2018-07-09 23:22:26 +02:00
|
|
|
import pytest
|
2019-11-11 07:07:19 +01:00
|
|
|
from django.contrib.auth.models import Permission
|
2017-11-28 10:47:29 +01:00
|
|
|
from django.core import mail
|
2018-07-09 23:22:26 +02:00
|
|
|
from django.urls import reverse
|
2015-02-12 20:57:05 +01:00
|
|
|
from rest_framework import status
|
|
|
|
|
from rest_framework.test import APIClient
|
|
|
|
|
|
2015-06-30 20:04:14 +02:00
|
|
|
from openslides.core.config import config
|
2017-05-23 14:07:06 +02:00
|
|
|
from openslides.users.models import Group, PersonalNote, User
|
2018-09-01 08:00:00 +02:00
|
|
|
from openslides.utils.autoupdate import inform_changed_data
|
2019-11-01 09:11:12 +01:00
|
|
|
from tests.count_queries import count_queries
|
2019-10-18 14:18:49 +02:00
|
|
|
from tests.test_case import TestCase
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2019-07-23 11:50:16 +02:00
|
|
|
from ...common_groups import (
|
|
|
|
|
GROUP_ADMIN_PK,
|
|
|
|
|
GROUP_DEFAULT_PK,
|
|
|
|
|
GROUP_DELEGATE_PK,
|
|
|
|
|
GROUP_STAFF_PK,
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2016-09-18 16:00:31 +02:00
|
|
|
|
2018-07-09 23:22:26 +02:00
|
|
|
@pytest.mark.django_db(transaction=False)
|
|
|
|
|
def test_user_db_queries():
|
2016-09-18 16:00:31 +02:00
|
|
|
"""
|
2018-07-09 23:22:26 +02:00
|
|
|
Tests that only the following db queries are done:
|
|
|
|
|
* 2 requests to get the list of all users and
|
|
|
|
|
* 1 requests to get the list of all groups.
|
|
|
|
|
"""
|
|
|
|
|
for index in range(10):
|
2019-01-12 23:01:42 +01:00
|
|
|
User.objects.create(username=f"user{index}")
|
2016-09-18 16:00:31 +02:00
|
|
|
|
2019-11-04 14:56:01 +01:00
|
|
|
assert count_queries(User.get_elements)() == 3
|
2016-09-18 16:00:31 +02:00
|
|
|
|
|
|
|
|
|
2018-07-09 23:22:26 +02:00
|
|
|
@pytest.mark.django_db(transaction=False)
|
|
|
|
|
def test_group_db_queries():
|
2016-09-18 16:00:31 +02:00
|
|
|
"""
|
2018-07-09 23:22:26 +02:00
|
|
|
Tests that only the following db queries are done:
|
|
|
|
|
* 1 request to get the list of all groups.
|
|
|
|
|
* 1 request to get the permissions
|
2016-09-18 16:00:31 +02:00
|
|
|
"""
|
2018-07-09 23:22:26 +02:00
|
|
|
for index in range(10):
|
2019-01-12 23:01:42 +01:00
|
|
|
Group.objects.create(name=f"group{index}")
|
2016-09-18 16:00:31 +02:00
|
|
|
|
2019-11-04 14:56:01 +01:00
|
|
|
assert count_queries(Group.get_elements)() == 2
|
2016-09-18 16:00:31 +02:00
|
|
|
|
|
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
class UserGetTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests to receive a users via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
def test_get_with_user_who_is_in_group_with_pk_1(self):
|
|
|
|
|
"""
|
|
|
|
|
It is invalid, that a user is in the group with the pk 1. But if the
|
|
|
|
|
database is invalid, the user should nevertheless be received.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
admin = User.objects.get(username="admin")
|
2015-05-05 10:42:31 +02:00
|
|
|
group1 = Group.objects.get(pk=1)
|
|
|
|
|
admin.groups.add(group1)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
2015-05-05 10:42:31 +02:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = self.client.get("/rest/users/user/1/")
|
2015-05-05 10:42:31 +02:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
2017-04-10 16:28:38 +02:00
|
|
|
def test_get_with_user_without_permissions(self):
|
|
|
|
|
group = Group.objects.get(pk=1)
|
2019-01-06 16:22:33 +01:00
|
|
|
permission_string = "users.can_see_name"
|
|
|
|
|
app_label, codename = permission_string.split(".")
|
|
|
|
|
permission = group.permissions.get(
|
|
|
|
|
content_type__app_label=app_label, codename=codename
|
|
|
|
|
)
|
2017-04-10 16:28:38 +02:00
|
|
|
group.permissions.remove(permission)
|
2018-09-01 08:00:00 +02:00
|
|
|
inform_changed_data(group)
|
2019-01-06 16:22:33 +01:00
|
|
|
config["general_system_enable_anonymous"] = True
|
2017-04-10 16:28:38 +02:00
|
|
|
guest_client = APIClient()
|
|
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = guest_client.get("/rest/users/user/1/")
|
2017-04-10 16:28:38 +02:00
|
|
|
|
2018-11-01 17:30:18 +01:00
|
|
|
self.assertEqual(response.status_code, 404)
|
2017-04-10 16:28:38 +02:00
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
class UserCreate(TestCase):
|
2015-02-12 20:57:05 +01:00
|
|
|
"""
|
|
|
|
|
Tests creation of users via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
def test_simple_creation(self):
|
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-list"), {"last_name": "Test name keimeiShieX4Aekoe3do"}
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
2019-01-06 16:22:33 +01:00
|
|
|
new_user = User.objects.get(username="Test name keimeiShieX4Aekoe3do")
|
|
|
|
|
self.assertEqual(response.data["id"], new_user.id)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
def test_creation_with_group(self):
|
2019-05-13 10:17:24 +02:00
|
|
|
group_pks = (GROUP_DELEGATE_PK, GROUP_STAFF_PK)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-list"),
|
|
|
|
|
{"last_name": "Test name aedah1iequoof0Ashed4", "groups_id": group_pks},
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
user = User.objects.get(username="Test name aedah1iequoof0Ashed4")
|
2015-02-17 00:45:53 +01:00
|
|
|
self.assertTrue(user.groups.filter(pk=group_pks[0]).exists())
|
|
|
|
|
self.assertTrue(user.groups.filter(pk=group_pks[1]).exists())
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2016-08-08 09:37:46 +02:00
|
|
|
def test_creation_with_default_group(self):
|
2019-05-13 10:17:24 +02:00
|
|
|
group_pk = (GROUP_DEFAULT_PK,)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-list"),
|
|
|
|
|
{"last_name": "Test name aedah1iequoof0Ashed4", "groups_id": group_pk},
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(
|
|
|
|
|
response.data,
|
|
|
|
|
{"groups_id": ['Invalid pk "%d" - object does not exist.' % group_pk]},
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2019-11-06 15:55:03 +01:00
|
|
|
def test_clean_html(self):
|
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-list"),
|
|
|
|
|
{
|
|
|
|
|
"username": "test_name_Thimoo2ho7ahreighio3",
|
|
|
|
|
"about_me": "<p><foo>bar</foo></p>",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
|
|
|
|
user = User.objects.get(username="test_name_Thimoo2ho7ahreighio3")
|
|
|
|
|
self.assertEqual(user.about_me, "<p><foo>bar</foo></p>")
|
2020-01-21 09:48:26 +01:00
|
|
|
|
2019-11-01 16:15:06 +01:00
|
|
|
def test_double_username(self):
|
|
|
|
|
for field in ("last_name", "username"):
|
|
|
|
|
response = self.client.post(reverse("user-list"), {"username": "admin"})
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertEqual(User.objects.count(), 1)
|
2019-11-06 15:55:03 +01:00
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
class UserUpdate(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests update of users via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
def test_simple_update_via_patch(self):
|
2015-05-05 10:42:31 +02:00
|
|
|
"""
|
|
|
|
|
Test to only update the last_name with a patch request.
|
|
|
|
|
|
|
|
|
|
The field username *should not* be changed by the request.
|
|
|
|
|
"""
|
2015-02-12 20:57:05 +01:00
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2015-02-17 00:45:53 +01:00
|
|
|
# This is the builtin user 'Administrator' with username 'admin'. The pk is valid.
|
2019-01-06 16:22:33 +01:00
|
|
|
user_pk = User.objects.get(username="admin").pk
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
response = admin_client.patch(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-detail", args=[user_pk]),
|
|
|
|
|
{"last_name": "New name tu3ooh5Iez5Aec2laefo"},
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
2015-02-17 00:45:53 +01:00
|
|
|
user = User.objects.get(pk=user_pk)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(user.last_name, "New name tu3ooh5Iez5Aec2laefo")
|
|
|
|
|
self.assertEqual(user.username, "admin")
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
def test_simple_update_via_put(self):
|
2015-05-05 10:42:31 +02:00
|
|
|
"""
|
|
|
|
|
Test to only update the last_name with a put request.
|
|
|
|
|
|
|
|
|
|
The field username *should* be changed by the request.
|
|
|
|
|
"""
|
2015-02-12 20:57:05 +01:00
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2015-02-17 00:45:53 +01:00
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
2019-01-06 16:22:33 +01:00
|
|
|
user_pk = User.objects.get(username="admin").pk
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
response = admin_client.put(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-detail", args=[user_pk]), {"last_name": "New name Ohy4eeyei5"}
|
|
|
|
|
)
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2015-05-05 10:42:31 +02:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(User.objects.get(pk=user_pk).username, "New name Ohy4eeyei5")
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2016-01-09 11:59:34 +01:00
|
|
|
def test_update_deactivate_yourselfself(self):
|
|
|
|
|
"""
|
|
|
|
|
Tests that an user can not deactivate himself.
|
|
|
|
|
"""
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2016-01-09 11:59:34 +01:00
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
2019-01-06 16:22:33 +01:00
|
|
|
user_pk = User.objects.get(username="admin").pk
|
2016-01-09 11:59:34 +01:00
|
|
|
|
|
|
|
|
response = admin_client.patch(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-detail", args=[user_pk]),
|
|
|
|
|
{"username": "admin", "is_active": False},
|
|
|
|
|
)
|
2016-01-09 11:59:34 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
2017-02-24 15:04:12 +01:00
|
|
|
def test_update_yourself_non_manager(self):
|
|
|
|
|
"""
|
|
|
|
|
Tests that an user can update himself even if he is not a manager.
|
|
|
|
|
"""
|
|
|
|
|
user = User.objects.create_user(
|
2019-01-06 16:22:33 +01:00
|
|
|
username="non-admin zeiyeGhaoXoh4awe3xai",
|
|
|
|
|
password="non-admin chah1hoshohN5Oh7zouj",
|
|
|
|
|
)
|
2017-02-24 15:04:12 +01:00
|
|
|
client = APIClient()
|
|
|
|
|
client.login(
|
2019-01-06 16:22:33 +01:00
|
|
|
username="non-admin zeiyeGhaoXoh4awe3xai",
|
|
|
|
|
password="non-admin chah1hoshohN5Oh7zouj",
|
|
|
|
|
)
|
2017-02-24 15:04:12 +01:00
|
|
|
|
|
|
|
|
response = client.put(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-detail", args=[user.pk]),
|
|
|
|
|
{
|
|
|
|
|
"username": "New username IeWeipee5mahpi4quupo",
|
|
|
|
|
"last_name": "New name fae1Bu1Eyeis9eRox4xu",
|
|
|
|
|
"about_me": "New profile text Faemahphi3Hilokangei",
|
|
|
|
|
},
|
|
|
|
|
)
|
2017-02-24 15:04:12 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
user = User.objects.get(pk=user.pk)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(user.username, "New username IeWeipee5mahpi4quupo")
|
|
|
|
|
self.assertEqual(user.about_me, "New profile text Faemahphi3Hilokangei")
|
2017-02-24 15:04:12 +01:00
|
|
|
# The user is not allowed to change some other fields (like last_name).
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertNotEqual(user.last_name, "New name fae1Bu1Eyeis9eRox4xu")
|
2017-02-24 15:04:12 +01:00
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
class UserDelete(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests delete of users via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def setUp(self):
|
|
|
|
|
self.admin_client = APIClient()
|
|
|
|
|
self.admin_client.login(username="admin", password="admin")
|
|
|
|
|
|
2015-02-12 20:57:05 +01:00
|
|
|
def test_delete(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
User.objects.create(username="Test name bo3zieT3iefahng0ahqu")
|
2015-02-12 20:57:05 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
response = self.admin_client.delete(reverse("user-detail", args=["2"]))
|
2015-02-12 20:57:05 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertFalse(
|
|
|
|
|
User.objects.filter(username="Test name bo3zieT3iefahng0ahqu").exists()
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2016-01-09 11:59:34 +01:00
|
|
|
def test_delete_yourself(self):
|
|
|
|
|
# This is the builtin user 'Administrator'. The pk is valid.
|
|
|
|
|
admin_user_pk = 1
|
2019-07-17 11:24:01 +02:00
|
|
|
response = self.admin_client.delete(
|
|
|
|
|
reverse("user-detail", args=[admin_user_pk])
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
2016-01-09 11:59:34 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def test_bulk_delete(self):
|
|
|
|
|
# create 10 users:
|
|
|
|
|
ids = []
|
|
|
|
|
for i in range(10):
|
|
|
|
|
user = User(username=f"user_{i}")
|
|
|
|
|
user.save()
|
|
|
|
|
ids.append(user.id)
|
2016-01-09 11:59:34 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
response = self.admin_client.post(
|
2019-10-18 14:18:49 +02:00
|
|
|
reverse("user-bulk-delete"), {"user_ids": ids}
|
2019-07-17 11:24:01 +02:00
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
|
|
|
|
self.assertFalse(User.objects.filter(pk__in=ids).exists())
|
|
|
|
|
|
|
|
|
|
def test_bulk_delete_self(self):
|
|
|
|
|
""" The own id should be excluded, so nothing should happen. """
|
|
|
|
|
response = self.admin_client.post(
|
2019-10-18 14:18:49 +02:00
|
|
|
reverse("user-bulk-delete"), {"user_ids": [1]}
|
2019-07-17 11:24:01 +02:00
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
|
|
|
|
self.assertTrue(User.objects.filter(pk=1).exists())
|
2016-01-09 11:59:34 +01:00
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
class UserPassword(TestCase):
|
2015-06-18 22:39:58 +02:00
|
|
|
"""
|
|
|
|
|
Tests resetting users password via REST API by a manager.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def setUp(self):
|
|
|
|
|
self.admin_client = APIClient()
|
|
|
|
|
self.admin_client.login(username="admin", password="admin")
|
|
|
|
|
|
2015-06-18 22:39:58 +02:00
|
|
|
def test_reset(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
user = User.objects.create(username="Test name ooMoa4ou4mohn2eo1ree")
|
|
|
|
|
user.default_password = "new_password_Yuuh8OoQueePahngohy3"
|
2015-06-18 22:39:58 +02:00
|
|
|
user.save()
|
2019-07-17 11:24:01 +02:00
|
|
|
response = self.admin_client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("user-reset-password", args=[user.pk]),
|
|
|
|
|
{"password": "new_password_Yuuh8OoQueePahngohy3_new"},
|
|
|
|
|
)
|
2015-06-18 22:39:58 +02:00
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertTrue(
|
|
|
|
|
User.objects.get(pk=user.pk).check_password(
|
|
|
|
|
"new_password_Yuuh8OoQueePahngohy3_new"
|
|
|
|
|
)
|
|
|
|
|
)
|
2016-01-10 13:47:59 +01:00
|
|
|
|
2019-11-11 07:07:19 +01:00
|
|
|
def test_set(self):
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user_setpassword"),
|
|
|
|
|
{
|
|
|
|
|
"old_password": "admin",
|
|
|
|
|
"new_password": "new_password_eiki5eiCoozethahhief",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
self.assertTrue(admin.check_password("new_password_eiki5eiCoozethahhief"))
|
|
|
|
|
|
|
|
|
|
def test_set_no_manage_perms(self):
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
admin.groups.add(GROUP_DELEGATE_PK)
|
|
|
|
|
admin.groups.remove(GROUP_ADMIN_PK)
|
|
|
|
|
inform_changed_data(admin)
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user_setpassword"),
|
|
|
|
|
{
|
|
|
|
|
"old_password": "admin",
|
|
|
|
|
"new_password": "new_password_ou0wei3tae5ahr7oa1Fu",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
self.assertTrue(admin.check_password("new_password_ou0wei3tae5ahr7oa1Fu"))
|
|
|
|
|
|
|
|
|
|
def test_set_no_can_change_password(self):
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
admin.groups.add(GROUP_DELEGATE_PK)
|
|
|
|
|
admin.groups.remove(GROUP_ADMIN_PK)
|
|
|
|
|
can_change_password_permission = Permission.objects.get(
|
|
|
|
|
content_type__app_label="users", codename="can_change_password"
|
|
|
|
|
)
|
|
|
|
|
delegate_group = Group.objects.get(pk=GROUP_DELEGATE_PK)
|
|
|
|
|
delegate_group.permissions.remove(can_change_password_permission)
|
|
|
|
|
inform_changed_data(delegate_group)
|
|
|
|
|
inform_changed_data(admin)
|
|
|
|
|
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user_setpassword"),
|
|
|
|
|
{
|
|
|
|
|
"old_password": "admin",
|
|
|
|
|
"new_password": "new_password_Xeereehahzie3Oochere",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
self.assertTrue(admin.check_password("admin"))
|
|
|
|
|
|
|
|
|
|
def test_set_wrong_auth_type(self):
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
admin.auth_type = "something_else"
|
|
|
|
|
admin.save()
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user_setpassword"),
|
|
|
|
|
{
|
|
|
|
|
"old_password": "admin",
|
|
|
|
|
"new_password": "new_password_dau2ahng3Ahgha7yee8o",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
self.assertTrue(admin.check_password("admin"))
|
|
|
|
|
|
|
|
|
|
def test_set_anonymous_user(self):
|
|
|
|
|
config["general_system_enable_anonymous"] = True
|
|
|
|
|
guest_client = APIClient()
|
|
|
|
|
response = guest_client.post(
|
|
|
|
|
reverse("user_setpassword"),
|
|
|
|
|
{
|
|
|
|
|
"old_password": "admin",
|
|
|
|
|
"new_password": "new_password_SeeRieThahlaaf6cu8Oz",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def test_set_random_initial_password(self):
|
|
|
|
|
"""
|
|
|
|
|
Tests whether a random password is set if no default password is given. The password
|
|
|
|
|
must be set as the default and real password.
|
|
|
|
|
"""
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user-list"), {"username": "Test name 9gt043qwvnj2d0cr"}
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
|
|
|
|
|
|
|
|
|
user = User.objects.get(username="Test name 9gt043qwvnj2d0cr")
|
|
|
|
|
self.assertTrue(isinstance(user.default_password, str))
|
|
|
|
|
self.assertTrue(len(user.default_password) >= 8)
|
|
|
|
|
self.assertTrue(user.check_password(user.default_password))
|
|
|
|
|
|
|
|
|
|
def test_bulk_generate_new_passwords(self):
|
|
|
|
|
default_password1 = "Default password e3fj3oh39hwwcbjb2qqy"
|
|
|
|
|
default_password2 = "Default password 32pifjmaewrelkqwelng"
|
|
|
|
|
user1 = User.objects.create(
|
|
|
|
|
username="Test name r9uJoqq1k0fk09i39elq",
|
|
|
|
|
default_password=default_password1,
|
|
|
|
|
)
|
|
|
|
|
user2 = User.objects.create(
|
|
|
|
|
username="Test name poqwhfjpofmouivg73NU",
|
|
|
|
|
default_password=default_password2,
|
|
|
|
|
)
|
|
|
|
|
user1.set_password(default_password1)
|
|
|
|
|
user2.set_password(default_password2)
|
|
|
|
|
self.assertTrue(user1.check_password(default_password1))
|
|
|
|
|
self.assertTrue(user2.check_password(default_password2))
|
|
|
|
|
|
|
|
|
|
response = self.admin_client.post(
|
2019-10-18 14:18:49 +02:00
|
|
|
reverse("user-bulk-generate-passwords"), {"user_ids": [user1.id, user2.id]}
|
2019-07-17 11:24:01 +02:00
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
|
|
|
|
|
user1 = User.objects.get(username="Test name r9uJoqq1k0fk09i39elq")
|
|
|
|
|
user2 = User.objects.get(username="Test name poqwhfjpofmouivg73NU")
|
|
|
|
|
self.assertTrue(default_password1 != user1.default_password)
|
|
|
|
|
self.assertTrue(default_password2 != user2.default_password)
|
|
|
|
|
self.assertTrue(len(user1.default_password) >= 8)
|
|
|
|
|
self.assertTrue(len(user2.default_password) >= 8)
|
|
|
|
|
self.assertTrue(user1.check_password(user1.default_password))
|
|
|
|
|
self.assertTrue(user2.check_password(user2.default_password))
|
|
|
|
|
|
|
|
|
|
def test_bulk_reset_passwords_to_default_ones(self):
|
|
|
|
|
default_password1 = "Default password e3fj3oh39hwwcbjb2qqy"
|
|
|
|
|
default_password2 = "Default password 32pifjmaewrelkqwelng"
|
|
|
|
|
user1 = User.objects.create(
|
|
|
|
|
username="Test name pefkjOf9m8efNspuhPFq",
|
|
|
|
|
default_password=default_password1,
|
|
|
|
|
)
|
|
|
|
|
user2 = User.objects.create(
|
|
|
|
|
username="Test name qpymcmbmntiwoE97ev7C",
|
|
|
|
|
default_password=default_password2,
|
|
|
|
|
)
|
|
|
|
|
user1.set_password("")
|
|
|
|
|
user2.set_password("")
|
|
|
|
|
self.assertFalse(user1.check_password(default_password1))
|
|
|
|
|
self.assertFalse(user2.check_password(default_password2))
|
|
|
|
|
|
|
|
|
|
response = self.admin_client.post(
|
|
|
|
|
reverse("user-bulk-reset-passwords-to-default"),
|
|
|
|
|
{"user_ids": [user1.id, user2.id]},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
|
|
|
|
|
user1 = User.objects.get(username="Test name pefkjOf9m8efNspuhPFq")
|
|
|
|
|
user2 = User.objects.get(username="Test name qpymcmbmntiwoE97ev7C")
|
|
|
|
|
self.assertTrue(user1.check_password(default_password1))
|
|
|
|
|
self.assertTrue(user2.check_password(default_password2))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class UserBulkSetState(TestCase):
|
2016-08-25 11:40:37 +02:00
|
|
|
"""
|
2019-07-17 11:24:01 +02:00
|
|
|
Tests setting states of users.
|
2016-08-25 11:40:37 +02:00
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def setUp(self):
|
|
|
|
|
self.client = APIClient()
|
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
admin = User.objects.get()
|
|
|
|
|
admin.is_active = True
|
|
|
|
|
admin.is_present = True
|
|
|
|
|
admin.is_committee = True
|
|
|
|
|
admin.save()
|
2016-08-25 11:40:37 +02:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def test_set_is_present(self):
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-set-state"),
|
|
|
|
|
{"user_ids": [1], "field": "is_present", "value": False},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertTrue(User.objects.get().is_active)
|
|
|
|
|
self.assertFalse(User.objects.get().is_present)
|
|
|
|
|
self.assertTrue(User.objects.get().is_committee)
|
|
|
|
|
|
|
|
|
|
def test_invalid_field(self):
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-set-state"),
|
|
|
|
|
{"user_ids": [1], "field": "invalid", "value": False},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertTrue(User.objects.get().is_active)
|
|
|
|
|
self.assertTrue(User.objects.get().is_present)
|
|
|
|
|
self.assertTrue(User.objects.get().is_committee)
|
2016-08-25 11:40:37 +02:00
|
|
|
|
2019-07-17 11:24:01 +02:00
|
|
|
def test_invalid_value(self):
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-set-state"),
|
|
|
|
|
{"user_ids": [1], "field": "is_active", "value": "invalid"},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertTrue(User.objects.get().is_active)
|
|
|
|
|
self.assertTrue(User.objects.get().is_present)
|
|
|
|
|
self.assertTrue(User.objects.get().is_committee)
|
|
|
|
|
|
|
|
|
|
def test_set_active_not_self(self):
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-set-state"),
|
|
|
|
|
{"user_ids": [1], "field": "is_active", "value": False},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertTrue(User.objects.get().is_active)
|
|
|
|
|
self.assertTrue(User.objects.get().is_present)
|
|
|
|
|
self.assertTrue(User.objects.get().is_committee)
|
2015-06-18 22:39:58 +02:00
|
|
|
|
|
|
|
|
|
2019-07-23 11:50:16 +02:00
|
|
|
class UserBulkAlterGroups(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests altering groups of users.
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.client = APIClient()
|
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
self.admin = User.objects.get()
|
|
|
|
|
self.user = User.objects.create(username="Test name apfj31fa0ovmc8cqc8e8")
|
|
|
|
|
|
|
|
|
|
def test_add(self):
|
|
|
|
|
self.assertEqual(self.user.groups.count(), 0)
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-alter-groups"),
|
|
|
|
|
{
|
|
|
|
|
"user_ids": [self.user.pk],
|
|
|
|
|
"action": "add",
|
|
|
|
|
"group_ids": [GROUP_DELEGATE_PK, GROUP_STAFF_PK],
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertEqual(self.user.groups.count(), 2)
|
|
|
|
|
self.assertTrue(self.user.groups.filter(pk=GROUP_DELEGATE_PK).exists())
|
|
|
|
|
self.assertTrue(self.user.groups.filter(pk=GROUP_STAFF_PK).exists())
|
|
|
|
|
|
|
|
|
|
def test_remove(self):
|
|
|
|
|
groups = Group.objects.filter(
|
|
|
|
|
pk__in=[GROUP_DEFAULT_PK, GROUP_DELEGATE_PK, GROUP_STAFF_PK]
|
|
|
|
|
)
|
|
|
|
|
self.user.groups.set(groups)
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-alter-groups"),
|
|
|
|
|
{
|
|
|
|
|
"user_ids": [self.user.pk],
|
|
|
|
|
"action": "remove",
|
|
|
|
|
"group_ids": [GROUP_DEFAULT_PK, GROUP_STAFF_PK],
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertEqual(self.user.groups.count(), 1)
|
|
|
|
|
self.assertTrue(self.user.groups.filter(pk=GROUP_DELEGATE_PK).exists())
|
|
|
|
|
|
|
|
|
|
def test_no_request_user(self):
|
|
|
|
|
self.assertEqual(self.admin.groups.count(), 1)
|
|
|
|
|
self.assertEqual(self.admin.groups.get().pk, GROUP_ADMIN_PK)
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-alter-groups"),
|
|
|
|
|
{
|
|
|
|
|
"user_ids": [self.admin.pk],
|
|
|
|
|
"action": "add",
|
|
|
|
|
"group_ids": [GROUP_DELEGATE_PK],
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertEqual(self.admin.groups.count(), 1)
|
|
|
|
|
self.assertEqual(self.admin.groups.get().pk, GROUP_ADMIN_PK)
|
|
|
|
|
|
|
|
|
|
def test_invalid_action(self):
|
|
|
|
|
response = self.client.post(
|
|
|
|
|
reverse("user-bulk-alter-groups"),
|
|
|
|
|
{
|
|
|
|
|
"user_ids": [self.admin.pk],
|
|
|
|
|
"action": "invalid",
|
|
|
|
|
"group_ids": [GROUP_DELEGATE_PK],
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
|
|
|
|
|
2017-04-19 09:28:21 +02:00
|
|
|
class UserMassImport(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests mass import of users.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2017-04-19 09:28:21 +02:00
|
|
|
def test_mass_import(self):
|
2019-11-01 16:15:06 +01:00
|
|
|
data = [
|
|
|
|
|
{
|
|
|
|
|
"first_name": "first_name_kafaith3woh3thie7Ciy",
|
|
|
|
|
"last_name": "last_name_phah0jaeph9ThoongaeL",
|
|
|
|
|
"groups_id": [],
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"first_name": "first_name_kohdao7Eibouwee8ma2O",
|
|
|
|
|
"last_name": "last_name_4en5ANFoz2nQmoUkTfYe",
|
|
|
|
|
"groups_id": [],
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"first_name": "first_name_JbCpGkpcYCaQtDNA4pDW",
|
|
|
|
|
"last_name": "last_name_z0MMAIwbieKtpzW3dDJY",
|
|
|
|
|
"groups_id": [],
|
|
|
|
|
},
|
|
|
|
|
]
|
|
|
|
|
response = self.client.post(reverse("user-mass-import"), {"users": data})
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
self.assertEqual(User.objects.count(), 4)
|
|
|
|
|
|
|
|
|
|
def test_mass_import_double_username(self):
|
|
|
|
|
data = [
|
|
|
|
|
{"username": "double_name", "groups_id": []},
|
|
|
|
|
{"username": "double_name", "groups_id": []},
|
|
|
|
|
]
|
|
|
|
|
response = self.client.post(reverse("user-mass-import"), {"users": data})
|
2017-04-19 09:28:21 +02:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-11-01 16:15:06 +01:00
|
|
|
self.assertEqual(
|
|
|
|
|
User.objects.count(), 2
|
|
|
|
|
) # second user is skipped because the username already exists
|
|
|
|
|
|
|
|
|
|
def test_mass_import_double_name(self):
|
|
|
|
|
data = [
|
|
|
|
|
{"first_name": "double_name", "groups_id": []},
|
|
|
|
|
{"last_name": "double_name", "groups_id": []},
|
|
|
|
|
]
|
|
|
|
|
response = self.client.post(reverse("user-mass-import"), {"users": data})
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
User.objects.count(), 3
|
|
|
|
|
) # if username is generated, the api appends a number behind it and thus generates both users
|
2017-04-19 09:28:21 +02:00
|
|
|
|
|
|
|
|
|
2017-11-28 10:47:29 +01:00
|
|
|
class UserSendIntivationEmail(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests sending an email to the user.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2017-11-28 10:47:29 +01:00
|
|
|
email = "admin@test-domain.com"
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
self.client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
2017-11-28 10:47:29 +01:00
|
|
|
self.admin = User.objects.get()
|
|
|
|
|
self.admin.email = self.email
|
|
|
|
|
self.admin.save()
|
|
|
|
|
|
|
|
|
|
def test_email_sending(self):
|
2018-02-02 12:29:18 +01:00
|
|
|
data = {
|
2019-01-06 16:22:33 +01:00
|
|
|
"user_ids": [self.admin.pk],
|
|
|
|
|
"subject": config["users_email_subject"],
|
|
|
|
|
"message": config["users_email_body"],
|
2018-02-02 12:29:18 +01:00
|
|
|
}
|
2019-10-18 14:18:49 +02:00
|
|
|
response = self.client.post(reverse("user-mass-invite-email"), data)
|
2017-11-28 10:47:29 +01:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(response.data["count"], 1)
|
2017-11-28 10:47:29 +01:00
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
|
self.assertEqual(mail.outbox[0].to[0], self.email)
|
|
|
|
|
|
|
|
|
|
|
2016-08-29 17:05:06 +02:00
|
|
|
class GroupMetadata(TestCase):
|
|
|
|
|
def test_options_request_as_anonymous_user_activated(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
config["general_system_enable_anonymous"] = True
|
2016-08-29 17:05:06 +02:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = self.client.options("/rest/users/group/")
|
2016-08-29 17:05:06 +02:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(response.data["name"], "Group List")
|
|
|
|
|
perm_list = response.data["actions"]["POST"]["permissions"]["choices"]
|
2016-08-29 17:05:06 +02:00
|
|
|
self.assertEqual(type(perm_list), list)
|
|
|
|
|
for item in perm_list:
|
|
|
|
|
self.assertEqual(type(item), dict)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertTrue(item.get("display_name") is not None)
|
|
|
|
|
self.assertTrue(item.get("value") is not None)
|
2016-08-29 17:05:06 +02:00
|
|
|
|
|
|
|
|
|
2015-06-30 20:04:14 +02:00
|
|
|
class GroupReceive(TestCase):
|
2019-10-18 14:18:49 +02:00
|
|
|
def setUp(self):
|
|
|
|
|
pass
|
|
|
|
|
|
2015-06-30 20:04:14 +02:00
|
|
|
def test_get_groups_as_anonymous_deactivated(self):
|
|
|
|
|
"""
|
|
|
|
|
Test to get the groups with an anonymous user, when they are deactivated.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
response = self.client.get("/rest/users/group/")
|
2015-06-30 20:04:14 +02:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
|
|
|
|
|
|
def test_get_groups_as_anonymous_user_activated(self):
|
|
|
|
|
"""
|
|
|
|
|
Test to get the groups with an anonymous user, when they are activated.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
config["general_system_enable_anonymous"] = True
|
2015-06-30 20:04:14 +02:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = self.client.get("/rest/users/group/")
|
2015-06-30 20:04:14 +02:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
|
|
def test_logged_in_user_with_no_permission(self):
|
|
|
|
|
"""
|
|
|
|
|
Test to get the groups with an logged in user with no permissions.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
user = User(username="test")
|
|
|
|
|
user.set_password("test")
|
2015-06-30 20:04:14 +02:00
|
|
|
user.save()
|
2019-05-13 10:17:24 +02:00
|
|
|
default_group = Group.objects.get(pk=GROUP_DEFAULT_PK)
|
2016-08-08 09:37:46 +02:00
|
|
|
default_group.permissions.all().delete()
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="test", password="test")
|
2015-06-30 20:04:14 +02:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = self.client.get("/rest/users/group/")
|
2015-06-30 20:04:14 +02:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
class GroupCreate(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests creation of groups via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2020-01-08 10:46:11 +01:00
|
|
|
def test_creation_simple(self):
|
|
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
|
|
response = self.client.post(
|
2020-08-31 13:24:16 +02:00
|
|
|
reverse("group-list"), {"name": "Test name ldr59xq2mvt96rdayhju"}
|
2020-01-08 10:46:11 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
|
|
|
|
self.assertTrue(
|
|
|
|
|
Group.objects.filter(name="Test name ldr59xq2mvt96rdayhju").exists()
|
|
|
|
|
)
|
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
def test_creation(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
2015-02-17 00:45:53 +01:00
|
|
|
# This contains two valid permissions of the users app.
|
2019-01-06 16:22:33 +01:00
|
|
|
permissions = ("users.can_see_name", "users.can_see_extra_data")
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("group-list"),
|
|
|
|
|
{"name": "Test name la8eephu9vaecheiKeif", "permissions": permissions},
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
2019-01-06 16:22:33 +01:00
|
|
|
group = Group.objects.get(name="Test name la8eephu9vaecheiKeif")
|
2015-02-17 00:45:53 +01:00
|
|
|
for permission in permissions:
|
2019-01-06 16:22:33 +01:00
|
|
|
app_label, codename = permission.split(".")
|
|
|
|
|
self.assertTrue(
|
|
|
|
|
group.permissions.get(
|
|
|
|
|
content_type__app_label=app_label, codename=codename
|
|
|
|
|
)
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
def test_failed_creation_invalid_value(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
permissions = ("invalid_permission",)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("group-list"),
|
|
|
|
|
{"name": "Test name ool5aeb6Rai2aiLaith1", "permissions": permissions},
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
response.data,
|
2019-01-06 16:22:33 +01:00
|
|
|
{
|
|
|
|
|
"permissions": [
|
|
|
|
|
'Incorrect value "invalid_permission". Expected app_label.codename string.'
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
def test_failed_creation_invalid_permission(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
self.client.login(username="admin", password="admin")
|
|
|
|
|
permissions = ("invalid_app.invalid_permission",)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
response = self.client.post(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("group-list"),
|
|
|
|
|
{"name": "Test name wei2go2aiV3eophi9Ohg", "permissions": permissions},
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
response.data,
|
2019-01-06 16:22:33 +01:00
|
|
|
{
|
|
|
|
|
"permissions": [
|
|
|
|
|
'Invalid permission "invalid_app.invalid_permission". Object does not exist.'
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class GroupUpdate(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests update of groups via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
def test_simple_update_via_patch(self):
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2019-05-13 10:17:24 +02:00
|
|
|
group_pk = GROUP_DELEGATE_PK
|
2015-02-17 00:45:53 +01:00
|
|
|
# This contains one valid permission of the users app.
|
2019-01-06 16:22:33 +01:00
|
|
|
permissions = ("users.can_see_name",)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
response = admin_client.patch(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("group-detail", args=[group_pk]), {"permissions": permissions}
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
group = Group.objects.get(pk=group_pk)
|
|
|
|
|
for permission in permissions:
|
2019-01-06 16:22:33 +01:00
|
|
|
app_label, codename = permission.split(".")
|
|
|
|
|
self.assertTrue(
|
|
|
|
|
group.permissions.get(
|
|
|
|
|
content_type__app_label=app_label, codename=codename
|
|
|
|
|
)
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
def test_simple_update_via_put(self):
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2015-02-17 00:45:53 +01:00
|
|
|
# This contains one valid permission of the users app.
|
2019-01-06 16:22:33 +01:00
|
|
|
permissions = ("users.can_see_name",)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
response = admin_client.put(
|
2019-05-13 10:17:24 +02:00
|
|
|
reverse("group-detail", args=[GROUP_DELEGATE_PK]),
|
|
|
|
|
{"permissions": permissions},
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertEqual(response.data, {"name": ["This field is required."]})
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2017-03-06 16:34:20 +01:00
|
|
|
def test_update_via_put_with_new_permissions(self):
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
group = Group.objects.create(name="group_name_inooThe3dii4mahWeeSe")
|
2017-03-06 16:34:20 +01:00
|
|
|
# This contains all permissions.
|
|
|
|
|
permissions = [
|
2019-01-06 16:22:33 +01:00
|
|
|
"agenda.can_be_speaker",
|
|
|
|
|
"agenda.can_manage",
|
|
|
|
|
"agenda.can_see",
|
|
|
|
|
"agenda.can_see_internal_items",
|
|
|
|
|
"assignments.can_manage",
|
|
|
|
|
"assignments.can_nominate_other",
|
|
|
|
|
"assignments.can_nominate_self",
|
|
|
|
|
"assignments.can_see",
|
|
|
|
|
"core.can_manage_config",
|
|
|
|
|
"core.can_manage_projector",
|
|
|
|
|
"core.can_manage_tags",
|
|
|
|
|
"core.can_see_frontpage",
|
|
|
|
|
"core.can_see_projector",
|
|
|
|
|
"mediafiles.can_manage",
|
|
|
|
|
"mediafiles.can_see",
|
|
|
|
|
"motions.can_create",
|
|
|
|
|
"motions.can_manage",
|
|
|
|
|
"motions.can_see",
|
|
|
|
|
"motions.can_support",
|
|
|
|
|
"users.can_manage",
|
|
|
|
|
"users.can_see_extra_data",
|
|
|
|
|
"users.can_see_name",
|
2017-03-06 16:34:20 +01:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
response = admin_client.put(
|
2019-01-06 16:22:33 +01:00
|
|
|
reverse("group-detail", args=[group.pk]),
|
|
|
|
|
{"name": "new_group_name_Chie6duwaepoo8aech7r", "permissions": permissions},
|
|
|
|
|
)
|
2017-03-06 16:34:20 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
group = Group.objects.get(pk=group.pk)
|
|
|
|
|
for permission in permissions:
|
2019-01-06 16:22:33 +01:00
|
|
|
app_label, codename = permission.split(".")
|
|
|
|
|
self.assertTrue(
|
|
|
|
|
group.permissions.get(
|
|
|
|
|
content_type__app_label=app_label, codename=codename
|
|
|
|
|
)
|
|
|
|
|
)
|
2017-03-06 16:34:20 +01:00
|
|
|
|
2019-05-13 10:17:24 +02:00
|
|
|
def test_set_single_permission(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("group-set-permission", args=[GROUP_DEFAULT_PK]),
|
|
|
|
|
{"perm": "users.can_manage", "set": True},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
group = Group.objects.get(pk=GROUP_DEFAULT_PK)
|
|
|
|
|
self.assertTrue(
|
|
|
|
|
group.permissions.get(
|
|
|
|
|
content_type__app_label="users", codename="can_manage"
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def test_add_single_permission_wrong_permission(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("group-set-permission", args=[GROUP_DEFAULT_PK]),
|
|
|
|
|
{"perm": "not_existing.permission", "set": True},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
|
|
|
|
|
def test_remove_single_permission(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
|
|
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("group-set-permission", args=[GROUP_DEFAULT_PK]),
|
|
|
|
|
{"perm": "users.can_see_name", "set": False},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
group = Group.objects.get(pk=GROUP_DEFAULT_PK)
|
|
|
|
|
self.assertFalse(
|
|
|
|
|
group.permissions.filter(
|
|
|
|
|
content_type__app_label="users", codename="can_see"
|
|
|
|
|
).exists()
|
|
|
|
|
)
|
|
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
class GroupDelete(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests delete of groups via REST API.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2015-02-17 00:45:53 +01:00
|
|
|
def test_delete(self):
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
group = Group.objects.create(name="Test name Koh4lohlaewoog9Ahsh5")
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2019-01-06 16:22:33 +01:00
|
|
|
response = admin_client.delete(reverse("group-detail", args=[group.pk]))
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
2019-01-06 16:22:33 +01:00
|
|
|
self.assertFalse(
|
|
|
|
|
Group.objects.filter(name="Test name Koh4lohlaewoog9Ahsh5").exists()
|
|
|
|
|
)
|
2015-02-17 00:45:53 +01:00
|
|
|
|
|
|
|
|
def test_delete_builtin_groups(self):
|
|
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2015-02-17 00:45:53 +01:00
|
|
|
|
2019-05-13 10:17:24 +02:00
|
|
|
response = admin_client.delete(reverse("group-detail", args=[GROUP_DEFAULT_PK]))
|
2016-08-08 09:37:46 +02:00
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
2017-05-23 14:07:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class PersonalNoteTest(TestCase):
|
|
|
|
|
"""
|
|
|
|
|
Tests for PersonalNote model.
|
|
|
|
|
"""
|
2019-01-06 16:22:33 +01:00
|
|
|
|
2019-05-10 08:18:28 +02:00
|
|
|
def setUp(self):
|
|
|
|
|
self.admin = User.objects.get(username="admin")
|
|
|
|
|
|
2017-05-23 14:07:06 +02:00
|
|
|
def test_anonymous_without_personal_notes(self):
|
2019-01-06 16:22:33 +01:00
|
|
|
personal_note = PersonalNote.objects.create(
|
2019-05-10 08:18:28 +02:00
|
|
|
user=self.admin, notes='["admin_personal_note_OoGh8choro0oosh0roob"]'
|
2019-01-06 16:22:33 +01:00
|
|
|
)
|
|
|
|
|
config["general_system_enable_anonymous"] = True
|
2017-05-23 14:07:06 +02:00
|
|
|
guest_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
response = guest_client.get(
|
|
|
|
|
reverse("personalnote-detail", args=[personal_note.pk])
|
|
|
|
|
)
|
2018-11-01 17:30:18 +01:00
|
|
|
self.assertEqual(response.status_code, 404)
|
2017-05-23 14:07:06 +02:00
|
|
|
|
2019-05-10 08:18:28 +02:00
|
|
|
def test_create(self):
|
2017-05-23 14:07:06 +02:00
|
|
|
admin_client = APIClient()
|
2019-01-06 16:22:33 +01:00
|
|
|
admin_client.login(username="admin", password="admin")
|
2019-09-10 11:21:39 +02:00
|
|
|
content1 = {
|
|
|
|
|
"note": "note for the example.model with id 1 Oohae1JeuSedooyeeviH",
|
|
|
|
|
"star": True,
|
|
|
|
|
}
|
|
|
|
|
content2 = {
|
|
|
|
|
"note": "note for the example.model with id 2 gegjhjynjiohnhioaaiu",
|
|
|
|
|
"star": False,
|
|
|
|
|
}
|
2017-05-23 14:07:06 +02:00
|
|
|
response = admin_client.post(
|
2019-09-10 11:21:39 +02:00
|
|
|
reverse("personalnote-create-or-update"),
|
|
|
|
|
[
|
|
|
|
|
{"collection": "example-model", "id": 1, "content": content1},
|
|
|
|
|
{"collection": "example-model", "id": 2, "content": content2},
|
|
|
|
|
],
|
2017-05-23 14:07:06 +02:00
|
|
|
)
|
2019-09-10 11:21:39 +02:00
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
self.assertTrue(PersonalNote.objects.exists())
|
|
|
|
|
personal_note = PersonalNote.objects.get()
|
|
|
|
|
self.assertTrue("example-model" in personal_note.notes)
|
|
|
|
|
self.assertTrue("1" in personal_note.notes["example-model"])
|
|
|
|
|
self.assertTrue("2" in personal_note.notes["example-model"])
|
|
|
|
|
self.assertEqual(personal_note.notes["example-model"]["1"], content1)
|
|
|
|
|
self.assertEqual(personal_note.notes["example-model"]["2"], content2)
|
2019-05-10 08:18:28 +02:00
|
|
|
|
|
|
|
|
def test_anonymous_create(self):
|
|
|
|
|
guest_client = APIClient()
|
2019-10-18 14:18:49 +02:00
|
|
|
response = guest_client.post(reverse("personalnote-create-or-update"), [])
|
2019-05-10 08:18:28 +02:00
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
|
self.assertFalse(PersonalNote.objects.exists())
|
|
|
|
|
|
|
|
|
|
def test_update(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
personal_note = PersonalNote.objects.create(
|
2019-09-10 11:21:39 +02:00
|
|
|
user=self.admin,
|
|
|
|
|
notes={"test_collection": {2: "test_note_ld3mo1xjcnKNC(836qWe"}},
|
2019-05-10 08:18:28 +02:00
|
|
|
)
|
2019-09-10 11:21:39 +02:00
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("personalnote-create-or-update"),
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"collection": "test_collection",
|
|
|
|
|
"id": 2,
|
|
|
|
|
"content": "test_note_do2ncoi7ci2fm93LjwlO",
|
|
|
|
|
}
|
|
|
|
|
],
|
2019-05-10 08:18:28 +02:00
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
2019-09-10 11:21:39 +02:00
|
|
|
personal_note = PersonalNote.objects.get()
|
|
|
|
|
self.assertTrue("test_collection" in personal_note.notes)
|
|
|
|
|
self.assertTrue("2" in personal_note.notes["test_collection"])
|
2019-05-10 08:18:28 +02:00
|
|
|
self.assertEqual(
|
2019-09-10 11:21:39 +02:00
|
|
|
personal_note.notes["test_collection"]["2"],
|
|
|
|
|
"test_note_do2ncoi7ci2fm93LjwlO",
|
2019-05-10 08:18:28 +02:00
|
|
|
)
|
|
|
|
|
|
2019-11-06 15:55:03 +01:00
|
|
|
def test_clean_html(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("personalnote-create-or-update"),
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"collection": "test_collection",
|
|
|
|
|
"id": 1,
|
|
|
|
|
"content": {"note": "<p><foo>bar</foo></p>", "star": False},
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
format="json",
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
|
personal_note = PersonalNote.objects.get()
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
personal_note.notes["test_collection"]["1"],
|
|
|
|
|
{"note": "<p><foo>bar</foo></p>", "star": False},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
def test_clean_html_content_too_nested(self):
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
response = admin_client.post(
|
|
|
|
|
reverse("personalnote-create-or-update"),
|
|
|
|
|
[
|
|
|
|
|
{
|
|
|
|
|
"collection": "test_collection",
|
|
|
|
|
"id": 1,
|
|
|
|
|
"content": [{"some:key": ["<p><foo>bar</foo></p>"]}, 3],
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
format="json",
|
|
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
|
|
|
|
|
self.assertFalse(PersonalNote.objects.exists())
|
|
|
|
|
|
2019-09-10 11:21:39 +02:00
|
|
|
def test_delete_other_user(self):
|
2019-05-10 08:18:28 +02:00
|
|
|
user = User.objects.create(username="user")
|
|
|
|
|
admin_client = APIClient()
|
|
|
|
|
admin_client.login(username="admin", password="admin")
|
|
|
|
|
personal_note = PersonalNote.objects.create(
|
|
|
|
|
user=user, notes="test_note_fof3joqmcufh32fn(/2f"
|
|
|
|
|
)
|
2019-09-10 11:21:39 +02:00
|
|
|
response = admin_client.delete(
|
|
|
|
|
reverse("personalnote-detail", args=[personal_note.pk])
|
2019-05-10 08:18:28 +02:00
|
|
|
)
|
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
PersonalNote.objects.get().notes, "test_note_fof3joqmcufh32fn(/2f"
|
|
|
|
|
)
|
