110swag / flashy-backend

test_api.py 6.74 KB
edit raw blame history
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 
from django.core import mail


from flashcards.models import User


from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED


from rest_framework.test import APITestCase


from re import search






class LoginTests(APITestCase):


    def setUp(self):


        email = "test@flashy.cards"


        User.objects.create_user(email=email, password="1234")




    def test_login(self):


        url = '/api/login'


        data = {'email': 'test@flashy.cards', 'password': '1234'}


        response = self.client.post(url, data, format='json')


        self.assertEqual(response.status_code, HTTP_200_OK)




        data = {'email': 'test@flashy.cards', 'password': '54321'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'Invalid email or password', status_code=403)




        data = {'email': 'none@flashy.cards', 'password': '54321'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'Invalid email or password', status_code=403)




        data = {'password': '54321'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'email', status_code=400)




        data = {'email': 'none@flashy.cards'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'password', status_code=400)




        user = User.objects.get(email="test@flashy.cards")


        user.is_active = False


        user.save()




        data = {'email': 'test@flashy.cards', 'password': '1234'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'Account is disabled', status_code=403)




    def test_logout(self):


        self.client.login(email='none@none.com', password='1234')


        self.client.post('/api/logout')




        response = self.client.get('/api/users/me', format='json')


        # since we're not logged in, we shouldn't be able to see this


        self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)




class PasswordResetTest(APITestCase):


    def setUp(self):


        email = "test@flashy.cards"


        User.objects.create_user(email=email, password="12345")




    def test_reset_password(self):


        url = '/api/reset_password'


        post_data = {'email': 'test@flashy.cards'}


        patch_data = {'new_password': '54321',


                    'uid': '', 'token': ''}


        self.client.post(url, post_data, format='json') 


        self.assertEqual(len(mail.outbox), 1)


        self.assertIn('reset your password', mail.outbox[0].body)




        capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)', 


                             mail.outbox[0].body)


        data['uid'] = capture.group(1)


        data['token'] = capture.group(2)


        self.client.patch(url, patch_data, format='json')


        user = User.objects.get(id=data['uid'])


        assert user.check_password(data['new_password'])






class RegistrationTest(APITestCase):


    def test_create_account(self):


        url = '/api/users/me'




        # missing password


        data = {'email': 'none@none.com'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'password', status_code=400)




        # missing email


        data = {'password': '1234'}


        response = self.client.post(url, data, format='json')


        self.assertContains(response, 'email', status_code=400)




        # create a user


        data = {'email': 'none@none.com', 'password': '1234'}


        response = self.client.post(url, data, format='json')


        self.assertEqual(response.status_code, HTTP_201_CREATED)




        # user should not be confirmed


        user = User.objects.get(email="none@none.com")


        self.assertFalse(user.is_confirmed)




        # check that the confirmation key was sent


        self.assertEqual(len(mail.outbox), 1)


        self.assertIn(user.confirmation_key, mail.outbox[0].body)




        # log the user out


        self.client.logout()




        # log the user in with their registered credentials


        self.client.login(email='none@none.com', password='1234')




        # try activating with an invalid key


        response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'})


        self.assertContains(response, 'confirmation_key is invalid', status_code=400)




        # try activating with the valid key


        response = self.client.patch(url, {'confirmation_key': user.confirmation_key})


        self.assertTrue(response.data['is_confirmed'])






class ProfileViewTest(APITestCase):


    def setUp(self):


        email = "profileviewtest@flashy.cards"


        User.objects.create_user(email=email, password="1234")




    def test_get_me(self):


        url = '/api/users/me'


        response = self.client.get(url, format='json')


        # since we're not logged in, we shouldn't be able to see this


        self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)




        self.client.login(email='profileviewtest@flashy.cards', password='1234')


        response = self.client.get(url, format='json')


        self.assertEqual(response.status_code, HTTP_200_OK)






class PasswordChangeTest(APITestCase):


    def setUp(self):


        email = "none@none.com"


        User.objects.create_user(email=email, password="1234")




    def test_change_password(self):


        url = '/api/users/me'


        user = User.objects.get(email='none@none.com')


        self.assertTrue(user.check_password('1234'))




        response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json')


        self.assertContains(response, 'You must be logged in to change your password', status_code=403)




        self.client.login(email='none@none.com', password='1234')


        response = self.client.patch(url, {'new_password': '4321'}, format='json')


        self.assertContains(response, 'old_password is required', status_code=400)




        response = self.client.patch(url, {'new_password': '4321', 'old_password': '4321'}, format='json')


        self.assertContains(response, 'old_password is incorrect', status_code=400)




        response = self.client.patch(url, {'new_password': '4321', 'old_password': '1234'}, format='json')


        self.assertEqual(response.status_code, 200)


        user = User.objects.get(email='none@none.com')




        self.assertFalse(user.check_password('1234'))


        self.assertTrue(user.check_password('4321'))






class DeleteUserTest(APITestCase):


    def setUp(self):


        email = "none@none.com"


        User.objects.create_user(email=email, password="1234")




    def test_delete_user(self):


        url = '/api/users/me'


        user = User.objects.get(email='none@none.com')




        self.client.login(email='none@none.com', password='1234')


        self.client.delete(url)




        self.assertFalse(User.objects.filter(email='none@none.com').exists())