110swag / flashy-backend

Download as
Browse Code ยป

Commit 1a3e459bfb9c8afa1b03e3210436e3c2582f8ff3

Authored by Andrew Buss
1 parent 129a6d7b1b
Exists in master

Switched to local.flashy.cards cause chrome sux

Showing 2 changed files with 3 additions and 6 deletions Inline Diff

flashcards/tests/test_api.py View file @ 1a3e459
from django.core import mail 1 1 from django.core import mail
from flashcards.models import User 2 2 from flashcards.models import User
from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED 3 3 from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED
from rest_framework.test import APITestCase 4 4 from rest_framework.test import APITestCase
5 5
6 6
class LoginTests(APITestCase): 7 7 class LoginTests(APITestCase):
def setUp(self): 8 8 def setUp(self):
email = "test@flashy.cards" 9 9 email = "test@flashy.cards"
User.objects.create_user(email=email, password="1234") 10 10 User.objects.create_user(email=email, password="1234")
11 11
def test_login(self): 12 12 def test_login(self):
url = '/api/login' 13 13 url = '/api/login'
data = {'email': 'test@flashy.cards', 'password': '1234'} 14 14 data = {'email': 'test@flashy.cards', 'password': '1234'}
response = self.client.post(url, data, format='json') 15 15 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 16 16 self.assertEqual(response.status_code, HTTP_200_OK)
17 17
data = {'email': 'test@flashy.cards', 'password': '54321'} 18 18 data = {'email': 'test@flashy.cards', 'password': '54321'}
response = self.client.post(url, data, format='json') 19 19 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 20 20 self.assertContains(response, 'Invalid email or password', status_code=403)
21 21
data = {'email': 'none@flashy.cards', 'password': '54321'} 22 22 data = {'email': 'none@flashy.cards', 'password': '54321'}
response = self.client.post(url, data, format='json') 23 23 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 24 24 self.assertContains(response, 'Invalid email or password', status_code=403)
25 25
data = {'password': '54321'} 26 26 data = {'password': '54321'}
response = self.client.post(url, data, format='json') 27 27 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 28 28 self.assertContains(response, 'email', status_code=400)
29 29
data = {'email': 'none@flashy.cards'} 30 30 data = {'email': 'none@flashy.cards'}
response = self.client.post(url, data, format='json') 31 31 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 32 32 self.assertContains(response, 'password', status_code=400)
33 33
user = User.objects.get(email="test@flashy.cards") 34 34 user = User.objects.get(email="test@flashy.cards")
user.is_active = False 35 35 user.is_active = False
user.save() 36 36 user.save()
37 37
data = {'email': 'test@flashy.cards', 'password': '1234'} 38 38 data = {'email': 'test@flashy.cards', 'password': '1234'}
response = self.client.post(url, data, format='json') 39 39 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Account is disabled', status_code=403) 40 40 self.assertContains(response, 'Account is disabled', status_code=403)
41 41
def test_logout(self): 42 42 def test_logout(self):
self.client.login(email='none@none.com', password='1234') 43 43 self.client.login(email='none@none.com', password='1234')
self.client.post('/api/logout') 44 44 self.client.post('/api/logout')
45 45
response = self.client.get('/api/users/me', format='json') 46 46 response = self.client.get('/api/users/me', format='json')
# since we're not logged in, we shouldn't be able to see this 47 47 # since we're not logged in, we shouldn't be able to see this
self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) 48 48 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
49 49
50 50
class RegistrationTest(APITestCase): 51 51 class RegistrationTest(APITestCase):
def test_create_account(self): 52 52 def test_create_account(self):
url = '/api/users/me' 53 53 url = '/api/users/me'
54 54
# missing password 55 55 # missing password
data = {'email': 'none@none.com'} 56 56 data = {'email': 'none@none.com'}
response = self.client.post(url, data, format='json') 57 57 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 58 58 self.assertContains(response, 'password', status_code=400)
59 59
# missing email 60 60 # missing email
data = {'password': '1234'} 61 61 data = {'password': '1234'}
response = self.client.post(url, data, format='json') 62 62 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 63 63 self.assertContains(response, 'email', status_code=400)
64 64
# create a user 65 65 # create a user
data = {'email': 'none@none.com', 'password': '1234'} 66 66 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 67 67 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_201_CREATED) 68 68 self.assertEqual(response.status_code, HTTP_201_CREATED)
69 69
# user should not be confirmed 70 70 # user should not be confirmed
user = User.objects.get(email="none@none.com") 71 71 user = User.objects.get(email="none@none.com")
self.assertFalse(user.is_confirmed) 72 72 self.assertFalse(user.is_confirmed)
73 73
# check that the confirmation key was sent 74 74 # check that the confirmation key was sent
self.assertEqual(len(mail.outbox), 1) 75 75 self.assertEqual(len(mail.outbox), 1)
self.assertIn(user.confirmation_key, mail.outbox[0].body) 76 76 self.assertIn(user.confirmation_key, mail.outbox[0].body)
77 77
# log the user out 78 78 # log the user out
response = self.client.post('/api/logout', format='json') 79 79 self.client.logout()
self.assertEqual(response.status_code, 204) 80
81 80
# log the user in with their registered credentials 82 81 # log the user in with their registered credentials
data = {'email': 'none@none.com', 'password': '1234'} 83 82 self.client.login(email='none@none.com', password='1234')
response = self.client.post('/api/login', data, format='json') 84
self.assertEqual(response.status_code, HTTP_200_OK) 85
86 83
# try activating with an invalid key 87 84 # try activating with an invalid key
response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'}) 88 85 response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'})
self.assertContains(response, 'confirmation_key is invalid', status_code=400) 89 86 self.assertContains(response, 'confirmation_key is invalid', status_code=400)
90 87
# try activating with the valid key 91 88 # try activating with the valid key
response = self.client.patch(url, {'confirmation_key': user.confirmation_key}) 92 89 response = self.client.patch(url, {'confirmation_key': user.confirmation_key})
self.assertTrue(response.data['is_confirmed']) 93 90 self.assertTrue(response.data['is_confirmed'])
94 91
95 92
class ProfileViewTest(APITestCase): 96 93 class ProfileViewTest(APITestCase):
def setUp(self): 97 94 def setUp(self):
email = "profileviewtest@flashy.cards" 98 95 email = "profileviewtest@flashy.cards"
User.objects.create_user(email=email, password="1234") 99 96 User.objects.create_user(email=email, password="1234")
100 97
def test_get_me(self): 101 98 def test_get_me(self):
url = '/api/users/me' 102 99 url = '/api/users/me'
response = self.client.get(url, format='json') 103 100 response = self.client.get(url, format='json')
# since we're not logged in, we shouldn't be able to see this 104 101 # since we're not logged in, we shouldn't be able to see this
self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) 105 102 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
106 103
self.client.login(email='profileviewtest@flashy.cards', password='1234') 107 104 self.client.login(email='profileviewtest@flashy.cards', password='1234')
response = self.client.get(url, format='json') 108 105 response = self.client.get(url, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 109 106 self.assertEqual(response.status_code, HTTP_200_OK)
110 107
111 108
class PasswordChangeTest(APITestCase): 112 109 class PasswordChangeTest(APITestCase):
def setUp(self): 113 110 def setUp(self):
email = "none@none.com" 114 111 email = "none@none.com"
User.objects.create_user(email=email, password="1234") 115 112 User.objects.create_user(email=email, password="1234")
nginxconf/flashy.cards View file @ 1a3e459
upstream backend_production { 1 1 upstream backend_production {
# server unix:/tmp/flashy.sock; 2 2 # server unix:/tmp/flashy.sock;
server localhost:7002; 3 3 server localhost:7002;
} 4 4 }
5 5
server { 6 6 server {
7 7
server_name flashy.cards; 8 8 server_name flashy.cards;
listen 443 ssl; 9 9 listen 443 ssl;
location / { 10 10 location / {
root /srv/flashy.cards/; 11 11 root /srv/flashy.cards/;
} 12 12 }
13 13
location ^~ /static { 14 14 location ^~ /static {
root /srv/; 15 15 root /srv/;
access_log off; 16 16 access_log off;
expires 30d; 17 17 expires 30d;
} 18 18 }
19 19
location ^~ /app { 20 20 location ^~ /app {
alias /srv/flashy-frontend; 21 21 alias /srv/flashy-frontend;
} 22 22 }
23 23
location ~ /(api|admin|api-auth)/ { 24 24 location ~ /(api|admin|api-auth)/ {
add_header 'Access-Control-Allow-Origin' 'http://localhost/'; 25 25 add_header 'Access-Control-Allow-Origin' 'http://local.flashy.cards/';
add_header 'Access-Control-Allow-Credentials' 'true'; 26 26 add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT'; 27 27 add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PATCH, PUT';
proxy_pass http://backend_production; 28 28 proxy_pass http://backend_production;
proxy_redirect http://backend_production $scheme://flashy.cards; 29 29 proxy_redirect http://backend_production $scheme://flashy.cards;
proxy_set_header Host $host; 30 30 proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; 31 31 proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 32 32 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; 33 33 proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header REMOTE_ADDR $remote_addr; 34 34 proxy_set_header REMOTE_ADDR $remote_addr;
} 35 35 }
36 36
location ^~ /jenkins { 37 37 location ^~ /jenkins {
proxy_pass http://localhost:8080; 38 38 proxy_pass http://localhost:8080;
proxy_redirect http://localhost:8080 $scheme://flashy.cards; 39 39 proxy_redirect http://localhost:8080 $scheme://flashy.cards;
proxy_set_header Host $host; 40 40 proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; 41 41 proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 42 42 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; 43 43 proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90; 44 44 proxy_read_timeout 90;
} 45 45 }
ssl_certificate /etc/nginx/ssl/bundle.crt; 46 46 ssl_certificate /etc/nginx/ssl/bundle.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key; 47 47 ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 48 48 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; 49 49 ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on; 50 50 ssl_prefer_server_ciphers on;
keepalive_timeout 70; 51 51 keepalive_timeout 70;
ssl_session_cache shared:SSL:10m; 52 52 ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m; 53 53 ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=259200"; 54 54 add_header Strict-Transport-Security "max-age=259200";
} 55 55 }