import random import string import json from django.test import TestCase from rest_framework.test import APITestCase from rest_framework import status from companies.factories import CompanyFactory from companies.models import Company from core.factories import CustomUserFactory from core.utils import get_tokens_for_user # Create your tests here. class CompanyViewSetTest(APITestCase): """CompanyViewset tests """ def setUp(self): """Tests setup """ self.endpoint = '/api/v1/companies/' self.factory = CompanyFactory self.model = Company # create user self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) self.user = CustomUserFactory(email="test@mail.com", password=self.password, is_active=True) # user not authenticated def test_not_logged_user_cannot_create_instance(self): """Not logged-in user cannot create new instance """ instances = [self.factory() for n in range(random.randint(1,5))] # Query endpoint response = self.client.post(self.endpoint, data={}) # Assert access is forbidden self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_not_logged_user_cannot_modify_existing_instance(self): """Not logged-in user cannot modify existing instance """ # Create instance instance = self.factory() # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.put(url, {}, format='json') # Assert forbidden code self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_not_logged_user_cannot_delete_existing_instance(self): """Not logged-in user cannot delete existing instance """ # Create instances instance = self.factory() # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.delete(url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) # Assert instance still exists on db self.assertTrue(self.model.objects.get(id=instance.pk)) def test_not_logged_user_can_list_instance(self): """Not logged-in user can list instance """ # Request list response = self.client.get(self.endpoint) # Assert access is forbidden self.assertEqual(response.status_code, status.HTTP_200_OK) # authenticated user def test_logged_user_can_list_instance(self): """Regular logged-in user can list instance """ # Create instances instances = [self.factory() for n in range(random.randint(1,5))] # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Request list response = self.client.get(self.endpoint) # Assert access is allowed self.assertEqual(response.status_code, status.HTTP_200_OK) # Assert all instances are returned self.assertEqual(len(instances), len(response.data)) def test_logged_user_can_create_instance(self): """Regular logged-in user can create new instance """ # Define request data data = { 'cif': 'qwerewq', 'company_name': 'qwerewq', 'short_name': 'qwerewq', 'web_link': 'http://qwerewq.com', 'shop': True, 'shop_link': 'http://qwerewq.com', 'platform': 'PRESTASHOP', 'email': 'test@email.com', 'logo': None, 'city': None, 'address': 'qwer qewr 5', 'geo': None, 'phone': '1234', 'mobile': '4321', 'other_phone': '41423', 'description': 'dfgfdgdfg', 'shop_rss_feed': 'http://qwerewq.com', 'sale_terms': 'tewrnmfew f ewfrfew ewewew f', 'shipping_cost': '12.25', 'sync': False } # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint response = self.client.post(self.endpoint, data=data, format='json') # Assert endpoint returns created status self.assertEqual(response.status_code, status.HTTP_201_CREATED) # Assert instance exists on db self.assertTrue(self.model.objects.get(id=response.data['id'])) def test_logged_user_can_modify_own_instance(self): """Regular logged-in user can modify existing instance """ # Create instances instance = self.factory() # make our user the creator instance.creator = self.user instance.save() # Define request data data = { 'cif': 'qwerewq', 'company_name': 'qwerewq', 'short_name': 'qwerewq', 'web_link': 'http://qwerewq.com', 'shop': True, 'shop_link': 'http://qwerewq.com', 'platform': 'PRESTASHOP', 'email': 'test@email.com', 'logo': None, 'city': None, 'address': 'qwer qewr 5', 'geo': None, 'phone': '1234', 'mobile': '4321', 'other_phone': '41423', 'description': 'dfgfdgdfg', 'shop_rss_feed': 'http://qwerewq.com', 'sale_terms': 'tewrnmfew f ewfrfew ewewew f', 'shipping_cost': '12.25', 'sync': False } # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.put(url, data, format='json') # Assert endpoint returns OK code self.assertEqual(response.status_code, status.HTTP_200_OK) # Assert instance has been modified for key in data: self.assertEqual(data[key], response.data[key]) def test_logged_user_cannot_modify_other_users_instance(self): """Regular logged-in user cannot modify other user's instance """ # Create instances instance = self.factory() # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.put(url, data={}, format='json') # Assert endpoint returns OK code self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_logged_user_cannot_delete_other_users_instance(self): """Regular logged-in user cannot delete other user's instance """ # Create instances instance = self.factory() # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.delete(url, format='json') # Assert endpoint returns OK code self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_logged_user_can_delete_own_instance(self): """Regular logged-in user can delete existing instance """ # Create instances instance = self.factory() # make our user the creator instance.creator = self.user instance.save() # Authenticate user token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint url = self.endpoint + f'{instance.pk}/' response = self.client.delete(url) # assert 204 no content self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) # Assert instance doesn't exists anymore on db self.assertFalse(self.model.objects.filter(id=instance.pk).exists()) class MyCompanyViewTest(APITestCase): """CompanyViewset tests """ def setUp(self): """Tests setup """ self.endpoint = '/api/v1/my_company/' self.factory = CompanyFactory self.model = Company # create user self.email = f"user@mail.com" self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) self.user = CustomUserFactory(email=self.email, is_active=True) self.user.set_password(self.password) self.user.save() def test_auth_user_gets_data(self): # Authenticate token = get_tokens_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") # Query endpoint response = self.client.get(self.endpoint) # Assert forbidden code self.assertEqual(response.status_code, status.HTTP_200_OK) def test_anon_user_cannot_access(self): # send in request response = self.client.get(self.endpoint) # check response self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)