def testRejectInvite(self):
"""
Test that one user rejecting elimintes the invite.
The user objects returned should each have no relationship with each other after an
invite + reject.
"""
c1 = TestApiClient()
c1.client.login(username=self.u1, password=self.p1)
r1 = c1.post('/api/v1/user/invite',
format="json",
data={'email': self.e2})
self.assertValidJSONResponse(r1)
c2 = TestApiClient()
c2.client.login(username=self.u2, password=self.p2)
r2 = c2.post('/api/v1/user/reject',
format="json",
data={'email': self.e1})
self.assertValidJSONResponse(r2)
self.assertListEqual(list(get_collaborators(self.owner)), [])
self.assertListEqual(list(get_collaborators(self.other)), [])
self.assertListEqual(list(get_invites(self.owner)), [])
self.assertListEqual(list(get_inviteds(self.other)), [])
def testLoggingOutViaAPI(self):
"""
Check logging out via API method. Check both the user object and
genesets.
"""
client = TestApiClient()
# Log in
client.post('/api/v1/user/login',
format="json",
data={
'username': self.username,
'password': self.password
})
# Now, log out
client.post('/api/v1/user/logout', format="json", data={})
# Check for access to that user object
resp = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['objects'], [])
# Also check access that there is no access to user geneset
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(self.deserialize(r2)['objects'], [])
class HandleBounces(ResourceTestCase):
def setUp(self):
super(HandleBounces, self).setUp()
call_command('loaddata', 'example_data', verbosity=0)
self.api_client = TestApiClient()
self.user = User.objects.get(id=1)
self.outbound_message = OutboundMessage.objects.get(id=1)
self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message)
def get_credentials(self):
credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
return credentials
def test_handle_bounces_endpoint(self):
url = '/api/v1/handle_bounce/'
bounce_data = {
'key': self.identifier.key,
}
resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials())
self.assertHttpCreated(resp)
def test_handle_bounces_sets_the_contact_to_bounced(self):
url = '/api/v1/handle_bounce/'
bounce_data = {
'key': self.identifier.key,
}
self.api_client.post(url, data=bounce_data, authentication=self.get_credentials())
self.assertTrue(self.outbound_message.contact.is_bounced)
class HandleBounces(ResourceTestCase):
def setUp(self):
super(HandleBounces, self).setUp()
call_command('loaddata', 'example_data', verbosity=0)
self.api_client = TestApiClient()
self.user = User.objects.all()[0]
self.outbound_message = OutboundMessage.objects.all()[0]
self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message)
def get_credentials(self):
credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
return credentials
def test_handle_bounces_endpoint(self):
url = '/api/v1/handle_bounce/'
bounce_data = {
'key':self.identifier.key
}
resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials())
self.assertHttpCreated(resp)
def test_handle_bounces_sets_the_contact_to_bounced(self):
url = '/api/v1/handle_bounce/'
bounce_data = {
'key':self.identifier.key
}
resp = self.api_client.post(url, data=bounce_data, authentication=self.get_credentials())
self.assertTrue(self.outbound_message.contact.is_bounced)
def testCheckUserPassword(self):
"""
Check that users have no access to user objects they just created if
they supply the correct username but wrong password (This checks that
the password is being set correctly when creating the user).
"""
client = TestApiClient()
client.post('/api/v1/user', format="json", data=self.post_user_data)
client.client.login(username=self.post_user_data['username'],
password='******')
resp = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['objects'], [])
def testCreatingGenesetNotLoggedIn(self):
"""
Test that this fails and returns an Unauthorized response
"""
client = TestApiClient()
post_geneset_data = {
# Does not need user info because the API automatically gathers that from the request
'title': 'TestGeneset2',
'organism': '/api/v1/organism/h**o-sapiens',
'abstract': 'Second test geneset created by user.',
'public': False,
'annotations': {
55982: [20671152, 19583951],
18091: [8887666],
67087: [],
22410: []
},
'xrdb': 'Entrez',
'description': 'First version.',
}
# Try to create a geneset without being logged in, check for Unauthorized response
r1 = client.post('/api/v1/geneset',
format="json",
data=post_geneset_data)
self.assertHttpUnauthorized(r1)
class CreateOrListGroupsTest(ResourceTestCase):
serializer = Serializer()
def setUp(self):
self.api_client = TestApiClient()
self.user = hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User0_FirstName',
last_name='User0_LastName',
superuser=True,
password='******'
)
g0=hydroshare.create_group(name="group0")
g1=hydroshare.create_group(name="group1")
g2=hydroshare.create_group(name="group2")
self.user.groups.add(g0,g1,g2)
self.g_ids=[g0.id,g1.id,g2.id]
self.groups_url_base = '/hsapi/groups/'
self.api_client.client.login(username=self.user.username, password=self.user.password)
def tearDown(self):
Group.objects.all().delete()
User.objects.all().delete()
def test_create_group(self):
post_data = {'name': 'newgroup'}
resp = self.api_client.post(self.groups_url_base, data=post_data)
self.assertHttpCreated(resp)
grouplist = Group.objects.all()
num_of_groups=len(grouplist)
self.assertTrue(any(Group.objects.filter(name='newgroup')))
self.assertEqual(num_of_groups, 4)
def test_list_groups(self):
query = self.serialize({'user': self.user.id})
get_data = {'query': query}
resp = self.api_client.get(self.groups_url_base, data=get_data)
print resp
self.assertEqual(resp.status_code, 200)
groups = self.deserialize(resp)
new_ids = []
for num in range(len(groups)):
new_ids.append(groups[num]['id'])
self.assertTrue(Group.objects.filter(user='******'.format(num)).exists())
self.assertEqual(str(groups[num]['name']), 'group{0}'.format(num))c
self.assertEqual(sorted(self.g_ids), sorted(new_ids))
def testCollaboration(self):
"""
Test that both users confirming results in a collaboration.
The user objects returned should each be collaborators with each other.
"""
c1 = TestApiClient()
c1.client.login(username=self.u1, password=self.p1)
r1 = c1.post('/api/v1/user/invite', format="json", data={'email': self.e2})
self.assertValidJSONResponse(r1)
c2 = TestApiClient()
c2.client.login(username=self.u2, password=self.p2)
r2 = c2.post('/api/v1/user/invite', format="json", data={'email': self.e1})
self.assertValidJSONResponse(r2)
self.assertListEqual(list(get_collaborators(self.owner)), [self.other])
self.assertListEqual(list(get_collaborators(self.other)), [self.owner])
self.assertListEqual(list(get_invites(self.owner)), [])
self.assertListEqual(list(get_inviteds(self.other)), [])
def testInviteNoContent(self):
"""
Test invite with a logged in user but no content.
The user object should be returned without any invites.
"""
client = TestApiClient()
client.client.login(username=self.u1, password=self.p1)
resp = client.post('/api/v1/user/invite', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['invites'], [])
def test_post_queue(self):
""" Performs POST request to queue """
client = TestApiClient()
response = client.post('/api/queue/',
data={
'ip': '127.0.0.1',
'place': 997
})
# 201 == Created
self.assertEqual(response.status_code, 201)
def testLoggingInWrongCredentials1(self):
"""
Check trying (and failing) to authenticate with a previously created
user via the API login method. Check both the user object and genesets.
"""
client = TestApiClient()
client.post('/api/v1/user/login',
format="json",
data={
'username': self.username,
'password': '******'
})
r1 = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(r1)
self.assertEqual(self.deserialize(r1)['objects'], [])
# Also check that there is no access to user geneset
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(self.deserialize(r2)['objects'], [])
def testCreatingAndAccessingGenesetWithCorrectLogin(self):
client = TestApiClient()
# Create the second user and log in
client.post('/api/v1/user', format="json", data=self.post_user2_data)
client.post('/api/v1/user/login',
format="json",
data=self.post_user2_data)
# Create a geneset, check for '201 Created' response
post_geneset_data = {
# Does not need user info because the API automatically gathers that from the request
'title': 'TestGeneset2',
'organism': '/api/v1/organism/h**o-sapiens',
'abstract': 'Second test geneset created by user.',
'public': False,
'annotations': {
55982: [20671152, 19583951],
18091: [8887666],
67087: [],
22410: []
},
'xrdb': 'Entrez',
'description': 'First version.',
}
r1 = client.post('/api/v1/geneset',
format="json",
data=post_geneset_data)
self.assertHttpCreated(r1)
# Check that the title for geneset we created matches
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(
self.deserialize(r2)['objects'][0]['title'],
post_geneset_data['title'])
# And finally, check that this user only has access to the geneset they created, not the first geneset (created in the setUp method by user1)
self.assertEqual(len(self.deserialize(r2)['objects']), 1)
def testLoggingInWrongCredentials2(self):
"""
Test logging in with wrong credentials for a user that was created
through the API.
"""
client = TestApiClient()
client.post('/api/v1/user', format="json", data=self.post_user2_data)
client.post('/api/v1/user/login',
format="json",
data={
'username': self.post_user2_data['username'],
'password': '******'
})
resp = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['objects'], [])
# Also check that there is no access to user geneset
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(self.deserialize(r2)['objects'], [])
class JobTest(ResourceTestCase):
def setUp(self):
super(JobTest, self).setUp()
self.client = TestApiClient()
self.endpoint = '/api/v1/jobs/'
self.format = 'json'
# Create one user
self.user = User(username="******")
self.user.save()
# Create on token
self.token = UserToken(user=self.user)
self.token.save()
# create a job
self.job = Job(user=self.user, application=Application.objects.all()[0])
self.job.save()
def test_get_job_list(self):
url = "%s?token=%s" % (self.endpoint, self.token.token)
request = self.client.get(url, self.format)
self.assertValidJSONResponse(request)
def test_get_job_detail(self):
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, self.token.token)
request = self.client.get(url, self.format)
self.assertValidJSONResponse(request)
def test_post_job(self):
data = {"application" : "/api/v1/apps/1/"}
url = "%s?token=%s" % (self.endpoint, self.token.token)
self.assertHttpCreated(self.client.post(url, self.format, data=data))
def test_patch_job(self):
job = Job(user=self.user, application=Application.objects.all()[0])
job.save()
data = {"progress":"50"}
url = "%s%d/?token=%s" % (self.endpoint, job.id, self.token.token)
resp = self.client.patch(url, self.format, data=data)
self.assertHttpAccepted(resp)
def test_delete_job(self):
job = Job(user=self.user, application=Application.objects.all()[0])
job.save()
url = "%s%d/?token=%s" % (self.endpoint, job.id, self.token.token)
self.assertHttpAccepted(self.client.delete(url, self.format))
def testPOSTInvite(self):
"""
Test POST invite with a logged in user.
The user object should be returned with u2 in invites.
"""
client = TestApiClient()
client.client.login(username=self.u1, password=self.p1)
resp = client.post('/api/v1/user/invite', format="json", data={'email': self.e2})
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['invites'], [self.expected_other])
self.assertListEqual(list(get_invites(self.owner)), [self.other])
self.assertListEqual(list(get_inviteds(self.other)), [self.owner])
self.assertListEqual(list(get_collaborators(self.owner)), [])
self.assertListEqual(list(get_collaborators(self.other)), [])
def testCreatingGenesetWithNewUser(self):
client = TestApiClient()
# Create user and log in
client.post('/api/v1/user', format="json", data=self.post_user_data)
client.client.login(username=self.post_user_data['username'],
password=self.post_user_data['password'])
post_geneset_data = {
# Does not need user info because the API automatically gathers that from the request
'title': 'TestGeneset2',
'organism': '/api/v1/organism/h**o-sapiens',
'abstract': 'Second test geneset created by user.',
'public': False,
'annotations': {
55982: [20671152, 19583951],
18091: [8887666],
67087: [],
22410: []
},
'xrdb': 'Entrez',
'description': 'First version.',
}
# Create a geneset, check for '201 Created' response
r1 = client.post('/api/v1/geneset',
format="json",
data=post_geneset_data)
self.assertHttpCreated(r1)
# Check that the title for geneset we created matches
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(
self.deserialize(r2)['objects'][0]['title'],
post_geneset_data['title'])
def testLoggingInWithPreCreatedUser(self):
"""
Check logging in through API with previously created user. Check access
to user object AND user's geneset (self.geneset1, which is not public)
"""
client = TestApiClient()
client.post('/api/v1/user/login',
format="json",
data={
'username': self.username,
'password': self.password
})
r1 = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(r1)
self.assertEqual(
self.deserialize(r1)['objects'][0]['username'], self.username)
# Check access to user geneset
r2 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(
self.deserialize(r2)['objects'][0]['title'], self.geneset1.title)
def testLoggingInWithAPICreatedUser(self):
"""
Check logging in through API with user created through API.
Enforcing csrf checks through Django/Tastypie test client is not really
possible.
"""
client = TestApiClient()
# Create new user through API
r1 = client.post('/api/v1/user',
format="json",
data=self.post_user2_data)
self.assertHttpCreated(r1)
# Login through API
client.post('/api/v1/user/login',
format="json",
data=self.post_user2_data)
resp = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(
self.deserialize(resp)['objects'][0]['username'],
self.post_user2_data['username'])
def testLoggingOutNotLoggedIn(self):
"""
Test that this just returns Unauthorized and gives users no access
to user objects or genesets.
"""
client = TestApiClient()
# Try to log out without logging in, check for Unauthorized response
r1 = client.post('/api/v1/user/logout', format="json", data={})
self.assertHttpUnauthorized(r1)
self.assertEqual(self.deserialize(r1)['success'], False)
# Check that whoever makes this request still has no access to user objects
r2 = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(r2)
self.assertEqual(self.deserialize(r2)['objects'], [])
# Also check access that there is no access to user geneset
r3 = client.get('/api/v1/geneset', format="json")
self.assertValidJSONResponse(r3)
self.assertEqual(self.deserialize(r3)['objects'], [])
def testCreateUserObj(self):
"""
Check that the end-user can create a user through the API. Check that:
a) they have access to this user object they just created via the API
if they are logged in (using the test-client login method), and
b) the user object is what we expect.
"""
client = TestApiClient()
resp = client.post('/api/v1/user',
format="json",
data=self.post_user_data)
self.assertHttpCreated(resp)
client.client.login(username=self.post_user_data['username'],
password=self.post_user_data['password'])
resp = client.get('/api/v1/user', format="json")
self.assertValidJSONResponse(resp)
self.assertEqual(
self.deserialize(resp)['objects'][0]['username'],
self.post_user_data['username'])
class RunTriggersTestCase(BaseProcessorTestCase, PreparedData):
def setUp(self):
super(RunTriggersTestCase, self).setUp()
self.api_client = TestApiClient()
self.d = self.run_processor('test:triggers:create-file')
t = Trigger()
t.name = 'test.trigger'
t.type = 'data:test:triggers:create:'
t.author_id = str(self.admin.pk)
t.trigger_input = 'in_file'
t.input = {'in_file': 'INPUT'}
t.processor_name = 'test:triggers:check-file'
t.case_id = str(self.case2.id)
t.autorun = True
t.save()
@override_settings(TESTING=False)
def test_copy_before_triggers(self):
login_user(self.api_client, self.admin)
resp = self.api_client.post(
'/api/v1/data/{}/copy/'.format(self.d.id),
format='json',
data={'case_ids': [self.case2.id]})
self.assertEqual(resp.status_code, 201) # pylint: disable=no-member
all_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk))
error_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk),
status=Data.STATUS_ERROR)
# done_objs = Data.objects.filter(case_ids__contains=str(self.case2.pk),
# status=Data.STATUS_DONE)
self.assertEqual(len(all_objs), 2)
self.assertEqual(len(error_objs), 0)
def mock_request(obj, method, url, **kwargs):
client = TestApiClient()
authentication = 'Basic %s' % base64.b64encode(':'.join([
get_setting('SUPERUSER_USERNAME', None),
get_setting('SUPERUSER_PASSWORD', None),
]))
if method == 'GET':
data = kwargs.get('params', {})
djresponse = client.get(url, data=data, authentication=authentication)
elif method == 'POST':
data = json.loads(kwargs.get('data', '{}'))
djresponse = client.post(url, data=data, authentication=authentication)
elif method == 'PUT':
data = json.loads(kwargs.get('data', '{}'))
djresponse = client.put(url, data=data, authentication=authentication)
elif method == 'PATCH':
data = json.loads(kwargs.get('data', '{}'))
djresponse = client.patch(url, data=data, authentication=authentication)
elif method == 'DELETE':
data = kwargs.get('params', {})
djresponse = client.delete(url, data=data, authentication=authentication)
# convert django.http.HttpResponse to requests.models.Response
response = requests.models.Response()
response.status_code = djresponse.status_code
response.headers = {}
try:
response.headers['content-type'] = djresponse['content-type']
response.headers['location'] = djresponse['location']
except:
pass
response.encoding = requests.utils.get_encoding_from_headers(response.headers)
response._content = djresponse.content
return response
def handle(self, *args, **options):
logger.info(u'Старт')
api_client = TestApiClient()
test_email = '*****@*****.**'
User.objects.filter(email=test_email).delete()
user = User.objects.create(email=test_email, first_name=u'Тест', patronymic='Тестович')
api_key = 'ApiKey {}:{}'.format(user.email, user.api_key.key)
logger.info(u'Создал пользователя')
Card.objects.create(user=user, article='777')
logger.info(u'Привязал карту')
data = {'user': '******'.format(user.id)}
api_client.post('/api/v1/reserve/', data=data, authentication=api_key)
reserve = Reserve.objects.get(user=user)
logger.info(u'Создал Бронь № {}'.format(reserve.id))
ea1 = EA.objects.filter(count_in__gte=2).first()
data = {
'reserve': '/api/v1/reserve/{}/'.format(reserve.id),
'ea': '/api/v1/ea/{}/'.format(ea1.id),
'count': 2
}
api_client.post('/api/v1/reserve_item/', data=data, authentication=api_key)
ea2 = EA.objects.filter(count_in__gte=1).exclude(id=ea1.id).first()
data = {
'reserve': '/api/v1/reserve/{}/'.format(reserve.id),
'ea': '/api/v1/ea/{}/'.format(ea2.id),
'count': 1
}
api_client.post('/api/v1/reserve_item/', data=data, authentication=api_key)
logger.info(u'Добавил в бронь 3 вещи')
logger.info(u'Конец')
class InstanceResourceTestCase(ResourceTestCase):
def setUp(self):
super(InstanceResourceTestCase, self).setUp()
call_command('loaddata', 'example_data', verbosity=0)
self.user = User.objects.get(id=1)
self.writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=self.user)
self.api_client = TestApiClient()
self.data = {'format': 'json', 'username': self.user.username, 'api_key': self.user.api_key.key}
def get_credentials(self):
credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
return credentials
def test_api_exists(self):
url = '/api/v1/'
resp = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(resp)
def test_api_needs_authentication(self):
url = '/api/v1/instance/'
response = self.api_client.get(url)
self.assertHttpUnauthorized(response)
def test_get_list_of_instances(self):
url = '/api/v1/instance/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
instances = self.deserialize(response)['objects']
self.assertEqual(len(instances), WriteItInstance.objects.count()) # All the instances
first_instance = instances[0]
self.assertEqual(first_instance['messages_uri'], '/api/v1/instance/{0}/messages/'.format(first_instance['id']))
def test_get_detail_of_an_instance(self):
url = '/api/v1/instance/{0}/'.format(self.writeitinstance.id)
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
def test_get_persons_of_an_instance(self):
writeitinstance = WriteItInstance.objects.get(id=1)
url = '/api/v1/instance/{0}/'.format(writeitinstance.id)
response = self.api_client.get(url, data=self.data)
instance = self.deserialize(response)
self.assertIn('persons', instance)
pedro = Person.objects.get(id=1)
self.assertIn(pedro.popit_url, instance['persons'])
def test_create_a_new_instance(self):
instance_data = {
'name': 'The instance',
'slug': 'the-instance',
}
url = '/api/v1/instance/'
response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location'])
self.assertIsNotNone(match_id)
instance_id = match_id.group('id')
instance = WriteItInstance.objects.get(id=instance_id)
self.assertValidJSON(force_text(response.content))
instance_as_json = force_text(response.content)
self.assertIn('resource_uri', instance_as_json)
self.assertEquals(instance.name, instance_data['name'])
self.assertEquals(instance.slug, instance_data['slug'])
self.assertEquals(instance.owner, self.user)
@skipUnless(settings.LOCAL_POPIT, "No local popit running")
def test_create_a_new_instance_with_only_name(self):
instance_data = {
'name': 'The instance',
}
url = '/api/v1/instance/'
response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location'])
self.assertIsNotNone(match_id)
instance_id = match_id.group('id')
instance = WriteItInstance.objects.get(id=instance_id)
self.assertEquals(instance.name, instance_data['name'])
self.assertEquals(instance.owner, self.user)
self.assertTrue(instance.slug)
def test_does_not_create_a_user_if_not_logged(self):
instance_data = {
'name': 'The instance',
'slug': 'the-instance',
}
url = '/api/v1/instance/'
response = self.api_client.post(url, data=instance_data, format='json')
self.assertHttpUnauthorized(response)
@skipUnless(settings.LOCAL_POPIT, "No local popit running")
def test_create_and_pull_people_from_a_popit_api(self):
# loading data into the popit-api
popit_load_data()
instance_data = {
'name': 'The instance',
'slug': 'the-instance',
'popit-api': settings.TEST_POPIT_API_URL,
}
url = '/api/v1/instance/'
response = self.api_client.post(url, data=instance_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
match_id = re.match(r'^http://testserver/api/v1/instance/(?P<id>\d+)/?', response['Location'])
instance = WriteItInstance.objects.get(id=match_id.group('id'))
self.assertEquals(instance.persons.count(), 2)
#this should not break
raton = Person.objects.get(name=u'Ratón Inteligente')
fiera = Person.objects.get(name=u"Fiera Feroz")
self.assertIn(raton, [r for r in instance.persons.all()])
self.assertIn(fiera, [r for r in instance.persons.all()])
class ToDoAppTestCase(TestCase):
def setUp(self):
self.client = TestApiClient()
def test_task_creation(self):
due_date = date.today() - timedelta(days=2)
for i in range(16):
response = self.client.post('/api/v1/task/',
data={
"title": "test task 1",
"due_date": due_date,
"status": "Pending"
})
due_date = due_date + timedelta(days=1)
self.assertEqual(response.status_code, 201)
def test_today_task_fetch(self):
self.test_task_creation()
response = self.client.get('/api/v1/filter/', data={"during": "today"})
res_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(res_obj.get('objects')), 1)
def test_this_week_task_fetch(self):
self.test_task_creation()
response = self.client.get('/api/v1/filter/',
data={"during": "this_week"})
res_obj = response.json()
today = date.today()
start = today
week_start = today - timedelta(days=today.weekday())
end = week_start + timedelta(days=6)
count = (end - start).days + 1
self.assertEqual(response.status_code, 200)
self.assertEqual(len(res_obj.get('objects')), count)
def test_next_week_task_fetch(self):
self.test_task_creation()
response = self.client.get('/api/v1/filter/',
data={"during": "next_week"})
res_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(res_obj.get('objects')), 7)
def test_overdue_task_fetch(self):
self.test_task_creation()
response = self.client.get('/api/v1/filter/',
data={"during": "overdue"})
res_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(res_obj.get('objects')), 2)
def test_subtask_creation(self):
self.test_today_task_fetch()
due_date = date.today()
response = self.client.post('/api/v1/task/',
data={
"title": "test sub task 1",
"due_date": due_date,
"status": "Pending",
"parent": "/api/v1/task/1/"
})
self.assertEqual(response.status_code, 201)
def test_delete_task(self):
self.test_subtask_creation()
response = self.client.put('/api/v1/task/2/',
data={
"deleted": True,
"deletion_date": date.today()
})
self.assertEqual(response.status_code, 204)
def test_fetch_deleted_task(self):
self.test_delete_task()
response = self.client.get('/api/v1/deleted/')
res_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(res_obj.get('objects')), 1)
class TestCampaignResource(ResourceTestCase):
def setUp(self):
# Tastypie stuff
super(TestCampaignResource, self).setUp()
self.bob_api_client = TestApiClient()
self.bill_api_client = TestApiClient()
self.anon_api_client = TestApiClient()
# Create a user bob.
self.user_bob_username = "******"
self.user_bob_password = "******"
self.user_bob = User.objects.create_user(self.user_bob_username, "*****@*****.**", self.user_bob_password)
# Create a user bob.
self.user_bill_username = "******"
self.user_bill_password = "******"
self.user_bill = User.objects.create_user(
self.user_bill_username, "*****@*****.**", self.user_bill_password
)
self.bob_api_client.client.login(username="******", password="******")
self.bill_api_client.client.login(username="******", password="******")
# assign users to the Public group
public_group, created = Group.objects.get_or_create(name="Public")
self.user_bob.groups.add(public_group)
self.user_bill.groups.add(public_group)
guardian.utils.get_anonymous_user().groups.add(public_group)
# make a couple of campaigns and save
self.campaign_bobs = mommy.make_one("catamidb.Campaign")
self.campaign_bills = mommy.make_one("catamidb.Campaign")
# assign this one to bob
authorization.apply_campaign_permissions(self.user_bob, self.campaign_bobs)
# assign this one to bill
authorization.apply_campaign_permissions(self.user_bill, self.campaign_bills)
# the API url for campaigns
self.campaign_url = "/api/dev/campaign/"
# some post data for testing campaign creation
self.post_data = {
"short_name": "Blah",
"description": "Blah",
"associated_researchers": "Blah",
"associated_publications": "Blah",
"associated_research_grant": "Blah",
"date_start": "2012-05-01",
"date_end": "2012-05-01",
"contact_person": "Blah",
}
# can only do GET at this stage
def test_campaign_operations_disabled(self):
# test that we are unauthorized to create
self.assertHttpUnauthorized(self.anon_api_client.post(self.campaign_url, format="json", data=self.post_data))
# test that we can NOT modify
self.assertHttpMethodNotAllowed(
self.anon_api_client.put(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json", data={})
)
# test that we can NOT delete
self.assertHttpMethodNotAllowed(
self.anon_api_client.delete(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json")
)
# test that we can NOT modify authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.put(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json", data={})
)
# test that we can NOT delete authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.delete(self.campaign_url + self.campaign_bobs.id.__str__() + "/", format="json")
)
# test can get a list of campaigns authorised
def test_campaigns_operations_as_authorised_users(self):
# create a campaign that only bill can see
bills_campaign = mommy.make_one("catamidb.Campaign")
assign("view_campaign", self.user_bill, bills_campaign)
# check that bill can see via the API
response = self.bill_api_client.get(self.campaign_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 3)
# check that bill can get to the object itself
response = self.bill_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json")
self.assertValidJSONResponse(response)
# check that bob can not see - now we know tastypie API has correct
# permission validation
response = self.bob_api_client.get(self.campaign_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 2)
# check bob can NOT get to the hidden object
response = self.bob_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json")
self.assertHttpUnauthorized(response)
# check that anonymous can see public ones as well
response = self.anon_api_client.get(self.campaign_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 2)
# check anonymous can NOT get to the hidden object
response = self.anon_api_client.get(self.campaign_url + bills_campaign.id.__str__() + "/", format="json")
self.assertHttpUnauthorized(response)
# create via the API
auth_post_data = {
"short_name": "AuthBlah",
"description": "AuthBlah",
"associated_researchers": "AuthBlah",
"associated_publications": "AuthBlah",
"associated_research_grant": "AuthBlah",
"date_start": "2012-05-01",
"date_end": "2012-05-01",
"contact_person": "AuthBlah",
}
# test that we can create authenticated
self.assertHttpCreated(self.bob_api_client.post(self.campaign_url, format="json", data=auth_post_data))
# check that ones we created via API are there
response = self.bill_api_client.get(self.campaign_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 4)
# check public can see it too
response = self.anon_api_client.get(self.campaign_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 3)
class ResourceTest(ResourceTestCase):
serializer= Serializer()
def setUp(self):
self.api_client = TestApiClient()
self.username = '******'
self.password = '******'
self.user = hydroshare.create_account(
'*****@*****.**',
username=self.username,
password=self.password,
first_name='User0_FirstName',
last_name='User0_LastName',
)
self.api_client.client.login(username=self.username, password=self.password)
self.url_proto = '/hsapi/resource/{0}/files/{1}/'
self.filename = 'test.txt'
def tearDown(self):
User.objects.all().delete()
GenericResource.objects.all().delete()
def test_resource_file_get(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_put(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
mynewfile = open(self.filename, 'w')
mynewfile.write('anyone there?\n')
mynewfile.close()
mynewfile = open(self.filename, 'r')
url = self.url_proto.format(res1.short_id, self.filename)
put_data = { 'resource_file': mynewfile
}
resp = self.api_client.put(url, data=put_data)
self.assertHttpAccepted(resp)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_post(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
post_data = { 'resource_file': myfile
}
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.post(url, data=post_data)
self.assertHttpAccepted(resp)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_delete(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.delete(url)
self.assertIn(resp.status_code, [200, 202, 204])
self.assertHttpNotFound( self.api_client.get(url, format='json') )
class UserTestBase(ResourceTestCase):
def setUp(self):
load_states()
load_statutes()
settings.DEBUG = True
self.api_client = TestApiClient()
self.get_credentials()
#user creates all the groups and requests initially, user should always have edit perms unless another user takes that away
self.user = User.objects.create_user('john', '*****@*****.**', 'secret')
self.user.is_staff = True#someone has to be responsible
self.user.save()
self.usertwo = User.objects.create_user('yoko', '*****@*****.**', 'secret')
self.userthree = User.objects.create_user('ringo', '*****@*****.**', 'secret')
self.post_data = {
'name': 'A TEST GROUP'
}
self.up, created = UserProfile.objects.get_or_create(user=self.user)
self.uptwo, created = UserProfile.objects.get_or_create(user=self.usertwo)
self.upthree, created = UserProfile.objects.get_or_create(user=self.userthree)
self.groupJSON = None
self.group = None
self.request = None
self.agency = None
self.agencyJSON = None
self.contact = None
self.contactJSON = None
self.government = None
self.governmentJSON = None
def tearDown(self):
Request.objects.all().delete()
Contact.objects.all_them().delete()
Agency.objects.all_them().delete()
FeeExemptionOther.objects.all_them().delete()
Statute.objects.all_them().delete()
Government.objects.all().delete()
Group.objects.all().delete()
User.objects.all().delete()
def get_user_group(self, userToGet):
#each user has their own group named after then which they are the sole member of
for group in userToGet.groups.all():
if group.name == userToGet.username:
return group
def create_group(self):
#creates the default group and sets default json
if self.groupJSON is not None:
return self.groupJSON
resp = self.api_client.post('/api/v1/group/', format='json', data=self.post_data, authentication=self.get_credentials())
self.group = Group.objects.get(name=self.post_data['name'])
self.groupJSON = json.loads(resp.content)
return resp
def get_group_json(self, group):
#gets json for a group
resp = self.api_client.get('/api/v1/group/%s/' % group.id, format='json', data={}, authentication=self.get_credentials())
return json.loads(resp.content)
def get_user_json(self, userToGet):
users_resp = self.api_client.get("/api/v1/user/%s/" % userToGet.id, format='json', authentication=self.get_credentials())
return json.loads(users_resp.content)
def add_user_to_group(self, userToAdd):
self.create_group()
users = self.get_user_json(userToAdd)
groupjson = self.groupJSON.copy()
groupjson['users'].append(users)
update_resp = self.api_client.put(self.groupJSON['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials())
def create_request(self, username=None):
request_data = {
'contacts': [],
'free_edit_body': "<p>Something respectable, and testable!</p>",
'private': True,
'title': "test bangarang"
}
if username is None:
self.api_client.post('/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials())
else:
self.api_client.post('/api/v1/request/', format='json', data=request_data, authentication=self.get_credentials_other(username))
self.request = Request.objects.get(title=request_data['title'])
def get_credentials(self):
#log in with self.user credentials
result = self.api_client.client.login(username='******',
password='******')
return result
def get_credentials_other(self, username):
#log in with self.user credentials
result = self.api_client.client.login(username=username,
password='******')
return result
def create_agency(self):
self.agencyData = {
'government': Government.objects.get(name="United States of America").id,
'name': "A test agency",
'hidden': False
}
resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials())
return resp
def create_agency(self):
if self.agencyJSON is not None:
return self.agencyJSON
self.agencyData = {
'government': Government.objects.get(name="United States of America").id,
'name': "A test agency",
'hidden': False
}
resp = self.api_client.post('/api/v1/agency/', format='json', data=self.agencyData, authentication=self.get_credentials())
self.agency = Agency.objects.get(name='A test agency')
self.agencyJSON = json.loads(resp.content)
return self.agencyJSON
def create_contact(self, data=None):
if self.agency is None:
self.create_agency()
if self.contactJSON is not None:
return self.contactJSON
self.contactData = {
'first_name': "Testy",
"last_name": "McTester",
"dob": "1990-07-19",
"notes": ["nothing much"],
"phone_numbers": ["999-999-9999"],
"titles": ["Public Information Officer"],
"emails": ["*****@*****.**"],
"addresses": ["1600 Penn. Washington DC 99999"],
"agencyId": self.agency.id
}
if data is not None:
self.contactData = data
resp = self.api_client.post('/api/v1/contact/', format='json', data=self.contactData, authentication=self.get_credentials())
self.contactJSON = json.loads(resp.content)
self.contact = Contact.objects.get(first_name=self.contactData['first_name'], last_name=self.contactData['last_name'])
return self.contactJSON
class ApiV2TestCase(ResourceTestCase):
def setUp(self):
super(ApiV2TestCase, self).setUp()
self.user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
self.user2 = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
# delete all elections
Election.objects.filter(owner=self.user).delete()
#create an election
self.election, created = Election.objects.get_or_create(name='Election user 1',
owner=self.user,
slug='name-of-election',
published=True)
self.election2, created = Election.objects.get_or_create(name='Election user 2',
owner=self.user2,
slug='election-user-2',
published=True)
#delete category created by default
self.election.category_set.all().delete()
self.election2.category_set.all().delete()
self.personal_data1 = PersonalData.objects.create(
label = u"Age",
election = self.election)
self.personal_data2 = PersonalData.objects.create(
label = u"Le Profession",
election = self.election)
self.candidate = Candidate.objects.create(
name = u"Le Candidate 01",
election = self.election
)
self.candidate2 = Candidate.objects.create(
name = u"Candidate 02",
election = self.election
)
self.category1 = Category.objects.create(
name = u"Category 01",
election = self.election,
slug = "category-01")
self.category2 = Category.objects.create(
name = u"Another category",
election = self.election,
slug = "another-category")
self.question_category_1 = Question.objects.create(
category = self.category1,
question = u"Te gusta the beatles?")
self.question_category_2 = Question.objects.create(
category = self.category2,
question = u"Comerías limón con ají?")
self.answer_for_question_1 = Answer.objects.create(
question = self.question_category_1,
caption = u"Si")
self.answer_for_question_3 = Answer.objects.create(
question = self.question_category_1,
caption = u"No")
self.answer_for_question_2 = Answer.objects.create(
question = self.question_category_2,
caption = u"Talvez")
self.answer_for_question_4 = Answer.objects.create(
question = self.question_category_2,
caption = u"Quizás")
self.age = PersonalDataCandidate.objects.create(
personal_data = self.personal_data1,
candidate = self.candidate,
value = u"31")
self.profession = PersonalDataCandidate.objects.create(
personal_data = self.personal_data2,
candidate = self.candidate,
value = u"Constructor")
self.background_category_education = BackgroundCategory.objects.create(
name = u"Education",
election = self.election
)
self.background_school = Background.objects.create(
name = u"School",
category = self.background_category_education
)
self.background_candidate = BackgroundCandidate.objects.create(
candidate = self.candidate,
background = self.background_school,
value = u"Primary High School Musical"
)
self.link_twitter = Link.objects.create(
name = u"Twitter",
url = u"https://www.twitter.com/#el_twitter",
candidate = self.candidate)
self.candidate.associate_answer(self.answer_for_question_1)
self.candidate.associate_answer(self.answer_for_question_2)
self.api_client = TestApiClient()
#self.data = {'format': 'json', 'username': self.user.username, 'api_key':self.user.api_key.key}
def get_credentials(self):
return self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
def test_get_all_my_elections_unauthorized(self):
response = self.api_client.get('/api/v2/election/', format='json')
self.assertHttpUnauthorized(response)
def test_get_elections_valid_json(self):
response = self.api_client.get(
'/api/v2/election/',
format='json',
authentication=self.get_credentials())
self.assertValidJSONResponse(response)
def test_get_my_elections(self):
response = self.api_client.get(
'/api/v2/election/',
format='json',
authentication=self.get_credentials())
elections = self.deserialize(response)['objects']
self.assertEquals(len(elections),1)
the_election = elections[0]
# print the_election["background"]
self.assertEquals(the_election['id'],self.election.id)
self.assertTrue(the_election.has_key('candidates'))
self.assertTrue(isinstance(the_election["candidates"][0], unicode))
self.assertTrue(the_election.has_key('categories'))
self.assertTrue(isinstance(the_election["categories"][0], unicode))
self.assertTrue(the_election.has_key('background_categories'))
self.assertTrue(isinstance(the_election["background_categories"][0], unicode))
self.assertTrue(the_election.has_key('personal_data'))
self.assertTrue(isinstance(the_election["personal_data"][0], unicode))
#categories
def test_get_categories_valid_json(self):
response = self.api_client.get(
'/api/v2/category/',
format='json',
authentication=self.get_credentials())
self.assertValidJSONResponse(response)
#@skip('aun no es testetado')
def test_get_all_categories(self):
response = self.api_client.get(
'/api/v2/category/',
format='json',
authentication=self.get_credentials())
categories = self.deserialize(response)['objects']
self.assertEquals(len(categories),2)
the_category = categories[0]
self.assertEquals(the_category['id'],self.category1.id)
self.assertEquals(the_category['name'],self.category1.name)
the_category2 = categories[1]
self.assertEquals(the_category2['id'],self.category2.id)
self.assertEquals(the_category2['name'],self.category2.name)
self.assertTrue(the_category.has_key("questions"))
self.assertTrue(isinstance(the_category["questions"][0], unicode))
def test_get_all_questions(self):
response = self.api_client.get(
'/api/v2/question/',
format='json',
authentication=self.get_credentials())
questions = self.deserialize(response)['objects']
self.assertEquals(len(questions),2)
the_question = questions[0]
self.assertTrue(the_question.has_key('question'))
self.assertTrue(the_question.has_key('resource_uri'))
self.assertEqual(the_question["resource_uri"], "/api/v2/question/{0}/".format(self.question_category_1.id))
self.assertTrue(the_question.has_key('category'))
self.assertTrue(isinstance(the_question["category"], unicode))
self.assertEquals(the_question["category"], "/api/v2/category/{0}/".format(self.question_category_1.category.id))
def test_get_all_answers(self):
self.candidate.associate_answer(self.answer_for_question_1)
response = self.api_client.get(
'/api/v2/answer/',
format='json',
authentication=self.get_credentials())
answers = self.deserialize(response)['objects']
self.assertEquals(len(answers),Answer.objects.count())
the_answer = answers[0]
self.assertTrue(the_answer.has_key('caption'))
self.assertTrue(the_answer.has_key('resource_uri'))
self.assertEqual(the_answer["resource_uri"], "/api/v2/answer/{0}/".format(self.answer_for_question_1.id))
self.assertTrue(the_answer.has_key('candidates'))
self.assertEquals(len(the_answer["candidates"]), 1)
self.assertTrue(isinstance(the_answer["candidates"][0], unicode))
self.assertTrue(the_answer.has_key('question'))
self.assertTrue(isinstance(the_answer["question"], unicode))
self.assertEquals(the_answer["question"], "/api/v2/question/{0}/".format(self.answer_for_question_1.question.id))
def test_get_personal_data_candidate(self):
response = self.api_client.get(
'/api/v2/personal_data_candidate/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
personal_data_candidate = self.deserialize(response)['objects']
# print personal_data_candidate[0]
self.assertTrue(personal_data_candidate[0].has_key('candidate'))
self.assertTrue(personal_data_candidate[0]['candidate'])
self.assertTrue(personal_data_candidate[0].has_key('personal_data'))
self.assertTrue(personal_data_candidate[0]['personal_data'])
self.assertTrue(personal_data_candidate[0].has_key('value'))
def test_get_personal_data(self):
response = self.api_client.get(
'/api/v2/personal_data/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
def test_get_background(self):
response = self.api_client.get(
'/api/v2/background/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
background = self.deserialize(response)['objects']
self.assertIn('background_category', background[0])
def test_get_first_background(self):
response = self.api_client.get(
'/api/v2/background/{0}/'.format(self.background_school.id),
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
background = self.deserialize(response)
expected_resource_uri = "/api/v2/background_category/{0}/".format(
self.background_school.category.id
)
self.assertEquals(background["background_category"],expected_resource_uri)
def test_get_backgrounds_candidate(self):
response = self.api_client.get(
'/api/v2/backgrounds_candidate/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
backgrounds_candidate = self.deserialize(response)['objects']
# print(backgrounds_candidate)
self.assertTrue(backgrounds_candidate[0].has_key('value'))
self.assertIn('background', backgrounds_candidate[0])
def test_backgrounds_candidate_detail(self):
response = self.api_client.get(
'/api/v2/backgrounds_candidate/{0}/'.format(self.background_candidate.id),
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
the_background_candidate = self.deserialize(response)
self.assertEqual(the_background_candidate['value'], self.background_candidate.value)
self.assertIn("background",the_background_candidate)
# @skip('alguna razon')
def test_get_all_candidates(self):
response = self.api_client.get(
'/api/v2/candidate/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
candidates = self.deserialize(response)['objects']
self.assertEquals(len(candidates),2)
the_candidate = candidates[0]
# print(the_candidate)
self.assertTrue(the_candidate.has_key('slug'))
self.assertFalse(the_candidate.has_key('personal_data'))
self.assertTrue(the_candidate.has_key('personal_data_candidate'))
self.assertTrue(isinstance(the_candidate["personal_data_candidate"][0], unicode))
self.assertFalse(the_candidate.has_key('backgrounds'))
self.assertTrue(the_candidate.has_key('backgrounds_candidate'))
self.assertTrue(isinstance(the_candidate["backgrounds_candidate"][0], unicode))
self.assertTrue(the_candidate.has_key('links'))
self.assertTrue(isinstance(the_candidate["links"][0], unicode))
self.assertTrue(the_candidate.has_key('answers'))
self.assertTrue(isinstance(the_candidate["answers"][0], unicode))
def test_get_background_category(self):
response = self.api_client.get(
'/api/v2/background_category/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
background_category = self.deserialize(response)['objects']
the_background_category = background_category[0]
self.assertTrue(the_background_category.has_key('name'))
self.assertTrue(the_background_category.has_key('background'))
self.assertTrue(isinstance(the_background_category["background"][0], unicode))
def test_get_links(self):
response = self.api_client.get(
'/api/v2/link/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
link = self.deserialize(response)['objects']
# print link
the_link = link[0]
self.assertTrue(the_link.has_key('name'))
self.assertTrue(the_link.has_key('url'))
def test_answer_filtering(self):
filter_data = {
'question': self.question_category_1.id
}
response = self.api_client.get(
'/api/v2/answer/',
format='json',
authentication=self.get_credentials(),
data=filter_data)
self.assertHttpOK(response)
answer = self.deserialize(response)['objects']
self.assertEquals(len(answer), Answer.objects.filter(question=self.question_category_1).count())
self.assertEquals( answer[0]['id'] , self.answer_for_question_1.id )
# @skip('ignore')
def test_answer_filtering_two_param(self):
filter_data = {
# 'question': self.question_category_1.id,
'candidate__id': self.candidate.id
}
response = self.api_client.get(
'/api/v2/answer/',
format='json',
authentication=self.get_credentials(),
data=filter_data)
# print response
self.assertHttpOK(response)
answer = self.deserialize(response)['objects']
# self.assertEquals(len(answer), 1)
self.assertEquals( answer[0]['id'] , self.answer_for_question_1.id )
def test_filter_candidate(self):
filter_data = {
'id' : self.candidate.id
}
response = self.api_client.get(
'/api/v2/candidate/',
format='json',
authentication=self.get_credentials(),
data=filter_data)
self.assertHttpOK(response)
candidate = self.deserialize(response)['objects']
self.assertEquals( len(candidate), 1)
self.assertEquals( candidate[0]['id'], self.candidate.id )
#@skip('')
def test_media_naranja_post(self):
answers = [self.answer_for_question_1.pk, self.answer_for_question_2.pk]
questions_ids = [self.question_category_1.id, self.question_category_2.id]
importances = [5, 3]
importances_by_category = [5, 3]
factor_question1 = (answers[0] == self.answer_for_question_1.pk) * importances[0]
factor_question2 = (answers[1] == self.answer_for_question_2.pk) * importances[1]
score_category1 = factor_question1 * 100.0 / importances_by_category[0]
score_category2 = factor_question2 * 100.0 / importances_by_category[1]
global_score = (factor_question1 + factor_question2) * 100.0 / sum(importances_by_category)
response = self.api_client.post('/api/v2/medianaranja/',
format='json',
authentication=self.get_credentials(),
data = {
'data' : {
'question-0': answers[0], 'question-1': answers[1], \
'importance-0': importances[0], 'importance-1': importances[1],\
'question-id-0': questions_ids[0], 'question-id-1': questions_ids[1]
},\
'election-id' : self.election.id
}
)
expected_winner = {
'global_score':global_score,
'category_score':[
{
'category':self.question_category_1.category.name,
'score': score_category1
},
{
'category':self.question_category_2.category.name,
'score': score_category2
},
],
'candidate':self.candidate.id
}
expected_others = [
{
'global_score':0.0,
'category_score':[
{
'category':self.question_category_1.category.name,
'score': 0.0
},
{
'category':self.question_category_2.category.name,
'score': 0.0
},
],
'candidate':self.candidate2.id
}
]
#de nuevo
self.assertHttpCreated(response)
self.assertValidJSON(response.content)
candidates = self.deserialize(response)
self.assertIn('winner', candidates)
self.assertEquals(candidates['winner'],expected_winner)
self.assertEquals(candidates['others'],expected_others)
def test_media_naranja_post_jsonp(self):
answers = [self.answer_for_question_1.pk, self.answer_for_question_2.pk]
questions_ids = [self.question_category_1.id, self.question_category_2.id]
importances = [5, 3]
importances_by_category = [5, 3]
factor_question1 = (answers[0] == self.answer_for_question_1.pk) * importances[0]
factor_question2 = (answers[1] == self.answer_for_question_2.pk) * importances[1]
score_category1 = factor_question1 * 100.0 / importances_by_category[0]
score_category2 = factor_question2 * 100.0 / importances_by_category[1]
global_score = (factor_question1 + factor_question2) * 100.0 / sum(importances_by_category)
response = self.api_client.post('/api/v2/medianaranja/?callback=callback',
format='json',
authentication=self.get_credentials(),
data = {
'data' : {
'question-0': answers[0], 'question-1': answers[1], \
'importance-0': importances[0], 'importance-1': importances[1],\
'question-id-0': questions_ids[0], 'question-id-1': questions_ids[1]
},\
'election-id' : self.election.id
}
)
expected_winner = {
'global_score':global_score,
'category_score':[
{
'category':self.question_category_1.category.name,
'score': score_category1
},
{
'category':self.question_category_2.category.name,
'score': score_category2
},
],
'candidate':self.candidate.id
}
expected_others = [
{
'global_score':0.0,
'category_score':[
{
'category':self.question_category_1.category.name,
'score': 0.0
},
{
'category':self.question_category_2.category.name,
'score': 0.0
},
],
'candidate':self.candidate2.id
}
]
self.assertTrue(response.content.startswith("callback("))
content = response.content
content = content.strip("callback(")
def test_get_information_source(self):
information_source = InformationSource.objects.create(
candidate=self.candidate,
question=self.question_category_1,
content=u"Tomé esta información desde una página web")
response = self.api_client.get(
'/api/v2/information_source/',
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response)
information_source_dict = self.deserialize(response)['objects'][0]
self.assertEquals(information_source_dict['candidate'], '/api/v2/candidate/{0}/'.format(self.candidate.id))
self.assertEquals(information_source_dict['question'], '/api/v2/question/{0}/'.format(self.question_category_1.id))
self.assertEquals(information_source_dict['content'], information_source.content)
response_question = self.api_client.get(
information_source_dict['question'],
format='json',
authentication=self.get_credentials())
self.assertHttpOK(response_question)
question_dict = self.deserialize(response_question)
self.assertIn('information_sources', question_dict)
self.assertEquals(len(question_dict['information_sources']), 1)
self.assertEquals(question_dict['information_sources'][0], '/api/v2/information_source/{0}/'.format(information_source.id))
class ResourceTest(ResourceTestCase):
def setUp(self):
self.logger = logging.getLogger(__name__)
self.api_client = TestApiClient()
self.username = '******'
self.password = '******'
# create a user to be used for creating the resource
self.user_creator = hydroshare.create_account(
'*****@*****.**',
username=self.username,
first_name='Creator_FirstName',
last_name='Creator_LastName',
superuser=False,
password=self.password,
groups=[])
self.user_url = '/hsapi/accounts/{0}/'.format(
self.user_creator.username)
self.api_client.client.login(username=self.username,
password=self.password)
# create a resource
self.resource = hydroshare.create_resource(
resource_type='GenericResource',
title='My resource',
owner=self.user_creator,
last_changed_by=self.user_creator)
self.resource_url_base = '/hsapi/resource/'
self.resource_url = '{0}{1}/'.format(self.resource_url_base,
self.resource.short_id)
self.post_data = {
'title': 'My REST API-created resource',
'resource_type': 'GenericResource'
}
def tearDown(self):
User.objects.all().delete()
GenericResource.objects.all().delete()
def get_credentials(self):
k = self.create_basic(username=self.username, password=self.password)
print k
return k
def test_resource_get(self):
resp = self.api_client.get(self.resource_url)
self.assertTrue(resp['Location'].endswith('.zip'))
def test_resource_post(self):
resp = self.api_client.post(self.resource_url_base,
data=self.post_data)
self.assertIn(resp.status_code, [201, 200])
# PID comes back as body of response, but API client doesn't seem to be
# parsing the response for us
pid = str(resp).split('\n')[-1]
new_resource_url = '{0}{1}/'.format(self.resource_url_base, pid)
# Fetch the newly created resource
resp = self.api_client.get(new_resource_url)
self.assertTrue(resp['Location'].endswith('.zip'))
def test_resource_put(self):
new_data = {}
new_data['title'] = 'My UPDATED REST API-created resource'
resp = self.api_client.put(self.resource_url, data=new_data)
self.assertIn(resp.status_code, ['202', '204'])
def test_resource_delete(self):
x = self.api_client.delete(self.resource_url, format='json')
self.assertIn(x.status_code, [202, 204, 301])
self.assertHttpNotFound(
self.api_client.get(self.resource_url, format='json'))
class ApiTestCase(ResourceTestCase):
fixtures = ['app/detective/fixtures/default_topics.json',
'app/detective/fixtures/search_terms.json',]
def setUp(self):
super(ApiTestCase, self).setUp()
# Use custom api client
self.api_client = TestApiClient()
self.salt = SaltMixin.salt
self.super_username = '******'
self.super_password = '******'
self.super_email = '*****@*****.**'
self.contrib_username = '******'
self.contrib_password = '******'
self.contrib_email = '*****@*****.**'
self.lambda_username = '******'
self.lambda_password = '******'
self.lambda_email = '*****@*****.**'
contributors = Group.objects.get(name='energy_contributor')
# Create the new user users
super_user = User.objects.create(
username=self.super_username,
email=self.super_email,
is_staff=True,
is_superuser = True
)
super_user.set_password(self.super_password)
super_user.save()
self.super_user = super_user
contrib_user = User.objects.create(
username=self.contrib_username,
email=self.contrib_email,
is_active=True
)
contrib_user.groups.add(contributors)
contrib_user.set_password(self.contrib_password)
contrib_user.save()
self.contrib_user = contrib_user
lambda_user = User.objects.create(
username=self.lambda_username,
email=self.lambda_email,
)
lambda_user.set_password(self.lambda_password)
lambda_user.save()
self.lambda_user = lambda_user
# Create related objects
self.jpp = Organization(name=u"Journalism++")
self.jpp._author = [super_user.pk]
self.jpp.founded = datetime(2011, 4, 3)
self.jpp.website_url = 'http://jplusplus.com'
self.jpp.save()
self.jg = Organization(name=u"Journalism Grant")
self.jg._author = [super_user.pk]
self.jg.save()
self.fra = Country(name=u"France", isoa3=u"FRA")
self.fra.save()
self.pr = Person(name=u"Pierre Roméra")
self.pr.based_in.add(self.fra)
self.pr.activity_in_organization.add(self.jpp)
self.pr.save()
self.pb = Person(name=u"Pierre Bellon")
self.pb.based_in.add(self.fra)
self.pb.activity_in_organization.add(self.jpp)
self.pb.save()
# Creates Christmas topic
ontology = File(open(settings.DATA_ROOT + "/ontology-v5.7.owl"))
self.christmas = Topic(slug=u"christmas", title="It's christmas!", ontology_as_owl=ontology, author=super_user)
self.christmas.save()
# Creates Thanksgiving topic
self.thanksgiving = Topic(slug=u"thanksgiving", title="It's thanksgiving!", ontology_as_owl=ontology, author=super_user)
self.thanksgiving.save()
self.post_data_simple = {
"name": "Lorem ispum TEST",
"twitter_handle": "loremipsum"
}
self.post_data_related = {
"name": "Lorem ispum TEST RELATED",
"owner": [
{ "id": self.jpp.id },
{ "id": self.jg.id }
],
"activity_in_country": [
{ "id": self.fra.id }
]
}
self.rdf_jpp = {
"label": u"Person that has activity in Journalism++",
"object": {
"id": self.jpp.id,
"model": u"Organization",
"name": u"Journalism++"
},
"predicate": {
"label": u"has activity in",
"name": u"activity_in_organization",
"subject": u"Person"
},
"subject": {
"label": u"Person",
"name": u"Person"
}
}
def cleanModel(self, model_instance):
if model_instance:
model_instance.delete()
def tearDown(self):
# Clean & delete generated data
# individuals
self.cleanModel(self.jpp) # organization
self.cleanModel(self.jg) # organization
self.cleanModel(self.fra) # country
self.cleanModel(self.pr) # people
self.cleanModel(self.pb) # people
# Simply flush the database
management.call_command('flush', verbosity=0, interactive=False)
# Utility functions (Auth, operation etc.)
def login(self, username, password):
return self.api_client.client.login(username=username, password=password)
def get_super_credentials(self):
return self.login(self.super_username, self.super_password)
def get_contrib_credentials(self):
return self.login(self.contrib_username, self.contrib_password)
def get_lambda_credentials(self):
return self.login(self.lambda_username, self.lambda_password)
def signup_user(self, user_dict):
""" Utility method to signup through API """
return self.api_client.post('/api/common/v1/user/signup/', format='json', data=user_dict)
def patch_individual(self, scope=None, model_name=None, model_id=None,
patch_data=None, auth=None, skip_auth=False):
if not skip_auth and not auth:
auth = self.get_super_credentials()
url = '/api/%s/v1/%s/%d/patch/' % (scope, model_name, model_id)
return self.api_client.post(url, format='json', data=patch_data, authentication=auth)
def check_permissions(self, permissions=None, user=None):
user_permissions = list(user.get_all_permissions())
self.assertEqual(len(user_permissions), len(permissions))
for perm in user_permissions:
self.assertTrue(perm in permissions)
# All test functions
def test_user_signup_succeed(self):
"""
Test with proper data to signup user
Expected: HTTT 201 (Created)
"""
user_dict = dict(username=u"newuser", password=u"newuser", email=u"*****@*****.**")
resp = self.signup_user(user_dict)
self.assertHttpCreated(resp)
def test_user_signup_empty_data(self):
"""
Test with empty data to signup user
Expected: HTTP 400 (BadRequest)
"""
user_dict = dict(username=u"", password=u"", email=u"")
resp = self.signup_user(user_dict)
self.assertHttpBadRequest(resp)
def test_user_signup_no_data(self):
resp = self.api_client.post('/api/common/v1/user/signup/', format='json')
self.assertHttpBadRequest(resp)
def test_user_signup_existing_user(self):
user_dict = dict(username=self.super_username, password=self.super_password, email=self.super_email)
resp = self.signup_user(user_dict)
self.assertHttpForbidden(resp)
def test_user_activate_succeed(self):
user_dict = dict(username='******', password='******', email='*****@*****.**')
self.assertHttpCreated(self.signup_user(user_dict))
innactive_user = User.objects.get(email=user_dict.get('email'))
activation_profile = RegistrationProfile.objects.get(user=innactive_user)
activation_key = activation_profile.activation_key
resp_activate = self.api_client.get('/api/common/v1/user/activate/?token=%s' % activation_key)
self.assertHttpOK(resp_activate)
user = User.objects.get(email=user_dict.get('email'))
self.assertTrue(user.is_active)
def test_user_activate_fake_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/?token=FAKE')
self.assertHttpForbidden(resp)
def test_user_activate_no_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/')
self.assertHttpBadRequest(resp)
def test_user_activate_empty_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/?token')
self.assertHttpBadRequest(resp)
def test_user_contrib_login_succeed(self):
auth = dict(username=self.contrib_username, password=self.contrib_password)
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.assertTrue(data["success"])
self.check_permissions(permissions=data.get("permissions"), user=self.contrib_user)
def test_user_login_succeed(self):
auth = dict(username=self.super_username, password=self.super_password)
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_login_failed(self):
auth = dict(username=self.super_username, password=u"awrongpassword")
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_logout_succeed(self):
# First login
auth = dict(username=self.super_username, password=self.super_password)
self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
# Then logout
resp = self.api_client.get('/api/common/v1/user/logout/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_logout_failed(self):
resp = self.api_client.get('/api/common/v1/user/logout/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_permissions_is_logged(self):
auth = dict(username=self.contrib_username, password=self.contrib_password)
self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
resp = self.api_client.get('/api/common/v1/user/permissions/', format='json')
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.check_permissions(permissions=data.get("permissions"), user=self.contrib_user)
def test_user_permissions_isnt_logged(self):
resp = self.api_client.get('/api/common/v1/user/permissions/', format='json')
self.assertHttpUnauthorized(resp)
def test_user_status_isnt_logged(self):
resp = self.api_client.get('/api/common/v1/user/status/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], False)
def test_user_status_is_logged(self):
# Log in
auth = dict(username=self.super_username, password=self.super_password)
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.assertTrue(data['success'])
resp = self.api_client.get('/api/common/v1/user/status/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], True)
def test_contrib_user_status_is_logged(self):
# Log in
auth = dict(username=self.contrib_username, password=self.contrib_password, remember_me=True)
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.assertTrue(data['success'])
resp = self.api_client.get('/api/common/v1/user/status/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], True)
def test_reset_password_success(self):
email = dict(email=self.super_email)
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertTrue(data['success'])
def test_reset_password_wrong_email(self):
email = dict(email="*****@*****.**")
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email)
self.assertEqual(resp.status_code in [302, 404], True)
def test_reset_password_no_data(self):
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json')
self.assertHttpBadRequest(resp)
def test_reset_password_empty_email(self):
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=dict(email=''))
self.assertHttpBadRequest(resp)
def test_reset_password_confirm_succes(self):
"""
Test to successfuly reset a password with a new one.
Expected:
HTTP 200 - OK
"""
token = signing.dumps(self.super_user.pk, salt=self.salt)
password = "******"
auth = dict(password=password, token=token)
resp = self.api_client.post(
'/api/common/v1/user/reset_password_confirm/',
format='json',
data=auth
)
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.assertTrue(data['success'])
# we query users to get the latest user object (updated with password)
user = User.objects.get(email=self.super_user.email)
self.assertTrue(user.check_password(password))
def test_reset_password_confirm_no_data(self):
"""
Test on reset_password_confirm API endpoint without any data.
Expected response:
HTTP 400 (BadRequest).
Explanation:
Every request on /reset_password_confirm/ must have a JSON data payload.
{
password: ... // the password to reset"
token: ... // the reset password token (received by emai)
}
"""
resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json')
self.assertHttpBadRequest(resp)
self.assertIsNotNone(resp.content)
def test_reset_password_confirm_empty_data(self):
"""
Test on reset_password_confirm API endpoint with empty data:
{
password: ""
token: ""
}
Expected result:
HTTP 400 (BadRequest)
Explanation:
A reset_password_confirm request must have a password and should be
authenticated with a token.
"""
auth = dict(password='', token='')
resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json', data=auth)
self.assertHttpBadRequest(resp)
def test_reset_password_confirm_fake_token(self):
"""
Test on reset_password_confirm API endpoint with empty data:
{
password: ""
token: ""
}
Expected result:
HTTP 403 (Forbidden)
Explanation:
A reset_password_confirm request should be authenticated with a valid
token.
"""
fake_token = 'f4k:t0k3N'
auth = dict(password='******', token=fake_token)
resp = self.api_client.post(
'/api/common/v1/user/reset_password_confirm/',
format='json',
data=auth
)
self.assertHttpForbidden(resp)
def test_get_list_json(self):
resp = self.api_client.get('/api/energy/v1/energyproject/?limit=20', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Number of element on the first page
count = min(20, EnergyProject.objects.count())
self.assertEqual( len(self.deserialize(resp)['objects']), count)
def test_post_list_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple))
def test_post_list_staff(self):
# Check how many are there first.
count = EnergyProject.objects.count()
self.assertHttpCreated(
self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_simple,
authentication=self.get_super_credentials()
)
)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count+1)
def test_post_list_contributor(self):
# Check how many are there first.
count = EnergyProject.objects.count()
self.assertHttpCreated(
self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_simple,
authentication=self.get_contrib_credentials()
)
)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count+1)
def test_post_list_lambda(self):
self.assertHttpUnauthorized(
self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_simple,
authentication=self.get_lambda_credentials()
)
)
def test_post_list_related(self):
# Check how many are there first.
count = EnergyProject.objects.count()
# Record API response to extract data
resp = self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_related,
authentication=self.get_super_credentials()
)
# Vertify the request status
self.assertHttpCreated(resp)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count+1)
# Are the data readable?
self.assertValidJSON(resp.content)
# Parse data to verify relationship
data = json.loads(resp.content)
self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"]))
self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"]))
def test_mine(self):
resp = self.api_client.get('/api/energy/v1/organization/mine/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual( len(data["objects"]), 2)
def test_mine_empty(self):
resp = self.api_client.get('/api/energy/v1/organization/mine/', format='json')
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual( len(data["objects"]), 0)
def test_search_organization(self):
resp = self.api_client.get('/api/energy/v1/organization/search/?q=Journalism', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater( len(data.items()), 1 )
def test_search_organization_wrong_page(self):
resp = self.api_client.get('/api/energy/v1/organization/search/?q=Roméra&page=10000', format='json', authentication=self.get_super_credentials())
self.assertEqual(resp.status_code in [302, 404], True)
def test_cypher_detail(self):
resp = self.api_client.get('/api/common/v1/cypher/111/', format='json', authentication=self.get_super_credentials())
self.assertTrue(resp.status_code in [302, 404])
def test_cypher_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json'))
def test_cypher_unauthorized(self):
# Ensure the user isn't authorized to process cypher request
self.super_user.is_staff = True
self.super_user.is_superuser = False
self.super_user.save()
self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_super_credentials()))
def test_cypher_authorized(self):
# Ensure the user IS authorized to process cypher request
self.super_user.is_superuser = True
self.super_user.save()
self.assertValidJSONResponse(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_super_credentials()))
def test_summary_list(self):
resp = self.api_client.get('/api/common/v1/summary/', format='json')
self.assertEqual(resp.status_code in [302, 404], True)
def test_summary_mine_success(self):
resp = self.api_client.get('/api/energy/v1/summary/mine/', authentication=self.get_super_credentials(), format='json')
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
objects = data['objects']
self.assertIsNotNone(find(lambda x: x['label'] == self.jpp.name, objects))
self.assertIsNotNone(find(lambda x: x['label'] == self.jg.name, objects))
def test_summary_mine_unauthenticated(self):
resp = self.api_client.get('/api/energy/v1/summary/mine/', format='json')
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
objects = data['objects']
self.assertEqual(len(objects), 0)
def test_countries_summary(self):
resp = self.api_client.get('/api/energy/v1/summary/countries/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# Only France is present
self.assertGreater(len(data), 0)
# We added 1 relation to France
self.assertEqual("count" in data["FRA"], True)
def test_forms_summary(self):
resp = self.api_client.get('/api/energy/v1/summary/forms/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# As many descriptors as models
self.assertEqual( 11, len(data.items()) )
def test_types_summary(self):
resp = self.api_client.get('/api/energy/v1/summary/types/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
def test_search_summary(self):
resp = self.api_client.get('/api/energy/v1/summary/search/?q=Journalism', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater( len(data.items()), 1 )
def test_search_summary_wrong_offset(self):
resp = self.api_client.get('/api/energy/v1/summary/search/?q=Journalism&offset=-1', format='json', authentication=self.get_super_credentials())
self.assertEqual(resp.status_code in [302, 404], True)
def test_summary_human_search(self):
query = "Person activity in Journalism"
resp = self.api_client.get('/api/energy/v1/summary/human/?q=%s' % query, format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
self.assertGreater(len(data['objects']), 1)
def test_rdf_search(self):
# RDF object for persons that have activity in J++, we need to urlencode
# the JSON string to avoid '+' loss
rdf_str = urllib.quote(json.dumps(self.rdf_jpp))
url = '/api/energy/v1/summary/rdf_search/?limit=20&offset=0&q=%s' % rdf_str
resp = self.api_client.get(url, format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
objects = data['objects']
self.assertIsNotNone(find(lambda x: x['name'] == self.pr.name, objects))
self.assertIsNotNone(find(lambda x: x['name'] == self.pb.name, objects))
def test_patch_individual_date_staff(self):
"""
Test a patch request on an invidividual's date attribute.
Request: /api/energy/v1/organization/
Expected: HTTP 200 (OK)
"""
# date are subject to special process with patch method.
new_date = datetime(2011, 4, 1, 0, 0, 0, 0)
data = {
'founded': new_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data
}
resp = self.patch_individual(**args)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
updated_jpp = Organization.objects.get(name=self.jpp.name)
self.assertEqual(timezone.make_naive(updated_jpp.founded), new_date)
def test_patch_individual_website_staff(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data
}
resp = self.patch_individual(**args)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
updated_jpp = Organization.objects.get(name=self.jpp.name)
self.assertEqual(updated_jpp.website_url, jpp_url)
def test_patch_individual_website_unauthenticated(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data,
'skip_auth' : True,
}
resp = self.patch_individual(**args)
self.assertHttpUnauthorized(resp)
def test_patch_individual_website_contributor(self):
jpp_url = 'http://www.jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data,
'auth' : self.get_contrib_credentials(),
}
resp = self.patch_individual(**args)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
updated_jpp = Organization.objects.filter(name=self.jpp.name)[0]
self.assertEqual(updated_jpp.website_url, jpp_url)
def test_patch_individual_website_lambda(self):
jpp_url = 'http://bam.jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data,
'auth' : self.get_lambda_credentials(),
}
resp = self.patch_individual(**args)
self.assertHttpUnauthorized(resp)
def test_patch_individual_not_found(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : 1337,
'model_name' : 'organization',
'patch_data' : data,
}
resp = self.patch_individual(**args)
self.assertEqual(resp.status_code in [302, 404], True)
def test_topic_endpoint_exists(self):
resp = self.api_client.get('/api/common/v1/topic/?slug=christmas', follow=True, format='json')
# Parse data to check the number of result
data = json.loads(resp.content)
# 1 result
self.assertEqual( len( data["objects"] ), 1 )
def test_topic_api_exists(self):
resp = self.api_client.get('/api/christmas/v1/', format='json')
self.assertValidJSONResponse(resp)
def test_topic_has_person(self):
resp = self.api_client.get('/api/christmas/v1/', format='json')
self.assertValidJSONResponse(resp)
def test_topic_multiple_api(self):
# API 1
resp = self.api_client.get('/api/christmas/v1/', format='json')
self.assertValidJSONResponse(resp)
# API 2
resp = self.api_client.get('/api/thanksgiving/v1/', format='json')
self.assertValidJSONResponse(resp)
def test_topic_has_summary_syntax_from_ontology(self):
resp = self.api_client.get('/api/christmas/v1/summary/syntax/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
def test_topic_has_summary_syntax_from_file(self):
resp = self.api_client.get('/api/energy/v1/summary/syntax/', format='json', authentication=self.get_super_credentials())
self.assertValidJSONResponse(resp)
class Partner_v1__PhotoResourceTest(ResourceTestCase):
fixtures = [
'api_accounts_and_keys.json', 'packages.json',
'accounts_and_users.json', 'events.json', 'guests.json', 'photos.json'
]
def setUp(self):
super(Partner_v1__PhotoResourceTest, self).setUp()
# we need a custom serializer for multipart uploads
self.api_client = TestApiClient(serializer=MultipartSerializer())
self.api_key = 'key123_partner'
self.api_secret = 'sec123_partner'
self.api_account_1 = ApiAccount.objects.all()[0]
self.events = Event.objects.filter(
account__api_account=self.api_account_1)
self.photos = Photo.objects.filter(
event__account__api_account=self.api_account_1)
self.photo_1 = self.photos[0]
# The data we'll send on POST requests
filename = 'trashcat.jpg'
filepath = os.path.join(settings.PROJECT_PATH, 'api', 'assets',
filename)
f = open(filepath, 'rb')
self.post_data = {
'event': '/partner_v1/event/{0}/'.format(self.events[0].pk),
'caption': 'My super awesome caption!',
'image': {
'filename': filename,
'data': f.read(),
}
}
def get_credentials(self, method, uri):
return DatabaseAuthentication.create_signature(self.api_key,
self.api_secret, method,
uri)
def test_get_photos(self):
uri = '/partner_v1/photo/'
resp = self.api_client.get(uri,
format='json',
authentication=self.get_credentials(
'GET', uri))
# make sure the resource is valid
self.assertValidJSONResponse(resp)
# make sure we have the right number of objects
self.assertNotEqual(Photo.objects.all().count(), self.photos.count())
self.assertEqual(
self.deserialize(resp)['meta']['total_count'], self.photos.count())
def test_get_photo(self):
uri = '/partner_v1/photo/{0}/'.format(self.photo_1.pk)
resp = self.api_client.get(uri,
format='json',
authentication=self.get_credentials(
'GET', uri))
# make sure the resource is valid
self.assertValidJSONResponse(resp)
# test to make sure all the keys are in the response
self.assertKeys(self.deserialize(resp), [
'caption',
'created_at',
'event',
'guest',
'resource_uri',
])
def test_post_photo(self):
uri = '/partner_v1/photo/'
resp = self.api_client.post(uri,
data=self.post_data,
format='multipart',
authentication=self.get_credentials(
'POST', uri))
# make sure the resource was created
self.assertHttpCreated(resp)
# test to make sure all the keys are in the response
self.assertKeys(self.deserialize(resp), [
'caption',
'created_at',
'event',
'guest',
'resource_uri',
])
class ApiTestCase(ResourceTestCase):
'''
Testing custom integrity checks for the Move model.
'''
def setUp(self):
self.api_client = TestApiClient()
player_1 = Player.objects.create(name="Person1", is_human=True)
player_2 = Player.objects.create(name="Person2", is_human=False)
Game.objects.create(player_1=player_1, player_2=player_2)
def move_dict(self, game_id, player_id, x, y):
return {"game": { "id": game_id }, "player": { "id": player_id }, "position_x": x, "position_y": y}
def test_winner_found(self):
'''
Tests winner and is_over are updated on game when three coordinates in a row are one player's.
Tests winner and is_over are not updated before that.
'''
self.api_client.get('/api/v1/move/', format='json')
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=1, position_y=1).save()
Move(game=game, player=player2, position_x=0, position_y=0).save()
Move(game=game, player=player1, position_x=1, position_y=0).save()
move_post = self.move_dict(game.id, player2.id, 0, 2)
self.api_client.post('/api/v1/move/', data=move_post)
game = Game.objects.get(id=1)
self.assertFalse(game.is_over or game.winner)
move_post = self.move_dict(game.id, player1.id, 1, 2)
self.api_client.post('/api/v1/move/', data=move_post)
self.api_client.get('/api/v1/move/', format='json')
resp = json.loads(self.api_client.get('/api/v1/game/1/', format='json').content)
game = Game.objects.get(id=1)
self.assertTrue(game.is_over)
self.assertTrue(resp['is_over'])
self.assertEqual(game.winner, player1)
self.assertEqual(resp['winner']['name'], player1.name)
def test_tie(self):
'''
Tests is_over is updated on game when all coordinates have been taken.
Tests is_over is not updated before that.
Tests that winner is never set for this scenario.
'''
self.api_client.get('/api/v1/move/', format='json')
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=1, position_y=1).save()
Move(game=game, player=player2, position_x=1, position_y=0).save()
Move(game=game, player=player1, position_x=2, position_y=0).save()
Move(game=game, player=player2, position_x=2, position_y=2).save()
Move(game=game, player=player1, position_x=0, position_y=0).save()
Move(game=game, player=player2, position_x=0, position_y=1).save()
Move(game=game, player=player1, position_x=1, position_y=2).save()
move_post = self.move_dict(game.id, player2.id, 0, 2)
self.api_client.post('/api/v1/move/', data=move_post)
game = Game.objects.get(id=1)
self.assertFalse(game.is_over or game.winner)
move_post = self.move_dict(game.id, player1.id, 2, 1)
self.api_client.post('/api/v1/move/', data=move_post)
resp = json.loads(self.api_client.get('/api/v1/game/1/', format='json').content)
game = Game.objects.get(id=1)
self.assertTrue(game.is_over)
self.assertTrue(resp['is_over'])
self.assertFalse(game.winner)
self.assertFalse(resp['winner'])
def test_computer_turn(self):
'''
Tests that a computer turn is taken automatically when computer's turn is next and POST is made wtih Move object.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
move_post = self.move_dict(game.id, player1.id, 0, 0)
self.api_client.post('/api/v1/move/', data=move_post)
computer_move = json.loads(self.api_client.get('/api/v1/move/2/', format='json').content)
self.assertTrue(computer_move)
self.assertEqual(computer_move['player']['name'], player2.name)
def test_computer_turn_not_after_win(self):
'''
Tests that after a human player wins a turn, the automatic play of the computer does not occur.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=0, position_y=0).save()
Move(game=game, player=player2, position_x=1, position_y=0).save()
Move(game=game, player=player1, position_x=1, position_y=1).save()
Move(game=game, player=player2, position_x=2, position_y=0).save()
move_post = self.move_dict(game.id, player1.id, 2, 2)
self.api_client.post('/api/v1/move/', data=move_post)
moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content)
self.assertEquals(len(moves['objects']), 5)
self.assertEquals(moves['objects'][0]['player']['name'], player1.name)
def test_computer_selects_middle(self):
'''
Tests that if available, computer selects middle coordinate.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
move_post = self.move_dict(game.id, player1.id, 2, 2)
self.api_client.post('/api/v1/move/', data=move_post)
moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content)
self.assertEquals(len(moves['objects']), 2)
x = moves['objects'][0]['position_x']
y = moves['objects'][0]['position_y']
self.assertEquals((x,y), (1,1))
def test_computer_wins_if_possible(self):
'''
Tests that computer will make winning move if possible.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=0, position_y=0).save()
Move(game=game, player=player2, position_x=1, position_y=1).save()
Move(game=game, player=player1, position_x=2, position_y=1).save()
Move(game=game, player=player2, position_x=1, position_y=2).save()
move_post = self.move_dict(game.id, player1.id, 0, 2)
self.api_client.post('/api/v1/move/', data=move_post)
moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content)
self.assertEquals(len(moves['objects']), 6)
self.assertEquals(moves['objects'][0]['player']['name'], player2.name)
x = moves['objects'][0]['position_x']
y = moves['objects'][0]['position_y']
self.assertEquals((x,y), (1,0))
game = Game.objects.get(id=1)
self.assertTrue(game.is_over)
self.assertEquals(game.winner.name, player2.name)
def test_computer_prevents_user_win(self):
'''
Tests that computer will prevent a user's win.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=0, position_y=0).save()
Move(game=game, player=player2, position_x=1, position_y=1).save()
move_post = self.move_dict(game.id, player1.id, 0, 2)
self.api_client.post('/api/v1/move/', data=move_post)
moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content)
self.assertEquals(len(moves['objects']), 4)
x = moves['objects'][0]['position_x']
y = moves['objects'][0]['position_y']
self.assertEquals((x,y), (0,1))
def test_computer_finishes_tie(self):
'''
Tests that computer makes selections until the game is over.
'''
game = Game.objects.get(id=1)
player1 = Player.objects.get(id=1)
player2 = Player.objects.get(id=2)
Move(game=game, player=player1, position_x=0, position_y=0).save()
Move(game=game, player=player2, position_x=1, position_y=1).save()
Move(game=game, player=player1, position_x=2, position_y=2).save()
Move(game=game, player=player2, position_x=1, position_y=0).save()
Move(game=game, player=player1, position_x=1, position_y=2).save()
Move(game=game, player=player2, position_x=0, position_y=2).save()
move_post = self.move_dict(game.id, player1.id, 2, 0)
self.api_client.post('/api/v1/move/', data=move_post)
moves = json.loads(self.api_client.get('/api/v1/move/', format='json').content)
self.assertEquals(len(moves['objects']), 8)
class PostResourceTest(ResourceTestCase):
fixtures = [
'group.json', 'group_permission.json', 'user_group.json', 'user.json',
'user_project.json', 'project_part.json', 'project.json',
'profile.json', 'post.json', 'comment.json'
]
def setUp(self):
# Generic
self.api_client = TestApiClient()
self.serializer = Serializer()
# API List data
self.list_url = '/api/v1/post/'
# API requests data
self.project_part_id = 1
self.post_id = 1
self.detail_url = '/api/v1/post/{0}/'.format(self.post_id)
self.project_part_query = '='.join(
['?project_part', str(self.project_part_id)])
self.post_data = {
'content': 'My post',
'project_part': {
'pk': self.project_part_id
}
}
# Open API request data
self.open_project_part_id = 2
self.open_post_id = 2
self.open_detail_url = '/api/v1/post/{0}/'.format(self.open_post_id)
self.open_project_part_query = '='.join(
['?project_part', str(self.open_project_part_id)])
self.open_post_data = {
'content': 'My post',
'project_part': {
'pk': self.open_project_part_id
}
}
def get_credentials(self):
result = self.api_client.client.login(email='*****@*****.**',
password='******')
def test_post_list(self):
self.get_credentials()
self.assertIn('_auth_user_id', self.api_client.client.session)
self.assertEqual(self.api_client.client.session['_auth_user_id'], 1)
self.assertEqual(Post.objects.count(), 2)
self.assertHttpCreated(
self.api_client.post(self.list_url,
format='json',
data=self.post_data))
self.assertEqual(Post.objects.count(), 3)
def test_get_list_unauthorzied(self):
self.assertHttpUnauthorized(
self.api_client.get(self.list_url, format='json'))
def test_get_list(self):
self.get_credentials()
resp = self.api_client.get(''.join(
[self.list_url, self.project_part_query]),
format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(len(json.loads(resp.content)['objects']), 1)
def test_get_detail_unauthenticated(self):
self.assertHttpUnauthorized(
self.api_client.get(self.detail_url, format='json'))
def test_get_detail(self):
self.get_credentials()
resp = self.api_client.get(self.detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['content'], 'hola')
# def test_post_list_unauthenticated(self):
# self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json',
# data=self.post_data))
def test_put_detail_unauthenticated(self):
self.assertHttpUnauthorized(
self.api_client.put(self.detail_url, format='json', data={}))
def test_put_detail(self):
self.get_credentials()
original_data = json.loads(
self.api_client.get(self.detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Post'
self.assertEqual(Post.objects.count(), 2)
self.assertHttpAccepted(
self.api_client.put(self.detail_url, format='json', data=new_data))
# Make sure the count hasn't changed & we did an update.
self.assertEqual(Post.objects.count(), 2)
def test_delete_detail_unauthenticated(self):
self.assertHttpUnauthorized(
self.api_client.delete(self.detail_url, format='json'))
def test_delete_detail(self):
self.get_credentials()
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.delete(self.detail_url, format='json')
self.assertHttpAccepted(resp)
self.assertEqual(Post.objects.count(), 1)
# Open Projects
# FIXME It fails because tastypie is not accessing authorization
# before calling obj_create
# def test_post_list_open(self):
# self.assertEqual(Post.objects.count(), 2)
# resp = self.api_client.post(self.list_url,
# format='json',
# data=self.open_post_data)
# self.assertHttpUnauthorized(resp)
def test_get_detail_open(self):
resp = self.api_client.get(self.open_detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['content'], 'hola')
def test_delete_detail_open(self):
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.delete(self.open_detail_url, format='json')
self.assertHttpUnauthorized(resp)
def test_put_detail_open(self):
original_data = json.loads(
self.api_client.get(self.open_detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Post'
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.put(self.open_detail_url,
format='json',
data=new_data)
self.assertHttpUnauthorized(resp)
class UserTestBase(ResourceTestCase):
def setUp(self):
load_states()
load_statutes()
settings.DEBUG = True
self.api_client = TestApiClient()
self.get_credentials()
#user creates all the groups and requests initially, user should always have edit perms unless another user takes that away
self.user = User.objects.create_user('john', '*****@*****.**',
'secret')
self.user.is_staff = True #someone has to be responsible
self.user.save()
self.usertwo = User.objects.create_user('yoko', '*****@*****.**',
'secret')
self.userthree = User.objects.create_user('ringo',
'*****@*****.**',
'secret')
self.post_data = {'name': 'A TEST GROUP'}
self.up, created = UserProfile.objects.get_or_create(user=self.user)
self.uptwo, created = UserProfile.objects.get_or_create(
user=self.usertwo)
self.upthree, created = UserProfile.objects.get_or_create(
user=self.userthree)
self.groupJSON = None
self.group = None
self.request = None
self.agency = None
self.agencyJSON = None
self.contact = None
self.contactJSON = None
self.government = None
self.governmentJSON = None
def tearDown(self):
Request.objects.all().delete()
Contact.objects.all_them().delete()
Agency.objects.all_them().delete()
FeeExemptionOther.objects.all_them().delete()
Statute.objects.all_them().delete()
Government.objects.all().delete()
Group.objects.all().delete()
User.objects.all().delete()
def get_user_group(self, userToGet):
#each user has their own group named after then which they are the sole member of
for group in userToGet.groups.all():
if group.name == userToGet.username:
return group
def create_group(self):
#creates the default group and sets default json
if self.groupJSON is not None:
return self.groupJSON
resp = self.api_client.post('/api/v1/group/',
format='json',
data=self.post_data,
authentication=self.get_credentials())
self.group = Group.objects.get(name=self.post_data['name'])
self.groupJSON = json.loads(resp.content)
return resp
def get_group_json(self, group):
#gets json for a group
resp = self.api_client.get('/api/v1/group/%s/' % group.id,
format='json',
data={},
authentication=self.get_credentials())
return json.loads(resp.content)
def get_user_json(self, userToGet):
users_resp = self.api_client.get("/api/v1/user/%s/" % userToGet.id,
format='json',
authentication=self.get_credentials())
return json.loads(users_resp.content)
def add_user_to_group(self, userToAdd):
self.create_group()
users = self.get_user_json(userToAdd)
groupjson = self.groupJSON.copy()
groupjson['users'].append(users)
update_resp = self.api_client.put(
self.groupJSON['resource_uri'],
format='json',
data=groupjson,
authentication=self.get_credentials())
def create_request(self, username=None):
request_data = {
'contacts': [],
'free_edit_body': "<p>Something respectable, and testable!</p>",
'private': True,
'title': "test bangarang"
}
if username is None:
self.api_client.post('/api/v1/request/',
format='json',
data=request_data,
authentication=self.get_credentials())
else:
self.api_client.post(
'/api/v1/request/',
format='json',
data=request_data,
authentication=self.get_credentials_other(username))
self.request = Request.objects.get(title=request_data['title'])
def get_credentials(self):
#log in with self.user credentials
result = self.api_client.client.login(username='******',
password='******')
return result
def get_credentials_other(self, username):
#log in with self.user credentials
result = self.api_client.client.login(username=username,
password='******')
return result
def create_agency(self):
self.agencyData = {
'government':
Government.objects.get(name="United States of America").id,
'name': "A test agency",
'hidden': False
}
resp = self.api_client.post('/api/v1/agency/',
format='json',
data=self.agencyData,
authentication=self.get_credentials())
return resp
def create_agency(self):
if self.agencyJSON is not None:
return self.agencyJSON
self.agencyData = {
'government':
Government.objects.get(name="United States of America").id,
'name': "A test agency",
'hidden': False
}
resp = self.api_client.post('/api/v1/agency/',
format='json',
data=self.agencyData,
authentication=self.get_credentials())
self.agency = Agency.objects.get(name='A test agency')
self.agencyJSON = json.loads(resp.content)
return self.agencyJSON
def create_contact(self, data=None):
if self.agency is None:
self.create_agency()
if self.contactJSON is not None:
return self.contactJSON
self.contactData = {
'first_name': "Testy",
"last_name": "McTester",
"dob": "1990-07-19",
"notes": ["nothing much"],
"phone_numbers": ["999-999-9999"],
"titles": ["Public Information Officer"],
"emails": ["*****@*****.**"],
"addresses": ["1600 Penn. Washington DC 99999"],
"agencyId": self.agency.id
}
if data is not None:
self.contactData = data
resp = self.api_client.post('/api/v1/contact/',
format='json',
data=self.contactData,
authentication=self.get_credentials())
self.contactJSON = json.loads(resp.content)
self.contact = Contact.objects.get(
first_name=self.contactData['first_name'],
last_name=self.contactData['last_name'])
return self.contactJSON
class ResourceTest(ResourceTestCase):
def setUp(self):
self.logger = logging.getLogger(__name__)
self.api_client = TestApiClient()
self.username = "******"
self.password = "******"
# create a user to be used for creating the resource
self.user_creator = hydroshare.create_account(
"*****@*****.**",
username=self.username,
first_name="Creator_FirstName",
last_name="Creator_LastName",
superuser=False,
password=self.password,
groups=[],
)
self.user_url = "/hsapi/accounts/{0}/".format(self.user_creator.username)
self.api_client.client.login(username=self.username, password=self.password)
# create a resource
self.resource = hydroshare.create_resource(
resource_type="GenericResource",
title="My resource",
owner=self.user_creator,
last_changed_by=self.user_creator,
)
self.resource_url_base = "/hsapi/resource/"
self.resource_url = "{0}{1}/".format(self.resource_url_base, self.resource.short_id)
self.post_data = {"title": "My REST API-created resource", "resource_type": "GenericResource"}
def tearDown(self):
User.objects.all().delete()
GenericResource.objects.all().delete()
def get_credentials(self):
k = self.create_basic(username=self.username, password=self.password)
print k
return k
def test_resource_get(self):
resp = self.api_client.get(self.resource_url)
self.assertTrue(resp["Location"].endswith(".zip"))
def test_resource_post(self):
resp = self.api_client.post(self.resource_url_base, data=self.post_data)
self.assertIn(resp.status_code, [201, 200])
# PID comes back as body of response, but API client doesn't seem to be
# parsing the response for us
pid = str(resp).split("\n")[-1]
new_resource_url = "{0}{1}/".format(self.resource_url_base, pid)
# Fetch the newly created resource
resp = self.api_client.get(new_resource_url)
self.assertTrue(resp["Location"].endswith(".zip"))
def test_resource_put(self):
new_data = {}
new_data["title"] = "My UPDATED REST API-created resource"
resp = self.api_client.put(self.resource_url, data=new_data)
self.assertIn(resp.status_code, ["202", "204"])
def test_resource_delete(self):
x = self.api_client.delete(self.resource_url, format="json")
self.assertIn(x.status_code, [202, 204, 301])
self.assertHttpNotFound(self.api_client.get(self.resource_url, format="json"))
class AuthResourceTest(ResourceTestCase):
fixtures = ['test_auth.json']
def setUp(self):
super(AuthResourceTest, self).setUp()
self.client = TestApiClient()
self.endpoint = '/api/v1/auth/'
self.format = 'json'
# Get user 1 and token 1 from fixture
self.user = User.objects.all()[0]
self.token = self.user.usertoken_set.all()[0]
self.password = '******'
self.detail = '/api/v1/auth/{0}/'.format(self.token.id)
# Get user 2 and token 2 from fixture
self.user2 = User.objects.all()[1]
self.token2 = self.user2.usertoken_set.all()[0]
self.detail2 = '/api/v1/auth/{0}/'.format(self.token2.id)
def get_credentials(self):
return self.create_basic(username=self.user.username,
password=self.password)
# Try to get tokens without credentials
def test_get_keys_unauthorzied(self):
self.assertHttpUnauthorized(self.client.get(self.endpoint,
self.format))
# Try to create a token (POST)
def test_create_token_json(self):
post_data = {}
credentials = self.get_credentials()
self.assertHttpCreated(self.client.post(self.endpoint,
self.format,
data=post_data,
authentication=credentials))
# Try to get all tokens (GET)
def test_get_keys_json(self):
credentials = self.get_credentials()
resp = self.client.get(self.endpoint,
self.format,
authentication=credentials)
self.assertValidJSONResponse(resp)
# Try to delete a token (DELETE)
def test_delete_token_json(self):
credentials = self.get_credentials()
self.assertEqual(UserToken.objects.count(), 2)
resp = self.client.delete(self.detail,
format=self.format,
authentication=credentials)
self.assertHttpAccepted(resp)
self.assertEqual(UserToken.objects.count(), 1)
# User 1 try to delete user 2 token
def test_delete_another_token(self):
credentials = self.get_credentials()
self.assertHttpNotFound(self.client.delete(self.detail2,
format=self.format,
authentication=credentials))
# Try to create a token (POST) with wrong credentials
def test_create_token_with_wrong_credentials_json(self):
post_data = {}
credentials = self.create_basic(username=self.user.username,
password="******")
self.assertHttpUnauthorized(self.client.post(self.endpoint,
self.format,
data=post_data,
authentication=credentials))
class AnswerCreationResource(ResourceTestCase):
def setUp(self):
super(AnswerCreationResource, self).setUp()
call_command('loaddata', 'example_data', verbosity=0)
self.outbound_message = OutboundMessage.objects.all()[0]
self.identifier = OutboundMessageIdentifier.objects.get(outbound_message=self.outbound_message)
self.api_client = TestApiClient()
self.user = User.objects.all()[0]
self.data = {'format': 'json', 'username': self.user.username, 'api_key':self.user.api_key.key}
def get_credentials(self):
credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
return credentials
def test_I_can_create_an_answer_with_only_an_identifier_and_a_content(self):
url = '/api/v1/create_answer/'
content = 'Fiera tiene una pulga'
answer_data = {
'key':self.identifier.key,
'content':content
}
previous_answers = Answer.objects.count()
response = self.api_client.post(url, data = answer_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
answers_count = Answer.objects.count()
self.assertEquals(answers_count, previous_answers + 1)
def test_authorization_using_api_key(self):
url = '/api/v1/create_answer/'
content = 'una sola'
answer_data = {
'key':self.identifier.key,
'content':content
}
response = self.api_client.post(url, data = answer_data, format='json')
self.assertHttpUnauthorized(response)
def test_only_the_owner_can_create_an_answer(self):
not_the_owner = User.objects.create(username='******')
his_api_key = not_the_owner.api_key
credentials = self.create_apikey(username=not_the_owner.username, api_key=his_api_key.key)
url = '/api/v1/create_answer/'
content = 'una sola'
answer_data = {
'key':self.identifier.key,
'content':content
}
response = self.api_client.post(url, data = answer_data, format='json', authentication=credentials)
self.assertHttpUnauthorized(response)
def test_only_post_endpoint(self):
url = '/api/v1/create_answer/'
content = 'una sola'
answer_data = {
'key':self.identifier.key,
'content':content
}
response = self.api_client.get(url)
self.assertHttpMethodNotAllowed(response)
response = self.api_client.put(url, data = answer_data)
self.assertHttpMethodNotAllowed(response)
response = self.api_client.patch(url, data = answer_data)
self.assertHttpMethodNotAllowed(response)
class ApiTestCase(ResourceTestCase):
def setUp(self):
super(ApiTestCase, self).setUp()
# Use custom api client
self.api_client = TestApiClient()
# Look for the test user
self.username = u'tester'
self.password = u'tester'
self.email = u'*****@*****.**'
self.salt = SaltMixin.salt
try:
self.user = User.objects.get(username=self.username)
self.jpp = jpp = Organization.objects.get(name=u"Journalism++")
self.jg = jg = Organization.objects.get(name=u"Journalism Grant")
self.fra = fra = Country.objects.get(name=u"France")
self.pr = pr = Person.objects.get(name=u"Pierre Roméra")
self.pb = pb = Person.objects.get(name=u"Pierre Bellon")
except ObjectDoesNotExist:
# Create the new user
self.user = User.objects.create_user(self.username, self.email, self.password)
self.user.is_staff = True
self.user.is_superuser = True
self.user.save()
# Create related objects
self.jpp = jpp = Organization(name=u"Journalism++")
jpp._author = [self.user.pk]
jpp.founded = datetime(2011, 4, 3)
jpp.website_url = 'http://jplusplus.com'
jpp.save()
self.jg = jg = Organization(name=u"Journalism Grant")
jg._author = [self.user.pk]
jg.save()
self.fra = fra = Country(name=u"France", isoa3=u"FRA")
fra.save()
self.pr = pr = Person(name=u"Pierre Roméra")
pr.based_in.add(fra)
pr.activity_in_organization.add(jpp)
pr.save()
self.pb = pb = Person(name=u"Pierre Bellon")
pb.based_in.add(fra)
pb.activity_in_organization.add(jpp)
pb.save()
self.post_data_simple = {
"name": "Lorem ispum TEST",
"twitter_handle": "loremipsum"
}
self.post_data_related = {
"name": "Lorem ispum TEST RELATED",
"owner": [
{ "id": jpp.id },
{ "id": jg.id }
],
"activity_in_country": [
{ "id": fra.id }
]
}
self.rdf_jpp = {
"label": u"Person that has activity in Journalism++",
"object": {
"id": 283,
"model": u"common:Organization",
"name": u"Journalism++"
},
"predicate": {
"label": u"has activity in",
"name": u"person_has_activity_in_organization+",
"subject": u"energy:Person"
},
"subject": {
"label": u"Person",
"name": u"energy:Person"
}
}
def tearDown(self):
if self.user:
self.user.delete()
if self.jpp:
self.jpp.delete()
if self.jg:
self.jg.delete()
if self.fra:
self.fra.delete()
if self.pr:
self.pr.delete()
if self.pb:
self.pb.delete()
# Utility functions (Auth, operation etc.)
def get_credentials(self):
return self.api_client.client.login(username=self.username, password=self.password)
def signup_user(self, user_dict):
""" Utility method to signup through API """
return self.api_client.post('/api/common/v1/user/signup/', format='json', data=user_dict)
def patch_individual(self, scope=None, model_name=None, model_id=None,
patch_data=None, auth=None, skipAuth=False):
if not skipAuth and not auth:
auth = self.get_credentials()
url = '/api/%s/v1/%s/%d/patch/' % (scope, model_name, model_id)
return self.api_client.post(url, format='json', data=patch_data, authentication=auth)
# All test functions
def test_user_signup_succeed(self):
"""
Test with proper data to signup user
Expected: HTTT 201 (Created)
"""
user_dict = dict(username=u"newuser", password=u"newuser", email=u"*****@*****.**")
resp = self.signup_user(user_dict)
self.assertHttpCreated(resp)
def test_user_signup_empty_data(self):
"""
Test with empty data to signup user
Expected: HTTP 400 (BadRequest)
"""
user_dict = dict(username=u"", password=u"", email=u"")
resp = self.signup_user(user_dict)
self.assertHttpBadRequest(resp)
def test_user_signup_no_data(self):
resp = self.api_client.post('/api/common/v1/user/signup/', format='json')
self.assertHttpBadRequest(resp)
def test_user_signup_existing_user(self):
user_dict = dict(username=self.username, password=self.password, email=self.email)
resp = self.signup_user(user_dict)
self.assertHttpForbidden(resp)
def test_user_activate_succeed(self):
user_dict = dict(username='******', password='******', email='*****@*****.**')
self.assertHttpCreated(self.signup_user(user_dict))
innactive_user = User.objects.get(email=user_dict.get('email'))
activation_profile = RegistrationProfile.objects.get(user=innactive_user)
activation_key = activation_profile.activation_key
resp_activate = self.api_client.get('/api/common/v1/user/activate/?token=%s' % activation_key)
self.assertHttpOK(resp_activate)
user = User.objects.get(email=user_dict.get('email'))
self.assertTrue(user.is_active)
def test_user_activate_fake_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/?token=FAKE')
self.assertHttpForbidden(resp)
def test_user_activate_no_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/')
self.assertHttpBadRequest(resp)
def test_user_activate_empty_token(self):
resp = self.api_client.get('/api/common/v1/user/activate/?token')
self.assertHttpBadRequest(resp)
def test_user_login_succeed(self):
auth = dict(username=u"tester", password=u"tester")
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_login_failed(self):
auth = dict(username=u"tester", password=u"wrong")
resp = self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_logout_succeed(self):
# First login
auth = dict(username=u"tester", password=u"tester")
self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
# Then logout
resp = self.api_client.get('/api/common/v1/user/logout/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_logout_failed(self):
resp = self.api_client.get('/api/common/v1/user/logout/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_status_isnt_logged(self):
resp = self.api_client.get('/api/common/v1/user/status/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], False)
def test_user_status_is_logged(self):
# Log in
auth = dict(username=u"tester", password=u"tester")
self.api_client.post('/api/common/v1/user/login/', format='json', data=auth)
resp = self.api_client.get('/api/common/v1/user/status/', format='json')
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], True)
def test_reset_password_success(self):
email = dict(email="*****@*****.**")
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertTrue(data['success'])
def test_reset_password_wrong_email(self):
email = dict(email="*****@*****.**")
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=email)
self.assertEqual(resp.status_code in [302, 404], True)
def test_reset_password_no_data(self):
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json')
self.assertHttpBadRequest(resp)
def test_reset_password_empty_email(self):
resp = self.api_client.post('/api/common/v1/user/reset_password/', format='json', data=dict(email=''))
self.assertHttpBadRequest(resp)
def test_reset_password_confirm_succes(self):
"""
Test to successfuly reset a password with a new one.
Expected:
HTTP 200 - OK
"""
token = signing.dumps(self.user.pk, salt=self.salt)
password = "******"
auth = dict(password=password, token=token)
resp = self.api_client.post(
'/api/common/v1/user/reset_password_confirm/',
format='json',
data=auth
)
self.assertValidJSON(resp.content)
data = json.loads(resp.content)
self.assertTrue(data['success'])
# we query users to get the latest user object (updated with password)
user = User.objects.get(email=self.user.email)
self.assertTrue(user.check_password(password))
def test_reset_password_confirm_no_data(self):
"""
Test on reset_password_confirm API endpoint without any data.
Expected response:
HTTP 400 (BadRequest).
Explanation:
Every request on /reset_password_confirm/ must have a JSON data payload.
{
password: ... // the password to reset"
token: ... // the reset password token (received by emai)
}
"""
resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json')
self.assertHttpBadRequest(resp)
self.assertIsNotNone(resp.content)
def test_reset_password_confirm_empty_data(self):
"""
Test on reset_password_confirm API endpoint with empty data:
{
password: ""
token: ""
}
Expected result:
HTTP 400 (BadRequest)
Explanation:
A reset_password_confirm request must have a password and should be
authenticated with a token.
"""
auth = dict(password='', token='')
resp = self.api_client.post('/api/common/v1/user/reset_password_confirm/', format='json', data=auth)
self.assertHttpBadRequest(resp)
def test_reset_password_confirm_fake_token(self):
"""
Test on reset_password_confirm API endpoint with empty data:
{
password: ""
token: ""
}
Expected result:
HTTP 403 (Forbidden)
Explanation:
A reset_password_confirm request should be authenticated with a valid
token.
"""
fake_token = 'f4k:t0k3N'
auth = dict(password='******', token=fake_token)
resp = self.api_client.post(
'/api/common/v1/user/reset_password_confirm/',
format='json',
data=auth
)
self.assertHttpForbidden(resp)
def test_get_list_json(self):
resp = self.api_client.get('/api/energy/v1/energyproject/?limit=20', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Number of element on the first page
count = min(20, EnergyProject.objects.count() )
self.assertEqual( len(self.deserialize(resp)['objects']), count)
def test_post_list_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.post('/api/energy/v1/energyproject/', format='json', data=self.post_data_simple))
def test_post_list(self):
# Check how many are there first.
count = EnergyProject.objects.count()
self.assertHttpCreated(
self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_simple,
authentication=self.get_credentials()
)
)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count+1)
def test_post_list_related(self):
# Check how many are there first.
count = EnergyProject.objects.count()
# Record API response to extract data
resp = self.api_client.post('/api/energy/v1/energyproject/',
format='json',
data=self.post_data_related,
authentication=self.get_credentials()
)
# Vertify the request status
self.assertHttpCreated(resp)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count+1)
# Are the data readable?
self.assertValidJSON(resp.content)
# Parse data to verify relationship
data = json.loads(resp.content)
self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"]))
self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"]))
def test_mine(self):
resp = self.api_client.get('/api/energy/v1/energyproject/mine/', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(
min(20, len(data["objects"])),
EnergyProject.objects.filter(_author__contains=self.user.id).count()
)
def test_search_organization(self):
resp = self.api_client.get('/api/energy/v1/organization/search/?q=Journalism', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater( len(data.items()), 1 )
def test_search_organization_wrong_page(self):
resp = self.api_client.get('/api/energy/v1/organization/search/?q=Roméra&page=10000', format='json', authentication=self.get_credentials())
self.assertEqual(resp.status_code in [302, 404], True)
def test_cypher_detail(self):
resp = self.api_client.get('/api/common/v1/cypher/111/', format='json', authentication=self.get_credentials())
self.assertEqual(resp.status_code in [302, 404], True)
def test_cypher_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json'))
def test_cypher_unauthorized(self):
# Ensure the user isn't authorized to process cypher request
self.user.is_staff = True
self.user.is_superuser = False
self.user.save()
self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_credentials()))
def test_cypher_authorized(self):
# Ensure the user IS authorized to process cypher request
self.user.is_superuser = True
self.user.save()
self.assertValidJSONResponse(self.api_client.get('/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;', format='json', authentication=self.get_credentials()))
def test_summary_list(self):
resp = self.api_client.get('/api/common/v1/summary/', format='json')
self.assertEqual(resp.status_code in [302, 404], True)
def test_summary_mine_success(self):
resp = self.api_client.get('/api/common/v1/summary/mine/', authentication=self.get_credentials(), format='json')
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
objects = data['objects']
jpp_t = find(lambda x: x['label'] == self.jpp.name, objects)
jg_t = find(lambda x: x['label'] == self.jg.name, objects)
self.assertIsNotNone(jpp_t)
self.assertIsNotNone(jg_t)
def test_summary_mine_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get('/api/common/v1/summary/mine/', format='json'))
def test_countries_summary(self):
resp = self.api_client.get('/api/common/v1/summary/countries/', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# Only France is present
self.assertGreater(len(data), 0)
# We added 1 relation to France
self.assertEqual("count" in data["FRA"], True)
def test_forms_summary(self):
resp = self.api_client.get('/api/common/v1/summary/forms/', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# As many descriptors as models
self.assertEqual( 11, len(data.items()) )
def test_types_summary(self):
resp = self.api_client.get('/api/common/v1/summary/types/', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
def test_search_summary(self):
resp = self.api_client.get('/api/common/v1/summary/search/?q=Journalism', format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater( len(data.items()), 1 )
def test_search_summary_wrong_page(self):
resp = self.api_client.get('/api/common/v1/summary/search/?q=Journalism&page=-1', format='json', authentication=self.get_credentials())
self.assertEqual(resp.status_code in [302, 404], True)
def test_summary_human_search(self):
query = "Person activity in Journalism"
resp = self.api_client.get('/api/common/v1/summary/human/?q=%s' % query, format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
self.assertGreater(len(data['objects']), 1)
def test_rdf_search(self):
# RDF object for persons that have activity in J++, we need to urlencode
# the JSON string to avoid '+' loss
rdf_str = urllib.quote(json.dumps(self.rdf_jpp))
url = '/api/common/v1/summary/rdf_search/?limit=20&offset=0&q=%s' % rdf_str
resp = self.api_client.get(url, format='json', authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
objects = data['objects']
pr_t = find(lambda x: x['name'] == self.pr.name, objects)
pb_t = find(lambda x: x['name'] == self.pb.name, objects)
self.assertIsNotNone(pr_t)
self.assertIsNotNone(pb_t)
def test_patch_individual_date(self):
"""
Test a patch request on an invidividual's date attribute.
Request: /api/energy/v1/organization/
Expected: HTTP 200 (OK)
"""
# date are subject to special process with patch method.
new_date = datetime(2011, 4, 1, 0, 0, 0, 0)
data = {
'founded': new_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data
}
resp = self.patch_individual(**args)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
updated_jpp = Organization.objects.get(name=self.jpp.name)
self.assertEqual(timezone.make_naive(updated_jpp.founded), new_date)
def test_patch_individual_website(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data
}
resp = self.patch_individual(**args)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
updated_jpp = Organization.objects.get(name=self.jpp.name)
self.assertEqual(updated_jpp.website_url, jpp_url)
def test_patch_individual_unauthorized(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : self.jpp.id,
'model_name' : 'organization',
'patch_data' : data,
'skipAuth' : True,
}
resp = self.patch_individual(**args)
self.assertHttpUnauthorized(resp)
def test_patch_individual_not_found(self):
jpp_url = 'http://jplusplus.org'
data = {
'website_url': jpp_url,
}
args = {
'scope' : 'energy',
'model_id' : 1337,
'model_name' : 'organization',
'patch_data' : data,
}
resp = self.patch_individual(**args)
self.assertEqual(resp.status_code in [302, 404], True)
class MessageResourceTestCase(ResourceTestCase):
def setUp(self):
super(MessageResourceTestCase, self).setUp()
call_command('loaddata', 'example_data', verbosity=0)
self.user = User.objects.get(id=1)
self.writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=self.user)
self.api_client = TestApiClient()
self.data = {'format': 'json', 'username': self.user.username, 'api_key': self.user.api_key.key}
def get_credentials(self):
credentials = self.create_apikey(username=self.user.username, api_key=self.user.api_key.key)
return credentials
def test_get_list_of_messages(self):
url = '/api/v1/message/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
messages = self.deserialize(response)['objects']
# Only listing my messages
expected_messages = Message.public_objects.filter(writeitinstance__in=self.user.writeitinstances.all())
self.assertEqual(len(messages), expected_messages.count()) # Only my instances
first_message = messages[0]
self.assertNotIn('author_email', first_message.keys())
def test_only_listing_my_messages(self):
not_me = User.objects.create_user(username='******', password='******')
writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=not_me)
person1 = Person.objects.get(id=1)
writeitinstance.add_person(person1)
i_should_not_see_this_message = Message.objects.create(
content='Content 1 Public message',
author_name='Felipe',
author_email="*****@*****.**",
subject='Fiera es una perra feroz',
writeitinstance=writeitinstance,
persons=[person1],
)
Confirmation.objects.create(message=i_should_not_see_this_message)
i_should_not_see_this_message.recently_confirmated()
self.assertTrue(i_should_not_see_this_message.public)
expected_messages = Message.public_objects.filter(writeitinstance__in=self.user.writeitinstances.all())
self.assertNotIn(i_should_not_see_this_message, expected_messages)
self.assertIn(i_should_not_see_this_message, Message.public_objects.all())
url = '/api/v1/message/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
messages = self.deserialize(response)['objects']
i_should_not_see_this_message_as_json = None
# Seriously, this can be done in a more elegant way
# I'll keep on working with this and I'll return to this test
# later
for message in messages:
if message['id'] == i_should_not_see_this_message.id:
i_should_not_see_this_message_as_json = message
self.assertIsNone(i_should_not_see_this_message_as_json)
# The detail of a message
url = '/api/v1/message/{0}/'.format(i_should_not_see_this_message.id)
response = self.api_client.get(url, data=self.data)
self.assertHttpUnauthorized(response)
def test_list_of_messages_is_ordered(self):
""" The list of messages shown in the API is ordered by created date"""
# Preparing the test
Message.objects.all().delete()
person1 = Person.objects.get(id=1)
# cleaning up the database before
message1 = Message.objects.create(
content=u'Content 1',
author_name=u'Felipe',
author_email=u"*****@*****.**",
subject=u'Fiera es una perra feroz 1',
writeitinstance=self.writeitinstance,
persons=[person1],
)
Confirmation.objects.create(message=message1)
message1.recently_confirmated()
message2 = Message.objects.create(
content=u'Content 2',
author_name=u'Felipe',
author_email=u"*****@*****.**",
subject=u'Fiera es una perra feroz 2',
writeitinstance=self.writeitinstance,
persons=[person1],
)
Confirmation.objects.create(message=message2)
message2.recently_confirmated()
url = '/api/v1/message/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
messages = self.deserialize(response)['objects']
self.assertEquals(messages[0]['id'], message2.id)
self.assertEquals(messages[1]['id'], message1.id)
def test_authentication(self):
url = '/api/v1/message/'
response = self.api_client.get(url)
self.assertHttpUnauthorized(response)
def test_a_list_of_messages_have_answers(self):
url = '/api/v1/message/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
messages = self.deserialize(response)['objects']
self.assertTrue('answers' in messages[0])
def test_the_message_has_the_people_it_was_sent_to(self):
url = '/api/v1/message/'
response = self.api_client.get(url, data=self.data)
self.assertValidJSONResponse(response)
messages = self.deserialize(response)['objects']
self.assertTrue('persons' in messages[0])
message_from_the_api = messages[0]
message = Message.objects.get(id=messages[0]['id'])
for person in message_from_the_api['people']:
self.assertIn('popit_url', person)
self.assertIn(
Person.objects.get(id=person['id']),
message.people.all(),
)
self.assertEquals(len(message_from_the_api['people']), message.people.count())
def test_create_a_new_message(self):
writeitinstance = WriteItInstance.objects.get(id=1)
message_data = {
'author_name': 'Felipipoo',
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': [writeitinstance.persons.all()[0].popit_url],
}
url = '/api/v1/message/'
previous_amount_of_messages = Message.objects.count()
response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
self.assertValidJSON(force_text(response.content))
message_as_json = force_text(response.content)
self.assertIn('resource_uri', message_as_json)
post_amount_of_messages = Message.objects.count()
self.assertEquals(post_amount_of_messages, previous_amount_of_messages + 1)
the_message = Message.objects.get(author_name='Felipipoo')
outbound_messages = the_message.outboundmessage_set.all()
self.assertTrue(outbound_messages.count() > 0)
for outbound_message in outbound_messages:
self.assertEquals(outbound_message.status, 'ready')
def test_create_a_new_message_in_not_my_instance(self):
not_me = User.objects.create_user(username='******', password='******')
writeitinstance = WriteItInstance.objects.create(name=u"a test", slug=u"a-test", owner=not_me)
person1 = Person.objects.get(id=1)
writeitinstance.add_person(person1)
message_data = {
'author_name': 'Felipipoo',
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': [person1.popit_url],
}
url = '/api/v1/message/'
response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials())
self.assertHttpUnauthorized(response)
def test_create_a_new_message_with_a_non_existing_person(self):
writeitinstance = WriteItInstance.objects.get(id=1)
message_data = {
'author_name': 'Felipipoo',
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': [
writeitinstance.persons.all()[0].popit_url,
'http://this.person.does.not.exist',
],
}
url = '/api/v1/message/'
response = self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials())
self.assertHttpCreated(response)
the_message = Message.objects.get(author_name='Felipipoo')
outbound_messages = the_message.outboundmessage_set.all()
self.assertEquals(outbound_messages.count(), 1)
self.assertEquals(outbound_messages[0].contact.person, writeitinstance.persons.all()[0])
def test_create_a_new_message_confirmated(self):
writeitinstance = WriteItInstance.objects.get(id=1)
message_data = {
'author_name': 'Felipipoo',
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': [writeitinstance.persons.all()[0].popit_url],
}
url = '/api/v1/message/'
self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials())
the_message = Message.objects.get(author_name='Felipipoo')
self.assertTrue(the_message.confirmated)
def test_create_a_new_message_to_all_persons_in_the_instance(self):
# here it is the thing I don't know yet how to do this and I'll go for
# saying all in the persons array instead of having an array or an empty
writeitinstance = WriteItInstance.objects.get(id=1)
message_data = {
'author_name': 'Felipipoo',
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': "all",
}
url = '/api/v1/message/'
self.api_client.post(url, data=message_data, format='json', authentication=self.get_credentials())
the_message = Message.objects.get(author_name=u'Felipipoo')
self.assertEquals(len(the_message.people), writeitinstance.persons.count())
self.assertQuerysetEqual(
the_message.people.all(),
[repr(r) for r in writeitinstance.persons.all()]
)
def test_not_confirming_automatically_a_message(self):
"""Push a new message to an instance with no autoconfirm message"""
writeitinstance = WriteItInstance.objects.get(id=1)
writeitinstance.config.autoconfirm_api_messages = False
writeitinstance.config.save()
message_data = {
'author_name': 'Felipipoo',
'author_email': "*****@*****.**",
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': "all",
}
url = '/api/v1/message/'
self.api_client.post(
url,
data=message_data,
format='json',
authentication=self.get_credentials(),
)
the_message = Message.objects.get(author_name='Felipipoo')
self.assertFalse(the_message.confirmated)
self.assertIsNotNone(the_message.confirmation)
def test_not_including_email_in_non_auto_confrim_message(self):
"""Not Including email causes error 403 in a non auto confirm message"""
writeitinstance = WriteItInstance.objects.get(id=1)
writeitinstance.config.autoconfirm_api_messages = False
writeitinstance.config.save()
message_data = {
'author_name': 'Felipipoo',
# 'author_email': "*****@*****.**", # this missing param will cause a 403
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': "all",
}
url = '/api/v1/message/'
response = self.api_client.post(
url,
data=message_data,
format='json',
authentication=self.get_credentials(),
)
self.assertEquals(response.status_code, 400)
self.assertFalse(Message.objects.filter(author_name='Felipipoo'))
def test_including_a_non_email_in_the_author_email(self):
"""When it has an author_email it validates it"""
writeitinstance = WriteItInstance.objects.get(id=1)
message_data = {
'author_name': 'Felipipoo',
'author_email': "This is not an email", # this missing param will cause a 403
'subject': 'new message',
'content': 'the content thing',
'writeitinstance': '/api/v1/instance/{0}/'.format(writeitinstance.id),
'persons': "all"
}
url = '/api/v1/message/'
response = self.api_client.post(
url,
data=message_data,
format='json',
authentication=self.get_credentials(),
)
self.assertEquals(response.status_code, 400)
self.assertFalse(Message.objects.filter(author_name='Felipipoo'))
class HelpResourceTest(ResourceTestCase):
def setUp(self):
super(HelpResourceTest, self).setUp()
# TODO: If we end up supporting the PATCH method, use our
# FixedTestApiClient instead of the default
self.api_client = TestApiClient()
self.username = "******"
self.password = "******"
self.user = User.objects.create_user(self.username, "*****@*****.**", self.password)
def test_get_detail(self):
help = create_help(title="Test Help Item", body="Test Help Item body")
uri = "/api/0.1/help/%s/" % (help.help_id)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)["title"], "Test Help Item")
self.assertEqual(self.deserialize(resp)["body"], "Test Help Item body")
def test_get_detail_by_slug(self):
help = create_help(title="Test Help Item", body="Test Help Item body", slug="test")
uri = "/api/0.1/help/%s/" % (help.slug)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)["title"], "Test Help Item")
self.assertEqual(self.deserialize(resp)["body"], "Test Help Item body")
def test_get_list_for_section(self):
section_help = create_help(title="Test section help item", body="Test section help item body")
nonsection_help = create_help(
title="Test non-section help item", body="Test non-section help item body", slug="test-nonsection"
)
story = create_story(
title="Test Story", summary="Test Summary", byline="Test Byline", status="published", language="en"
)
section = create_section(title="Test Section 1", story=story, help=section_help)
uri = "/api/0.1/help/sections/%s/" % (section.section_id)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(len(self.deserialize(resp)["objects"]), 1)
self.assertEqual(self.deserialize(resp)["objects"][0]["title"], "Test section help item")
self.assertEqual(self.deserialize(resp)["objects"][0]["body"], "Test section help item body")
def test_post_list_for_section(self):
section_help = create_help(title="Test section help item", body="Test section help item body")
story = create_story(
title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=self.user,
)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {"help_id": section_help.help_id}
uri = "/api/0.1/help/sections/%s/" % (section.section_id)
self.api_client.client.login(username=self.username, password=self.password)
resp = self.api_client.post(uri, format="json", data=post_data)
self.assertHttpCreated(resp)
updated_section = Section.objects.get(pk=section.pk)
self.assertEqual(updated_section.help, section_help)
def test_post_list_for_section_unauthorized_unauthenticated(self):
"""
Test that anonymous users cannot set the help item for a section
"""
section_help = create_help(title="Test section help item", body="Test section help item body")
story = create_story(
title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=self.user,
)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {"help_id": section_help.help_id}
uri = "/api/0.1/help/sections/%s/" % (section.section_id)
resp = self.api_client.post(uri, format="json", data=post_data)
self.assertHttpUnauthorized(resp)
def test_post_list_for_section_unauthorized_other_user(self):
"""
Test that a user can't set the help text for another user's section
"""
user2 = User.objects.create(username="******", email="*****@*****.**", password="******")
section_help = create_help(title="Test section help item", body="Test section help item body")
story = create_story(
title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=user2,
)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {"help_id": section_help.help_id}
self.api_client.client.login(username=self.username, password=self.password)
uri = "/api/0.1/help/sections/%s/" % (section.section_id)
resp = self.api_client.post(uri, format="json", data=post_data)
self.assertHttpUnauthorized(resp)
class CreateOrListAccountsTest(ResourceTestCase):
serializer = Serializer()
def setUp(self):
self.account_url_base = '/hsapi/accounts/'
self.sudo = hydroshare.create_account('*****@*****.**',
'hs',
'hydro',
'share',
True,
password='******')
self.api_client = TestApiClient()
self.api_client.client.login(username=self.sudo.username,
password=self.sudo.password)
def tearDown(self):
User.objects.all().delete()
def test_create_account(self):
username = '******'
password = '******'
post_data_should_fail = CreateOrListAccounts.CreateAccountForm({
'email':
'*****@*****.**',
'username':
username,
'first_name':
'shaun',
'last_name':
'livingston',
'password':
password,
'superuser':
True
})
resp = self.api_client.post(self.account_url_base,
data=post_data_should_fail)
self.assertHttpForbidden(resp)
post_data_should_succeed = CreateOrListAccounts.CreateAccountForm({
'email':
'*****@*****.**',
'username':
username,
'first_name':
'shaun',
'last_name':
'livingston',
'password':
password
})
resp = self.api_client.post(self.account_url_base,
data=post_data_should_succeed)
self.assertHttpCreated(resp)
self.assertTrue(User.objects.filter(email='*****@*****.**').exists())
self.assertTrue(User.objects.filter(username=username).exists())
self.assertTrue(User.objects.filter(first_name='shaun').exists())
self.assertTrue(User.objects.filter(last_name='livingston').exists())
self.assertTrue(User.objects.filter(superuser=True).exists())
def test_list_users(self):
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User0_FirstName',
last_name='User0_LastName',
)
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User1_FirstName',
last_name='User1_LastName',
)
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User2_FirstName',
last_name='User2_LastName',
)
num_of_accounts = len(User.objects.filter(email='*****@*****.**'))
query = self.serialize({
'email': '*****@*****.**',
})
get_data = {'query': query}
resp = self.api_client.get(self.account_url_base, data=get_data)
self.assertEqual(resp.status_code, 200)
users = self.deserialize(resp)
self.assertTrue(len(users) == num_of_accounts)
for num in range(num_of_accounts):
self.assertEqual(str(users[num]['email']), '*****@*****.**')
self.assertEqual(str(users[num]['username']),
'user{0}'.format(num))
self.assertEqual(str(users[num]['first_name']),
'User{0}_FirstName'.format(num))
self.assertEqual(str(users[num]['last_name']),
'User{0}_LastName'.format(num))
class CommentResourceTest(ResourceTestCase):
fixtures = ['group.json', 'group_permission.json',
'user_group.json', 'user.json',
'user_project.json', 'project_part.json',
'project.json', 'profile.json',
'post.json', 'comment.json']
def setUp(self):
self.api_client = TestApiClient()
self.post_id = 1
self.post_data = {'post': {'pk': self.post_id,
'text': 'New comment'}}
self.detail_url = '/api/v1/comment/{0}/'.format(self.post_id)
self.list_url = '/api/v1/comment/'
self.serializer = Serializer()
def get_credentials(self):
result = self.api_client.client.login(email='*****@*****.**',
password='******')
# def test_post_list(self):
# self.get_credentials()
# self.assertIn('_auth_user_id', self.api_client.client.session)
# self.assertEqual(self.api_client.client.session['_auth_user_id'], 1)
# self.assertEqual(Comment.objects.count(), 1)
# self.assertHttpCreated(self.api_client.post(self.list_url,
# format='json',
# data=self.post_data))
# self.assertEqual(Comment.objects.count(), 2)
def test_get_list_unauthorized(self):
self.assertHttpUnauthorized(self.api_client.get(self.list_url,
format='json'))
def test_get_list(self):
self.get_credentials()
resp = self.api_client.get(self.list_url,
format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(len(json.loads(resp.content)['objects']), 1)
def test_get_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json'))
# def test_get_detail(self):
# self.get_credentials()
# resp = self.api_client.get(self.detail_url, format='json')
# self.assertValidJSONResponse(resp)
# self.assertEqual(json.loads(resp.content)['comment'], '')
def test_post_list_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json',
data=self.post_data))
def test_put_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={}))
def test_put_detail(self):
self.get_credentials()
resp = self.api_client.get(self.detail_url, format='json')
original_data = json.loads(resp.content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Comment'
self.assertEqual(Comment.objects.count(), 1)
self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data))
self.assertEqual(Comment.objects.count(), 1)
def test_delete_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json'))
def test_delete_detail(self):
self.get_credentials()
self.assertEqual(Comment.objects.count(), 1)
resp = self.api_client.delete(self.detail_url, format='json')
self.assertHttpAccepted(resp)
self.assertEqual(Comment.objects.count(), 0)
class TestCameraResource(ResourceTestCase):
def setUp(self):
# Tastypie stuff
super(TestCameraResource, self).setUp()
self.bob_api_client = TestApiClient()
self.bill_api_client = TestApiClient()
self.anon_api_client = TestApiClient()
# Create a user bob.
self.user_bob_username = "******"
self.user_bob_password = "******"
self.user_bob = User.objects.create_user(self.user_bob_username, "*****@*****.**", self.user_bob_password)
# Create a user bob.
self.user_bill_username = "******"
self.user_bill_password = "******"
self.user_bill = User.objects.create_user(
self.user_bill_username, "*****@*****.**", self.user_bill_password
)
self.bob_api_client.client.login(username="******", password="******")
self.bill_api_client.client.login(username="******", password="******")
# assign users to the Public group
public_group, created = Group.objects.get_or_create(name="Public")
self.user_bob.groups.add(public_group)
self.user_bill.groups.add(public_group)
guardian.utils.get_anonymous_user().groups.add(public_group)
# make a couple of campaigns and save
self.campaign_bobs = mommy.make_one("catamidb.Campaign", id=1)
self.campaign_bills = mommy.make_one("catamidb.Campaign", id=2)
# make a deployments
self.deployment_bobs = mommy.make_recipe("catamidb.Deployment1", id=1, campaign=self.campaign_bobs)
self.deployment_bills = mommy.make_recipe("catamidb.Deployment2", id=2, campaign=self.campaign_bills)
# make images
self.image_bobs = mommy.make_recipe("catamidb.Image1", id=1, deployment=self.deployment_bobs)
self.image_bills = mommy.make_recipe("catamidb.Image2", id=2, deployment=self.deployment_bills)
# make cameras
self.camera_bobs = mommy.make_one("catamidb.Camera", id=1, image=self.image_bobs)
self.camera_bills = mommy.make_one("catamidb.Camera", id=2, image=self.image_bills)
# assign this one to bob
authorization.apply_campaign_permissions(self.user_bob, self.campaign_bobs)
# assign this one to bill
authorization.apply_campaign_permissions(self.user_bill, self.campaign_bills)
# the API url for deployments
self.camera_url = "/api/dev/camera/"
# some post data for testing camera creation
self.post_data = []
def test_camera_operations_disabled(self):
# test that we can NOT create
self.assertHttpUnauthorized(self.anon_api_client.post(self.camera_url, format="json", data=self.post_data))
# test that we can NOT modify
self.assertHttpUnauthorized(
self.anon_api_client.put(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json", data={})
)
# test that we can NOT delete
self.assertHttpMethodNotAllowed(
self.anon_api_client.delete(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json")
)
# test that we can NOT modify authenticated
self.assertHttpUnauthorized(
self.bob_api_client.put(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json", data={})
)
# test that we can NOT delete authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.delete(self.camera_url + self.deployment_bobs.id.__str__() + "/", format="json")
)
def test_camera_operations_as_authorised_users(self):
# create a campaign & deployment that ONLY bill can see
bills_campaign = mommy.make_one("catamidb.Campaign", id=3, short_name="cp_3")
bills_deployment = mommy.make_recipe("catamidb.Deployment3", id=3, campaign=bills_campaign)
assign("view_campaign", self.user_bill, bills_campaign)
# make exclusive image for bill and assign this image to camera to image
self.image_bill_exc = mommy.make_recipe(
"catamidb.Image3", id=3, deployment=bills_deployment
) # IMPORTANT camera checks campaign which has reference to deployment. Image has reference to deployment and camera
# make exclusive camera for bill
self.camera_bill_exc = mommy.make_one("catamidb.Camera", id=3, image=self.image_bill_exc)
# check that bill can see via the API
response = self.bill_api_client.get(self.camera_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 3)
# check that bill can get to the object itself
response = self.bill_api_client.get(self.camera_url + "3/", format="json")
self.assertValidJSONResponse(response)
# check that bob can not see - now we know tastypie API has correct
# permission validation
response = self.bob_api_client.get(self.camera_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 2)
# check bob can NOT get to the hidden object
response = self.bob_api_client.get(self.camera_url + "3/", format="json")
self.assertHttpUnauthorized(response)
# check that anonymous can see public ones as well
response = self.anon_api_client.get(self.camera_url, format="json")
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)["objects"]), 2)
# check anonymous can NOT get to the hidden object
response = self.anon_api_client.get(self.camera_url + "3/", format="json")
self.assertHttpUnauthorized(response)
class DocumentResourceTest(ResourceTestCase):
fixtures = ['group.json', 'group_permission.json',
'user_group.json', 'user.json',
'user_project.json', 'project_part.json',
'project.json', 'profile.json',
'document.json']
def setUp(self):
self.api_client = TestApiClient()
self.project_part_id = 1
self.document_data = {'text': 'My document', 'project_part': {'pk': self.project_part_id}}
self.document_id = 1
self.project_part_query = '='.join(['?project_part', str(self.project_part_id)])
self.detail_url = '/api/v1/document/{0}/'.format(self.document_id)
self.list_url = '/api/v1/document/'
self.serializer = Serializer()
def get_credentials(self):
result = self.api_client.client.login(email='*****@*****.**',
password='******')
def test_document_list(self):
self.get_credentials()
self.assertIn('_auth_user_id', self.api_client.client.session)
self.assertEqual(self.api_client.client.session['_auth_user_id'], 1)
self.assertEqual(Document.objects.count(), 2)
self.assertHttpCreated(self.api_client.post(self.list_url,
format='json',
data=self.document_data))
self.assertEqual(Document.objects.count(), 3)
def test_get_list_unauthorzied(self):
self.assertHttpUnauthorized(self.api_client.get(self.list_url,
format='json'))
def test_get_list(self):
self.get_credentials()
resp = self.api_client.get(''.join([self.list_url, self.project_part_query]),
format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(len(json.loads(resp.content)['objects']), 1)
def test_get_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json'))
def test_get_detail(self):
self.get_credentials()
resp = self.api_client.get(self.detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['text'], '<h1>hola</h1>')
# def test_post_list_unauthenticated(self):
# self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json',
# data=self.document_data))
def test_put_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={'text': 'data'}))
def test_put_detail(self):
self.get_credentials()
original_data = json.loads(self.api_client.get(self.detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Document'
self.assertEqual(Document.objects.count(), 2)
self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data))
# Make sure the count hasn't changed & we did an update.
self.assertEqual(Document.objects.count(), 2)
def test_delete_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json'))
def test_delete_detail(self):
self.get_credentials()
self.assertEqual(Document.objects.count(), 2)
resp = self.api_client.delete(self.detail_url, format='json')
self.assertHttpAccepted(resp)
self.assertEqual(Document.objects.count(), 1)
class PilotJobResourceTest(ResourceTestCase):
fixtures = ['local_site.json']
def setUp(self):
super(PilotJobResourceTest, self).setUp()
self.client = TestApiClient()
self.endpoint = '/api/v1/dispatcher/'
self.format = 'json'
# Create one user
self.user = User(username="******")
self.user.save()
# create a job
self.job = Job(user=self.user,
application=Application.objects.all()[0])
self.job.maxtime = 30
self.job.save()
self.site = Site.objects.get(pk=1)
self.pilot = self.site.submit_pilot_based_on_job(self.job)
def test_submit_pilot(self):
pilot = self.site.submit_pilot_based_on_job(self.job)
self.assertEqual(type(pilot), type(Pilot()))
def test_pilot_post_job(self):
self.job.status = 'P'
self.job.save()
data = {"time_left": 60}
token = self.pilot.token
url = "%s?token=%s" % (self.endpoint, token)
request = self.client.post(url, self.format, data=data)
self.assertHttpCreated(request)
def test_pilot_get_job(self):
self.job.status = 'R'
self.job.pilot = self.pilot
self.job.save()
token = self.pilot.token
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token)
request = self.client.get(url, self.format)
self.assertValidJSONResponse(request)
def test_wrong_token(self):
url = "%s%d/?token=%s" % (self.endpoint, self.job.id,
"not-a-valid-token")
request = self.client.get(url, self.format)
self.assertHttpUnauthorized(request)
def test_no_token(self):
url = "%s%d/" % (self.endpoint, self.job.id)
request = self.client.get(url, self.format)
self.assertHttpUnauthorized(request)
def test_pilot_patch_job(self):
self.job.status = 'R'
self.job.pilot = self.pilot
self.job.save()
data = {"progress": 50}
token = self.pilot.token
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token)
request = self.client.patch(url, self.format, data=data)
self.assertHttpAccepted(request)
class HelpResourceTest(ResourceTestCase):
def setUp(self):
super(HelpResourceTest, self).setUp()
# TODO: If we end up supporting the PATCH method, use our
# FixedTestApiClient instead of the default
self.api_client = TestApiClient()
self.username = '******'
self.password = '******'
self.user = User.objects.create_user(self.username, '*****@*****.**',
self.password)
def test_get_detail(self):
help = create_help(title="Test Help Item", body="Test Help Item body")
uri = '/api/0.1/help/%s/' % (help.help_id)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['title'], "Test Help Item")
self.assertEqual(self.deserialize(resp)['body'], "Test Help Item body")
def test_get_detail_by_slug(self):
help = create_help(title="Test Help Item",
body="Test Help Item body",
slug="test")
uri = '/api/0.1/help/%s/' % (help.slug)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(self.deserialize(resp)['title'], "Test Help Item")
self.assertEqual(self.deserialize(resp)['body'], "Test Help Item body")
def test_get_list_for_section(self):
section_help = create_help(title="Test section help item",
body="Test section help item body")
nonsection_help = create_help(title="Test non-section help item",
body="Test non-section help item body",
slug='test-nonsection')
story = create_story(title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en")
section = create_section(title="Test Section 1",
story=story,
help=section_help)
uri = '/api/0.1/help/sections/%s/' % (section.section_id)
resp = self.api_client.get(uri)
self.assertValidJSONResponse(resp)
self.assertEqual(len(self.deserialize(resp)['objects']), 1)
self.assertEqual(
self.deserialize(resp)['objects'][0]['title'],
"Test section help item")
self.assertEqual(
self.deserialize(resp)['objects'][0]['body'],
"Test section help item body")
def test_post_list_for_section(self):
section_help = create_help(title="Test section help item",
body="Test section help item body")
story = create_story(title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=self.user)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {'help_id': section_help.help_id}
uri = '/api/0.1/help/sections/%s/' % (section.section_id)
self.api_client.client.login(username=self.username,
password=self.password)
resp = self.api_client.post(uri, format='json', data=post_data)
self.assertHttpCreated(resp)
updated_section = Section.objects.get(pk=section.pk)
self.assertEqual(updated_section.help, section_help)
def test_post_list_for_section_unauthorized_unauthenticated(self):
"""
Test that anonymous users cannot set the help item for a section
"""
section_help = create_help(title="Test section help item",
body="Test section help item body")
story = create_story(title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=self.user)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {'help_id': section_help.help_id}
uri = '/api/0.1/help/sections/%s/' % (section.section_id)
resp = self.api_client.post(uri, format='json', data=post_data)
self.assertHttpUnauthorized(resp)
def test_post_list_for_section_unauthorized_other_user(self):
"""
Test that a user can't set the help text for another user's section
"""
user2 = User.objects.create(username="******",
email="*****@*****.**",
password="******")
section_help = create_help(title="Test section help item",
body="Test section help item body")
story = create_story(title="Test Story",
summary="Test Summary",
byline="Test Byline",
status="published",
language="en",
author=user2)
section = create_section(title="Test Section 1", story=story)
self.assertEqual(section.help, None)
post_data = {'help_id': section_help.help_id}
self.api_client.client.login(username=self.username,
password=self.password)
uri = '/api/0.1/help/sections/%s/' % (section.section_id)
resp = self.api_client.post(uri, format='json', data=post_data)
self.assertHttpUnauthorized(resp)
class PostResourceTest(ResourceTestCase):
fixtures = ['group.json', 'group_permission.json',
'user_group.json', 'user.json',
'user_project.json', 'project_part.json',
'project.json', 'profile.json',
'post.json', 'comment.json']
def setUp(self):
# Generic
self.api_client = TestApiClient()
self.serializer = Serializer()
# API List data
self.list_url = '/api/v1/post/'
# API requests data
self.project_part_id = 1
self.post_id = 1
self.detail_url = '/api/v1/post/{0}/'.format(self.post_id)
self.project_part_query = '='.join(['?project_part', str(self.project_part_id)])
self.post_data = {'content': 'My post', 'project_part': {'pk': self.project_part_id}}
# Open API request data
self.open_project_part_id = 2
self.open_post_id = 2
self.open_detail_url = '/api/v1/post/{0}/'.format(self.open_post_id)
self.open_project_part_query = '='.join(['?project_part', str(self.open_project_part_id)])
self.open_post_data = {'content': 'My post', 'project_part': {'pk': self.open_project_part_id}}
def get_credentials(self):
result = self.api_client.client.login(email='*****@*****.**',
password='******')
def test_post_list(self):
self.get_credentials()
self.assertIn('_auth_user_id', self.api_client.client.session)
self.assertEqual(self.api_client.client.session['_auth_user_id'], 1)
self.assertEqual(Post.objects.count(), 2)
self.assertHttpCreated(self.api_client.post(self.list_url,
format='json',
data=self.post_data))
self.assertEqual(Post.objects.count(), 3)
def test_get_list_unauthorzied(self):
self.assertHttpUnauthorized(self.api_client.get(self.list_url,
format='json'))
def test_get_list(self):
self.get_credentials()
resp = self.api_client.get(''.join([self.list_url, self.project_part_query]),
format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(len(json.loads(resp.content)['objects']), 1)
def test_get_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get(self.detail_url, format='json'))
def test_get_detail(self):
self.get_credentials()
resp = self.api_client.get(self.detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['content'], 'hola')
# def test_post_list_unauthenticated(self):
# self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json',
# data=self.post_data))
def test_put_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={}))
def test_put_detail(self):
self.get_credentials()
original_data = json.loads(self.api_client.get(self.detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Post'
self.assertEqual(Post.objects.count(), 2)
self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data))
# Make sure the count hasn't changed & we did an update.
self.assertEqual(Post.objects.count(), 2)
def test_delete_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json'))
def test_delete_detail(self):
self.get_credentials()
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.delete(self.detail_url, format='json')
self.assertHttpAccepted(resp)
self.assertEqual(Post.objects.count(), 1)
# Open Projects
# FIXME It fails because tastypie is not accessing authorization
# before calling obj_create
# def test_post_list_open(self):
# self.assertEqual(Post.objects.count(), 2)
# resp = self.api_client.post(self.list_url,
# format='json',
# data=self.open_post_data)
# self.assertHttpUnauthorized(resp)
def test_get_detail_open(self):
resp = self.api_client.get(self.open_detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['content'], 'hola')
def test_delete_detail_open(self):
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.delete(self.open_detail_url, format='json')
self.assertHttpUnauthorized(resp)
def test_put_detail_open(self):
original_data = json.loads(self.api_client.get(self.open_detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Post'
self.assertEqual(Post.objects.count(), 2)
resp = self.api_client.put(self.open_detail_url, format='json', data=new_data)
self.assertHttpUnauthorized(resp)
class TestScientificImageMeasurementResource(ResourceTestCase):
def setUp(self):
#Tastypie stuff
super(TestScientificImageMeasurementResource, self).setUp()
self.bob_api_client = TestApiClient()
self.bill_api_client = TestApiClient()
self.anon_api_client = TestApiClient()
# Create a user bob.
self.user_bob_username = '******'
self.user_bob_password = '******'
self.user_bob = User.objects.create_user(self.user_bob_username,
'*****@*****.**',
self.user_bob_password)
# Create a user bob.
self.user_bill_username = '******'
self.user_bill_password = '******'
self.user_bill = User.objects.create_user(self.user_bill_username,
'*****@*****.**',
self.user_bill_password)
self.bob_api_client.client.login(username='******', password='******')
self.bill_api_client.client.login(username='******', password='******')
#assign users to the Public group
public_group, created = Group.objects.get_or_create(name='Public')
self.user_bob.groups.add(public_group)
self.user_bill.groups.add(public_group)
guardian.utils.get_anonymous_user().groups.add(public_group)
#make a couple of campaigns and save
self.campaign_bobs = mommy.make_one('catamidb.Campaign', id=1)
self.campaign_bills = mommy.make_one('catamidb.Campaign', id=2)
#make a deployments
self.deployment_bobs = mommy.make_recipe('catamidb.auvdeployment1',
id=1,
campaign=self.campaign_bobs)
self.deployment_bills = mommy.make_recipe('catamidb.auvdeployment2',
id=2,
campaign=self.campaign_bills)
#make poses
self.pose_bobs = mommy.make_recipe('catamidb.pose1', id=1,
deployment=self.deployment_bobs)
self.pose_bills = mommy.make_recipe('catamidb.pose2', id=2,
deployment=self.deployment_bills)
#make cameras
self.camera_bobs = mommy.make_one('catamidb.Camera', id=1,
deployment=self.deployment_bobs)
self.camera_bills = mommy.make_one('catamidb.Camera', id=2,
deployment=self.deployment_bills)
#make images
self.image_bobs = mommy.make_one(
'catamidb.Image',
id=1,
pose=self.
pose_bobs,
camera=self.camera_bobs)
self.image_bills = mommy.make_one(
'catamidb.Image',
id=2,
pose=self.
pose_bills,
camera=self.camera_bills)
#make image measurements
self.image_measurement_bobs = mommy.make_one(
'catamidb.ScientificImageMeasurement', id=1, image=self.image_bobs
)
self.image_measurement_bills = mommy.make_one(
'catamidb.ScientificImageMeasurement', id=2, image=self.
image_bills)
#assign this one to bob
authorization.apply_campaign_permissions(
self.user_bob, self.campaign_bobs)
#assign this one to bill
authorization.apply_campaign_permissions(
self.user_bill, self.campaign_bills)
#the API url for campaigns
self.image_measurement_url = '/api/dev/scientificimagemeasurement/'
self.post_data = []
# can only do GET at this stage
def test_image_measurement_operations_disabled(self):
# test that we can NOT create
self.assertHttpMethodNotAllowed(
self.anon_api_client.post(self.image_measurement_url,
format='json',
data=self.post_data))
# test that we can NOT modify
self.assertHttpMethodNotAllowed(
self.anon_api_client.put(
self.image_measurement_url +
self.deployment_bobs.id.__str__() + "/",
format='json',
data={}
)
)
# test that we can NOT delete
self.assertHttpMethodNotAllowed(
self.anon_api_client.delete(
self.image_measurement_url +
self.deployment_bobs.id.__str__() + "/",
format='json'
)
)
# test that we can NOT create authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.post(
self.image_measurement_url,
format='json',
data=self.post_data
)
)
# test that we can NOT modify authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.put(
self.image_measurement_url +
self.deployment_bobs.id.__str__() + "/",
format='json',
data={}
)
)
# test that we can NOT delete authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.delete(
self.image_measurement_url +
self.deployment_bobs.id.__str__() + "/",
format='json'
)
)
def test_image_measurement_operations_as_authorised_users(self):
# create a campaign & deployment that ONLY bill can see
bills_campaign = mommy.make_one('catamidb.Campaign', id=3)
bills_deployment = mommy.make_recipe('catamidb.auvdeployment', id=3,
campaign=bills_campaign)
bills_pose = mommy.make_recipe('catamidb.pose3', id=3,
deployment=bills_deployment)
bills_camera = mommy.make_one('catamidb.Camera', id=3,
deployment=bills_deployment)
bills_image = mommy.make_one('catamidb.Image', id=3, pose=bills_pose,
camera=bills_camera)
bills_image_measurement = mommy.make_one(
'catamidb.ScientificImageMeasurement', id=3, image=bills_image)
assign('view_campaign', self.user_bill, bills_campaign)
# check that bill can see via the API
response = self.bill_api_client.get(self.image_measurement_url,
format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 3)
# check that bill can get to the object itself
response = self.bill_api_client.get(self.image_measurement_url + "3/",
format='json')
self.assertValidJSONResponse(response)
# check that bob can not see - now we know tastypie API has correct
# permission validation
response = self.bob_api_client.get(self.image_measurement_url,
format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 2)
# check bob can NOT get to the hidden object
response = self.bob_api_client.get(self.image_measurement_url + "3/",
format='json')
self.assertHttpUnauthorized(response)
#check that anonymous can see public ones as well
response = self.anon_api_client.get(self.image_measurement_url,
format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 2)
#check anonymous can NOT get to the hidden object
response = self.anon_api_client.get(self.image_measurement_url + "3/",
format='json')
self.assertHttpUnauthorized(response)
class ListItTestCase(ResourceTestCaseMixin, TestCase):
def setUp(self):
super(ListItTestCase, self).setUp()
self.client = TestApiClient()
def test_add_tasks(self):
#curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"title": "test task 9", "due_date":"2018-05-22T00:46:38", "status": "P" }' http://localhost:8000/api/v1/tasks/
due_date = date.today() - timedelta(days=2)
for i in range(16):
response = self.client.post('/api/v1/tasks/',
data={
'title': 'test task',
'due_date': due_date,
'status': 'P',
})
due_date = due_date + timedelta(days=1)
self.assertEqual(response.status_code, 201)
def test_filter_today_tasks(self):
self.test_add_tasks()
response = self.client.get('/api/v1/filters/',
data={"duedate": "today"})
response_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), 1)
def test_filter_this_week_tasks(self):
self.test_add_tasks()
response = self.client.get('/api/v1/filters/',
data={"duedate": "this_week"})
response_obj = response.json()
today = date.today()
week_start = today - timedelta(days=today.weekday())
end = week_start + timedelta(days=6)
count = (end - today).days + 1
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), count)
def test_filter_next_week_tasks(self):
self.test_add_tasks()
response = self.client.get('/api/v1/filters/',
data={"duedate": "next_week"})
response_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), 7)
def test_filter_overdue_tasks(self):
self.test_add_tasks()
response = self.client.get('/api/v1/filters/',
data={"duedate": "overdue"})
response_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), 2)
def test_add_subtask(self):
self.test_filter_today_tasks()
# curl --dump-header - -H "Content-Type: application/json" -X POST --data '{"title": "test task ", "task": "/api/v1/tasks/9/" }' http://localhost:8000/api/v1/subtasks/
response = self.client.post('/api/v1/subtasks/',
data={
'title': 'test subtask',
'task': '/api/v1/tasks/1/',
})
self.assertEqual(response.status_code, 201)
def test_search_known_tasks(self):
#http://127.0.0.1:8000/api/v1/tasks/search/?format=json&q=test task 6
self.test_add_tasks()
response = self.client.get('/api/v1/tasks/search/?q=test task')
response_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), 16)
def test_search_unknown_tasks(self):
#http://127.0.0.1:8000/api/v1/tasks/search/?format=json&q=test task 6
self.test_add_tasks()
response = self.client.get('/api/v1/tasks/search/?q=blah')
response_obj = response.json()
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response_obj.get('objects')), 0)
def test_get_task_detail_json(self):
self.test_filter_today_tasks()
response = self.api_client.get('/api/v1/tasks/1/', format='json')
self.assertValidJSONResponse(response)
self.assertKeys(self.deserialize(response),
['title', 'due_date', 'status', 'resource_uri'])
self.assertEqual(self.deserialize(response)['title'], 'test task')
self.assertEqual(self.deserialize(response)['status'], 'P')
self.assertEqual(
self.deserialize(response)['due_date'],
((date.today() - timedelta(days=2)).isoformat()))
def test_put_task_detail(self):
# Grab the current data & modify it slightly.
self.test_add_tasks()
original_data = self.deserialize(
self.api_client.get('/api/v1/tasks/1/', format='json'))
new_data = original_data.copy()
new_data['status'] = 'C'
self.assertEqual(Task.objects.count(), 16)
self.assertHttpAccepted(
self.api_client.put('/api/v1/tasks/1/',
format='json',
data=new_data))
# Make sure the count hasn't changed & we did an update.
self.assertEqual(Task.objects.count(), 16)
# Check for updated data.
self.assertEqual(Task.objects.get(pk=1).status, 'C')
class ApiTestCase(ResourceTestCase):
def setUp(self):
super(ApiTestCase, self).setUp()
# Use custom api client
self.api_client = TestApiClient()
# Look for the test user
self.username = u"tester"
self.password = u"tester"
try:
self.user = User.objects.get(username=self.username)
jpp = Organization.objects.get(name=u"Journalism++")
jg = Organization.objects.get(name=u"Journalism Grant")
fra = Country.objects.get(name=u"France")
self.pr = pr = Person.objects.get(name=u"Pierre Roméra")
self.pb = pb = Person.objects.get(name=u"Pierre Bellon")
except ObjectDoesNotExist:
# Create the new user
self.user = User.objects.create_user(self.username, "*****@*****.**", self.password)
self.user.is_staff = True
self.user.is_superuser = True
self.user.save()
# Create related objects
jpp = Organization(name=u"Journalism++")
jpp.save()
jg = Organization(name=u"Journalism Grant")
jg.save()
fra = Country(name=u"France", isoa3=u"FRA")
fra.save()
self.pr = pr = Person(name=u"Pierre Roméra")
pr.based_in.add(fra)
pr.activity_in_organization.add(jpp)
pr.save()
self.pb = pb = Person(name=u"Pierre Bellon")
pb.based_in.add(fra)
pb.activity_in_organization.add(jpp)
pb.save()
self.post_data_simple = {"name": "Lorem ispum TEST", "twitter_handle": "loremipsum"}
self.post_data_related = {
"name": "Lorem ispum TEST RELATED",
"owner": [{"id": jpp.id}, {"id": jg.id}],
"activity_in_country": [{"id": fra.id}],
}
self.rdf_jpp = {
"label": u"Person that has activity in Journalism++",
"object": {"id": 283, "model": u"common:Organization", "name": u"Journalism++"},
"predicate": {
"label": u"has activity in",
"name": u"person_has_activity_in_organization+",
"subject": u"energy:Person",
},
"subject": {"label": u"Person", "name": u"energy:Person"},
}
def get_credentials(self):
return self.api_client.client.login(username=self.username, password=self.password)
def test_user_login_succeed(self):
auth = dict(username=u"tester", password=u"tester")
resp = self.api_client.post("/api/common/v1/user/login/", format="json", data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_login_failed(self):
auth = dict(username=u"tester", password=u"wrong")
resp = self.api_client.post("/api/common/v1/user/login/", format="json", data=auth)
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_logout_succeed(self):
# First login
auth = dict(username=u"tester", password=u"tester")
self.api_client.post("/api/common/v1/user/login/", format="json", data=auth)
# Then logout
resp = self.api_client.get("/api/common/v1/user/logout/", format="json")
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], True)
def test_user_logout_failed(self):
resp = self.api_client.get("/api/common/v1/user/logout/", format="json")
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["success"], False)
def test_user_status_isnt_logged(self):
resp = self.api_client.get("/api/common/v1/user/status/", format="json")
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], False)
def test_user_status_is_logged(self):
# Log in
auth = dict(username=u"tester", password=u"tester")
self.api_client.post("/api/common/v1/user/login/", format="json", data=auth)
resp = self.api_client.get("/api/common/v1/user/status/", format="json")
self.assertValidJSON(resp.content)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(data["is_logged"], True)
def test_get_list_unauthorzied(self):
self.assertHttpUnauthorized(self.api_client.get("/api/energy/v1/energyproject/", format="json"))
def test_get_list_json(self):
resp = self.api_client.get(
"/api/energy/v1/energyproject/?limit=20", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Number of element on the first page
count = min(20, EnergyProject.objects.count())
self.assertEqual(len(self.deserialize(resp)["objects"]), count)
def test_post_list_unauthenticated(self):
self.assertHttpUnauthorized(
self.api_client.post("/api/energy/v1/energyproject/", format="json", data=self.post_data_simple)
)
def test_post_list(self):
# Check how many are there first.
count = EnergyProject.objects.count()
self.assertHttpCreated(
self.api_client.post(
"/api/energy/v1/energyproject/",
format="json",
data=self.post_data_simple,
authentication=self.get_credentials(),
)
)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count + 1)
def test_post_list_related(self):
# Check how many are there first.
count = EnergyProject.objects.count()
# Record API response to extract data
resp = self.api_client.post(
"/api/energy/v1/energyproject/",
format="json",
data=self.post_data_related,
authentication=self.get_credentials(),
)
# Vertify the request status
self.assertHttpCreated(resp)
# Verify a new one has been added.
self.assertEqual(EnergyProject.objects.count(), count + 1)
# Are the data readable?
self.assertValidJSON(resp.content)
# Parse data to verify relationship
data = json.loads(resp.content)
self.assertEqual(len(data["owner"]), len(self.post_data_related["owner"]))
self.assertEqual(len(data["activity_in_country"]), len(self.post_data_related["activity_in_country"]))
def test_mine(self):
resp = self.api_client.get(
"/api/energy/v1/energyproject/mine/", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
self.assertEqual(
min(20, len(data["objects"])), EnergyProject.objects.filter(_author__contains=self.user.id).count()
)
def test_search_organization(self):
resp = self.api_client.get(
"/api/energy/v1/organization/search/?q=Journalism", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater(len(data.items()), 1)
def test_search_organization_wrong_page(self):
resp = self.api_client.get(
"/api/energy/v1/organization/search/?q=Roméra&page=10000",
format="json",
authentication=self.get_credentials(),
)
self.assertHttpNotFound(resp)
def test_cypher_detail(self):
self.assertHttpNotFound(
self.api_client.get("/api/common/v1/cypher/111/", format="json", authentication=self.get_credentials())
)
def test_cypher_unauthenticated(self):
self.assertHttpUnauthorized(
self.api_client.get("/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;", format="json")
)
def test_cypher_unauthorized(self):
# Ensure the user isn't authorized to process cypher request
self.user.is_staff = True
self.user.is_superuser = False
self.user.save()
self.assertHttpUnauthorized(
self.api_client.get(
"/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;",
format="json",
authentication=self.get_credentials(),
)
)
def test_cypher_authorized(self):
# Ensure the user IS authorized to process cypher request
self.user.is_superuser = True
self.user.save()
self.assertValidJSONResponse(
self.api_client.get(
"/api/common/v1/cypher/?q=START%20n=node%28*%29RETURN%20n;",
format="json",
authentication=self.get_credentials(),
)
)
def test_summary_list(self):
self.assertHttpNotFound(self.api_client.get("/api/common/v1/summary/", format="json"))
def test_countries_summary(self):
resp = self.api_client.get(
"/api/common/v1/summary/countries/", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# Only France is present
self.assertGreater(len(data), 0)
# We added 1 relation to France
self.assertEqual("count" in data["FRA"], True)
def test_forms_summary(self):
resp = self.api_client.get(
"/api/common/v1/summary/forms/", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# As many descriptors as models
self.assertEqual(11, len(data.items()))
def test_types_summary(self):
resp = self.api_client.get(
"/api/common/v1/summary/types/", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
def test_search_summary(self):
resp = self.api_client.get(
"/api/common/v1/summary/search/?q=Journalism", format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
# Parse data to check the number of result
data = json.loads(resp.content)
# At least 2 results
self.assertGreater(len(data.items()), 1)
def test_search_summary_wrong_page(self):
resp = self.api_client.get(
"/api/common/v1/summary/search/?q=Journalism&page=-1", format="json", authentication=self.get_credentials()
)
self.assertHttpNotFound(resp)
def test_summary_human_search(self):
query = "Person activity in Journalism"
expected = "Person that has activity in Journalism++"
expected2 = "Person that had activity previous in Journalism++"
resp = self.api_client.get(
"/api/common/v1/summary/human/?q=%s" % query, format="json", authentication=self.get_credentials()
)
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
self.assertGreater(len(data["objects"]), 1)
def test_rdf_search(self):
# RDF object for persons that have activity in J++, we need to urlencode
# the JSON string to avoid '+' loss
rdf_str = urllib.quote(json.dumps(self.rdf_jpp))
url = "/api/common/v1/summary/rdf_search/?limit=20&offset=0&q=%s" % rdf_str
resp = self.api_client.get(url, format="json", authentication=self.get_credentials())
self.assertValidJSONResponse(resp)
data = json.loads(resp.content)
objects = data["objects"]
pr_t = find(lambda x: x["name"] == self.pr.name, objects)
pb_t = find(lambda x: x["name"] == self.pb.name, objects)
self.assertIsNotNone(pr_t)
self.assertIsNotNone(pb_t)
class ResourceTest(ResourceTestCase):
serializer = Serializer()
def setUp(self):
self.api_client = TestApiClient()
self.username = '******'
self.password = '******'
self.user = hydroshare.create_account(
'*****@*****.**',
username=self.username,
password=self.password,
first_name='User0_FirstName',
last_name='User0_LastName',
)
self.api_client.client.login(username=self.username,
password=self.password)
self.url_proto = '/hsapi/resource/{0}/files/{1}/'
self.filename = 'test.txt'
def tearDown(self):
User.objects.all().delete()
GenericResource.objects.all().delete()
def test_resource_file_get(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_put(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
mynewfile = open(self.filename, 'w')
mynewfile.write('anyone there?\n')
mynewfile.close()
mynewfile = open(self.filename, 'r')
url = self.url_proto.format(res1.short_id, self.filename)
put_data = {'resource_file': mynewfile}
resp = self.api_client.put(url, data=put_data)
self.assertHttpAccepted(resp)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_post(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
post_data = {'resource_file': myfile}
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.post(url, data=post_data)
self.assertHttpAccepted(resp)
resp = self.api_client.get(url)
self.assertIn(resp.status_code, [201, 200])
def test_resource_file_delete(self):
myfile = open(self.filename, 'w')
myfile.write('hello world!\n')
myfile.close()
myfile = open(self.filename, 'r')
res1 = hydroshare.create_resource('GenericResource', self.user, 'res1')
hydroshare.add_resource_files(res1.short_id, myfile)
url = self.url_proto.format(res1.short_id, self.filename)
resp = self.api_client.delete(url)
self.assertIn(resp.status_code, [200, 202, 204])
self.assertHttpNotFound(self.api_client.get(url, format='json'))
class CreateOrListAccountsTest(ResourceTestCase):
serializer = Serializer()
def setUp(self):
self.account_url_base = '/hsapi/accounts/'
self.sudo = hydroshare.create_account('*****@*****.**','hs','hydro','share',True,password='******')
self.api_client = TestApiClient()
self.api_client.client.login(username=self.sudo.username, password=self.sudo.password)
def tearDown(self):
User.objects.all().delete()
def test_create_account(self):
username = '******'
password = '******'
post_data_should_fail = CreateOrListAccounts.CreateAccountForm({
'email': '*****@*****.**',
'username': username,
'first_name': 'shaun',
'last_name': 'livingston',
'password': password,
'superuser': True
})
resp=self.api_client.post(self.account_url_base, data=post_data_should_fail)
self.assertHttpForbidden(resp)
post_data_should_succeed = CreateOrListAccounts.CreateAccountForm({
'email': '*****@*****.**',
'username': username,
'first_name': 'shaun',
'last_name': 'livingston',
'password': password
})
resp=self.api_client.post(self.account_url_base, data=post_data_should_succeed)
self.assertHttpCreated(resp)
self.assertTrue(User.objects.filter(email='*****@*****.**').exists())
self.assertTrue(User.objects.filter(username=username).exists())
self.assertTrue(User.objects.filter(first_name='shaun').exists())
self.assertTrue(User.objects.filter(last_name='livingston').exists())
self.assertTrue(User.objects.filter(superuser=True).exists())
def test_list_users(self):
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User0_FirstName',
last_name='User0_LastName',
)
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User1_FirstName',
last_name='User1_LastName',
)
hydroshare.create_account(
'*****@*****.**',
username='******',
first_name='User2_FirstName',
last_name='User2_LastName',
)
num_of_accounts = len(User.objects.filter(email= '*****@*****.**'))
query = self.serialize({
'email': '*****@*****.**',
})
get_data = {'query': query}
resp = self.api_client.get(self.account_url_base, data=get_data)
self.assertEqual(resp.status_code,200)
users = self.deserialize(resp)
self.assertTrue(len(users)==num_of_accounts)
for num in range(num_of_accounts):
self.assertEqual(str(users[num]['email']), '*****@*****.**')
self.assertEqual(str(users[num]['username']), 'user{0}'.format(num))
self.assertEqual(str(users[num]['first_name']), 'User{0}_FirstName'.format(num))
self.assertEqual(str(users[num]['last_name']), 'User{0}_LastName'.format(num))
class TaskResourceTest(ResourceTestCase):
fixtures = ['group.json', 'group_permission.json',
'user_group.json', 'user.json',
'user_project.json', 'project_part.json',
'project.json', 'profile.json',
'task.json']
def setUp(self):
self.api_client = TestApiClient()
self.task_id = 1
self.project_part_id = 1
self.task = {'description': 'new Task',
'project_part': {'pk': self.project_part_id},
'flag_finished': 0,
'weight': 20
}
self.detail_url = '/api/v1/task/{0}/'.format(self.task_id)
self.project_part_query = '='.join(['?project_part', str(self.project_part_id)])
self.list_url = '/api/v1/task/'
self.serializer = Serializer()
def get_credentials(self):
result = self.api_client.client.login(email='*****@*****.**',
password='******')
def test_post_list(self):
self.get_credentials()
self.assertIn('_auth_user_id', self.api_client.client.session)
self.assertEqual(self.api_client.client.session['_auth_user_id'], 1)
self.assertEqual(Task.objects.count(), 2)
resp = self.api_client.post(self.list_url,
format='json',
data=self.task)
self.assertHttpCreated(resp)
self.assertEqual(Task.objects.count(), 3)
def test_get_list_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.get(''.join([self.list_url, self.project_part_query]),
format='json'))
def test_get_list_json(self):
self.get_credentials()
resp = self.api_client.get(''.join([self.list_url, self.project_part_query]),
format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(len(json.loads(resp.content)['objects']), 2)
def test_get_detail_unauthenticated(self):
resp = self.api_client.get(self.detail_url, format='json')
self.assertHttpUnauthorized(resp)
def test_get_detail_json(self):
self.get_credentials()
resp = self.api_client.get(self.detail_url, format='json')
self.assertValidJSONResponse(resp)
self.assertEqual(json.loads(resp.content)['description'], 'new task')
# def test_post_list_unauthenticated(self):
# self.assertHttpUnauthorized(self.api_client.post(self.list_url, format='json',
# data=self.task))
def test_put_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.put(self.detail_url, format='json', data={}))
def test_put_detail(self):
self.get_credentials()
original_data = json.loads(self.api_client.get(self.detail_url, format='json').content)
new_data = original_data.copy()
new_data['title'] = 'Updated: First Task'
self.assertEqual(Task.objects.count(), 2)
self.assertHttpAccepted(self.api_client.put(self.detail_url, format='json', data=new_data))
self.assertEqual(Task.objects.count(), 2)
def test_delete_detail_unauthenticated(self):
self.assertHttpUnauthorized(self.api_client.delete(self.detail_url, format='json'))
def test_delete_detail(self):
self.get_credentials()
self.assertEqual(Task.objects.count(), 2)
self.assertHttpAccepted(self.api_client.delete(self.detail_url, format='json'))
self.assertEqual(Task.objects.count(), 1)
class PilotJobResourceTest(ResourceTestCase):
fixtures = ['local_site.json']
def setUp(self):
super(PilotJobResourceTest, self).setUp()
self.client = TestApiClient()
self.endpoint = '/api/v1/dispatcher/'
self.format = 'json'
# Create one user
self.user = User(username="******")
self.user.save()
# create a job
self.job = Job(user=self.user, application=Application.objects.all()[0])
self.job.maxtime = 30
self.job.save()
self.site = Site.objects.get(pk=1)
self.pilot = self.site.submit_pilot_based_on_job(self.job)
def test_submit_pilot(self):
pilot = self.site.submit_pilot_based_on_job(self.job)
self.assertEqual(type(pilot), type(Pilot()))
def test_pilot_post_job(self):
self.job.status='P'
self.job.save()
data = {"time_left": 60}
token = self.pilot.token
url = "%s?token=%s" % (self.endpoint, token)
request = self.client.post(url, self.format, data=data)
self.assertHttpCreated(request)
def test_pilot_get_job(self):
self.job.status='R'
self.job.pilot = self.pilot
self.job.save()
token = self.pilot.token
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token)
request = self.client.get(url, self.format)
self.assertValidJSONResponse(request)
def test_wrong_token(self):
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, "not-a-valid-token")
request = self.client.get(url, self.format)
self.assertHttpUnauthorized(request)
def test_no_token(self):
url = "%s%d/" % (self.endpoint, self.job.id)
request = self.client.get(url, self.format)
self.assertHttpUnauthorized(request)
def test_pilot_patch_job(self):
self.job.status='R'
self.job.pilot = self.pilot
self.job.save()
data = {"progress": 50}
token = self.pilot.token
url = "%s%d/?token=%s" % (self.endpoint, self.job.id, token)
request = self.client.patch(url, self.format, data=data)
self.assertHttpAccepted(request)
class ApiResourceTestCase(ResourceTestCase):
# TODO: Using the regular ROOT_URLCONF avoids a problem where failing tests print useless error messages,
# because the 500.html error template includes a {% url %} lookup that isn't included in api.urls.
# There could be a better way to handle this.
# url_base = "/v1"
url_base = "/api/v1"
server_domain = "perma.dev"
server_port = 8999
serve_files = []
rejected_status_code = 401 # Unauthorized
# reduce wait times for testing
perma.tasks.ROBOTS_TXT_TIMEOUT = perma.tasks.AFTER_LOAD_TIMEOUT = 1
@classmethod
def setUpClass(cls):
if len(cls.serve_files):
cls.start_server()
@classmethod
def tearDownClass(cls):
if getattr(cls, "_server_process", None):
cls.kill_server()
def setUp(self):
super(ApiResourceTestCase, self).setUp()
self.api_client = TestApiClient(serializer=MultipartSerializer())
self._media_org = settings.MEDIA_ROOT
self._media_tmp = settings.MEDIA_ROOT = tempfile.mkdtemp()
try:
self.list_url = "{0}/{1}".format(self.url_base, self.resource.Meta.resource_name)
except:
pass
def tearDown(self):
settings.MEDIA_ROOT = self._media_org
shutil.rmtree(self._media_tmp)
def get_credentials(self, user=None):
user = user or self.user
return "ApiKey %s" % user.api_key.key
@classmethod
def start_server(cls):
"""
Set up a server with some known files to run captures against. Example:
with run_server_in_temp_folder([
'test/assets/test.html',
'test/assets/test.pdf',
['test/assets/test.html', 'some_other_url.html']):
assert(requests.get("http://localhost/test.html") == contents_of_file("test.html"))
assert(requests.get("http://localhost/some_other_url.html") == contents_of_file("test.html"))
"""
assert socket.gethostbyname(cls.server_domain) in ('0.0.0.0', '127.0.0.1'), "Please add `127.0.0.1 " + cls.server_domain + "` to your hosts file before running this test."
# Run in temp dir.
# We have to (implicitly) cwd to this so SimpleHTTPRequestHandler serves the files for us.
cwd = os.getcwd()
cls._server_tmp = tempfile.mkdtemp()
os.chdir(cls._server_tmp)
# Copy over files to current temp dir, stripping paths.
for source_file in cls.serve_files:
# handle single strings
if isinstance(source_file, basestring):
target_url = os.path.basename(source_file)
# handle tuple like (source_file, target_url)
else:
source_file, target_url = source_file
copy_file_or_dir(os.path.join(cwd, source_file), target_url)
# start server
cls._httpd = TestHTTPServer(('', cls.server_port), SimpleHTTPRequestHandler)
cls._httpd._BaseServer__is_shut_down = multiprocessing.Event()
cls._server_process = Process(target=cls._httpd.serve_forever)
cls._server_process.start()
# once the server is started, we can return to our working dir
# and the server thread will continue to server from the tmp dir
os.chdir(cwd)
return cls._server_process
@classmethod
def kill_server(cls):
# If you don't close the server before terminating
# the thread the port isn't freed up.
cls._httpd.server_close()
cls._server_process.terminate()
shutil.rmtree(cls._server_tmp)
@contextmanager
def serve_file(self, src):
if not getattr(self.__class__, "_server_process", None):
self.__class__.start_server()
dst = os.path.join(self._server_tmp, os.path.basename(src))
try:
copy_file_or_dir(src, dst)
yield
finally:
os.remove(dst)
@cached_property
def server_url(self):
return "http://" + self.server_domain + ":" + str(self.server_port)
@contextmanager
def header_timeout(self, timeout):
prev_t = models.HEADER_CHECK_TIMEOUT
try:
models.HEADER_CHECK_TIMEOUT = timeout
yield
finally:
models.HEADER_CHECK_TIMEOUT = prev_t
def assertValidJSONResponse(self, resp):
# Modified from tastypie to allow 201's as well
# https://github.com/toastdriven/django-tastypie/blob/master/tastypie/test.py#L448
try:
self.assertHttpOK(resp)
except AssertionError:
self.assertHttpCreated(resp)
self.assertTrue(resp['Content-Type'].startswith('application/json'))
self.assertValidJSON(force_text(resp.content))
def detail_url(self, obj):
return "{0}/{1}".format(self.list_url, obj.pk)
def get_req_kwargs(self, kwargs):
req_kwargs = {}
if kwargs.get('format', None):
req_kwargs['format'] = kwargs['format']
if kwargs.get('user', None):
req_kwargs['authentication'] = self.get_credentials(kwargs['user'])
return req_kwargs
def successful_get(self, url, data=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
resp = self.api_client.get(url, data=data, **req_kwargs)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
data = self.deserialize(resp)
if kwargs.get('fields', None):
self.assertKeys(data, kwargs['fields'])
if kwargs.get('count', None):
self.assertEqual(len(data['objects']), kwargs['count'])
return data
def rejected_get(self, url, expected_status_code=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
resp = self.api_client.get(url, **req_kwargs)
self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code)
return resp
def successful_post(self, url, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
count = self.resource._meta.queryset.count()
resp = self.api_client.post(url, data=kwargs['data'], **req_kwargs)
self.assertHttpCreated(resp)
self.assertValidJSONResponse(resp)
# Make sure the count changed
self.assertEqual(self.resource._meta.queryset.count(), count+1)
return self.deserialize(resp)
def rejected_post(self, url, expected_status_code=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
count = self.resource._meta.queryset.count()
resp = self.api_client.post(url, data=kwargs['data'], **req_kwargs)
self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code)
self.assertEqual(self.resource._meta.queryset.count(), count)
return resp
def successful_put(self, url, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
if kwargs.get('data', None):
req_kwargs['data'] = kwargs['data']
count = self.resource._meta.queryset.count()
resp = self.api_client.put(url, **req_kwargs)
self.assertHttpAccepted(resp)
# Make sure the count hasn't changed
self.assertEqual(self.resource._meta.queryset.count(), count)
def rejected_put(self, url, expected_status_code=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
if kwargs.get('data', None):
req_kwargs['data'] = kwargs['data']
count = self.resource._meta.queryset.count()
resp = self.api_client.put(url, **req_kwargs)
self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code)
# Make sure the count hasn't changed
self.assertEqual(self.resource._meta.queryset.count(), count)
def successful_patch(self, url, check_results=True, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
if check_results:
# Fetch the existing data for comparison.
resp = self.api_client.get(url, **req_kwargs)
self.assertHttpOK(resp)
self.assertValidJSONResponse(resp)
old_data = self.deserialize(resp)
new_data = dict(old_data, **kwargs['data'])
else:
new_data = kwargs['data']
count = self.resource._meta.queryset.count()
patch_resp = self.api_client.patch(url, data=new_data, **req_kwargs)
self.assertHttpAccepted(patch_resp)
# Make sure the count hasn't changed & we did an update.
self.assertEqual(self.resource._meta.queryset.count(), count)
if check_results:
fresh_data = self.deserialize(self.api_client.get(url, **req_kwargs))
for attr in kwargs['data'].keys():
try:
# Make sure the data actually changed
self.assertNotEqual(fresh_data[attr], old_data[attr])
# Make sure the data changed to what we specified
self.assertEqual(fresh_data[attr], new_data[attr])
except AssertionError:
# If we specified a nested ID, we'll be getting back an object
if str(new_data[attr]).isdigit() and isinstance(fresh_data[attr], dict):
self.assertEqual(new_data[attr], fresh_data[attr]['id'])
else:
raise
except KeyError:
pass
return fresh_data
else:
return self.deserialize(patch_resp)
def rejected_patch(self, url, expected_status_code=None, expected_data=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
old_data = self.deserialize(self.api_client.get(url, **req_kwargs))
# User might not have GET access to grab initial data
if old_data:
new_data = old_data.copy()
new_data.update(kwargs['data'])
else:
new_data = kwargs['data']
count = self.resource._meta.queryset.count()
resp = self.api_client.patch(url, data=new_data, **req_kwargs)
self.assertEqual(resp.status_code, expected_status_code or self.rejected_status_code)
if expected_data:
self.assertDictEqual(self.deserialize(resp), expected_data)
self.assertEqual(self.resource._meta.queryset.count(), count)
self.assertEqual(self.deserialize(self.api_client.get(url, **req_kwargs)), old_data)
return resp
def successful_delete(self, url, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
count = self.resource._meta.queryset.count()
self.assertHttpOK(
self.api_client.get(url, **req_kwargs))
self.assertHttpAccepted(
self.api_client.delete(url, **req_kwargs))
self.assertEqual(self.resource._meta.queryset.count(), count-1)
self.assertHttpNotFound(
self.api_client.get(url, **req_kwargs))
def rejected_delete(self, url, expected_status_code=None, expected_data=None, **kwargs):
req_kwargs = self.get_req_kwargs(kwargs)
count = self.resource._meta.queryset.count()
delete_resp = self.api_client.delete(url, **req_kwargs)
self.assertEqual(delete_resp.status_code, expected_status_code or self.rejected_status_code)
if expected_data:
self.assertDictEqual(self.deserialize(delete_resp), expected_data)
self.assertEqual(self.resource._meta.queryset.count(), count)
resp = self.api_client.get(url, **req_kwargs)
try:
# If the user doesn't have access, that's okay -
# we were testing delete from an unauthorized user
self.assertHttpUnauthorized(resp)
except AssertionError:
# Check for OK last so that this is the assertion
# that shows up as the failure if it doesn't pass
self.assertHttpOK(resp)
return delete_resp
class TestCampaignResource(ResourceTestCase):
def setUp(self):
#Tastypie stuff
super(TestCampaignResource, self).setUp()
self.bob_api_client = TestApiClient()
self.bill_api_client = TestApiClient()
self.anon_api_client = TestApiClient()
# Create a user bob.
self.user_bob_username = '******'
self.user_bob_password = '******'
self.user_bob = User.objects.create_user(self.user_bob_username,
'*****@*****.**',
self.user_bob_password)
# Create a user bob.
self.user_bill_username = '******'
self.user_bill_password = '******'
self.user_bill = User.objects.create_user(self.user_bill_username,
'*****@*****.**',
self.user_bill_password)
self.bob_api_client.client.login(username='******', password='******')
self.bill_api_client.client.login(username='******', password='******')
#assign users to the Public group
public_group, created = Group.objects.get_or_create(name='Public')
self.user_bob.groups.add(public_group)
self.user_bill.groups.add(public_group)
guardian.utils.get_anonymous_user().groups.add(public_group)
#make a couple of campaigns and save
self.campaign_bobs = mommy.make_one('catamidb.Campaign', id=1)
self.campaign_bills = mommy.make_one('catamidb.Campaign', id=2)
#assign this one to bob
authorization.apply_campaign_permissions(
self.user_bob, self.campaign_bobs)
#assign this one to bill
authorization.apply_campaign_permissions(
self.user_bill, self.campaign_bills)
#the API url for campaigns
self.campaign_url = '/api/dev/campaign/'
#some post data for testing campaign creation
self.post_data = {
'short_name': 'Blah',
'description': 'Blah',
'associated_researchers': 'Blah',
'associated_publications': 'Blah',
'associated_research_grant': 'Blah',
'date_start': '2012-05-01',
'date_end': '2012-05-01',
'contact_person': 'Blah',
}
# can only do GET at this stage
def test_campaign_operations_disabled(self):
# test that we can NOT create
self.assertHttpMethodNotAllowed(
self.anon_api_client.post(self.campaign_url,
format='json',
data=self.post_data))
# test that we can NOT modify
self.assertHttpMethodNotAllowed(
self.anon_api_client.put(
self.campaign_url + self.campaign_bobs.id.__str__() + "/",
format='json',
data={})
)
# test that we can NOT delete
self.assertHttpMethodNotAllowed(
self.anon_api_client.delete(
self.campaign_url + self.campaign_bobs.id.__str__() + "/",
format='json')
)
# test that we can NOT create authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.post(self.campaign_url,
format='json',
data=self.post_data)
)
# test that we can NOT modify authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.put(
self.campaign_url + self.campaign_bobs.id.__str__() + "/",
format='json',
data={})
)
# test that we can NOT delete authenticated
self.assertHttpMethodNotAllowed(
self.bob_api_client.delete(
self.campaign_url + self.campaign_bobs.id.__str__() + "/",
format='json'))
#test can get a list of campaigns authorised
def test_campaigns_operations_as_authorised_users(self):
# create a campaign that only bill can see
bills_campaign = mommy.make_one('catamidb.Campaign', id=3)
assign('view_campaign', self.user_bill, bills_campaign)
# check that bill can see via the API
response = self.bill_api_client.get(self.campaign_url, format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 3)
# check that bill can get to the object itself
response = self.bill_api_client.get(self.campaign_url + "3/",
format='json')
self.assertValidJSONResponse(response)
# check that bob can not see - now we know tastypie API has correct
# permission validation
response = self.bob_api_client.get(self.campaign_url, format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 2)
# check bob can NOT get to the hidden object
response = self.bob_api_client.get(self.campaign_url + "3/",
format='json')
self.assertHttpUnauthorized(response)
#check that anonymous can see public ones as well
response = self.anon_api_client.get(self.campaign_url, format='json')
self.assertValidJSONResponse(response)
self.assertEqual(len(self.deserialize(response)['objects']), 2)
#check anonymous can NOT get to the hidden object
response = self.anon_api_client.get(self.campaign_url + "3/",
format='json')
self.assertHttpUnauthorized(response)
