110swag / flashy-backend

Download as
Browse Code ยป

Commit b705da3be9aa4ef42dd8407c27d5f44d633ea0bc

Authored by Rohan Rangray
1 parent efebf24610
Exists in master

Added a password reset test.

Showing 1 changed file with 24 additions and 1 deletions Inline Diff

flashcards/tests/test_api.py View file @ b705da3
from django.core import mail 1 1 from django.core import mail
from flashcards.models import User 2 2 from flashcards.models import User
from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED 3 3 from rest_framework.status import HTTP_201_CREATED, HTTP_200_OK, HTTP_401_UNAUTHORIZED
from rest_framework.test import APITestCase 4 4 from rest_framework.test import APITestCase
5 from re import search
5 6
6 7
class LoginTests(APITestCase): 7 8 class LoginTests(APITestCase):
def setUp(self): 8 9 def setUp(self):
email = "test@flashy.cards" 9 10 email = "test@flashy.cards"
User.objects.create_user(email=email, password="1234") 10 11 User.objects.create_user(email=email, password="1234")
11 12
def test_login(self): 12 13 def test_login(self):
url = '/api/login' 13 14 url = '/api/login'
data = {'email': 'test@flashy.cards', 'password': '1234'} 14 15 data = {'email': 'test@flashy.cards', 'password': '1234'}
response = self.client.post(url, data, format='json') 15 16 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 16 17 self.assertEqual(response.status_code, HTTP_200_OK)
17 18
data = {'email': 'test@flashy.cards', 'password': '54321'} 18 19 data = {'email': 'test@flashy.cards', 'password': '54321'}
response = self.client.post(url, data, format='json') 19 20 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 20 21 self.assertContains(response, 'Invalid email or password', status_code=403)
21 22
data = {'email': 'none@flashy.cards', 'password': '54321'} 22 23 data = {'email': 'none@flashy.cards', 'password': '54321'}
response = self.client.post(url, data, format='json') 23 24 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Invalid email or password', status_code=403) 24 25 self.assertContains(response, 'Invalid email or password', status_code=403)
25 26
data = {'password': '54321'} 26 27 data = {'password': '54321'}
response = self.client.post(url, data, format='json') 27 28 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 28 29 self.assertContains(response, 'email', status_code=400)
29 30
data = {'email': 'none@flashy.cards'} 30 31 data = {'email': 'none@flashy.cards'}
response = self.client.post(url, data, format='json') 31 32 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 32 33 self.assertContains(response, 'password', status_code=400)
33 34
user = User.objects.get(email="test@flashy.cards") 34 35 user = User.objects.get(email="test@flashy.cards")
user.is_active = False 35 36 user.is_active = False
user.save() 36 37 user.save()
37 38
data = {'email': 'test@flashy.cards', 'password': '1234'} 38 39 data = {'email': 'test@flashy.cards', 'password': '1234'}
response = self.client.post(url, data, format='json') 39 40 response = self.client.post(url, data, format='json')
self.assertContains(response, 'Account is disabled', status_code=403) 40 41 self.assertContains(response, 'Account is disabled', status_code=403)
41 42
def test_logout(self): 42 43 def test_logout(self):
self.client.login(email='none@none.com', password='1234') 43 44 self.client.login(email='none@none.com', password='1234')
self.client.post('/api/logout') 44 45 self.client.post('/api/logout')
45 46
response = self.client.get('/api/users/me', format='json') 46 47 response = self.client.get('/api/users/me', format='json')
# since we're not logged in, we shouldn't be able to see this 47 48 # since we're not logged in, we shouldn't be able to see this
self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) 48 49 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
50
51 class PasswordResetTest(APITestCase):
52 def setUp(self):
53 email = "test@flashy.cards"
54 User.objects.create_user(email=email, password="12345")
55
56 def reset_password(self):
57 url = '/api/reset_password'
58 post_data = {'email': 'test@flashy.cards'}
59 patch_data = {'new_password': '54321',
60 'uid': '', 'token': ''}
61 self.client.post(url, post_data, format='json')
62 self.assertEqual(len(mail.outbox), 1)
63 self.assertIn('reset your password', mail.outbox[0].body)
64
65 capture = search('https://flashy.cards/app/reset_password/(\d+)/(.*)',
66 mail.outbox[0].body)
67 data['uid'] = capture.group(0)
68 data['token'] = capture.group(1)
69 self.client.patch(url, patch_data, format='json')
70 user = User.objects.get(id=data['uid'])
71 assert user.check_password(data['new_password'])
49 72
50 73
class RegistrationTest(APITestCase): 51 74 class RegistrationTest(APITestCase):
def test_create_account(self): 52 75 def test_create_account(self):
url = '/api/users/me' 53 76 url = '/api/users/me'
54 77
# missing password 55 78 # missing password
data = {'email': 'none@none.com'} 56 79 data = {'email': 'none@none.com'}
response = self.client.post(url, data, format='json') 57 80 response = self.client.post(url, data, format='json')
self.assertContains(response, 'password', status_code=400) 58 81 self.assertContains(response, 'password', status_code=400)
59 82
# missing email 60 83 # missing email
data = {'password': '1234'} 61 84 data = {'password': '1234'}
response = self.client.post(url, data, format='json') 62 85 response = self.client.post(url, data, format='json')
self.assertContains(response, 'email', status_code=400) 63 86 self.assertContains(response, 'email', status_code=400)
64 87
# create a user 65 88 # create a user
data = {'email': 'none@none.com', 'password': '1234'} 66 89 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post(url, data, format='json') 67 90 response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, HTTP_201_CREATED) 68 91 self.assertEqual(response.status_code, HTTP_201_CREATED)
69 92
# user should not be confirmed 70 93 # user should not be confirmed
user = User.objects.get(email="none@none.com") 71 94 user = User.objects.get(email="none@none.com")
self.assertFalse(user.is_confirmed) 72 95 self.assertFalse(user.is_confirmed)
73 96
# check that the confirmation key was sent 74 97 # check that the confirmation key was sent
self.assertEqual(len(mail.outbox), 1) 75 98 self.assertEqual(len(mail.outbox), 1)
self.assertIn(user.confirmation_key, mail.outbox[0].body) 76 99 self.assertIn(user.confirmation_key, mail.outbox[0].body)
77 100
# log the user out 78 101 # log the user out
response = self.client.post('/api/logout', format='json') 79 102 response = self.client.post('/api/logout', format='json')
self.assertEqual(response.status_code, 204) 80 103 self.assertEqual(response.status_code, 204)
81 104
# log the user in with their registered credentials 82 105 # log the user in with their registered credentials
data = {'email': 'none@none.com', 'password': '1234'} 83 106 data = {'email': 'none@none.com', 'password': '1234'}
response = self.client.post('/api/login', data, format='json') 84 107 response = self.client.post('/api/login', data, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 85 108 self.assertEqual(response.status_code, HTTP_200_OK)
86 109
# try activating with an invalid key 87 110 # try activating with an invalid key
response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'}) 88 111 response = self.client.patch(url, {'confirmation_key': 'NOT A KEY'})
self.assertContains(response, 'confirmation_key is invalid', status_code=400) 89 112 self.assertContains(response, 'confirmation_key is invalid', status_code=400)
90 113
# try activating with the valid key 91 114 # try activating with the valid key
response = self.client.patch(url, {'confirmation_key': user.confirmation_key}) 92 115 response = self.client.patch(url, {'confirmation_key': user.confirmation_key})
self.assertTrue(response.data['is_confirmed']) 93 116 self.assertTrue(response.data['is_confirmed'])
94 117
95 118
class ProfileViewTest(APITestCase): 96 119 class ProfileViewTest(APITestCase):
def setUp(self): 97 120 def setUp(self):
email = "profileviewtest@flashy.cards" 98 121 email = "profileviewtest@flashy.cards"
User.objects.create_user(email=email, password="1234") 99 122 User.objects.create_user(email=email, password="1234")
100 123
def test_get_me(self): 101 124 def test_get_me(self):
url = '/api/users/me' 102 125 url = '/api/users/me'
response = self.client.get(url, format='json') 103 126 response = self.client.get(url, format='json')
# since we're not logged in, we shouldn't be able to see this 104 127 # since we're not logged in, we shouldn't be able to see this
self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED) 105 128 self.assertEqual(response.status_code, HTTP_401_UNAUTHORIZED)
106 129
self.client.login(email='profileviewtest@flashy.cards', password='1234') 107 130 self.client.login(email='profileviewtest@flashy.cards', password='1234')
response = self.client.get(url, format='json') 108 131 response = self.client.get(url, format='json')
self.assertEqual(response.status_code, HTTP_200_OK) 109 132 self.assertEqual(response.status_code, HTTP_200_OK)
110 133
111 134
class PasswordChangeTest(APITestCase): 112 135 class PasswordChangeTest(APITestCase):
def setUp(self): 113 136 def setUp(self):