2015-02-12 22:42:54 +01:00
|
|
|
import json
|
|
|
|
|
2018-08-22 06:22:28 +02:00
|
|
|
from django.urls import reverse
|
2015-02-12 22:42:54 +01:00
|
|
|
from rest_framework.test import APIClient
|
|
|
|
|
2021-03-18 16:06:55 +01:00
|
|
|
from openslides.users.models import User
|
2019-10-18 14:18:49 +02:00
|
|
|
from tests.test_case import TestCase
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
class TestWhoAmIView(TestCase):
|
2019-01-06 16:22:33 +01:00
|
|
|
url = reverse("user_whoami")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
2019-10-18 14:18:49 +02:00
|
|
|
def setUp(self):
|
|
|
|
pass
|
|
|
|
|
2015-02-12 22:42:54 +01:00
|
|
|
def test_get_anonymous(self):
|
|
|
|
response = self.client.get(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2015-12-10 00:02:16 +01:00
|
|
|
self.assertEqual(
|
2015-12-11 15:47:22 +01:00
|
|
|
json.loads(response.content.decode()),
|
2019-08-20 12:00:54 +02:00
|
|
|
{
|
|
|
|
"auth_type": "default",
|
|
|
|
"user_id": None,
|
|
|
|
"user": None,
|
|
|
|
"permissions": [],
|
|
|
|
"guest_enabled": False,
|
|
|
|
},
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_get_authenticated_user(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
response = self.client.get(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(json.loads(response.content.decode()).get("user_id"), 1)
|
|
|
|
self.assertEqual(
|
|
|
|
json.loads(response.content.decode()).get("guest_enabled"), False
|
|
|
|
)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_post(self):
|
|
|
|
response = self.client.post(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 405)
|
|
|
|
|
|
|
|
|
|
|
|
class TestUserLogoutView(TestCase):
|
2019-01-06 16:22:33 +01:00
|
|
|
url = reverse("user_logout")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
2019-10-18 14:18:49 +02:00
|
|
|
def setUp(self):
|
|
|
|
pass
|
|
|
|
|
2015-02-12 22:42:54 +01:00
|
|
|
def test_get(self):
|
|
|
|
response = self.client.get(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 405)
|
|
|
|
|
|
|
|
def test_post_anonymous(self):
|
|
|
|
response = self.client.post(self.url)
|
|
|
|
|
2015-12-11 16:28:56 +01:00
|
|
|
self.assertEqual(response.status_code, 400)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_post_authenticated_user(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
self.client.session["test_key"] = "test_value"
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
response = self.client.post(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertFalse(hasattr(self.client.session, "test_key"))
|
2019-03-07 10:47:03 +01:00
|
|
|
self.assertEqual(
|
|
|
|
json.loads(response.content.decode()),
|
2019-08-20 12:00:54 +02:00
|
|
|
{
|
|
|
|
"auth_type": "default",
|
|
|
|
"user_id": None,
|
|
|
|
"user": None,
|
|
|
|
"permissions": [],
|
|
|
|
"guest_enabled": False,
|
|
|
|
},
|
2019-03-07 10:47:03 +01:00
|
|
|
)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
class TestUserLoginView(TestCase):
|
2019-01-06 16:22:33 +01:00
|
|
|
url = reverse("user_login")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.client = APIClient()
|
|
|
|
|
|
|
|
def test_get(self):
|
|
|
|
response = self.client.get(self.url)
|
|
|
|
|
2016-01-09 01:10:37 +01:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-08-20 12:00:54 +02:00
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertTrue("login_info_text" in content)
|
|
|
|
self.assertTrue("privacy_policy" in content)
|
|
|
|
self.assertTrue("legal_notice" in content)
|
|
|
|
self.assertTrue("theme" in content)
|
|
|
|
self.assertTrue("logo_web_header" in content)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_post_no_data(self):
|
|
|
|
response = self.client.post(self.url)
|
|
|
|
|
2015-12-11 16:28:56 +01:00
|
|
|
self.assertEqual(response.status_code, 400)
|
2021-03-18 16:06:55 +01:00
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(content.get("detail"), "Username or password is not correct.")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_post_correct_data(self):
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
self.url, {"username": "admin", "password": "admin"}
|
|
|
|
)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-08-20 12:00:54 +02:00
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(content.get("user_id"), 1)
|
|
|
|
self.assertTrue(isinstance(content.get("user"), dict))
|
|
|
|
self.assertTrue(isinstance(content.get("permissions"), list))
|
|
|
|
self.assertFalse(content.get("guest_enabled", True))
|
|
|
|
self.assertEqual(content.get("auth_type"), "default")
|
2015-02-12 22:42:54 +01:00
|
|
|
|
|
|
|
def test_post_incorrect_data(self):
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
self.url, {"username": "wrong", "password": "wrong"}
|
|
|
|
)
|
2015-02-12 22:42:54 +01:00
|
|
|
|
2015-12-11 16:28:56 +01:00
|
|
|
self.assertEqual(response.status_code, 400)
|
2021-03-18 16:06:55 +01:00
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(content.get("detail"), "Username or password is not correct.")
|
|
|
|
|
|
|
|
def test_user_inactive(self):
|
|
|
|
admin = User.objects.get()
|
|
|
|
admin.is_active = False
|
|
|
|
admin.save()
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
self.url, {"username": "admin", "password": "admin"}
|
|
|
|
)
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
content = json.loads(response.content.decode())
|
2021-03-19 11:03:34 +01:00
|
|
|
self.assertEqual(content.get("detail"), "Your account is not active.")
|
2021-03-18 16:06:55 +01:00
|
|
|
|
|
|
|
def test_user_wrong_auth_type(self):
|
|
|
|
admin = User.objects.get()
|
|
|
|
admin.auth_type = "not default"
|
|
|
|
admin.save()
|
|
|
|
|
|
|
|
response = self.client.post(
|
|
|
|
self.url, {"username": "admin", "password": "admin"}
|
|
|
|
)
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(
|
|
|
|
content.get("detail"), "Please login via your identity provider."
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_no_cookies(self):
|
|
|
|
response = self.client.post(
|
|
|
|
self.url, {"username": "admin", "password": "admin", "cookies": False}
|
|
|
|
)
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(
|
|
|
|
content.get("detail"), "Cookies have to be enabled to use OpenSlides."
|
|
|
|
)
|
2021-11-05 13:46:00 +01:00
|
|
|
|
|
|
|
|
|
|
|
class TestGetUserView(TestCase):
|
|
|
|
url = reverse("get_user")
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
pass
|
|
|
|
|
|
|
|
def test_get_anonymous(self):
|
|
|
|
response = self.client.get(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(
|
|
|
|
content.get("detail"), "Authentication credentials were not provided."
|
|
|
|
)
|
|
|
|
|
|
|
|
def test_get_authenticated_user(self):
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
response = self.client.get(self.url, {"username": "admin"})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
user = json.loads(response.content.decode()).get("user")
|
|
|
|
self.assertEqual(user["username"], "admin")
|
|
|
|
self.assertEqual(user["last_name"], "Administrator")
|
|
|
|
|
|
|
|
def test_post(self):
|
|
|
|
response = self.client.post(self.url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 405)
|
|
|
|
|
|
|
|
def test_not_found(self):
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
response = self.client.get(self.url, {"username": "not-existing-username"})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 404)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(content.get("detail"), "User does not exist.")
|
|
|
|
|
|
|
|
def test_multiple_objects(self):
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
u1, p1 = self.create_user()
|
|
|
|
u1.number = "Number#1234567890"
|
|
|
|
u1.save()
|
|
|
|
u2, p2 = self.create_user()
|
|
|
|
u2.number = "Number#1234567890"
|
|
|
|
u2.save()
|
|
|
|
|
|
|
|
response = self.client.get(self.url, {"number": "Number#1234567890"})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 400)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(content.get("detail"), "Found more than one user.")
|
|
|
|
|
|
|
|
def test_delegate(self):
|
|
|
|
self.make_admin_delegate()
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
response = self.client.get(self.url, {"username": "admin"})
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
content = json.loads(response.content.decode())
|
|
|
|
self.assertEqual(
|
|
|
|
content.get("detail"), "You do not have permission to perform this action."
|
|
|
|
)
|