OpenSlides/server/tests/integration/users/test_views.py

import json

from django.urls import reverse
from rest_framework.test import APIClient

from openslides.users.models import User
from tests.test_case import TestCase


class TestWhoAmIView(TestCase):
    url = reverse("user_whoami")

    def setUp(self):
        pass

    def test_get_anonymous(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            json.loads(response.content.decode()),
            {
                "auth_type": "default",
                "user_id": None,
                "user": None,
                "permissions": [],
                "guest_enabled": False,
            },
        )

    def test_get_authenticated_user(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(json.loads(response.content.decode()).get("user_id"), 1)
        self.assertEqual(
            json.loads(response.content.decode()).get("guest_enabled"), False
        )

    def test_post(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 405)


class TestUserLogoutView(TestCase):
    url = reverse("user_logout")

    def setUp(self):
        pass

    def test_get(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 405)

    def test_post_anonymous(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 400)

    def test_post_authenticated_user(self):
        self.client.login(username="admin", password="admin")
        self.client.session["test_key"] = "test_value"

        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 200)
        self.assertFalse(hasattr(self.client.session, "test_key"))
        self.assertEqual(
            json.loads(response.content.decode()),
            {
                "auth_type": "default",
                "user_id": None,
                "user": None,
                "permissions": [],
                "guest_enabled": False,
            },
        )


class TestUserLoginView(TestCase):
    url = reverse("user_login")

    def setUp(self):
        self.client = APIClient()

    def test_get(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertTrue("login_info_text" in content)
        self.assertTrue("privacy_policy" in content)
        self.assertTrue("legal_notice" in content)
        self.assertTrue("theme" in content)
        self.assertTrue("logo_web_header" in content)

    def test_post_no_data(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Username or password is not correct.")

    def test_post_correct_data(self):
        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("user_id"), 1)
        self.assertTrue(isinstance(content.get("user"), dict))
        self.assertTrue(isinstance(content.get("permissions"), list))
        self.assertFalse(content.get("guest_enabled", True))
        self.assertEqual(content.get("auth_type"), "default")

    def test_post_incorrect_data(self):
        response = self.client.post(
            self.url, {"username": "wrong", "password": "wrong"}
        )

        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Username or password is not correct.")

    def test_user_inactive(self):
        admin = User.objects.get()
        admin.is_active = False
        admin.save()

        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("detail"), "Your account is not active.")

    def test_user_wrong_auth_type(self):
        admin = User.objects.get()
        admin.auth_type = "not default"
        admin.save()

        response = self.client.post(
            self.url, {"username": "admin", "password": "admin"}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Please login via your identity provider."
        )

    def test_no_cookies(self):
        response = self.client.post(
            self.url, {"username": "admin", "password": "admin", "cookies": False}
        )
        self.assertEqual(response.status_code, 400)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Cookies have to be enabled to use OpenSlides."
        )


class TestGetUserView(TestCase):
    url = reverse("get_user")

    def setUp(self):
        pass

    def test_get_anonymous(self):
        response = self.client.get(self.url)

        self.assertEqual(response.status_code, 403)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "Authentication credentials were not provided."
        )

    def test_get_authenticated_user(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "admin"})

        self.assertEqual(response.status_code, 200)
        users = json.loads(response.content.decode()).get("users")
        self.assertEqual(users[0]["username"], "admin")
        self.assertEqual(users[0]["last_name"], "Administrator")

    def test_post(self):
        response = self.client.post(self.url)

        self.assertEqual(response.status_code, 405)

    def test_not_found(self):
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "not-existing-username"})

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(content.get("users"), [])

    def test_multiple_objects(self):
        self.client.login(username="admin", password="admin")
        u1, p1 = self.create_user()
        u1.number = "Number#1234567890"
        u1.save()
        u2, p2 = self.create_user()
        u2.number = "Number#1234567890"
        u2.save()

        response = self.client.get(self.url, {"number": "Number#1234567890"})

        self.assertEqual(response.status_code, 200)
        content = json.loads(response.content.decode())
        self.assertEqual(len(content.get("users")), 2)

    def test_delegate(self):
        self.make_admin_delegate()
        self.client.login(username="admin", password="admin")

        response = self.client.get(self.url, {"username": "admin"})

        self.assertEqual(response.status_code, 403)
        content = json.loads(response.content.decode())
        self.assertEqual(
            content.get("detail"), "You do not have permission to perform this action."
        )