2023-11-23 22:17:20 +00:00
|
|
|
from django.test import TestCase, Client
|
2023-12-13 11:51:36 +00:00
|
|
|
from django.contrib.auth.models import Permission, Group
|
2023-11-23 22:17:20 +00:00
|
|
|
|
2023-12-11 21:18:33 +00:00
|
|
|
from knox.models import AuthToken
|
|
|
|
|
2023-12-13 11:51:36 +00:00
|
|
|
from authentication.models import ExtendedUser, EventPermission
|
2023-11-23 22:17:20 +00:00
|
|
|
from core import settings
|
2023-12-13 11:51:36 +00:00
|
|
|
from inventory.models import Event
|
2023-11-23 22:17:20 +00:00
|
|
|
|
|
|
|
|
2023-12-11 21:18:33 +00:00
|
|
|
class UserApiTest(TestCase):
|
2023-11-23 22:17:20 +00:00
|
|
|
|
2023-12-11 21:18:33 +00:00
|
|
|
def setUp(self):
|
2023-12-13 11:51:36 +00:00
|
|
|
self.event = Event.objects.create(name='testevent', slug='testevent')
|
|
|
|
self.group1 = Group.objects.create(name='testgroup1')
|
|
|
|
self.group2 = Group.objects.create(name='testgroup2')
|
|
|
|
self.group1.permissions.add(Permission.objects.get(codename='add_item'))
|
|
|
|
self.group1.permissions.add(Permission.objects.get(codename='view_item'))
|
|
|
|
self.group2.permissions.add(Permission.objects.get(codename='view_event'))
|
|
|
|
self.group2.permissions.add(Permission.objects.get(codename='view_item'))
|
2023-12-11 21:18:33 +00:00
|
|
|
self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
|
2023-12-13 11:51:36 +00:00
|
|
|
self.user.user_permissions.add(Permission.objects.get(codename='add_event'))
|
|
|
|
self.user.groups.add(self.group1)
|
|
|
|
self.user.groups.add(self.group2)
|
|
|
|
self.user.save()
|
|
|
|
EventPermission.objects.create(event=self.event, user=self.user,
|
|
|
|
permission=Permission.objects.get(codename='delete_item'))
|
2023-12-11 21:18:33 +00:00
|
|
|
self.user.save()
|
|
|
|
self.token = AuthToken.objects.create(user=self.user)
|
|
|
|
self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
|
2023-11-23 22:17:20 +00:00
|
|
|
|
2023-12-11 21:18:33 +00:00
|
|
|
def test_users(self):
|
|
|
|
response = self.client.get('/api/2/users/')
|
2023-11-23 22:17:20 +00:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2023-12-11 21:18:33 +00:00
|
|
|
self.assertEqual(len(response.json()), 2)
|
2023-11-23 22:17:20 +00:00
|
|
|
self.assertEqual(response.json()[0]['username'], settings.LEGACY_USER_NAME)
|
|
|
|
self.assertEqual(response.json()[0]['email'], 'mail@' + settings.MAIL_DOMAIN)
|
|
|
|
self.assertEqual(response.json()[0]['first_name'], '')
|
|
|
|
self.assertEqual(response.json()[0]['last_name'], '')
|
|
|
|
self.assertEqual(response.json()[0]['id'], 1)
|
2023-12-16 21:35:48 +00:00
|
|
|
self.assertEqual(response.json()[0]['groups'], [])
|
2023-12-11 21:18:33 +00:00
|
|
|
self.assertEqual(response.json()[1]['username'], 'testuser')
|
|
|
|
self.assertEqual(response.json()[1]['email'], 'test')
|
|
|
|
self.assertEqual(response.json()[1]['first_name'], '')
|
|
|
|
self.assertEqual(response.json()[1]['last_name'], '')
|
2023-12-16 21:35:48 +00:00
|
|
|
self.assertEqual(response.json()[1]['id'], 2)
|
|
|
|
self.assertEqual(response.json()[1]['groups'], ['testgroup1', 'testgroup2'])
|
2023-12-11 21:18:33 +00:00
|
|
|
|
|
|
|
def test_self_user(self):
|
2023-12-13 11:51:36 +00:00
|
|
|
response = self.client.get('/api/2/self/')
|
2023-12-11 21:18:33 +00:00
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(response.json()['username'], 'testuser')
|
|
|
|
self.assertEqual(response.json()['email'], 'test')
|
|
|
|
self.assertEqual(response.json()['first_name'], '')
|
|
|
|
self.assertEqual(response.json()['last_name'], '')
|
2023-12-13 11:51:36 +00:00
|
|
|
permissions = response.json()['permissions']
|
|
|
|
self.assertEqual(len(permissions), 5)
|
2023-12-13 16:12:15 +00:00
|
|
|
self.assertTrue('*:add_item' in permissions)
|
|
|
|
self.assertTrue('*:view_item' in permissions)
|
|
|
|
self.assertTrue('*:view_event' in permissions)
|
|
|
|
self.assertTrue('testevent:delete_item' in permissions)
|
|
|
|
self.assertTrue('*:add_event' in permissions)
|
2023-12-11 21:18:33 +00:00
|
|
|
|
|
|
|
def test_register_user(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test2'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 201)
|
|
|
|
self.assertEqual(response.json()['username'], 'testuser2')
|
|
|
|
self.assertEqual(response.json()['email'], 'test2')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 3)
|
|
|
|
self.assertEqual(ExtendedUser.objects.get(username='testuser2').email, 'test2')
|
|
|
|
self.assertTrue(ExtendedUser.objects.get(username='testuser2').check_password('test'))
|
|
|
|
|
|
|
|
def test_register_user_duplicate(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'username': 'testuser', 'password': 'test', 'email': 'test2'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
self.assertEqual(response.json()['errors']['username'], 'Username already exists')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 2)
|
|
|
|
|
|
|
|
def test_register_user_no_username(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'password': 'test', 'email': 'test2'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
self.assertEqual(response.json()['errors']['username'], 'Username is required')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 2)
|
|
|
|
|
|
|
|
def test_register_user_no_password(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'email': 'test2'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
self.assertEqual(response.json()['errors']['password'], 'Password is required')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 2)
|
|
|
|
|
|
|
|
def test_register_user_no_email(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
self.assertEqual(response.json()['errors']['email'], 'Email is required')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 2)
|
|
|
|
|
|
|
|
def test_register_user_duplicate_email(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test'},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
self.assertEqual(response.json()['errors']['email'], 'Email already exists')
|
|
|
|
self.assertEqual(len(ExtendedUser.objects.all()), 2)
|
|
|
|
|
|
|
|
def test_get_token(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/login/', {'username': 'testuser', 'password': 'test'},
|
|
|
|
content_type='application/json')
|
2023-12-11 21:51:05 +00:00
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertTrue('token' in response.json())
|
2023-12-11 22:17:46 +00:00
|
|
|
|
|
|
|
def test_legacy_user(self):
|
|
|
|
response = self.client.get('/api/2/users/1/')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(response.json()['username'], settings.LEGACY_USER_NAME)
|
|
|
|
self.assertEqual(response.json()['email'], 'mail@' + settings.MAIL_DOMAIN)
|
|
|
|
self.assertEqual(response.json()['first_name'], '')
|
|
|
|
self.assertEqual(response.json()['last_name'], '')
|
|
|
|
self.assertEqual(response.json()['id'], 1)
|
|
|
|
|
|
|
|
def test_get_legacy_user_token(self):
|
|
|
|
anonymous = Client()
|
|
|
|
response = anonymous.post('/api/2/login/', {
|
|
|
|
'username': settings.LEGACY_USER_NAME, 'password': settings.LEGACY_USER_PASSWORD},
|
|
|
|
content_type='application/json')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertTrue('token' in response.json())
|
2023-12-16 19:11:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
class GroupApiTest(TestCase):
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.event = Event.objects.create(name='testevent', slug='testevent')
|
|
|
|
# Admin, Orga, Team, User are created by default
|
|
|
|
self.group1 = Group.objects.create(name='testgroup1')
|
|
|
|
self.group2 = Group.objects.create(name='testgroup2')
|
|
|
|
self.group1.permissions.add(Permission.objects.get(codename='add_item'))
|
|
|
|
self.group1.permissions.add(Permission.objects.get(codename='view_item'))
|
|
|
|
self.group2.permissions.add(Permission.objects.get(codename='view_event'))
|
|
|
|
self.group2.permissions.add(Permission.objects.get(codename='view_item'))
|
|
|
|
self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
|
|
|
|
self.user.user_permissions.add(Permission.objects.get(codename='add_event'))
|
|
|
|
self.user.groups.add(self.group1)
|
|
|
|
self.user.groups.add(self.group2)
|
|
|
|
self.user.save()
|
|
|
|
EventPermission.objects.create(event=self.event, user=self.user,
|
|
|
|
permission=Permission.objects.get(codename='delete_item'))
|
|
|
|
self.user.save()
|
|
|
|
self.token = AuthToken.objects.create(user=self.user)
|
|
|
|
self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
|
|
|
|
|
|
|
|
def test_groups(self):
|
|
|
|
response = self.client.get('/api/2/groups/')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(len(response.json()), 6)
|
|
|
|
self.assertEqual(response.json()[0]['name'], 'Admin')
|
|
|
|
self.assertEqual(response.json()[1]['name'], 'Orga')
|
|
|
|
self.assertEqual(response.json()[2]['name'], 'Team')
|
|
|
|
self.assertEqual(response.json()[3]['name'], 'User')
|
|
|
|
self.assertEqual(response.json()[4]['name'], 'testgroup1')
|
|
|
|
self.assertEqual(response.json()[5]['name'], 'testgroup2')
|
|
|
|
|
|
|
|
def test_group(self):
|
|
|
|
response = self.client.get('/api/2/groups/5/')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(response.json()['name'], 'testgroup1')
|
|
|
|
permissions = response.json()['permissions']
|
|
|
|
self.assertEqual(len(permissions), 2)
|
|
|
|
self.assertTrue('*:add_item' in permissions)
|
|
|
|
self.assertTrue('*:view_item' in permissions)
|
|
|
|
members = response.json()['members']
|
|
|
|
self.assertEqual(len(members), 1)
|
|
|
|
self.assertEqual(members[0], 'testuser')
|