kit-eco.social/consumocuidado-server
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merged with diegos changes

Browse Source
This commit is contained in:
Sam
2021-02-04 12:13:12 +00:00
parent a61f11465c
commit 8d359cdb71
5 changed files with 55 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
core/tests.py
View File

@@ -329,7 +329,7 @@ class UpdateUserViewTest(APITestCase):
def setUp(self):
"""Tests setup
"""
self.endpoint = '/api/v1/user/change_password/'
self.endpoint = '/api/v1/users/'
self.factory = factories.CustomUserFactory
self.model = models.CustomUser
# create regular user
@@ -338,6 +338,11 @@ class UpdateUserViewTest(APITestCase):
self.user = self.factory(email=self.reg_email, is_active=True)
self.user.set_password(self.password)
self.user.save()
# create admin user
self.admin_email = f"admin_user@mail.com"
self.admin_user = self.factory(email=self.admin_email, is_staff=True, is_active=True)
self.admin_user.set_password(self.password)
self.admin_user.save()
def test_auth_user_can_modify_own_instance(self):
"""Regular user can modify own instance
@@ -355,32 +360,62 @@ class UpdateUserViewTest(APITestCase):
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
# Query endpoint
url = f'/api/v1/user/update/{self.user.pk}/'
url = f'{self.endpoint}{self.user.pk}/'
response = self.client.put(url, data=data, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_auth_user_cannot_modify_random_instance(self):
"""Regular user can modify own instance
"""Regular user cannot modify randnom instance
"""
# Create instance
instance = self.factory()
data = {
"email": "new_email@mail.com",
"full_name": "New Full Name",
'provider': 'PROVIDER',
}
# Authenticate
token = get_tokens_for_user(self.user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
# Query endpoint
url = f'/api/v1/user/update/{instance.pk}/'
response = self.client.put(url, data=data, format='json')
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data={}, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_anon_user_cannot_modify_random_instance(self):
"""anon user cannot modify instance
"""
# Create instance
instance = self.factory()
# Query endpoint
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data={}, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_admin_user_can_modify_random_instance(self):
"""Regular user cannot modify randnom instance
"""
# Create instance
instance = self.factory()
# Authenticate
token = get_tokens_for_user(self.admin_user)
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
data = {
"email": "new_email@mail.com",
"full_name": "New Full Name",
'provider': 'PROVIDER',
'notify': True,
}
# Query endpoint
url = f'{self.endpoint}{instance.pk}/'
response = self.client.put(url, data=data, format='json')
# Assert forbidden code
self.assertEqual(response.status_code, status.HTTP_200_OK)
class LoadCoopManagerTestCase(APITestCase):
@@ -394,7 +429,9 @@ class LoadCoopManagerTestCase(APITestCase):
# create admin user
self.admin_email = f"admin_user@mail.com"
self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
self.admin_user = self.user_factory(email=self.admin_email, password=self.password, is_staff=True, is_active=True)
self.admin_user = self.user_factory(email=self.admin_email, is_staff=True, is_active=True)
self.admin_user.set_password(self.password)
self.admin_user.save()
# create regular user
self.reg_email = f"user@mail.com"
self.user = self.user_factory(email=self.reg_email, is_active=True)