from django.test import TestCase, Client from django.contrib.auth.models import Permission, Group from knox.models import AuthToken from authentication.models import ExtendedUser, EventPermission from core import settings from inventory.models import Event class UserApiTest(TestCase): def setUp(self): self.event = Event.objects.create(name='testevent', slug='testevent') self.group1 = Group.objects.create(name='testgroup1') self.group2 = Group.objects.create(name='testgroup2') self.group1.permissions.add(Permission.objects.get(codename='add_item')) self.group1.permissions.add(Permission.objects.get(codename='view_item')) self.group2.permissions.add(Permission.objects.get(codename='view_event')) self.group2.permissions.add(Permission.objects.get(codename='view_item')) self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test') self.user.user_permissions.add(Permission.objects.get(codename='add_event')) self.user.groups.add(self.group1) self.user.groups.add(self.group2) self.user.save() EventPermission.objects.create(event=self.event, user=self.user, permission=Permission.objects.get(codename='delete_item')) self.user.save() self.token = AuthToken.objects.create(user=self.user) self.client = Client(headers={'Authorization': 'Token ' + self.token[1]}) def test_users(self): response = self.client.get('/api/2/users/') self.assertEqual(response.status_code, 200) self.assertEqual(len(response.json()), 2) self.assertEqual(response.json()[0]['username'], settings.LEGACY_USER_NAME) self.assertEqual(response.json()[0]['email'], 'mail@' + settings.MAIL_DOMAIN) self.assertEqual(response.json()[0]['first_name'], '') self.assertEqual(response.json()[0]['last_name'], '') self.assertEqual(response.json()[0]['id'], 1) self.assertEqual(response.json()[0]['groups'], []) self.assertEqual(response.json()[1]['username'], 'testuser') self.assertEqual(response.json()[1]['email'], 'test') self.assertEqual(response.json()[1]['first_name'], '') self.assertEqual(response.json()[1]['last_name'], '') self.assertEqual(response.json()[1]['id'], 2) self.assertEqual(response.json()[1]['groups'], ['testgroup1', 'testgroup2']) def test_self_user(self): response = self.client.get('/api/2/self/') self.assertEqual(response.status_code, 200) self.assertEqual(response.json()['username'], 'testuser') self.assertEqual(response.json()['email'], 'test') self.assertEqual(response.json()['first_name'], '') self.assertEqual(response.json()['last_name'], '') permissions = response.json()['permissions'] self.assertEqual(len(permissions), 5) self.assertTrue('*:add_item' in permissions) self.assertTrue('*:view_item' in permissions) self.assertTrue('*:view_event' in permissions) self.assertTrue('testevent:delete_item' in permissions) self.assertTrue('*:add_event' in permissions) def test_register_user(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test2'}, content_type='application/json') self.assertEqual(response.status_code, 201) self.assertEqual(response.json()['username'], 'testuser2') self.assertEqual(response.json()['email'], 'test2') self.assertEqual(len(ExtendedUser.objects.all()), 3) self.assertEqual(ExtendedUser.objects.get(username='testuser2').email, 'test2') self.assertTrue(ExtendedUser.objects.get(username='testuser2').check_password('test')) def test_register_user_duplicate(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'username': 'testuser', 'password': 'test', 'email': 'test2'}, content_type='application/json') self.assertEqual(response.status_code, 400) self.assertEqual(response.json()['errors']['username'], 'Username already exists') self.assertEqual(len(ExtendedUser.objects.all()), 2) def test_register_user_no_username(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'password': 'test', 'email': 'test2'}, content_type='application/json') self.assertEqual(response.status_code, 400) self.assertEqual(response.json()['errors']['username'], 'Username is required') self.assertEqual(len(ExtendedUser.objects.all()), 2) def test_register_user_no_password(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'email': 'test2'}, content_type='application/json') self.assertEqual(response.status_code, 400) self.assertEqual(response.json()['errors']['password'], 'Password is required') self.assertEqual(len(ExtendedUser.objects.all()), 2) def test_register_user_no_email(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test'}, content_type='application/json') self.assertEqual(response.status_code, 400) self.assertEqual(response.json()['errors']['email'], 'Email is required') self.assertEqual(len(ExtendedUser.objects.all()), 2) def test_register_user_duplicate_email(self): anonymous = Client() response = anonymous.post('/api/2/register/', {'username': 'testuser2', 'password': 'test', 'email': 'test'}, content_type='application/json') self.assertEqual(response.status_code, 400) self.assertEqual(response.json()['errors']['email'], 'Email already exists') self.assertEqual(len(ExtendedUser.objects.all()), 2) def test_get_token(self): anonymous = Client() response = anonymous.post('/api/2/login/', {'username': 'testuser', 'password': 'test'}, content_type='application/json') self.assertEqual(response.status_code, 200) self.assertTrue('token' in response.json()) def test_legacy_user(self): response = self.client.get('/api/2/users/1/') self.assertEqual(response.status_code, 200) self.assertEqual(response.json()['username'], settings.LEGACY_USER_NAME) self.assertEqual(response.json()['email'], 'mail@' + settings.MAIL_DOMAIN) self.assertEqual(response.json()['first_name'], '') self.assertEqual(response.json()['last_name'], '') self.assertEqual(response.json()['id'], 1) def test_get_legacy_user_token(self): anonymous = Client() response = anonymous.post('/api/2/login/', { 'username': settings.LEGACY_USER_NAME, 'password': settings.LEGACY_USER_PASSWORD}, content_type='application/json') self.assertEqual(response.status_code, 200) self.assertTrue('token' in response.json()) class GroupApiTest(TestCase): def setUp(self): self.event = Event.objects.create(name='testevent', slug='testevent') # Admin, Orga, Team, User are created by default self.group1 = Group.objects.create(name='testgroup1') self.group2 = Group.objects.create(name='testgroup2') self.group1.permissions.add(Permission.objects.get(codename='add_item')) self.group1.permissions.add(Permission.objects.get(codename='view_item')) self.group2.permissions.add(Permission.objects.get(codename='view_event')) self.group2.permissions.add(Permission.objects.get(codename='view_item')) self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test') self.user.user_permissions.add(Permission.objects.get(codename='add_event')) self.user.groups.add(self.group1) self.user.groups.add(self.group2) self.user.save() EventPermission.objects.create(event=self.event, user=self.user, permission=Permission.objects.get(codename='delete_item')) self.user.save() self.token = AuthToken.objects.create(user=self.user) self.client = Client(headers={'Authorization': 'Token ' + self.token[1]}) def test_groups(self): response = self.client.get('/api/2/groups/') self.assertEqual(response.status_code, 200) self.assertEqual(len(response.json()), 6) self.assertEqual(response.json()[0]['name'], 'Admin') self.assertEqual(response.json()[1]['name'], 'Orga') self.assertEqual(response.json()[2]['name'], 'Team') self.assertEqual(response.json()[3]['name'], 'User') self.assertEqual(response.json()[4]['name'], 'testgroup1') self.assertEqual(response.json()[5]['name'], 'testgroup2') def test_group(self): response = self.client.get('/api/2/groups/5/') self.assertEqual(response.status_code, 200) self.assertEqual(response.json()['name'], 'testgroup1') permissions = response.json()['permissions'] self.assertEqual(len(permissions), 2) self.assertTrue('*:add_item' in permissions) self.assertTrue('*:view_item' in permissions) members = response.json()['members'] self.assertEqual(len(members), 1) self.assertEqual(members[0], 'testuser')