Commit 573598b34dfae3324565329c126d0064080cb7f1
Exists in
master
Merge branch 'master' of https://git.ucsd.edu/110swag/flashy-backend
Showing 1 changed file Inline Diff
flashcards/tests/test_api.py
View file @
573598b
| from django.core import mail | 1 | 1 | from django.core import mail | |
| from flashcards.models import User | 2 | 2 | from flashcards.models import User | |
| from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED | 3 | 3 | from rest_framework.status import HTTP_204_NO_CONTENT, HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED | |
| from rest_framework.test import APITestCase | 4 | 4 | from rest_framework.test import APITestCase | |
| from re import search | 5 | 5 | from re import search | |
| 6 | 6 | |||
| 7 | 7 | |||
| class LoginTests(APITestCase): | 8 | 8 | class LoginTests(APITestCase): | |
| def setUp(self): | 9 | 9 | def setUp(self): | |
| email = "test@flashy.cards" | 10 | 10 | email = "test@flashy.cards" | |
| User.objects.create_user(email=email, password="1234") | 11 | 11 | User.objects.create_user(email=email, password="1234") | |
| 12 | 12 | |||
| def test_login(self): | 13 | 13 | def test_login(self): | |
| url = '/api/login' | 14 | 14 | url = '/api/login' | |
| data = {'email': 'test@flashy.cards', 'password': '1234'} | 15 | 15 | data = {'email': 'test@flashy.cards', 'password': '1234'} | |
| response = self.client.post(url, data, format='json') | 16 | 16 | response = self.client.post(url, data, format='json') | |
| self.assertEqual(response.status_code, HTTP_200_OK) | 17 | 17 | self.assertEqual(response.status_code, HTTP_200_OK) | |
| 18 | 18 | |||
| data = {'email': 'test@flashy.cards', 'password': '54321'} | 19 | 19 | data = {'email': 'test@flashy.cards', 'password': '54321'} | |
| response = self.client.post(url, data, format='json') | 20 | 20 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'Invalid email or password', status_code=403) | 21 | 21 | self.assertContains(response, 'Invalid email or password', status_code=403) | |
| 22 | 22 | |||
| data = {'email': 'none@flashy.cards', 'password': '54321'} | 23 | 23 | data = {'email': 'none@flashy.cards', 'password': '54321'} | |
| response = self.client.post(url, data, format='json') | 24 | 24 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'Invalid email or password', status_code=403) | 25 | 25 | self.assertContains(response, 'Invalid email or password', status_code=403) | |
| 26 | 26 | |||
| data = {'password': '54321'} | 27 | 27 | data = {'password': '54321'} | |
| response = self.client.post(url, data, format='json') | 28 | 28 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'email', status_code=400) | 29 | 29 | self.assertContains(response, 'email', status_code=400) | |
| 30 | 30 | |||
| data = {'email': 'none@flashy.cards'} | 31 | 31 | data = {'email': 'none@flashy.cards'} | |
| response = self.client.post(url, data, format='json') | 32 | 32 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'password', status_code=400) | 33 | 33 | self.assertContains(response, 'password', status_code=400) | |
| 34 | 34 | |||
| user = User.objects.get(email="test@flashy.cards") | 35 | 35 | user = User.objects.get(email="test@flashy.cards") | |
| user.is_active = False | 36 | 36 | user.is_active = False | |
| user.save() | 37 | 37 | user.save() | |
| 38 | 38 | |||
| data = {'email': 'test@flashy.cards', 'password': '1234'} | 39 | 39 | data = {'email': 'test@flashy.cards', 'password': '1234'} | |
| response = self.client.post(url, data, format='json') | 40 | 40 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'Account is disabled', status_code=403) | 41 | 41 | self.assertContains(response, 'Account is disabled', status_code=403) | |
| 42 | 42 | |||
| def test_logout(self): | 43 | 43 | def test_logout(self): | |
| self.client.login(email='none@none.com', password='1234') | 44 | 44 | url = '/api/login' | |
| self.client.post('/api/logout') | 45 | 45 | data = {'email': 'test@flashy.cards', 'password': '1234'} | |
| 46 | response = self.client.post(url, data, format='json') | |||
| 47 | self.assertEqual(response.status_code, HTTP_200_OK) | |||
| 46 | 48 | |||
| 49 | p = self.client.post('/api/logout') | |||
| 50 | self.assertEqual(p.status_code, HTTP_204_NO_CONTENT) | |||
| response = self.client.get('/api/users/me', format='json') | 47 | 51 | response = self.client.get('/api/users/me', format='json') | |
| 52 | ||||
| # since we're not logged in, we shouldn't be able to see this | 48 | 53 | # since we're not logged in, we shouldn't be able to see this | |
| self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) | 49 | 54 | self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) | |
| 50 | 55 | |||
| class PasswordResetTest(APITestCase): | 51 | 56 | class PasswordResetTest(APITestCase): | |
| def setUp(self): | 52 | 57 | def setUp(self): | |
| 58 | # create a user to test things with | |||
| email = "test@flashy.cards" | 53 | 59 | email = "test@flashy.cards" | |
| User.objects.create_user(email=email, password="12345") | 54 | 60 | User.objects.create_user(email=email, password="12345") | |
| 55 | 61 | |||
| def test_reset_password(self): | 56 | 62 | def test_reset_password(self): | |
| 63 | # submit the request to reset the password | |||
| url = '/api/reset_password' | 57 | 64 | url = '/api/reset_password' | |
| post_data = {'email': 'test@flashy.cards'} | 58 | 65 | post_data = {'email': 'test@flashy.cards'} | |
| patch_data = {'new_password': '54321', | 59 | |||
| 'uid': '', 'token': ''} | 60 | |||
| self.client.post(url, post_data, format='json') | 61 | 66 | self.client.post(url, post_data, format='json') | |
| self.assertEqual(len(mail.outbox), 1) | 62 | 67 | self.assertEqual(len(mail.outbox), 1) | |
| self.assertIn('reset your password', mail.outbox[0].body) | 63 | 68 | self.assertIn('reset your password', mail.outbox[0].body) | |
| 64 | 69 | |||
| 70 | # capture the reset token from the email | |||
| capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)', | 65 | 71 | capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)', | |
| mail.outbox[0].body) | 66 | 72 | mail.outbox[0].body) | |
| 73 | patch_data = {'new_password': '54321'} | |||
| patch_data['uid'] = capture.group(1) | 67 | 74 | patch_data['uid'] = capture.group(1) | |
| patch_data['token'] = capture.group(2) | 68 | 75 | reset_token = capture.group(2) | |
| self.client.patch(url, patch_data, format='json') | 69 | 76 | ||
| 77 | # try to reset the password with the wrong reset token | |||
| 78 | patch_data['token'] = 'wrong_token' | |||
| 79 | response = self.client.patch(url, patch_data, format='json') | |||
| 80 | self.assertContains(response, 'Could not verify reset token', status_code=400) | |||
| 81 | ||||
| 82 | # try to reset the password with the correct token | |||
| 83 | patch_data['token'] = reset_token | |||
| 84 | response = self.client.patch(url, patch_data, format='json') | |||
| 85 | self.assertEqual(response.status_code, HTTP_204_NO_CONTENT) | |||
| user = User.objects.get(id=patch_data['uid']) | 70 | 86 | user = User.objects.get(id=patch_data['uid']) | |
| assert user.check_password(patch_data['new_password']) | 71 | 87 | assert user.check_password(patch_data['new_password']) | |
| 72 | 88 | |||
| 73 | 89 | |||
| class RegistrationTest(APITestCase): | 74 | 90 | class RegistrationTest(APITestCase): | |
| def test_create_account(self): | 75 | 91 | def test_create_account(self): | |
| url = '/api/users/me' | 76 | 92 | url = '/api/users/me' | |
| 77 | 93 | |||
| # missing password | 78 | 94 | # missing password | |
| data = {'email': 'none@none.com'} | 79 | 95 | data = {'email': 'none@none.com'} | |
| response = self.client.post(url, data, format='json') | 80 | 96 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'password', status_code=400) | 81 | 97 | self.assertContains(response, 'password', status_code=400) | |
| 82 | 98 | |||
| # missing email | 83 | 99 | # missing email | |
| data = {'password': '1234'} | 84 | 100 | data = {'password': '1234'} | |
| response = self.client.post(url, data, format='json') | 85 | 101 | response = self.client.post(url, data, format='json') | |
| self.assertContains(response, 'email', status_code=400) | 86 | 102 | self.assertContains(response, 'email', status_code=400) | |
| 87 | 103 | |||
| # create a user | 88 | 104 | # create a user | |
| data = {'email': 'none@none.com', 'password': '1234'} | 89 | 105 | data = {'email': 'none@none.com', 'password': '1234'} | |
| response = self.client.post(url, data, format='json') | 90 | 106 | response = self.client.post(url, data, format='json') | |
| self.assertEqual(response.status_code, HTTP_201_CREATED) | 91 | 107 | self.assertEqual(response.status_code, HTTP_201_CREATED) | |
| 92 | 108 | |||
| # user should not be confirmed | 93 | 109 | # user should not be confirmed | |
| user = User.objects.get(email="none@none.com") | 94 | 110 | user = User.objects.get(email="none@none.com") | |
| self.assertFalse(user.is_confirmed) | 95 | 111 | self.assertFalse(user.is_confirmed) | |
| 96 | 112 | |||
| # check that the confirmation key was sent | 97 | 113 | # check that the confirmation key was sent | |
| self.assertEqual(len(mail.outbox), 1) | 98 | 114 | self.assertEqual(len(mail.outbox), 1) | |
| self.assertIn(user.confirmation_key, mail.outbox[0].body) | 99 | 115 | self.assertIn(user.confirmation_key, mail.outbox[0].body) | |
| 100 | 116 | |||
| # log the user out | 101 | 117 | # log the user out | |
| self.client.logout() | 102 | 118 | self.client.logout() | |
| 103 | 119 | |||
| # log the user in with their registered credentials | 104 | 120 | # log the user in with their registered credentials | |
| self.client.login(email='none@none.com', password='1234') | 105 | 121 | self.client.login(email='none@none.com', password='1234') | |
| 106 | 122 | |||
| # try activating with an invalid key | 107 | 123 | # try activating with an invalid key | |
| response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'}) | 108 | 124 | response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'}) | |
| self.assertContains(response, 'confirmation_key is invalid', status_code=400) | 109 | 125 | self.assertContains(response, 'confirmation_key is invalid', status_code=400) | |
| 110 | 126 | |||
| # try activating with the valid key | 111 | 127 | # try activating with the valid key | |
| response = self.client.patch(url, {'confirmation_key': user.confirmation_key}) | 112 | 128 | response = self.client.patch(url, {'confirmation_key': user.confirmation_key}) | |
| self.assertTrue(response.data['is_confirmed']) | 113 | 129 | self.assertTrue(response.data['is_confirmed']) | |
| 114 | 130 | |||
| 115 | 131 | |||
| class ProfileViewTest(APITestCase): | 116 | 132 | class ProfileViewTest(APITestCase): | |
| def setUp(self): | 117 | 133 | def setUp(self): | |
| email = "profileviewtest@flashy.cards" | 118 | 134 | email = "profileviewtest@flashy.cards" | |
| User.objects.create_user(email=email, password="1234") | 119 | 135 | User.objects.create_user(email=email, password="1234") | |
| 120 | 136 | |||
| def test_get_me(self): | 121 | 137 | def test_get_me(self): | |
| url = '/api/users/me' | 122 | 138 | url = '/api/users/me' | |
| response = self.client.get(url, format='json') | 123 | 139 | response = self.client.get(url, format='json') | |
| # since we're not logged in, we shouldn't be able to see this | 124 | 140 | # since we're not logged in, we shouldn't be able to see this | |
| self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) | 125 | 141 | self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) | |
| 126 | 142 | |||
| self.client.login(email='profileviewtest@flashy.cards', password='1234') | 127 | 143 | self.client.login(email='profileviewtest@flashy.cards', password='1234') | |
| response = self.client.get(url, format='json') | 128 | 144 | response = self.client.get(url, format='json') | |
| self.assertEqual(response.status_code, HTTP_200_OK) | 129 | 145 | self.assertEqual(response.status_code, HTTP_200_OK) | |
| 130 | 146 | |||
| 131 | 147 | |||
| class PasswordChangeTest(APITestCase): | 132 | 148 | class PasswordChangeTest(APITestCase): | |
| def setUp(self): | 133 | 149 | def setUp(self): | |
| email = "none@none.com" | 134 | 150 | email = "none@none.com" | |
| User.objects.create_user(email=email, password="1234") | 135 | 151 | User.objects.create_user(email=email, password="1234") |