Skip to content
Snippets Groups Projects
test_views.py 6.97 KiB
Newer Older
  • Learn to ignore specific revisions
  • import pytest
    
    
    from django.test import RequestFactory
    from django.urls import reverse
    
    from funkwhale_api.users.models import User
    
    
    
    def test_can_create_user_via_api(preferences, api_client, db):
    
        url = reverse('rest_register')
        data = {
            'username': 'test1',
            'email': 'test1@test.com',
            'password1': 'testtest',
            'password2': 'testtest',
        }
    
        preferences['users__registration_enabled'] = True
    
        response = api_client.post(url, data)
    
        assert response.status_code == 201
    
        u = User.objects.get(email='test1@test.com')
        assert u.username == 'test1'
    
    
    
    def test_can_restrict_usernames(settings, preferences, db, api_client):
    
        url = reverse('rest_register')
        preferences['users__registration_enabled'] = True
        settings.USERNAME_BLACKLIST = ['funkwhale']
        data = {
            'username': 'funkwhale',
            'email': 'contact@funkwhale.io',
            'password1': 'testtest',
            'password2': 'testtest',
        }
    
    
        response = api_client.post(url, data)
    
    
        assert response.status_code == 400
        assert 'username' in response.data
    
    
    
    def test_can_disable_registration_view(preferences, api_client, db):
    
        url = reverse('rest_register')
        data = {
            'username': 'test1',
            'email': 'test1@test.com',
            'password1': 'testtest',
            'password2': 'testtest',
        }
    
        preferences['users__registration_enabled'] = False
    
        response = api_client.post(url, data)
    
        assert response.status_code == 403
    
    
    
    def test_can_fetch_data_from_api(api_client, factories):
    
        url = reverse('api:v1:users:users-me')
    
        response = api_client.get(url)
    
        # login required
        assert response.status_code == 401
    
        user = factories['users.User'](
    
        api_client.login(username=user.username, password='test')
        response = api_client.get(url)
    
        assert response.status_code == 200
    
        assert response.data['username'] == user.username
        assert response.data['is_staff'] == user.is_staff
        assert response.data['is_superuser'] == user.is_superuser
        assert response.data['email'] == user.email
        assert response.data['name'] == user.name
        assert response.data['permissions'] == user.get_permissions()
    
    def test_can_get_token_via_api(api_client, factories):
    
        user = factories['users.User']()
        url = reverse('api:v1:token')
        payload = {
            'username': user.username,
            'password': 'test'
        }
    
    
        response = api_client.post(url, payload)
    
        assert response.status_code == 200
    
        assert 'token' in response.data
    
    def test_can_get_token_via_api_inactive(api_client, factories):
        user = factories['users.User'](is_active=False)
        url = reverse('api:v1:token')
        payload = {
            'username': user.username,
            'password': 'test'
        }
    
        response = api_client.post(url, payload)
        assert response.status_code == 400
    
    
    def test_can_refresh_token_via_api(api_client, factories, mocker):
    
        # first, we get a token
        user = factories['users.User']()
        url = reverse('api:v1:token')
        payload = {
            'username': user.username,
            'password': 'test'
        }
    
    
        response = api_client.post(url, payload)
    
        assert response.status_code == 200
    
    
        token = response.data['token']
    
        url = reverse('api:v1:token_refresh')
    
        response = api_client.post(url, {'token': token})
    
    
        assert response.status_code == 200
    
        assert 'token' in response.data
    
    def test_changing_password_updates_secret_key(logged_in_api_client):
        user = logged_in_api_client.user
    
        password = user.password
        secret_key = user.secret_key
        payload = {
            'old_password': 'test',
            'new_password1': 'new',
            'new_password2': 'new',
        }
        url = reverse('change_password')
    
    
        response = logged_in_api_client.post(url, payload)
    
    
        user.refresh_from_db()
    
        assert user.secret_key != secret_key
        assert user.password != password
    
    def test_can_request_password_reset(
            factories, api_client, mailoutbox):
        user = factories['users.User']()
        payload = {
            'email': user.email,
        }
        emails = len(mailoutbox)
        url = reverse('rest_password_reset')
    
        response = api_client.post(url, payload)
        assert response.status_code == 200
        assert len(mailoutbox) > emails
    
    
    
    def test_user_can_patch_his_own_settings(logged_in_api_client):
        user = logged_in_api_client.user
        payload = {
            'privacy_level': 'me',
        }
        url = reverse(
            'api:v1:users:users-detail',
            kwargs={'username': user.username})
    
        response = logged_in_api_client.patch(url, payload)
    
        assert response.status_code == 200
        user.refresh_from_db()
    
        assert user.privacy_level == 'me'
    
    
    
    def test_user_can_request_new_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
        user.subsonic_api_token = 'test'
        user.save()
    
        url = reverse(
            'api:v1:users:users-subsonic-token',
            kwargs={'username': user.username})
    
        response = logged_in_api_client.post(url)
    
        assert response.status_code == 200
        user.refresh_from_db()
        assert user.subsonic_api_token != 'test'
        assert user.subsonic_api_token is not None
        assert response.data == {
            'subsonic_api_token': user.subsonic_api_token
        }
    
    
    def test_user_can_get_new_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
        user.subsonic_api_token = 'test'
        user.save()
    
        url = reverse(
            'api:v1:users:users-subsonic-token',
            kwargs={'username': user.username})
    
        response = logged_in_api_client.get(url)
    
        assert response.status_code == 200
        assert response.data == {
            'subsonic_api_token': 'test'
        }
    
    def test_user_can_request_new_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
        user.subsonic_api_token = 'test'
        user.save()
    
        url = reverse(
            'api:v1:users:users-subsonic-token',
            kwargs={'username': user.username})
    
        response = logged_in_api_client.post(url)
    
        assert response.status_code == 200
        user.refresh_from_db()
        assert user.subsonic_api_token != 'test'
        assert user.subsonic_api_token is not None
        assert response.data == {
            'subsonic_api_token': user.subsonic_api_token
        }
    
    
    def test_user_can_delete_subsonic_token(logged_in_api_client):
        user = logged_in_api_client.user
        user.subsonic_api_token = 'test'
        user.save()
    
        url = reverse(
            'api:v1:users:users-subsonic-token',
            kwargs={'username': user.username})
    
        response = logged_in_api_client.delete(url)
    
        assert response.status_code == 204
        user.refresh_from_db()
        assert user.subsonic_api_token is None
    
    
    
    @pytest.mark.parametrize('method', ['put', 'patch'])
    def test_user_cannot_patch_another_user(
            method, logged_in_api_client, factories):
        user = factories['users.User']()
        payload = {
            'privacy_level': 'me',
        }
        url = reverse(
            'api:v1:users:users-detail',
            kwargs={'username': user.username})
    
        handler = getattr(logged_in_api_client, method)
        response = handler(url, payload)
    
        assert response.status_code == 403