OpenSlides/server/tests/integration/users/test_views.py

import json

from django.urls import reverse
from rest_framework.test import APIClient

from openslides.users.models import User
from tests.test_case import TestCase


class TestWhoAmIView(TestCase):
    url = reverse("user_whoami")

    def setUp(self):
        pass

    def test_get_anonymous(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            json.loads(response.content.decode()),
            {
                "auth_type": "default",
                "user_id": None,
                "user": None,
                "permissions": [],
                "guest_enabled": False,
            },
        )

    def test_get_authenticated_user(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(json.loads(response.content.decode()).get("user_id"), 1)
        self.assertEqual(
            json.loads(response.content.decode()).get("guest_enabled"), False
        )

    def test_post(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 405)


class TestUserLogoutView(TestCase):
    url = reverse("user_logout")

    def setUp(self):
        pass

    def test_get(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 405)

    def test_post_anonymous(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 400)

    def test_post_authenticated_user(self):
        self.client.login(username="admin", password="admin")
        self.client.session["test_key"] = "test_value"

        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertFalse(hasattr(self.client.session, "test_key"))
        self.assertEqual(
            json.loads(response.content.decode()),
            {
                "auth_type": "default",
                "user_id": None,
                "user": None,
                "permissions": [],
                "guest_enabled": False,
            },
        )


class TestUserLoginView(TestCase):
    url = reverse("user_login")

    def setUp(self):
        self.client = APIClient()

    def test_get(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertTrue("login_info_text" in content)
        self.assertTrue("privacy_policy" in content)
        self.assertTrue("legal_notice" in content)
        self.assertTrue("theme" in content)
        self.assertTrue("logo_web_header" in content)

    def test_post_no_data(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Username or password is not correct.")

    def test_post_correct_data(self):
        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("user_id"), 1)
        self.assertTrue(isinstance(content.get("user"), dict))
        self.assertTrue(isinstance(content.get("permissions"), list))
        self.assertFalse(content.get("guest_enabled", True))
        self.assertEqual(content.get("auth_type"), "default")

    def test_post_incorrect_data(self):
        response = self.client.post(
            self.url, {"username": "wrong", "password": "wrong"}
        )

        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Username or password is not correct.")

    def test_user_inactive(self):
        admin = User.objects.get()
        admin.is_active = False
        admin.save()

        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Your account is not active.")

    def test_user_wrong_auth_type(self):
        admin = User.objects.get()
        admin.auth_type = "not default"
        admin.save()

        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Please login via your identity provider."
        )

    def test_no_cookies(self):
        response = self.client.post(
            self.url, {"username": "admin", "password": "admin", "cookies": False}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Cookies have to be enabled to use OpenSlides."
        )


class TestGetUserView(TestCase):
    url = reverse("get_user")

    def setUp(self):
        pass

    def test_get_anonymous(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 403)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Authentication credentials were not provided."
        )

    def test_get_authenticated_user(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "admin"})

        self.assertEqual(response.status_code, 200)
        users = json.loads(response.content.decode()).get("users")
        self.assertEqual(users[0]["username"], "admin")
        self.assertEqual(users[0]["last_name"], "Administrator")

    def test_post(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 405)

    def test_not_found(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "not-existing-username"})

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("users"), [])

    def test_multiple_objects(self):
        self.client.login(username="admin", password="admin")
        u1, p1 = self.create_user()
        u1.number = "Number#1234567890"
        u1.save()
        u2, p2 = self.create_user()
        u2.number = "Number#1234567890"
        u2.save()

        response = self.client.get(self.url, {"number": "Number#1234567890"})

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(len(content.get("users")), 2)

    def test_delegate(self):
        self.make_admin_delegate()
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "admin"})

        self.assertEqual(response.status_code, 403)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "You do not have permission to perform this action."
        )
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00			`import json`

New url schema 2018-08-22 06:22:28 +02:00			`from django.urls import reverse`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00			`from rest_framework.test import APIClient`

Add login errors for inactive users 2021-03-18 16:06:55 +01:00			`from openslides.users.models import User`
Initial work for supporting voting 2019-10-18 14:18:49 +02:00			`from tests.test_case import TestCase`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00

			`class TestWhoAmIView(TestCase):`
Run black 2019-01-06 16:22:33 +01:00			`url = reverse("user_whoami")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
Initial work for supporting voting 2019-10-18 14:18:49 +02:00			`def setUp(self):`
			`pass`

Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00			`def test_get_anonymous(self):`
			`response = self.client.get(self.url)`

			`self.assertEqual(response.status_code, 200)`
Added guest enabled info to WhoAmI view. 2015-12-10 00:02:16 +01:00			`self.assertEqual(`
Fixed test. 2015-12-11 15:47:22 +01:00			`json.loads(response.content.decode()),`
saml 2019-08-20 12:00:54 +02:00			`{`
			`"auth_type": "default",`
			`"user_id": None,`
			`"user": None,`
			`"permissions": [],`
			`"guest_enabled": False,`
			`},`
Run black 2019-01-06 16:22:33 +01:00			`)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_get_authenticated_user(self):`
Run black 2019-01-06 16:22:33 +01:00			`self.client.login(username="admin", password="admin")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`response = self.client.get(self.url)`

			`self.assertEqual(response.status_code, 200)`
Run black 2019-01-06 16:22:33 +01:00			`self.assertEqual(json.loads(response.content.decode()).get("user_id"), 1)`
			`self.assertEqual(`
			`json.loads(response.content.decode()).get("guest_enabled"), False`
			`)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_post(self):`
			`response = self.client.post(self.url)`

			`self.assertEqual(response.status_code, 405)`


			`class TestUserLogoutView(TestCase):`
Run black 2019-01-06 16:22:33 +01:00			`url = reverse("user_logout")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
Initial work for supporting voting 2019-10-18 14:18:49 +02:00			`def setUp(self):`
			`pass`

Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00			`def test_get(self):`
			`response = self.client.get(self.url)`

			`self.assertEqual(response.status_code, 405)`

			`def test_post_anonymous(self):`
			`response = self.client.post(self.url)`

Fixed login, logout and password change view. 2015-12-11 16:28:56 +01:00			`self.assertEqual(response.status_code, 400)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_post_authenticated_user(self):`
Run black 2019-01-06 16:22:33 +01:00			`self.client.login(username="admin", password="admin")`
			`self.client.session["test_key"] = "test_value"`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`response = self.client.post(self.url)`

			`self.assertEqual(response.status_code, 200)`
Run black 2019-01-06 16:22:33 +01:00			`self.assertFalse(hasattr(self.client.session, "test_key"))`
rework login system (again) 2019-03-07 10:47:03 +01:00			`self.assertEqual(`
			`json.loads(response.content.decode()),`
saml 2019-08-20 12:00:54 +02:00			`{`
			`"auth_type": "default",`
			`"user_id": None,`
			`"user": None,`
			`"permissions": [],`
			`"guest_enabled": False,`
			`},`
rework login system (again) 2019-03-07 10:47:03 +01:00			`)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00

			`class TestUserLoginView(TestCase):`
Run black 2019-01-06 16:22:33 +01:00			`url = reverse("user_login")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def setUp(self):`
			`self.client = APIClient()`

			`def test_get(self):`
			`response = self.client.get(self.url)`

Added login info text in config and view. 2016-01-09 01:10:37 +01:00			`self.assertEqual(response.status_code, 200)`
saml 2019-08-20 12:00:54 +02:00			`content = json.loads(response.content.decode())`
			`self.assertTrue("login_info_text" in content)`
			`self.assertTrue("privacy_policy" in content)`
			`self.assertTrue("legal_notice" in content)`
			`self.assertTrue("theme" in content)`
			`self.assertTrue("logo_web_header" in content)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_post_no_data(self):`
			`response = self.client.post(self.url)`

Fixed login, logout and password change view. 2015-12-11 16:28:56 +01:00			`self.assertEqual(response.status_code, 400)`
Add login errors for inactive users 2021-03-18 16:06:55 +01:00			`content = json.loads(response.content.decode())`
			`self.assertEqual(content.get("detail"), "Username or password is not correct.")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_post_correct_data(self):`
			`response = self.client.post(`
Run black 2019-01-06 16:22:33 +01:00			`self.url, {"username": "admin", "password": "admin"}`
			`)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`self.assertEqual(response.status_code, 200)`
saml 2019-08-20 12:00:54 +02:00			`content = json.loads(response.content.decode())`
			`self.assertEqual(content.get("user_id"), 1)`
			`self.assertTrue(isinstance(content.get("user"), dict))`
			`self.assertTrue(isinstance(content.get("permissions"), list))`
			`self.assertFalse(content.get("guest_enabled", True))`
			`self.assertEqual(content.get("auth_type"), "default")`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
			`def test_post_incorrect_data(self):`
			`response = self.client.post(`
Run black 2019-01-06 16:22:33 +01:00			`self.url, {"username": "wrong", "password": "wrong"}`
			`)`
Implemented auth via AngularJS Also added the derective osPerms to check if the current user has permissions. Removed old Django views and urls for user. Created utils.views.APIView which should be used instead of the AjaxView. Fixes: #1470 Fixes: #1454 2015-02-12 22:42:54 +01:00
Fixed login, logout and password change view. 2015-12-11 16:28:56 +01:00			`self.assertEqual(response.status_code, 400)`
Add login errors for inactive users 2021-03-18 16:06:55 +01:00			`content = json.loads(response.content.decode())`
			`self.assertEqual(content.get("detail"), "Username or password is not correct.")`

			`def test_user_inactive(self):`
			`admin = User.objects.get()`
			`admin.is_active = False`
			`admin.save()`

			`response = self.client.post(`
			`self.url, {"username": "admin", "password": "admin"}`
			`)`
			`self.assertEqual(response.status_code, 400)`
			`content = json.loads(response.content.decode())`
Updated translations 2021-03-19 11:03:34 +01:00			`self.assertEqual(content.get("detail"), "Your account is not active.")`
Add login errors for inactive users 2021-03-18 16:06:55 +01:00
			`def test_user_wrong_auth_type(self):`
			`admin = User.objects.get()`
			`admin.auth_type = "not default"`
			`admin.save()`

			`response = self.client.post(`
			`self.url, {"username": "admin", "password": "admin"}`
			`)`
			`self.assertEqual(response.status_code, 400)`
			`content = json.loads(response.content.decode())`
			`self.assertEqual(`
			`content.get("detail"), "Please login via your identity provider."`
			`)`

			`def test_no_cookies(self):`
			`response = self.client.post(`
			`self.url, {"username": "admin", "password": "admin", "cookies": False}`
			`)`
			`self.assertEqual(response.status_code, 400)`
			`content = json.loads(response.content.decode())`
			`self.assertEqual(`
			`content.get("detail"), "Cookies have to be enabled to use OpenSlides."`
			`)`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00

			`class TestGetUserView(TestCase):`
			`url = reverse("get_user")`

			`def setUp(self):`
			`pass`

			`def test_get_anonymous(self):`
			`response = self.client.get(self.url)`

			`self.assertEqual(response.status_code, 403)`
			`content = json.loads(response.content.decode())`
			`self.assertEqual(`
			`content.get("detail"), "Authentication credentials were not provided."`
			`)`

			`def test_get_authenticated_user(self):`
			`self.client.login(username="admin", password="admin")`

			`response = self.client.get(self.url, {"username": "admin"})`

			`self.assertEqual(response.status_code, 200)`
Changed GetUser view. Now it retrieves one or more users. 2021-11-30 00:26:48 +01:00			`users = json.loads(response.content.decode()).get("users")`
			`self.assertEqual(users[0]["username"], "admin")`
			`self.assertEqual(users[0]["last_name"], "Administrator")`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00
			`def test_post(self):`
			`response = self.client.post(self.url)`

			`self.assertEqual(response.status_code, 405)`

			`def test_not_found(self):`
			`self.client.login(username="admin", password="admin")`

			`response = self.client.get(self.url, {"username": "not-existing-username"})`

Changed GetUser view. Now it retrieves one or more users. 2021-11-30 00:26:48 +01:00			`self.assertEqual(response.status_code, 200)`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00			`content = json.loads(response.content.decode())`
Changed GetUser view. Now it retrieves one or more users. 2021-11-30 00:26:48 +01:00			`self.assertEqual(content.get("users"), [])`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00
			`def test_multiple_objects(self):`
			`self.client.login(username="admin", password="admin")`
			`u1, p1 = self.create_user()`
			`u1.number = "Number#1234567890"`
			`u1.save()`
			`u2, p2 = self.create_user()`
			`u2.number = "Number#1234567890"`
			`u2.save()`

			`response = self.client.get(self.url, {"number": "Number#1234567890"})`

Changed GetUser view. Now it retrieves one or more users. 2021-11-30 00:26:48 +01:00			`self.assertEqual(response.status_code, 200)`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00			`content = json.loads(response.content.decode())`
Changed GetUser view. Now it retrieves one or more users. 2021-11-30 00:26:48 +01:00			`self.assertEqual(len(content.get("users")), 2)`
Added route to get a user e. g. for third-party applications. 2021-11-05 13:46:00 +01:00
			`def test_delegate(self):`
			`self.make_admin_delegate()`
			`self.client.login(username="admin", password="admin")`

			`response = self.client.get(self.url, {"username": "admin"})`

			`self.assertEqual(response.status_code, 403)`
			`content = json.loads(response.content.decode())`
			`self.assertEqual(`
			`content.get("detail"), "You do not have permission to perform this action."`
			`)`