()[0].popit_url], } url = '/api/v1/message/' self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials()) the_message = Message.objects.get(author_name='Felipipoo') self.assertTrue(the_message.confirmated) def test_create_a_new_message_to_all_persons_in_the_instance(self): # here it is the thing I don't know yet how to do this and I'll go for # saying all in the persons array instead of having an array or an empty writeitinstance = WriteItInstance.objects.get(id=1) message_data = { 'author_name': 'Felipipoo', 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': "all", } url = '/api/v1/message/' self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials()) the_message = Message.objects.get(author_name=u'Felipipoo') self.assertEquals(len(the_message.people), writeitinstance.persons.count()) self.assertQuerysetEqual( the_message.people.all(), [repr(r) for r in writeitinstance.persons.all()] ) def test_not_confirming_automatically_a_message(self): """Push a new message to an instance with no autoconfirm message""" writeitinstance = WriteItInstance.objects.get(id=1) writeitinstance.config.autoconfirm_api_messages = False writeitinstance.config.save() message_data = { 'author_name': 'Felipipoo', 'author_email': "*****@*****.**", 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': "all", } url = '/api/v1/message/' self.api_client.post( url, data=message_data, format='json', authentication=self.get_credentials(), ) the_message = Message.objects.get(author_name='Felipipoo') self.assertFalse(the_message.confirmated) self.assertIsNotNone(the_message.confirmation) def test_not_including_email_in_non_auto_confrim_message(self): """Not Including email causes error 403 in a non auto confirm message""" writeitinstance = WriteItInstance.objects.get(id=1) writeitinstance.config.autoconfirm_api_messages = False writeitinstance.config.save() message_data = { 'author_name': 'Felipipoo', # 'author_email': "*****@*****.**", # this missing param will cause a 403 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': "all", } url = '/api/v1/message/' response = self.api_client.post( url, data=message_data, format='json', authentication=self.get_credentials(), ) self.assertEquals(response.status_code, 400) self.assertFalse(Message.objects.filter(author_name='Felipipoo')) def test_including_a_non_email_in_the_author_email(self): """When it has an author_email it validates it""" writeitinstance = WriteItInstance.objects.get(id=1) message_data = { 'author_name': 'Felipipoo', 'author_email': "This is not an email", # this missing param will cause a 403 'subject': 'new message', 'content': 'the content thing', 'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id), 'persons': "all" } url = '/api/v1/message/' response = self.api_client.post( url, data=message_data, format='json', authentication=self.get_credentials(), ) self.assertEquals(response.status_code, 400) self.assertFalse(Message.objects.filter(author_name='Felipipoo'))
class HelpResourceTest(ResourceTestCase): def setUp(self): super(HelpResourceTest, self).setUp() # TODO: If we end up supporting the PATCH method, use our # FixedTestApiClient instead of the default self.api_client = TestApiClient() self.username = "******" self.password = "******" self.user = User.objects.create_user(self.username, "*****@*****.**", self.password) def test_get_detail(self): help = create_help(title="Test Help Item", body="Test Help Item body") uri = "/api/0.1/help/%s/" % (help.help_id) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)["title"], "Test Help Item") self.assertEqual(self.deserialize(resp)["body"], "Test Help Item body") def test_get_detail_by_slug(self): help = create_help(title="Test Help Item", body="Test Help Item body", slug="test") uri = "/api/0.1/help/%s/" % (help.slug) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)["title"], "Test Help Item") self.assertEqual(self.deserialize(resp)["body"], "Test Help Item body") def test_get_list_for_section(self): section_help = create_help(title="Test section help item", body="Test section help item body") nonsection_help = create_help( title="Test non-section help item", body="Test non-section help item body", slug="test-nonsection" ) story = create_story( title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en" ) section = create_section(title="Test Section 1", story=story, help=section_help) uri = "/api/0.1/help/sections/%s/" % (section.section_id) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(len(self.deserialize(resp)["objects"]), 1) self.assertEqual(self.deserialize(resp)["objects"][0]["title"], "Test section help item") self.assertEqual(self.deserialize(resp)["objects"][0]["body"], "Test section help item body") def test_post_list_for_section(self): section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story( title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=self.user, ) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {"help_id": section_help.help_id} uri = "/api/0.1/help/sections/%s/" % (section.section_id) self.api_client.client.login(username=self.username, password=self.password) resp = self.api_client.post(uri, format="json", data=post_data) self.assertHttpCreated(resp) updated_section = Section.objects.get(pk=section.pk) self.assertEqual(updated_section.help, section_help) def test_post_list_for_section_unauthorized_unauthenticated(self): """ Test that anonymous users cannot set the help item for a section """ section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story( title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=self.user, ) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {"help_id": section_help.help_id} uri = "/api/0.1/help/sections/%s/" % (section.section_id) resp = self.api_client.post(uri, format="json", data=post_data) self.assertHttpUnauthorized(resp) def test_post_list_for_section_unauthorized_other_user(self): """ Test that a user can't set the help text for another user's section """ user2 = User.objects.create(username="******", email="*****@*****.**", password="******") section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story( title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=user2, ) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {"help_id": section_help.help_id} self.api_client.client.login(username=self.username, password=self.password) uri = "/api/0.1/help/sections/%s/" % (section.section_id) resp = self.api_client.post(uri, format="json", data=post_data) self.assertHttpUnauthorized(resp)
class CreateOrListAccountsTest(ResourceTestCase): serializer = Serializer() def setUp(self): self.account_url_base = '/hsapi/accounts/' self.sudo = hydroshare.create_account('*****@*****.**', 'hs', 'hydro', 'share', True, password='******') self.api_client = TestApiClient() self.api_client.client.login(username=self.sudo.username, password=self.sudo.password) def tearDown(self): User.objects.all().delete() def test_create_account(self): username = '******' password = '******' post_data_should_fail = CreateOrListAccounts.CreateAccountForm({ 'email': '*****@*****.**', 'username': username, 'first_name': 'shaun', 'last_name': 'livingston', 'password': password, 'superuser': True }) resp = self.api_client.post(self.account_url_base, data=post_data_should_fail) self.assertHttpForbidden(resp) post_data_should_succeed = CreateOrListAccounts.CreateAccountForm({ 'email': '*****@*****.**', 'username': username, 'first_name': 'shaun', 'last_name': 'livingston', 'password': password }) resp = self.api_client.post(self.account_url_base, data=post_data_should_succeed) self.assertHttpCreated(resp) self.assertTrue(User.objects.filter(email='*****@*****.**').exists()) self.assertTrue(User.objects.filter(username=username).exists()) self.assertTrue(User.objects.filter(first_name='shaun').exists()) self.assertTrue(User.objects.filter(last_name='livingston').exists()) self.assertTrue(User.objects.filter(superuser=True).exists()) def test_list_users(self): hydroshare.create_account( '*****@*****.**', username='******', first_name='User0_FirstName', last_name='User0_LastName', ) hydroshare.create_account( '*****@*****.**', username='******', first_name='User1_FirstName', last_name='User1_LastName', ) hydroshare.create_account( '*****@*****.**', username='******', first_name='User2_FirstName', last_name='User2_LastName', ) num_of_accounts = len(User.objects.filter(email='*****@*****.**')) query = self.serialize({ 'email': '*****@*****.**', }) get_data = {'query': query} resp = self.api_client.get(self.account_url_base, data=get_data) self.assertEqual(resp.status_code, 200) users = self.deserialize(resp) self.assertTrue(len(users) == num_of_accounts) for num in range(num_of_accounts): self.assertEqual(str(users[num]['email']), '*****@*****.**') self.assertEqual(str(users[num]['username']), 'user{0}'.format(num)) self.assertEqual(str(users[num]['first_name']), 'User{0}_FirstName'.format(num)) self.assertEqual(str(users[num]['last_name']), 'User{0}_LastName'.format(num))
class CommentResourceTest(ResourceTestCase): fixtures = ['group.json', 'group_permission.json', 'user_group.json', 'user.json', 'user_project.json', 'project_part.json', 'project.json', 'profile.json', 'post.json', 'comment.json'] def setUp(self): self.api_client = TestApiClient() self.post_id = 1 self.post_data = {'post': {'pk': self.post_id, 'text': 'New comment'}} self.detail_url = '/api/v1/comment/{0}/'.format(self.post_id) self.list_url = '/api/v1/comment/' self.serializer = Serializer() def get_credentials(self): result = self.api_client.client.login(email='*****@*****.**', password='******') # def test_post_list(self): # self.get_credentials() # self.assertIn('_auth_user_id', self.api_client.client.session) # self.assertEqual(self.api_client.client.session['_auth_user_id'], 1) # self.assertEqual(Comment.objects.count(), 1) # self.assertHttpCreated(self.api_client.post(self.list_url, # format='json', # data=self.post_data)) # self.assertEqual(Comment.objects.count(), 2) def test_get_list_unauthorized(self): self.assertHttpUnauthorized(self.api_client.get(self.list_url, format='json')) def test_get_list(self): self.get_credentials() resp = self.api_client.get(self.list_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(len(json.loads(resp.content)['objects']), 1) def test_get_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json')) # def test_get_detail(self): # self.get_credentials() # resp = self.api_client.get(self.detail_url, format='json') # self.assertValidJSONResponse(resp) # self.assertEqual(json.loads(resp.content)['comment'], '') def test_post_list_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json', data=self.post_data)) def test_put_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={})) def test_put_detail(self): self.get_credentials() resp = self.api_client.get(self.detail_url, format='json') original_data = json.loads(resp.content) new_data = original_data.copy() new_data['title'] = 'Updated: First Comment' self.assertEqual(Comment.objects.count(), 1) self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data)) self.assertEqual(Comment.objects.count(), 1) def test_delete_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json')) def test_delete_detail(self): self.get_credentials() self.assertEqual(Comment.objects.count(), 1) resp = self.api_client.delete(self.detail_url, format='json') self.assertHttpAccepted(resp) self.assertEqual(Comment.objects.count(), 0)
class TestCameraResource(ResourceTestCase): def setUp(self): # Tastypie stuff super(TestCameraResource, self).setUp() self.bob_api_client = TestApiClient() self.bill_api_client = TestApiClient() self.anon_api_client = TestApiClient() # Create a user bob. self.user_bob_username = "******" self.user_bob_password = "******" self.user_bob = User.objects.create_user(self.user_bob_username, "*****@*****.**", self.user_bob_password) # Create a user bob. self.user_bill_username = "******" self.user_bill_password = "******" self.user_bill = User.objects.create_user( self.user_bill_username, "*****@*****.**", self.user_bill_password ) self.bob_api_client.client.login(username="******", password="******") self.bill_api_client.client.login(username="******", password="******") # assign users to the Public group public_group, created = Group.objects.get_or_create(name="Public") self.user_bob.groups.add(public_group) self.user_bill.groups.add(public_group) guardian.utils.get_anonymous_user().groups.add(public_group) # make a couple of campaigns and save self.campaign_bobs = mommy.make_one("catamidb.Campaign", id=1) self.campaign_bills = mommy.make_one("catamidb.Campaign", id=2) # make a deployments self.deployment_bobs = mommy.make_recipe("catamidb.Deployment1", id=1, campaign=self.campaign_bobs) self.deployment_bills = mommy.make_recipe("catamidb.Deployment2", id=2, campaign=self.campaign_bills) # make images self.image_bobs = mommy.make_recipe("catamidb.Image1", id=1, deployment=self.deployment_bobs) self.image_bills = mommy.make_recipe("catamidb.Image2", id=2, deployment=self.deployment_bills) # make cameras self.camera_bobs = mommy.make_one("catamidb.Camera", id=1, image=self.image_bobs) self.camera_bills = mommy.make_one("catamidb.Camera", id=2, image=self.image_bills) # assign this one to bob authorization.apply_campaign_permissions(self.user_bob, self.campaign_bobs) # assign this one to bill authorization.apply_campaign_permissions(self.user_bill, self.campaign_bills) # the API url for deployments self.camera_url = "/api/dev/camera/" # some post data for testing camera creation self.post_data = [] def test_camera_operations_disabled(self): # test that we can NOT create self.assertHttpUnauthorized(self.anon_api_client.post(self.camera_url, format="json", data=self.post_data)) # test that we can NOT modify self.assertHttpUnauthorized( self.anon_api_client.put(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json", data={}) ) # test that we can NOT delete self.assertHttpMethodNotAllowed( self.anon_api_client.delete(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json") ) # test that we can NOT modify authenticated self.assertHttpUnauthorized( self.bob_api_client.put(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json", data={}) ) # test that we can NOT delete authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.delete(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json") ) def test_camera_operations_as_authorised_users(self): # create a campaign & deployment that ONLY bill can see bills_campaign = mommy.make_one("catamidb.Campaign", id=3, short_name="cp_3") bills_deployment = mommy.make_recipe("catamidb.Deployment3", id=3, campaign=bills_campaign) assign("view_campaign", self.user_bill, bills_campaign) # make exclusive image for bill and assign this image to camera to image self.image_bill_exc = mommy.make_recipe( "catamidb.Image3", id=3, deployment=bills_deployment ) # IMPORTANT camera checks campaign which has reference to deployment. Image has reference to deployment and camera # make exclusive camera for bill self.camera_bill_exc = mommy.make_one("catamidb.Camera", id=3, image=self.image_bill_exc) # check that bill can see via the API response = self.bill_api_client.get(self.camera_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 3) # check that bill can get to the object itself response = self.bill_api_client.get(self.camera_url + "3/", format="json") self.assertValidJSONResponse(response) # check that bob can not see - now we know tastypie API has correct # permission validation response = self.bob_api_client.get(self.camera_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 2) # check bob can NOT get to the hidden object response = self.bob_api_client.get(self.camera_url + "3/", format="json") self.assertHttpUnauthorized(response) # check that anonymous can see public ones as well response = self.anon_api_client.get(self.camera_url, format="json") self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)["objects"]), 2) # check anonymous can NOT get to the hidden object response = self.anon_api_client.get(self.camera_url + "3/", format="json") self.assertHttpUnauthorized(response)
class DocumentResourceTest(ResourceTestCase): fixtures = ['group.json', 'group_permission.json', 'user_group.json', 'user.json', 'user_project.json', 'project_part.json', 'project.json', 'profile.json', 'document.json'] def setUp(self): self.api_client = TestApiClient() self.project_part_id = 1 self.document_data = {'text': 'My document', 'project_part': {'pk': self.project_part_id}} self.document_id = 1 self.project_part_query = '='.join(['?project_part', str(self.project_part_id)]) self.detail_url = '/api/v1/document/{0}/'.format(self.document_id) self.list_url = '/api/v1/document/' self.serializer = Serializer() def get_credentials(self): result = self.api_client.client.login(email='*****@*****.**', password='******') def test_document_list(self): self.get_credentials() self.assertIn('_auth_user_id', self.api_client.client.session) self.assertEqual(self.api_client.client.session['_auth_user_id'], 1) self.assertEqual(Document.objects.count(), 2) self.assertHttpCreated(self.api_client.post(self.list_url, format='json', data=self.document_data)) self.assertEqual(Document.objects.count(), 3) def test_get_list_unauthorzied(self): self.assertHttpUnauthorized(self.api_client.get(self.list_url, format='json')) def test_get_list(self): self.get_credentials() resp = self.api_client.get(''.join([self.list_url, self.project_part_query]), format='json') self.assertValidJSONResponse(resp) self.assertEqual(len(json.loads(resp.content)['objects']), 1) def test_get_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json')) def test_get_detail(self): self.get_credentials() resp = self.api_client.get(self.detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['text'], '<h1>hola</h1>') # def test_post_list_unauthenticated(self): # self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json', # data=self.document_data)) def test_put_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={'text': 'data'})) def test_put_detail(self): self.get_credentials() original_data = json.loads(self.api_client.get(self.detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Document' self.assertEqual(Document.objects.count(), 2) self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data)) # Make sure the count hasn't changed & we did an update. self.assertEqual(Document.objects.count(), 2) def test_delete_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json')) def test_delete_detail(self): self.get_credentials() self.assertEqual(Document.objects.count(), 2) resp = self.api_client.delete(self.detail_url, format='json') self.assertHttpAccepted(resp) self.assertEqual(Document.objects.count(), 1)
class PilotJobResourceTest(ResourceTestCase): fixtures = ['local_site.json'] def setUp(self): super(PilotJobResourceTest, self).setUp() self.client = TestApiClient() self.endpoint = '/api/v1/dispatcher/' self.format = 'json' # Create one user self.user = User(username="******") self.user.save() # create a job self.job = Job(user=self.user, application=Application.objects.all()[0]) self.job.maxtime = 30 self.job.save() self.site = Site.objects.get(pk=1) self.pilot = self.site.submit_pilot_based_on_job(self.job) def test_submit_pilot(self): pilot = self.site.submit_pilot_based_on_job(self.job) self.assertEqual(type(pilot), type(Pilot())) def test_pilot_post_job(self): self.job.status = 'P' self.job.save() data = {"time_left": 60} token = self.pilot.token url = "%s?token=%s" % (self.endpoint, token) request = self.client.post(url, self.format, data=data) self.assertHttpCreated(request) def test_pilot_get_job(self): self.job.status = 'R' self.job.pilot = self.pilot self.job.save() token = self.pilot.token url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token) request = self.client.get(url, self.format) self.assertValidJSONResponse(request) def test_wrong_token(self): url = "%s%d/?token=%s" % (self.endpoint, self.job.id, "not-a-valid-token") request = self.client.get(url, self.format) self.assertHttpUnauthorized(request) def test_no_token(self): url = "%s%d/" % (self.endpoint, self.job.id) request = self.client.get(url, self.format) self.assertHttpUnauthorized(request) def test_pilot_patch_job(self): self.job.status = 'R' self.job.pilot = self.pilot self.job.save() data = {"progress": 50} token = self.pilot.token url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token) request = self.client.patch(url, self.format, data=data) self.assertHttpAccepted(request)
class HelpResourceTest(ResourceTestCase): def setUp(self): super(HelpResourceTest, self).setUp() # TODO: If we end up supporting the PATCH method, use our # FixedTestApiClient instead of the default self.api_client = TestApiClient() self.username = '******' self.password = '******' self.user = User.objects.create_user(self.username, '*****@*****.**', self.password) def test_get_detail(self): help = create_help(title="Test Help Item", body="Test Help Item body") uri = '/api/0.1/help/%s/' % (help.help_id) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['title'], "Test Help Item") self.assertEqual(self.deserialize(resp)['body'], "Test Help Item body") def test_get_detail_by_slug(self): help = create_help(title="Test Help Item", body="Test Help Item body", slug="test") uri = '/api/0.1/help/%s/' % (help.slug) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(self.deserialize(resp)['title'], "Test Help Item") self.assertEqual(self.deserialize(resp)['body'], "Test Help Item body") def test_get_list_for_section(self): section_help = create_help(title="Test section help item", body="Test section help item body") nonsection_help = create_help(title="Test non-section help item", body="Test non-section help item body", slug='test-nonsection') story = create_story(title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en") section = create_section(title="Test Section 1", story=story, help=section_help) uri = '/api/0.1/help/sections/%s/' % (section.section_id) resp = self.api_client.get(uri) self.assertValidJSONResponse(resp) self.assertEqual(len(self.deserialize(resp)['objects']), 1) self.assertEqual( self.deserialize(resp)['objects'][0]['title'], "Test section help item") self.assertEqual( self.deserialize(resp)['objects'][0]['body'], "Test section help item body") def test_post_list_for_section(self): section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story(title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=self.user) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {'help_id': section_help.help_id} uri = '/api/0.1/help/sections/%s/' % (section.section_id) self.api_client.client.login(username=self.username, password=self.password) resp = self.api_client.post(uri, format='json', data=post_data) self.assertHttpCreated(resp) updated_section = Section.objects.get(pk=section.pk) self.assertEqual(updated_section.help, section_help) def test_post_list_for_section_unauthorized_unauthenticated(self): """ Test that anonymous users cannot set the help item for a section """ section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story(title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=self.user) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {'help_id': section_help.help_id} uri = '/api/0.1/help/sections/%s/' % (section.section_id) resp = self.api_client.post(uri, format='json', data=post_data) self.assertHttpUnauthorized(resp) def test_post_list_for_section_unauthorized_other_user(self): """ Test that a user can't set the help text for another user's section """ user2 = User.objects.create(username="******", email="*****@*****.**", password="******") section_help = create_help(title="Test section help item", body="Test section help item body") story = create_story(title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en", author=user2) section = create_section(title="Test Section 1", story=story) self.assertEqual(section.help, None) post_data = {'help_id': section_help.help_id} self.api_client.client.login(username=self.username, password=self.password) uri = '/api/0.1/help/sections/%s/' % (section.section_id) resp = self.api_client.post(uri, format='json', data=post_data) self.assertHttpUnauthorized(resp)
class PostResourceTest(ResourceTestCase): fixtures = ['group.json', 'group_permission.json', 'user_group.json', 'user.json', 'user_project.json', 'project_part.json', 'project.json', 'profile.json', 'post.json', 'comment.json'] def setUp(self): # Generic self.api_client = TestApiClient() self.serializer = Serializer() # API List data self.list_url = '/api/v1/post/' # API requests data self.project_part_id = 1 self.post_id = 1 self.detail_url = '/api/v1/post/{0}/'.format(self.post_id) self.project_part_query = '='.join(['?project_part', str(self.project_part_id)]) self.post_data = {'content': 'My post', 'project_part': {'pk': self.project_part_id}} # Open API request data self.open_project_part_id = 2 self.open_post_id = 2 self.open_detail_url = '/api/v1/post/{0}/'.format(self.open_post_id) self.open_project_part_query = '='.join(['?project_part', str(self.open_project_part_id)]) self.open_post_data = {'content': 'My post', 'project_part': {'pk': self.open_project_part_id}} def get_credentials(self): result = self.api_client.client.login(email='*****@*****.**', password='******') def test_post_list(self): self.get_credentials() self.assertIn('_auth_user_id', self.api_client.client.session) self.assertEqual(self.api_client.client.session['_auth_user_id'], 1) self.assertEqual(Post.objects.count(), 2) self.assertHttpCreated(self.api_client.post(self.list_url, format='json', data=self.post_data)) self.assertEqual(Post.objects.count(), 3) def test_get_list_unauthorzied(self): self.assertHttpUnauthorized(self.api_client.get(self.list_url, format='json')) def test_get_list(self): self.get_credentials() resp = self.api_client.get(''.join([self.list_url, self.project_part_query]), format='json') self.assertValidJSONResponse(resp) self.assertEqual(len(json.loads(resp.content)['objects']), 1) def test_get_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json')) def test_get_detail(self): self.get_credentials() resp = self.api_client.get(self.detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['content'], 'hola') # def test_post_list_unauthenticated(self): # self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json', # data=self.post_data)) def test_put_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={})) def test_put_detail(self): self.get_credentials() original_data = json.loads(self.api_client.get(self.detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Post' self.assertEqual(Post.objects.count(), 2) self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data)) # Make sure the count hasn't changed & we did an update. self.assertEqual(Post.objects.count(), 2) def test_delete_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json')) def test_delete_detail(self): self.get_credentials() self.assertEqual(Post.objects.count(), 2) resp = self.api_client.delete(self.detail_url, format='json') self.assertHttpAccepted(resp) self.assertEqual(Post.objects.count(), 1) # Open Projects # FIXME It fails because tastypie is not accessing authorization # before calling obj_create # def test_post_list_open(self): # self.assertEqual(Post.objects.count(), 2) # resp = self.api_client.post(self.list_url, # format='json', # data=self.open_post_data) # self.assertHttpUnauthorized(resp) def test_get_detail_open(self): resp = self.api_client.get(self.open_detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['content'], 'hola') def test_delete_detail_open(self): self.assertEqual(Post.objects.count(), 2) resp = self.api_client.delete(self.open_detail_url, format='json') self.assertHttpUnauthorized(resp) def test_put_detail_open(self): original_data = json.loads(self.api_client.get(self.open_detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Post' self.assertEqual(Post.objects.count(), 2) resp = self.api_client.put(self.open_detail_url, format='json', data=new_data) self.assertHttpUnauthorized(resp)
class TestScientificImageMeasurementResource(ResourceTestCase): def setUp(self): #Tastypie stuff super(TestScientificImageMeasurementResource, self).setUp() self.bob_api_client = TestApiClient() self.bill_api_client = TestApiClient() self.anon_api_client = TestApiClient() # Create a user bob. self.user_bob_username = '******' self.user_bob_password = '******' self.user_bob = User.objects.create_user(self.user_bob_username, '*****@*****.**', self.user_bob_password) # Create a user bob. self.user_bill_username = '******' self.user_bill_password = '******' self.user_bill = User.objects.create_user(self.user_bill_username, '*****@*****.**', self.user_bill_password) self.bob_api_client.client.login(username='******', password='******') self.bill_api_client.client.login(username='******', password='******') #assign users to the Public group public_group, created = Group.objects.get_or_create(name='Public') self.user_bob.groups.add(public_group) self.user_bill.groups.add(public_group) guardian.utils.get_anonymous_user().groups.add(public_group) #make a couple of campaigns and save self.campaign_bobs = mommy.make_one('catamidb.Campaign', id=1) self.campaign_bills = mommy.make_one('catamidb.Campaign', id=2) #make a deployments self.deployment_bobs = mommy.make_recipe('catamidb.auvdeployment1', id=1, campaign=self.campaign_bobs) self.deployment_bills = mommy.make_recipe('catamidb.auvdeployment2', id=2, campaign=self.campaign_bills) #make poses self.pose_bobs = mommy.make_recipe('catamidb.pose1', id=1, deployment=self.deployment_bobs) self.pose_bills = mommy.make_recipe('catamidb.pose2', id=2, deployment=self.deployment_bills) #make cameras self.camera_bobs = mommy.make_one('catamidb.Camera', id=1, deployment=self.deployment_bobs) self.camera_bills = mommy.make_one('catamidb.Camera', id=2, deployment=self.deployment_bills) #make images self.image_bobs = mommy.make_one( 'catamidb.Image', id=1, pose=self. pose_bobs, camera=self.camera_bobs) self.image_bills = mommy.make_one( 'catamidb.Image', id=2, pose=self. pose_bills, camera=self.camera_bills) #make image measurements self.image_measurement_bobs = mommy.make_one( 'catamidb.ScientificImageMeasurement', id=1, image=self.image_bobs ) self.image_measurement_bills = mommy.make_one( 'catamidb.ScientificImageMeasurement', id=2, image=self. image_bills) #assign this one to bob authorization.apply_campaign_permissions( self.user_bob, self.campaign_bobs) #assign this one to bill authorization.apply_campaign_permissions( self.user_bill, self.campaign_bills) #the API url for campaigns self.image_measurement_url = '/api/dev/scientificimagemeasurement/' self.post_data = [] # can only do GET at this stage def test_image_measurement_operations_disabled(self): # test that we can NOT create self.assertHttpMethodNotAllowed( self.anon_api_client.post(self.image_measurement_url, format='json', data=self.post_data)) # test that we can NOT modify self.assertHttpMethodNotAllowed( self.anon_api_client.put( self.image_measurement_url + self.deployment_bobs.id.__str__() + "/", format='json', data={} ) ) # test that we can NOT delete self.assertHttpMethodNotAllowed( self.anon_api_client.delete( self.image_measurement_url + self.deployment_bobs.id.__str__() + "/", format='json' ) ) # test that we can NOT create authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.post( self.image_measurement_url, format='json', data=self.post_data ) ) # test that we can NOT modify authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.put( self.image_measurement_url + self.deployment_bobs.id.__str__() + "/", format='json', data={} ) ) # test that we can NOT delete authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.delete( self.image_measurement_url + self.deployment_bobs.id.__str__() + "/", format='json' ) ) def test_image_measurement_operations_as_authorised_users(self): # create a campaign & deployment that ONLY bill can see bills_campaign = mommy.make_one('catamidb.Campaign', id=3) bills_deployment = mommy.make_recipe('catamidb.auvdeployment', id=3, campaign=bills_campaign) bills_pose = mommy.make_recipe('catamidb.pose3', id=3, deployment=bills_deployment) bills_camera = mommy.make_one('catamidb.Camera', id=3, deployment=bills_deployment) bills_image = mommy.make_one('catamidb.Image', id=3, pose=bills_pose, camera=bills_camera) bills_image_measurement = mommy.make_one( 'catamidb.ScientificImageMeasurement', id=3, image=bills_image) assign('view_campaign', self.user_bill, bills_campaign) # check that bill can see via the API response = self.bill_api_client.get(self.image_measurement_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 3) # check that bill can get to the object itself response = self.bill_api_client.get(self.image_measurement_url + "3/", format='json') self.assertValidJSONResponse(response) # check that bob can not see - now we know tastypie API has correct # permission validation response = self.bob_api_client.get(self.image_measurement_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 2) # check bob can NOT get to the hidden object response = self.bob_api_client.get(self.image_measurement_url + "3/", format='json') self.assertHttpUnauthorized(response) #check that anonymous can see public ones as well response = self.anon_api_client.get(self.image_measurement_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 2) #check anonymous can NOT get to the hidden object response = self.anon_api_client.get(self.image_measurement_url + "3/", format='json') self.assertHttpUnauthorized(response)
class ListItTestCase(ResourceTestCaseMixin, TestCase): def setUp(self): super(ListItTestCase, self).setUp() self.client = TestApiClient() def test_add_tasks(self): #curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"title": "test task 9", "due_date":"2018-05-22T00:46:38", "status": "P" }' http://localhost:8000/api/v1/tasks/ due_date = date.today() - timedelta(days=2) for i in range(16): response = self.client.post('/api/v1/tasks/', data={ 'title': 'test task', 'due_date': due_date, 'status': 'P', }) due_date = due_date + timedelta(days=1) self.assertEqual(response.status_code, 201) def test_filter_today_tasks(self): self.test_add_tasks() response = self.client.get('/api/v1/filters/', data={"duedate": "today"}) response_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), 1) def test_filter_this_week_tasks(self): self.test_add_tasks() response = self.client.get('/api/v1/filters/', data={"duedate": "this_week"}) response_obj = response.json() today = date.today() week_start = today - timedelta(days=today.weekday()) end = week_start + timedelta(days=6) count = (end - today).days + 1 self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), count) def test_filter_next_week_tasks(self): self.test_add_tasks() response = self.client.get('/api/v1/filters/', data={"duedate": "next_week"}) response_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), 7) def test_filter_overdue_tasks(self): self.test_add_tasks() response = self.client.get('/api/v1/filters/', data={"duedate": "overdue"}) response_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), 2) def test_add_subtask(self): self.test_filter_today_tasks() # curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"title": "test task ", "task": "/api/v1/tasks/9/" }' http://localhost:8000/api/v1/subtasks/ response = self.client.post('/api/v1/subtasks/', data={ 'title': 'test subtask', 'task': '/api/v1/tasks/1/', }) self.assertEqual(response.status_code, 201) def test_search_known_tasks(self): #http://127.0.0.1:8000/api/v1/tasks/search/?format=json&q=test task 6 self.test_add_tasks() response = self.client.get('/api/v1/tasks/search/?q=test task') response_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), 16) def test_search_unknown_tasks(self): #http://127.0.0.1:8000/api/v1/tasks/search/?format=json&q=test task 6 self.test_add_tasks() response = self.client.get('/api/v1/tasks/search/?q=blah') response_obj = response.json() self.assertEqual(response.status_code, 200) self.assertEqual(len(response_obj.get('objects')), 0) def test_get_task_detail_json(self): self.test_filter_today_tasks() response = self.api_client.get('/api/v1/tasks/1/', format='json') self.assertValidJSONResponse(response) self.assertKeys(self.deserialize(response), ['title', 'due_date', 'status', 'resource_uri']) self.assertEqual(self.deserialize(response)['title'], 'test task') self.assertEqual(self.deserialize(response)['status'], 'P') self.assertEqual( self.deserialize(response)['due_date'], ((date.today() - timedelta(days=2)).isoformat())) def test_put_task_detail(self): # Grab the current data & modify it slightly. self.test_add_tasks() original_data = self.deserialize( self.api_client.get('/api/v1/tasks/1/', format='json')) new_data = original_data.copy() new_data['status'] = 'C' self.assertEqual(Task.objects.count(), 16) self.assertHttpAccepted( self.api_client.put('/api/v1/tasks/1/', format='json', data=new_data)) # Make sure the count hasn't changed & we did an update. self.assertEqual(Task.objects.count(), 16) # Check for updated data. self.assertEqual(Task.objects.get(pk=1).status, 'C')
class ApiTestCase(ResourceTestCase): def setUp(self): super(ApiTestCase, self).setUp() # Use custom api client self.api_client = TestApiClient() # Look for the test user self.username = u"tester" self.password = u"tester" try: self.user = User.objects.get(username=self.username) jpp = Organization.objects.get(name=u"Journalism++") jg = Organization.objects.get(name=u"Journalism Grant") fra = Country.objects.get(name=u"France") self.pr = pr = Person.objects.get(name=u"Pierre Roméra") self.pb = pb = Person.objects.get(name=u"Pierre Bellon") except ObjectDoesNotExist: # Create the new user self.user = User.objects.create_user(self.username, "*****@*****.**", self.password) self.user.is_staff = True self.user.is_superuser = True self.user.save() # Create related objects jpp = Organization(name=u"Journalism++") jpp.save() jg = Organization(name=u"Journalism Grant") jg.save() fra = Country(name=u"France", isoa3=u"FRA") fra.save() self.pr = pr = Person(name=u"Pierre Roméra") pr.based_in.add(fra) pr.activity_in_organization.add(jpp) pr.save() self.pb = pb = Person(name=u"Pierre Bellon") pb.based_in.add(fra) pb.activity_in_organization.add(jpp) pb.save() self.post_data_simple = {"name": "Lorem ispum TEST", "twitter_handle": "loremipsum"} self.post_data_related = { "name": "Lorem ispum TEST RELATED", "owner": [{"id": jpp.id}, {"id": jg.id}], "activity_in_country": [{"id": fra.id}], } self.rdf_jpp = { "label": u"Person that has activity in Journalism++", "object": {"id": 283, "model": u"common:Organization", "name": u"Journalism++"}, "predicate": { "label": u"has activity in", "name": u"person_has_activity_in_organization+", "subject": u"energy:Person", }, "subject": {"label": u"Person", "name": u"energy:Person"}, } def get_credentials(self): return self.api_client.client.login(username=self.username, password=self.password) def test_user_login_succeed(self): auth = dict(username=u"tester", password=u"tester") resp = self.api_client.post("/api/common/v1/user/login/", format="json", data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_login_failed(self): auth = dict(username=u"tester", password=u"wrong") resp = self.api_client.post("/api/common/v1/user/login/", format="json", data=auth) self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_logout_succeed(self): # First login auth = dict(username=u"tester", password=u"tester") self.api_client.post("/api/common/v1/user/login/", format="json", data=auth) # Then logout resp = self.api_client.get("/api/common/v1/user/logout/", format="json") self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], True) def test_user_logout_failed(self): resp = self.api_client.get("/api/common/v1/user/logout/", format="json") self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["success"], False) def test_user_status_isnt_logged(self): resp = self.api_client.get("/api/common/v1/user/status/", format="json") self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], False) def test_user_status_is_logged(self): # Log in auth = dict(username=u"tester", password=u"tester") self.api_client.post("/api/common/v1/user/login/", format="json", data=auth) resp = self.api_client.get("/api/common/v1/user/status/", format="json") self.assertValidJSON(resp.content) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual(data["is_logged"], True) def test_get_list_unauthorzied(self): self.assertHttpUnauthorized(self.api_client.get("/api/energy/v1/energyproject/", format="json")) def test_get_list_json(self): resp = self.api_client.get( "/api/energy/v1/energyproject/?limit=20", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Number of element on the first page count = min(20, EnergyProject.objects.count()) self.assertEqual(len(self.deserialize(resp)["objects"]), count) def test_post_list_unauthenticated(self): self.assertHttpUnauthorized( self.api_client.post("/api/energy/v1/energyproject/", format="json", data=self.post_data_simple) ) def test_post_list(self): # Check how many are there first. count = EnergyProject.objects.count() self.assertHttpCreated( self.api_client.post( "/api/energy/v1/energyproject/", format="json", data=self.post_data_simple, authentication=self.get_credentials(), ) ) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count + 1) def test_post_list_related(self): # Check how many are there first. count = EnergyProject.objects.count() # Record API response to extract data resp = self.api_client.post( "/api/energy/v1/energyproject/", format="json", data=self.post_data_related, authentication=self.get_credentials(), ) # Vertify the request status self.assertHttpCreated(resp) # Verify a new one has been added. self.assertEqual(EnergyProject.objects.count(), count + 1) # Are the data readable? self.assertValidJSON(resp.content) # Parse data to verify relationship data = json.loads(resp.content) self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"])) self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"])) def test_mine(self): resp = self.api_client.get( "/api/energy/v1/energyproject/mine/", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) self.assertEqual( min(20, len(data["objects"])), EnergyProject.objects.filter(_author__contains=self.user.id).count() ) def test_search_organization(self): resp = self.api_client.get( "/api/energy/v1/organization/search/?q=Journalism", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater(len(data.items()), 1) def test_search_organization_wrong_page(self): resp = self.api_client.get( "/api/energy/v1/organization/search/?q=Roméra&page=10000", format="json", authentication=self.get_credentials(), ) self.assertHttpNotFound(resp) def test_cypher_detail(self): self.assertHttpNotFound( self.api_client.get("/api/common/v1/cypher/111/", format="json", authentication=self.get_credentials()) ) def test_cypher_unauthenticated(self): self.assertHttpUnauthorized( self.api_client.get("/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;", format="json") ) def test_cypher_unauthorized(self): # Ensure the user isn't authorized to process cypher request self.user.is_staff = True self.user.is_superuser = False self.user.save() self.assertHttpUnauthorized( self.api_client.get( "/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;", format="json", authentication=self.get_credentials(), ) ) def test_cypher_authorized(self): # Ensure the user IS authorized to process cypher request self.user.is_superuser = True self.user.save() self.assertValidJSONResponse( self.api_client.get( "/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;", format="json", authentication=self.get_credentials(), ) ) def test_summary_list(self): self.assertHttpNotFound(self.api_client.get("/api/common/v1/summary/", format="json")) def test_countries_summary(self): resp = self.api_client.get( "/api/common/v1/summary/countries/", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # Only France is present self.assertGreater(len(data), 0) # We added 1 relation to France self.assertEqual("count" in data["FRA"], True) def test_forms_summary(self): resp = self.api_client.get( "/api/common/v1/summary/forms/", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # As many descriptors as models self.assertEqual(11, len(data.items())) def test_types_summary(self): resp = self.api_client.get( "/api/common/v1/summary/types/", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) def test_search_summary(self): resp = self.api_client.get( "/api/common/v1/summary/search/?q=Journalism", format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) # Parse data to check the number of result data = json.loads(resp.content) # At least 2 results self.assertGreater(len(data.items()), 1) def test_search_summary_wrong_page(self): resp = self.api_client.get( "/api/common/v1/summary/search/?q=Journalism&page=-1", format="json", authentication=self.get_credentials() ) self.assertHttpNotFound(resp) def test_summary_human_search(self): query = "Person activity in Journalism" expected = "Person that has activity in Journalism++" expected2 = "Person that had activity previous in Journalism++" resp = self.api_client.get( "/api/common/v1/summary/human/?q=%s" % query, format="json", authentication=self.get_credentials() ) self.assertValidJSONResponse(resp) data = json.loads(resp.content) self.assertGreater(len(data["objects"]), 1) def test_rdf_search(self): # RDF object for persons that have activity in J++, we need to urlencode # the JSON string to avoid '+' loss rdf_str = urllib.quote(json.dumps(self.rdf_jpp)) url = "/api/common/v1/summary/rdf_search/?limit=20&offset=0&q=%s" % rdf_str resp = self.api_client.get(url, format="json", authentication=self.get_credentials()) self.assertValidJSONResponse(resp) data = json.loads(resp.content) objects = data["objects"] pr_t = find(lambda x: x["name"] == self.pr.name, objects) pb_t = find(lambda x: x["name"] == self.pb.name, objects) self.assertIsNotNone(pr_t) self.assertIsNotNone(pb_t)
class ResourceTest(ResourceTestCase): serializer = Serializer() def setUp(self): self.api_client = TestApiClient() self.username = '******' self.password = '******' self.user = hydroshare.create_account( '*****@*****.**', username=self.username, password=self.password, first_name='User0_FirstName', last_name='User0_LastName', ) self.api_client.client.login(username=self.username, password=self.password) self.url_proto = '/hsapi/resource/{0}/files/{1}/' self.filename = 'test.txt' def tearDown(self): User.objects.all().delete() GenericResource.objects.all().delete() def test_resource_file_get(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_put(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) mynewfile = open(self.filename, 'w') mynewfile.write('anyone there?\n') mynewfile.close() mynewfile = open(self.filename, 'r') url = self.url_proto.format(res1.short_id, self.filename) put_data = {'resource_file': mynewfile} resp = self.api_client.put(url, data=put_data) self.assertHttpAccepted(resp) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_post(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') post_data = {'resource_file': myfile} url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.post(url, data=post_data) self.assertHttpAccepted(resp) resp = self.api_client.get(url) self.assertIn(resp.status_code, [201, 200]) def test_resource_file_delete(self): myfile = open(self.filename, 'w') myfile.write('hello world!\n') myfile.close() myfile = open(self.filename, 'r') res1 = hydroshare.create_resource('GenericResource', self.user, 'res1') hydroshare.add_resource_files(res1.short_id, myfile) url = self.url_proto.format(res1.short_id, self.filename) resp = self.api_client.delete(url) self.assertIn(resp.status_code, [200, 202, 204]) self.assertHttpNotFound(self.api_client.get(url, format='json'))
class CreateOrListAccountsTest(ResourceTestCase): serializer = Serializer() def setUp(self): self.account_url_base = '/hsapi/accounts/' self.sudo = hydroshare.create_account('*****@*****.**','hs','hydro','share',True,password='******') self.api_client = TestApiClient() self.api_client.client.login(username=self.sudo.username, password=self.sudo.password) def tearDown(self): User.objects.all().delete() def test_create_account(self): username = '******' password = '******' post_data_should_fail = CreateOrListAccounts.CreateAccountForm({ 'email': '*****@*****.**', 'username': username, 'first_name': 'shaun', 'last_name': 'livingston', 'password': password, 'superuser': True }) resp=self.api_client.post(self.account_url_base, data=post_data_should_fail) self.assertHttpForbidden(resp) post_data_should_succeed = CreateOrListAccounts.CreateAccountForm({ 'email': '*****@*****.**', 'username': username, 'first_name': 'shaun', 'last_name': 'livingston', 'password': password }) resp=self.api_client.post(self.account_url_base, data=post_data_should_succeed) self.assertHttpCreated(resp) self.assertTrue(User.objects.filter(email='*****@*****.**').exists()) self.assertTrue(User.objects.filter(username=username).exists()) self.assertTrue(User.objects.filter(first_name='shaun').exists()) self.assertTrue(User.objects.filter(last_name='livingston').exists()) self.assertTrue(User.objects.filter(superuser=True).exists()) def test_list_users(self): hydroshare.create_account( '*****@*****.**', username='******', first_name='User0_FirstName', last_name='User0_LastName', ) hydroshare.create_account( '*****@*****.**', username='******', first_name='User1_FirstName', last_name='User1_LastName', ) hydroshare.create_account( '*****@*****.**', username='******', first_name='User2_FirstName', last_name='User2_LastName', ) num_of_accounts = len(User.objects.filter(email= '*****@*****.**')) query = self.serialize({ 'email': '*****@*****.**', }) get_data = {'query': query} resp = self.api_client.get(self.account_url_base, data=get_data) self.assertEqual(resp.status_code,200) users = self.deserialize(resp) self.assertTrue(len(users)==num_of_accounts) for num in range(num_of_accounts): self.assertEqual(str(users[num]['email']), '*****@*****.**') self.assertEqual(str(users[num]['username']), 'user{0}'.format(num)) self.assertEqual(str(users[num]['first_name']), 'User{0}_FirstName'.format(num)) self.assertEqual(str(users[num]['last_name']), 'User{0}_LastName'.format(num))
class TaskResourceTest(ResourceTestCase): fixtures = ['group.json', 'group_permission.json', 'user_group.json', 'user.json', 'user_project.json', 'project_part.json', 'project.json', 'profile.json', 'task.json'] def setUp(self): self.api_client = TestApiClient() self.task_id = 1 self.project_part_id = 1 self.task = {'description': 'new Task', 'project_part': {'pk': self.project_part_id}, 'flag_finished': 0, 'weight': 20 } self.detail_url = '/api/v1/task/{0}/'.format(self.task_id) self.project_part_query = '='.join(['?project_part', str(self.project_part_id)]) self.list_url = '/api/v1/task/' self.serializer = Serializer() def get_credentials(self): result = self.api_client.client.login(email='*****@*****.**', password='******') def test_post_list(self): self.get_credentials() self.assertIn('_auth_user_id', self.api_client.client.session) self.assertEqual(self.api_client.client.session['_auth_user_id'], 1) self.assertEqual(Task.objects.count(), 2) resp = self.api_client.post(self.list_url, format='json', data=self.task) self.assertHttpCreated(resp) self.assertEqual(Task.objects.count(), 3) def test_get_list_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.get(''.join([self.list_url, self.project_part_query]), format='json')) def test_get_list_json(self): self.get_credentials() resp = self.api_client.get(''.join([self.list_url, self.project_part_query]), format='json') self.assertValidJSONResponse(resp) self.assertEqual(len(json.loads(resp.content)['objects']), 2) def test_get_detail_unauthenticated(self): resp = self.api_client.get(self.detail_url, format='json') self.assertHttpUnauthorized(resp) def test_get_detail_json(self): self.get_credentials() resp = self.api_client.get(self.detail_url, format='json') self.assertValidJSONResponse(resp) self.assertEqual(json.loads(resp.content)['description'], 'new task') # def test_post_list_unauthenticated(self): # self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json', # data=self.task)) def test_put_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={})) def test_put_detail(self): self.get_credentials() original_data = json.loads(self.api_client.get(self.detail_url, format='json').content) new_data = original_data.copy() new_data['title'] = 'Updated: First Task' self.assertEqual(Task.objects.count(), 2) self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data)) self.assertEqual(Task.objects.count(), 2) def test_delete_detail_unauthenticated(self): self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json')) def test_delete_detail(self): self.get_credentials() self.assertEqual(Task.objects.count(), 2) self.assertHttpAccepted(self.api_client.delete(self.detail_url, format='json')) self.assertEqual(Task.objects.count(), 1)
class PilotJobResourceTest(ResourceTestCase): fixtures = ['local_site.json'] def setUp(self): super(PilotJobResourceTest, self).setUp() self.client = TestApiClient() self.endpoint = '/api/v1/dispatcher/' self.format = 'json' # Create one user self.user = User(username="******") self.user.save() # create a job self.job = Job(user=self.user, application=Application.objects.all()[0]) self.job.maxtime = 30 self.job.save() self.site = Site.objects.get(pk=1) self.pilot = self.site.submit_pilot_based_on_job(self.job) def test_submit_pilot(self): pilot = self.site.submit_pilot_based_on_job(self.job) self.assertEqual(type(pilot), type(Pilot())) def test_pilot_post_job(self): self.job.status='P' self.job.save() data = {"time_left": 60} token = self.pilot.token url = "%s?token=%s" % (self.endpoint, token) request = self.client.post(url, self.format, data=data) self.assertHttpCreated(request) def test_pilot_get_job(self): self.job.status='R' self.job.pilot = self.pilot self.job.save() token = self.pilot.token url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token) request = self.client.get(url, self.format) self.assertValidJSONResponse(request) def test_wrong_token(self): url = "%s%d/?token=%s" % (self.endpoint, self.job.id, "not-a-valid-token") request = self.client.get(url, self.format) self.assertHttpUnauthorized(request) def test_no_token(self): url = "%s%d/" % (self.endpoint, self.job.id) request = self.client.get(url, self.format) self.assertHttpUnauthorized(request) def test_pilot_patch_job(self): self.job.status='R' self.job.pilot = self.pilot self.job.save() data = {"progress": 50} token = self.pilot.token url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token) request = self.client.patch(url, self.format, data=data) self.assertHttpAccepted(request)
class ApiResourceTestCase(ResourceTestCase): # TODO: Using the regular ROOT_URLCONF avoids a problem where failing tests print useless error messages, # because the 500.html error template includes a {% url %} lookup that isn't included in api.urls. # There could be a better way to handle this. # url_base = "/v1" url_base = "/api/v1" server_domain = "perma.dev" server_port = 8999 serve_files = [] rejected_status_code = 401 # Unauthorized # reduce wait times for testing perma.tasks.ROBOTS_TXT_TIMEOUT = perma.tasks.AFTER_LOAD_TIMEOUT = 1 @classmethod def setUpClass(cls): if len(cls.serve_files): cls.start_server() @classmethod def tearDownClass(cls): if getattr(cls, "_server_process", None): cls.kill_server() def setUp(self): super(ApiResourceTestCase, self).setUp() self.api_client = TestApiClient(serializer=MultipartSerializer()) self._media_org = settings.MEDIA_ROOT self._media_tmp = settings.MEDIA_ROOT = tempfile.mkdtemp() try: self.list_url = "{0}/{1}".format(self.url_base, self.resource.Meta.resource_name) except: pass def tearDown(self): settings.MEDIA_ROOT = self._media_org shutil.rmtree(self._media_tmp) def get_credentials(self, user=None): user = user or self.user return "ApiKey %s" % user.api_key.key @classmethod def start_server(cls): """ Set up a server with some known files to run captures against. Example: with run_server_in_temp_folder([ 'test/assets/test.html', 'test/assets/test.pdf', ['test/assets/test.html', 'some_other_url.html']): assert(requests.get("http://localhost/test.html") == contents_of_file("test.html")) assert(requests.get("http://localhost/some_other_url.html") == contents_of_file("test.html")) """ assert socket.gethostbyname(cls.server_domain) in ('0.0.0.0', '127.0.0.1'), "Please add `127.0.0.1 " + cls.server_domain + "` to your hosts file before running this test." # Run in temp dir. # We have to (implicitly) cwd to this so SimpleHTTPRequestHandler serves the files for us. cwd = os.getcwd() cls._server_tmp = tempfile.mkdtemp() os.chdir(cls._server_tmp) # Copy over files to current temp dir, stripping paths. for source_file in cls.serve_files: # handle single strings if isinstance(source_file, basestring): target_url = os.path.basename(source_file) # handle tuple like (source_file, target_url) else: source_file, target_url = source_file copy_file_or_dir(os.path.join(cwd, source_file), target_url) # start server cls._httpd = TestHTTPServer(('', cls.server_port), SimpleHTTPRequestHandler) cls._httpd._BaseServer__is_shut_down = multiprocessing.Event() cls._server_process = Process(target=cls._httpd.serve_forever) cls._server_process.start() # once the server is started, we can return to our working dir # and the server thread will continue to server from the tmp dir os.chdir(cwd) return cls._server_process @classmethod def kill_server(cls): # If you don't close the server before terminating # the thread the port isn't freed up. cls._httpd.server_close() cls._server_process.terminate() shutil.rmtree(cls._server_tmp) @contextmanager def serve_file(self, src): if not getattr(self.__class__, "_server_process", None): self.__class__.start_server() dst = os.path.join(self._server_tmp, os.path.basename(src)) try: copy_file_or_dir(src, dst) yield finally: os.remove(dst) @cached_property def server_url(self): return "http://" + self.server_domain + ":" + str(self.server_port) @contextmanager def header_timeout(self, timeout): prev_t = models.HEADER_CHECK_TIMEOUT try: models.HEADER_CHECK_TIMEOUT = timeout yield finally: models.HEADER_CHECK_TIMEOUT = prev_t def assertValidJSONResponse(self, resp): # Modified from tastypie to allow 201's as well # https://github.com/toastdriven/django-tastypie/blob/master/tastypie/test.py#L448 try: self.assertHttpOK(resp) except AssertionError: self.assertHttpCreated(resp) self.assertTrue(resp['Content-Type'].startswith('application/json')) self.assertValidJSON(force_text(resp.content)) def detail_url(self, obj): return "{0}/{1}".format(self.list_url, obj.pk) def get_req_kwargs(self, kwargs): req_kwargs = {} if kwargs.get('format', None): req_kwargs['format'] = kwargs['format'] if kwargs.get('user', None): req_kwargs['authentication'] = self.get_credentials(kwargs['user']) return req_kwargs def successful_get(self, url, data=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) resp = self.api_client.get(url, data=data, **req_kwargs) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) data = self.deserialize(resp) if kwargs.get('fields', None): self.assertKeys(data, kwargs['fields']) if kwargs.get('count', None): self.assertEqual(len(data['objects']), kwargs['count']) return data def rejected_get(self, url, expected_status_code=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) resp = self.api_client.get(url, **req_kwargs) self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code) return resp def successful_post(self, url, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) count = self.resource._meta.queryset.count() resp = self.api_client.post(url, data=kwargs['data'], **req_kwargs) self.assertHttpCreated(resp) self.assertValidJSONResponse(resp) # Make sure the count changed self.assertEqual(self.resource._meta.queryset.count(), count+1) return self.deserialize(resp) def rejected_post(self, url, expected_status_code=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) count = self.resource._meta.queryset.count() resp = self.api_client.post(url, data=kwargs['data'], **req_kwargs) self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code) self.assertEqual(self.resource._meta.queryset.count(), count) return resp def successful_put(self, url, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) if kwargs.get('data', None): req_kwargs['data'] = kwargs['data'] count = self.resource._meta.queryset.count() resp = self.api_client.put(url, **req_kwargs) self.assertHttpAccepted(resp) # Make sure the count hasn't changed self.assertEqual(self.resource._meta.queryset.count(), count) def rejected_put(self, url, expected_status_code=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) if kwargs.get('data', None): req_kwargs['data'] = kwargs['data'] count = self.resource._meta.queryset.count() resp = self.api_client.put(url, **req_kwargs) self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code) # Make sure the count hasn't changed self.assertEqual(self.resource._meta.queryset.count(), count) def successful_patch(self, url, check_results=True, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) if check_results: # Fetch the existing data for comparison. resp = self.api_client.get(url, **req_kwargs) self.assertHttpOK(resp) self.assertValidJSONResponse(resp) old_data = self.deserialize(resp) new_data = dict(old_data, **kwargs['data']) else: new_data = kwargs['data'] count = self.resource._meta.queryset.count() patch_resp = self.api_client.patch(url, data=new_data, **req_kwargs) self.assertHttpAccepted(patch_resp) # Make sure the count hasn't changed & we did an update. self.assertEqual(self.resource._meta.queryset.count(), count) if check_results: fresh_data = self.deserialize(self.api_client.get(url, **req_kwargs)) for attr in kwargs['data'].keys(): try: # Make sure the data actually changed self.assertNotEqual(fresh_data[attr], old_data[attr]) # Make sure the data changed to what we specified self.assertEqual(fresh_data[attr], new_data[attr]) except AssertionError: # If we specified a nested ID, we'll be getting back an object if str(new_data[attr]).isdigit() and isinstance(fresh_data[attr], dict): self.assertEqual(new_data[attr], fresh_data[attr]['id']) else: raise except KeyError: pass return fresh_data else: return self.deserialize(patch_resp) def rejected_patch(self, url, expected_status_code=None, expected_data=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) old_data = self.deserialize(self.api_client.get(url, **req_kwargs)) # User might not have GET access to grab initial data if old_data: new_data = old_data.copy() new_data.update(kwargs['data']) else: new_data = kwargs['data'] count = self.resource._meta.queryset.count() resp = self.api_client.patch(url, data=new_data, **req_kwargs) self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code) if expected_data: self.assertDictEqual(self.deserialize(resp), expected_data) self.assertEqual(self.resource._meta.queryset.count(), count) self.assertEqual(self.deserialize(self.api_client.get(url, **req_kwargs)), old_data) return resp def successful_delete(self, url, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) count = self.resource._meta.queryset.count() self.assertHttpOK( self.api_client.get(url, **req_kwargs)) self.assertHttpAccepted( self.api_client.delete(url, **req_kwargs)) self.assertEqual(self.resource._meta.queryset.count(), count-1) self.assertHttpNotFound( self.api_client.get(url, **req_kwargs)) def rejected_delete(self, url, expected_status_code=None, expected_data=None, **kwargs): req_kwargs = self.get_req_kwargs(kwargs) count = self.resource._meta.queryset.count() delete_resp = self.api_client.delete(url, **req_kwargs) self.assertEqual(delete_resp.status_code, expected_status_code or self.rejected_status_code) if expected_data: self.assertDictEqual(self.deserialize(delete_resp), expected_data) self.assertEqual(self.resource._meta.queryset.count(), count) resp = self.api_client.get(url, **req_kwargs) try: # If the user doesn't have access, that's okay - # we were testing delete from an unauthorized user self.assertHttpUnauthorized(resp) except AssertionError: # Check for OK last so that this is the assertion # that shows up as the failure if it doesn't pass self.assertHttpOK(resp) return delete_resp
class TestCampaignResource(ResourceTestCase): def setUp(self): #Tastypie stuff super(TestCampaignResource, self).setUp() self.bob_api_client = TestApiClient() self.bill_api_client = TestApiClient() self.anon_api_client = TestApiClient() # Create a user bob. self.user_bob_username = '******' self.user_bob_password = '******' self.user_bob = User.objects.create_user(self.user_bob_username, '*****@*****.**', self.user_bob_password) # Create a user bob. self.user_bill_username = '******' self.user_bill_password = '******' self.user_bill = User.objects.create_user(self.user_bill_username, '*****@*****.**', self.user_bill_password) self.bob_api_client.client.login(username='******', password='******') self.bill_api_client.client.login(username='******', password='******') #assign users to the Public group public_group, created = Group.objects.get_or_create(name='Public') self.user_bob.groups.add(public_group) self.user_bill.groups.add(public_group) guardian.utils.get_anonymous_user().groups.add(public_group) #make a couple of campaigns and save self.campaign_bobs = mommy.make_one('catamidb.Campaign', id=1) self.campaign_bills = mommy.make_one('catamidb.Campaign', id=2) #assign this one to bob authorization.apply_campaign_permissions( self.user_bob, self.campaign_bobs) #assign this one to bill authorization.apply_campaign_permissions( self.user_bill, self.campaign_bills) #the API url for campaigns self.campaign_url = '/api/dev/campaign/' #some post data for testing campaign creation self.post_data = { 'short_name': 'Blah', 'description': 'Blah', 'associated_researchers': 'Blah', 'associated_publications': 'Blah', 'associated_research_grant': 'Blah', 'date_start': '2012-05-01', 'date_end': '2012-05-01', 'contact_person': 'Blah', } # can only do GET at this stage def test_campaign_operations_disabled(self): # test that we can NOT create self.assertHttpMethodNotAllowed( self.anon_api_client.post(self.campaign_url, format='json', data=self.post_data)) # test that we can NOT modify self.assertHttpMethodNotAllowed( self.anon_api_client.put( self.campaign_url + self.campaign_bobs.id.__str__() + "/", format='json', data={}) ) # test that we can NOT delete self.assertHttpMethodNotAllowed( self.anon_api_client.delete( self.campaign_url + self.campaign_bobs.id.__str__() + "/", format='json') ) # test that we can NOT create authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.post(self.campaign_url, format='json', data=self.post_data) ) # test that we can NOT modify authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.put( self.campaign_url + self.campaign_bobs.id.__str__() + "/", format='json', data={}) ) # test that we can NOT delete authenticated self.assertHttpMethodNotAllowed( self.bob_api_client.delete( self.campaign_url + self.campaign_bobs.id.__str__() + "/", format='json')) #test can get a list of campaigns authorised def test_campaigns_operations_as_authorised_users(self): # create a campaign that only bill can see bills_campaign = mommy.make_one('catamidb.Campaign', id=3) assign('view_campaign', self.user_bill, bills_campaign) # check that bill can see via the API response = self.bill_api_client.get(self.campaign_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 3) # check that bill can get to the object itself response = self.bill_api_client.get(self.campaign_url + "3/", format='json') self.assertValidJSONResponse(response) # check that bob can not see - now we know tastypie API has correct # permission validation response = self.bob_api_client.get(self.campaign_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 2) # check bob can NOT get to the hidden object response = self.bob_api_client.get(self.campaign_url + "3/", format='json') self.assertHttpUnauthorized(response) #check that anonymous can see public ones as well response = self.anon_api_client.get(self.campaign_url, format='json') self.assertValidJSONResponse(response) self.assertEqual(len(self.deserialize(response)['objects']), 2) #check anonymous can NOT get to the hidden object response = self.anon_api_client.get(self.campaign_url + "3/", format='json') self.assertHttpUnauthorized(response)