2015-02-12 20:57:05 +01:00
|
|
|
from django.core.urlresolvers import reverse
|
|
|
|
from rest_framework import status
|
|
|
|
from rest_framework.test import APIClient
|
|
|
|
|
2015-06-30 20:04:14 +02:00
|
|
|
from openslides.core.config import config
|
2015-02-17 00:45:53 +01:00
|
|
|
from openslides.users.models import Group, User
|
2016-08-25 11:40:37 +02:00
|
|
|
from openslides.users.serializers import UserFullSerializer
|
2015-02-12 20:57:05 +01:00
|
|
|
from openslides.utils.test import TestCase
|
|
|
|
|
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
class UserGetTest(TestCase):
|
|
|
|
"""
|
|
|
|
Tests to receive a users via REST API.
|
|
|
|
"""
|
|
|
|
def test_get_with_user_who_is_in_group_with_pk_1(self):
|
|
|
|
"""
|
|
|
|
It is invalid, that a user is in the group with the pk 1. But if the
|
|
|
|
database is invalid, the user should nevertheless be received.
|
|
|
|
"""
|
|
|
|
admin = User.objects.get(pk=1)
|
|
|
|
group1 = Group.objects.get(pk=1)
|
|
|
|
admin.groups.add(group1)
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
|
|
|
|
response = self.client.get('/rest/users/user/1/')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
class UserCreate(TestCase):
|
2015-02-12 20:57:05 +01:00
|
|
|
"""
|
|
|
|
Tests creation of users via REST API.
|
|
|
|
"""
|
|
|
|
def test_simple_creation(self):
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
reverse('user-list'),
|
|
|
|
{'last_name': 'Test name keimeiShieX4Aekoe3do'})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
2015-02-25 16:17:00 +01:00
|
|
|
new_user = User.objects.get(username='Test name keimeiShieX4Aekoe3do')
|
|
|
|
self.assertEqual(response.data['id'], new_user.id)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
def test_creation_with_group(self):
|
|
|
|
self.client.login(username='admin', password='admin')
|
2015-02-17 00:45:53 +01:00
|
|
|
# These are the builtin groups 'Delegates' and 'Staff'. The pks are valid.
|
2016-08-08 09:37:46 +02:00
|
|
|
group_pks = (2, 3,)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
self.client.post(
|
|
|
|
reverse('user-list'),
|
|
|
|
{'last_name': 'Test name aedah1iequoof0Ashed4',
|
2016-04-14 21:29:28 +02:00
|
|
|
'groups_id': group_pks})
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
user = User.objects.get(username='Test name aedah1iequoof0Ashed4')
|
2015-02-17 00:45:53 +01:00
|
|
|
self.assertTrue(user.groups.filter(pk=group_pks[0]).exists())
|
|
|
|
self.assertTrue(user.groups.filter(pk=group_pks[1]).exists())
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2016-08-08 09:37:46 +02:00
|
|
|
def test_creation_with_default_group(self):
|
2015-02-12 20:57:05 +01:00
|
|
|
self.client.login(username='admin', password='admin')
|
2016-08-08 09:37:46 +02:00
|
|
|
# This is the builtin groups 'default'.
|
|
|
|
# The pk is valid. But this group can not be added to users.
|
|
|
|
group_pk = (1,)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
reverse('user-list'),
|
|
|
|
{'last_name': 'Test name aedah1iequoof0Ashed4',
|
2016-08-08 09:37:46 +02:00
|
|
|
'groups_id': group_pk})
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
2016-08-08 09:37:46 +02:00
|
|
|
self.assertEqual(response.data, {'groups_id': ["Invalid pk \"%d\" - object does not exist." % group_pk]})
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
|
|
|
class UserUpdate(TestCase):
|
|
|
|
"""
|
|
|
|
Tests update of users via REST API.
|
|
|
|
"""
|
|
|
|
def test_simple_update_via_patch(self):
|
2015-05-05 10:42:31 +02:00
|
|
|
"""
|
|
|
|
Test to only update the last_name with a patch request.
|
|
|
|
|
|
|
|
The field username *should not* be changed by the request.
|
|
|
|
"""
|
2015-02-12 20:57:05 +01:00
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
2015-02-17 00:45:53 +01:00
|
|
|
# This is the builtin user 'Administrator' with username 'admin'. The pk is valid.
|
|
|
|
user_pk = 1
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
response = admin_client.patch(
|
2015-02-17 00:45:53 +01:00
|
|
|
reverse('user-detail', args=[user_pk]),
|
2015-02-12 20:57:05 +01:00
|
|
|
{'last_name': 'New name tu3ooh5Iez5Aec2laefo'})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
2015-02-17 00:45:53 +01:00
|
|
|
user = User.objects.get(pk=user_pk)
|
2015-02-12 20:57:05 +01:00
|
|
|
self.assertEqual(user.last_name, 'New name tu3ooh5Iez5Aec2laefo')
|
|
|
|
self.assertEqual(user.username, 'admin')
|
|
|
|
|
|
|
|
def test_simple_update_via_put(self):
|
2015-05-05 10:42:31 +02:00
|
|
|
"""
|
|
|
|
Test to only update the last_name with a put request.
|
|
|
|
|
|
|
|
The field username *should* be changed by the request.
|
|
|
|
"""
|
2015-02-12 20:57:05 +01:00
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
2015-02-17 00:45:53 +01:00
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
|
|
|
user_pk = 1
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
response = admin_client.put(
|
2015-02-17 00:45:53 +01:00
|
|
|
reverse('user-detail', args=[user_pk]),
|
2015-05-05 10:42:31 +02:00
|
|
|
{'last_name': 'New name Ohy4eeyei5'})
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(User.objects.get(pk=1).username, 'New name Ohy4eeyei5')
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2016-01-09 11:59:34 +01:00
|
|
|
def test_update_deactivate_yourselfself(self):
|
|
|
|
"""
|
|
|
|
Tests that an user can not deactivate himself.
|
|
|
|
"""
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
|
|
|
user_pk = 1
|
|
|
|
|
|
|
|
response = admin_client.patch(
|
|
|
|
reverse('user-detail', args=[user_pk]),
|
|
|
|
{'username': 'admin',
|
|
|
|
'is_active': False},
|
|
|
|
format='json')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
class UserDelete(TestCase):
|
|
|
|
"""
|
|
|
|
Tests delete of users via REST API.
|
|
|
|
"""
|
|
|
|
def test_delete(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
User.objects.create(username='Test name bo3zieT3iefahng0ahqu')
|
|
|
|
|
|
|
|
response = admin_client.delete(reverse('user-detail', args=['2']))
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
|
|
|
self.assertFalse(User.objects.filter(username='Test name bo3zieT3iefahng0ahqu').exists())
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2016-01-09 11:59:34 +01:00
|
|
|
def test_delete_yourself(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
|
|
|
admin_user_pk = 1
|
|
|
|
|
|
|
|
response = admin_client.delete(reverse('user-detail', args=[admin_user_pk]))
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2015-06-18 22:39:58 +02:00
|
|
|
class UserResetPassword(TestCase):
|
|
|
|
"""
|
|
|
|
Tests resetting users password via REST API by a manager.
|
|
|
|
"""
|
|
|
|
def test_reset(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
user = User.objects.create(username='Test name ooMoa4ou4mohn2eo1ree')
|
|
|
|
user.default_password = 'new_password_Yuuh8OoQueePahngohy3'
|
|
|
|
user.save()
|
2016-01-10 13:47:59 +01:00
|
|
|
response = admin_client.post(
|
|
|
|
reverse('user-reset-password', args=[user.pk]),
|
|
|
|
{'password': 'new_password_Yuuh8OoQueePahngohy3_new'})
|
2015-06-18 22:39:58 +02:00
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
2016-01-10 13:47:59 +01:00
|
|
|
self.assertTrue(User.objects.get(pk=user.pk).check_password(
|
|
|
|
'new_password_Yuuh8OoQueePahngohy3_new'))
|
|
|
|
|
2016-08-25 11:40:37 +02:00
|
|
|
"""
|
|
|
|
Tests whether a random password is set as default and actual password
|
|
|
|
if no default password is provided.
|
|
|
|
"""
|
|
|
|
def test_set_random_initial_password(self):
|
2016-01-10 13:47:59 +01:00
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
2016-08-25 11:40:37 +02:00
|
|
|
|
|
|
|
serializer = UserFullSerializer()
|
|
|
|
user = serializer.create({'username': 'Test name 9gt043qwvnj2d0cr'})
|
2016-01-10 13:47:59 +01:00
|
|
|
user.save()
|
2016-08-25 11:40:37 +02:00
|
|
|
|
|
|
|
default_password = User.objects.get(pk=user.pk).default_password
|
|
|
|
self.assertIsNotNone(default_password)
|
|
|
|
self.assertEqual(len(default_password), 8)
|
|
|
|
self.assertTrue(User.objects.get(pk=user.pk).check_password(default_password))
|
2015-06-18 22:39:58 +02:00
|
|
|
|
|
|
|
|
2016-08-29 17:05:06 +02:00
|
|
|
class GroupMetadata(TestCase):
|
|
|
|
def test_options_request_as_anonymous_user_activated(self):
|
|
|
|
config['general_system_enable_anonymous'] = True
|
|
|
|
|
|
|
|
response = self.client.options('/rest/users/group/')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assertEqual(response.data['name'], 'Group List')
|
|
|
|
perm_list = response.data['actions']['POST']['permissions']['choices']
|
|
|
|
self.assertEqual(type(perm_list), list)
|
|
|
|
for item in perm_list:
|
|
|
|
self.assertEqual(type(item), dict)
|
|
|
|
self.assertTrue(item.get('display_name') is not None)
|
|
|
|
self.assertTrue(item.get('value') is not None)
|
|
|
|
|
|
|
|
|
2015-06-30 20:04:14 +02:00
|
|
|
class GroupReceive(TestCase):
|
|
|
|
def test_get_groups_as_anonymous_deactivated(self):
|
|
|
|
"""
|
|
|
|
Test to get the groups with an anonymous user, when they are deactivated.
|
|
|
|
"""
|
|
|
|
response = self.client.get('/rest/users/group/')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
|
|
|
|
def test_get_groups_as_anonymous_user_activated(self):
|
|
|
|
"""
|
|
|
|
Test to get the groups with an anonymous user, when they are activated.
|
|
|
|
"""
|
|
|
|
config['general_system_enable_anonymous'] = True
|
|
|
|
|
|
|
|
response = self.client.get('/rest/users/group/')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
def test_logged_in_user_with_no_permission(self):
|
|
|
|
"""
|
|
|
|
Test to get the groups with an logged in user with no permissions.
|
|
|
|
"""
|
|
|
|
user = User(username='test')
|
|
|
|
user.set_password('test')
|
|
|
|
user.save()
|
2016-08-08 09:37:46 +02:00
|
|
|
default_group = Group.objects.get(pk=1)
|
|
|
|
default_group.permissions.all().delete()
|
2015-06-30 20:04:14 +02:00
|
|
|
self.client.login(username='test', password='test')
|
|
|
|
|
|
|
|
response = self.client.get('/rest/users/group/')
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
class GroupCreate(TestCase):
|
|
|
|
"""
|
|
|
|
Tests creation of groups via REST API.
|
|
|
|
"""
|
|
|
|
def test_creation(self):
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
# This contains two valid permissions of the users app.
|
|
|
|
permissions = ('users.can_see_name', 'users.can_see_extra_data')
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
reverse('group-list'),
|
|
|
|
{'name': 'Test name la8eephu9vaecheiKeif',
|
|
|
|
'permissions': permissions})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
|
|
|
group = Group.objects.get(name='Test name la8eephu9vaecheiKeif')
|
|
|
|
for permission in permissions:
|
|
|
|
app_label, codename = permission.split('.')
|
|
|
|
self.assertTrue(group.permissions.get(content_type__app_label=app_label, codename=codename))
|
|
|
|
|
|
|
|
def test_failed_creation_invalid_value(self):
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
permissions = ('invalid_permission',)
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
reverse('group-list'),
|
|
|
|
{'name': 'Test name ool5aeb6Rai2aiLaith1',
|
|
|
|
'permissions': permissions})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
self.assertEqual(
|
|
|
|
response.data,
|
|
|
|
{'permissions': ['Incorrect value "invalid_permission". Expected app_label.codename string.']})
|
|
|
|
|
|
|
|
def test_failed_creation_invalid_permission(self):
|
|
|
|
self.client.login(username='admin', password='admin')
|
|
|
|
permissions = ('invalid_app.invalid_permission',)
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
reverse('group-list'),
|
|
|
|
{'name': 'Test name wei2go2aiV3eophi9Ohg',
|
|
|
|
'permissions': permissions})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
self.assertEqual(
|
|
|
|
response.data,
|
|
|
|
{'permissions': ['Invalid permission "invalid_app.invalid_permission". Object does not exist.']})
|
|
|
|
|
|
|
|
|
|
|
|
class GroupUpdate(TestCase):
|
|
|
|
"""
|
|
|
|
Tests update of groups via REST API.
|
|
|
|
"""
|
|
|
|
def test_simple_update_via_patch(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
# This is the builtin group 'Delegates'. The pk is valid.
|
2016-08-08 09:37:46 +02:00
|
|
|
group_pk = 2
|
2015-02-17 00:45:53 +01:00
|
|
|
# This contains one valid permission of the users app.
|
|
|
|
permissions = ('users.can_see_name',)
|
|
|
|
|
|
|
|
response = admin_client.patch(
|
|
|
|
reverse('group-detail', args=[group_pk]),
|
|
|
|
{'permissions': permissions})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
group = Group.objects.get(pk=group_pk)
|
|
|
|
for permission in permissions:
|
|
|
|
app_label, codename = permission.split('.')
|
|
|
|
self.assertTrue(group.permissions.get(content_type__app_label=app_label, codename=codename))
|
|
|
|
|
|
|
|
def test_simple_update_via_put(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
# This is the builtin group 'Delegates'. The pk is valid.
|
2016-08-08 09:37:46 +02:00
|
|
|
group_pk = 2
|
2015-02-17 00:45:53 +01:00
|
|
|
# This contains one valid permission of the users app.
|
|
|
|
permissions = ('users.can_see_name',)
|
|
|
|
|
|
|
|
response = admin_client.put(
|
|
|
|
reverse('group-detail', args=[group_pk]),
|
|
|
|
{'permissions': permissions})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
self.assertEqual(response.data, {'name': ['This field is required.']})
|
|
|
|
|
|
|
|
|
|
|
|
class GroupDelete(TestCase):
|
|
|
|
"""
|
|
|
|
Tests delete of groups via REST API.
|
|
|
|
"""
|
|
|
|
def test_delete(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
|
|
|
group = Group.objects.create(name='Test name Koh4lohlaewoog9Ahsh5')
|
|
|
|
|
|
|
|
response = admin_client.delete(reverse('group-detail', args=[group.pk]))
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
|
|
|
self.assertFalse(Group.objects.filter(name='Test name Koh4lohlaewoog9Ahsh5').exists())
|
|
|
|
|
|
|
|
def test_delete_builtin_groups(self):
|
|
|
|
admin_client = APIClient()
|
|
|
|
admin_client.login(username='admin', password='admin')
|
2016-08-08 09:37:46 +02:00
|
|
|
# The pk of builtin group 'Default'
|
|
|
|
group_pk = 1
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2016-08-08 09:37:46 +02:00
|
|
|
response = admin_client.delete(reverse('group-detail', args=[group_pk]))
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|