OpenSlides/server/tests/integration/users/test_views.py

232 lines
7.4 KiB
Python

import json
from django.urls import reverse
from rest_framework.test import APIClient
from openslides.users.models import User
from tests.test_case import TestCase
class TestWhoAmIView(TestCase):
url = reverse("user_whoami")
def setUp(self):
pass
def test_get_anonymous(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
json.loads(response.content.decode()),
{
"auth_type": "default",
"user_id": None,
"user": None,
"permissions": [],
"guest_enabled": False,
},
)
def test_get_authenticated_user(self):
self.client.login(username="admin", password="admin")
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content.decode()).get("user_id"), 1)
self.assertEqual(
json.loads(response.content.decode()).get("guest_enabled"), False
)
def test_post(self):
response = self.client.post(self.url)
self.assertEqual(response.status_code, 405)
class TestUserLogoutView(TestCase):
url = reverse("user_logout")
def setUp(self):
pass
def test_get(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, 405)
def test_post_anonymous(self):
response = self.client.post(self.url)
self.assertEqual(response.status_code, 400)
def test_post_authenticated_user(self):
self.client.login(username="admin", password="admin")
self.client.session["test_key"] = "test_value"
response = self.client.post(self.url)
self.assertEqual(response.status_code, 200)
self.assertFalse(hasattr(self.client.session, "test_key"))
self.assertEqual(
json.loads(response.content.decode()),
{
"auth_type": "default",
"user_id": None,
"user": None,
"permissions": [],
"guest_enabled": False,
},
)
class TestUserLoginView(TestCase):
url = reverse("user_login")
def setUp(self):
self.client = APIClient()
def test_get(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, 200)
content = json.loads(response.content.decode())
self.assertTrue("login_info_text" in content)
self.assertTrue("privacy_policy" in content)
self.assertTrue("legal_notice" in content)
self.assertTrue("theme" in content)
self.assertTrue("logo_web_header" in content)
def test_post_no_data(self):
response = self.client.post(self.url)
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(content.get("detail"), "Username or password is not correct.")
def test_post_correct_data(self):
response = self.client.post(
self.url, {"username": "admin", "password": "admin"}
)
self.assertEqual(response.status_code, 200)
content = json.loads(response.content.decode())
self.assertEqual(content.get("user_id"), 1)
self.assertTrue(isinstance(content.get("user"), dict))
self.assertTrue(isinstance(content.get("permissions"), list))
self.assertFalse(content.get("guest_enabled", True))
self.assertEqual(content.get("auth_type"), "default")
def test_post_incorrect_data(self):
response = self.client.post(
self.url, {"username": "wrong", "password": "wrong"}
)
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(content.get("detail"), "Username or password is not correct.")
def test_user_inactive(self):
admin = User.objects.get()
admin.is_active = False
admin.save()
response = self.client.post(
self.url, {"username": "admin", "password": "admin"}
)
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(content.get("detail"), "Your account is not active.")
def test_user_wrong_auth_type(self):
admin = User.objects.get()
admin.auth_type = "not default"
admin.save()
response = self.client.post(
self.url, {"username": "admin", "password": "admin"}
)
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(
content.get("detail"), "Please login via your identity provider."
)
def test_no_cookies(self):
response = self.client.post(
self.url, {"username": "admin", "password": "admin", "cookies": False}
)
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(
content.get("detail"), "Cookies have to be enabled to use OpenSlides."
)
class TestGetUserView(TestCase):
url = reverse("get_user")
def setUp(self):
pass
def test_get_anonymous(self):
response = self.client.get(self.url)
self.assertEqual(response.status_code, 403)
content = json.loads(response.content.decode())
self.assertEqual(
content.get("detail"), "Authentication credentials were not provided."
)
def test_get_authenticated_user(self):
self.client.login(username="admin", password="admin")
response = self.client.get(self.url, {"username": "admin"})
self.assertEqual(response.status_code, 200)
user = json.loads(response.content.decode()).get("user")
self.assertEqual(user["username"], "admin")
self.assertEqual(user["last_name"], "Administrator")
def test_post(self):
response = self.client.post(self.url)
self.assertEqual(response.status_code, 405)
def test_not_found(self):
self.client.login(username="admin", password="admin")
response = self.client.get(self.url, {"username": "not-existing-username"})
self.assertEqual(response.status_code, 404)
content = json.loads(response.content.decode())
self.assertEqual(content.get("detail"), "User does not exist.")
def test_multiple_objects(self):
self.client.login(username="admin", password="admin")
u1, p1 = self.create_user()
u1.number = "Number#1234567890"
u1.save()
u2, p2 = self.create_user()
u2.number = "Number#1234567890"
u2.save()
response = self.client.get(self.url, {"number": "Number#1234567890"})
self.assertEqual(response.status_code, 400)
content = json.loads(response.content.decode())
self.assertEqual(content.get("detail"), "Found more than one user.")
def test_delegate(self):
self.make_admin_delegate()
self.client.login(username="admin", password="admin")
response = self.client.get(self.url, {"username": "admin"})
self.assertEqual(response.status_code, 403)
content = json.loads(response.content.decode())
self.assertEqual(
content.get("detail"), "You do not have permission to perform this action."
)