Skip to content
Snippets Groups Projects
test_views.py 7.18 KiB
Newer Older
  • Learn to ignore specific revisions
  • import pytest
    
    from django.urls import reverse
    
    from funkwhale_api.users.models import User
    
    
    
    def test_can_create_user_via_api(preferences, api_client, db):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        url = reverse("rest_register")
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "username": "test1",
            "email": "test1@test.com",
            "password1": "testtest",
            "password2": "testtest",
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        preferences["users__registration_enabled"] = True
    
        response = api_client.post(url, data)
    
        assert response.status_code == 201
    
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        u = User.objects.get(email="test1@test.com")
        assert u.username == "test1"
    
    def test_can_restrict_usernames(settings, preferences, db, api_client):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        url = reverse("rest_register")
        preferences["users__registration_enabled"] = True
        settings.USERNAME_BLACKLIST = ["funkwhale"]
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "username": "funkwhale",
            "email": "contact@funkwhale.io",
            "password1": "testtest",
            "password2": "testtest",
    
        response = api_client.post(url, data)
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert "username" in response.data
    
    def test_can_disable_registration_view(preferences, api_client, db):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        url = reverse("rest_register")
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "username": "test1",
            "email": "test1@test.com",
            "password1": "testtest",
            "password2": "testtest",
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        preferences["users__registration_enabled"] = False
    
        response = api_client.post(url, data)
    
        assert response.status_code == 403
    
    
    
    def test_can_signup_with_invitation(preferences, factories, api_client):
        url = reverse("rest_register")
    
        invitation = factories["users.Invitation"](code="Hello")
    
        data = {
            "username": "test1",
            "email": "test1@test.com",
            "password1": "testtest",
            "password2": "testtest",
            "invitation": "hello",
        }
        preferences["users__registration_enabled"] = False
        response = api_client.post(url, data)
        assert response.status_code == 201
        u = User.objects.get(email="test1@test.com")
        assert u.username == "test1"
        assert u.invitation == invitation
    
    
    def test_can_signup_with_invitation_invalid(preferences, factories, api_client):
        url = reverse("rest_register")
        invitation = factories["users.Invitation"](code="hello")
        data = {
            "username": "test1",
            "email": "test1@test.com",
            "password1": "testtest",
            "password2": "testtest",
            "invitation": "nope",
        }
        response = api_client.post(url, data)
        assert response.status_code == 400
        assert "invitation" in response.data
    
    
    
    def test_can_fetch_data_from_api(api_client, factories):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        url = reverse("api:v1:users:users-me")
    
        response = api_client.get(url)
    
        # login required
        assert response.status_code == 401
    
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user = factories["users.User"](permission_library=True)
        api_client.login(username=user.username, password="test")
    
        response = api_client.get(url)
    
        assert response.status_code == 200
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert response.data["username"] == user.username
        assert response.data["is_staff"] == user.is_staff
        assert response.data["is_superuser"] == user.is_superuser
        assert response.data["email"] == user.email
        assert response.data["name"] == user.name
        assert response.data["permissions"] == user.get_permissions()
    
    def test_can_get_token_via_api(api_client, factories):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user = factories["users.User"]()
        url = reverse("api:v1:token")
        payload = {"username": user.username, "password": "test"}
    
        response = api_client.post(url, payload)
    
        assert response.status_code == 200
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert "token" in response.data
    
    def test_can_get_token_via_api_inactive(api_client, factories):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user = factories["users.User"](is_active=False)
        url = reverse("api:v1:token")
        payload = {"username": user.username, "password": "test"}
    
    
        response = api_client.post(url, payload)
        assert response.status_code == 400
    
    
    def test_can_refresh_token_via_api(api_client, factories, mocker):
    
        # first, we get a token
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user = factories["users.User"]()
        url = reverse("api:v1:token")
        payload = {"username": user.username, "password": "test"}
    
        response = api_client.post(url, payload)
    
        assert response.status_code == 200
    
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        token = response.data["token"]
        url = reverse("api:v1:token_refresh")
        response = api_client.post(url, {"token": token})
    
    
        assert response.status_code == 200
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert "token" in response.data
    
    def test_changing_password_updates_secret_key(logged_in_api_client):
        user = logged_in_api_client.user
    
        password = user.password
        secret_key = user.secret_key
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        payload = {"old_password": "test", "new_password1": "new", "new_password2": "new"}
        url = reverse("change_password")
    
        logged_in_api_client.post(url, payload)
    
    
        user.refresh_from_db()
    
        assert user.secret_key != secret_key
        assert user.password != password
    
    Eliot Berriot's avatar
    Eliot Berriot committed
    def test_can_request_password_reset(factories, api_client, mailoutbox):
        user = factories["users.User"]()
        payload = {"email": user.email}
    
        emails = len(mailoutbox)
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        url = reverse("rest_password_reset")
    
    
        response = api_client.post(url, payload)
        assert response.status_code == 200
        assert len(mailoutbox) > emails
    
    
    
    def test_user_can_patch_his_own_settings(logged_in_api_client):
        user = logged_in_api_client.user
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        payload = {"privacy_level": "me"}
        url = reverse("api:v1:users:users-detail", kwargs={"username": user.username})
    
    
        response = logged_in_api_client.patch(url, payload)
    
        assert response.status_code == 200
        user.refresh_from_db()
    
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert user.privacy_level == "me"
    
    def test_user_can_request_new_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user.subsonic_api_token = "test"
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "api:v1:users:users-subsonic-token", kwargs={"username": user.username}
        )
    
    
        response = logged_in_api_client.post(url)
    
        assert response.status_code == 200
        user.refresh_from_db()
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert user.subsonic_api_token != "test"
    
        assert user.subsonic_api_token is not None
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert response.data == {"subsonic_api_token": user.subsonic_api_token}
    
    def test_user_can_get_subsonic_token(logged_in_api_client):
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user.subsonic_api_token = "test"
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "api:v1:users:users-subsonic-token", kwargs={"username": user.username}
        )
    
    
        response = logged_in_api_client.get(url)
    
        assert response.status_code == 200
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        assert response.data == {"subsonic_api_token": "test"}
    
    def test_user_can_delete_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
    
    Eliot Berriot's avatar
    Eliot Berriot committed
        user.subsonic_api_token = "test"
    
    Eliot Berriot's avatar
    Eliot Berriot committed
            "api:v1:users:users-subsonic-token", kwargs={"username": user.username}
        )
    
    
        response = logged_in_api_client.delete(url)
    
        assert response.status_code == 204
        user.refresh_from_db()
        assert user.subsonic_api_token is None
    
    
    
    Eliot Berriot's avatar
    Eliot Berriot committed
    @pytest.mark.parametrize("method", ["put", "patch"])
    def test_user_cannot_patch_another_user(method, logged_in_api_client, factories):
        user = factories["users.User"]()
        payload = {"privacy_level": "me"}
        url = reverse("api:v1:users:users-detail", kwargs={"username": user.username})
    
    
        handler = getattr(logged_in_api_client, method)
        response = handler(url, payload)
    
        assert response.status_code == 403