github.com/amrnt/deis@v1.3.1/controller/api/tests/test_auth.py (about) 1 """ 2 Unit tests for the Deis api app. 3 4 Run the tests with "./manage.py test api" 5 """ 6 7 from __future__ import unicode_literals 8 9 import json 10 import urllib 11 12 from django.contrib.auth.models import User 13 from django.test import TestCase 14 from django.test.utils import override_settings 15 from rest_framework.authtoken.models import Token 16 17 18 class AuthTest(TestCase): 19 20 fixtures = ['test_auth.json'] 21 22 """Tests user registration, authentication and authorization""" 23 24 def test_auth(self): 25 """ 26 Test that a user can register using the API, login and logout 27 """ 28 # test registration workflow 29 username, password = 'newuser', 'password' 30 first_name, last_name = 'Otto', 'Test' 31 email = 'autotest@deis.io' 32 submit = { 33 'username': username, 34 'password': password, 35 'first_name': first_name, 36 'last_name': last_name, 37 'email': email, 38 # try to abuse superuser/staff level perms (not the first signup!) 39 'is_superuser': True, 40 'is_staff': True, 41 } 42 url = '/v1/auth/register' 43 response = self.client.post(url, json.dumps(submit), content_type='application/json') 44 self.assertEqual(response.status_code, 201) 45 for key in response.data.keys(): 46 self.assertIn(key, ['id', 'last_login', 'is_superuser', 'username', 'first_name', 47 'last_name', 'email', 'is_active', 'is_superuser', 'is_staff', 48 'date_joined', 'groups', 'user_permissions']) 49 expected = { 50 'username': username, 51 'email': email, 52 'first_name': first_name, 53 'last_name': last_name, 54 'is_active': True, 55 'is_superuser': False, 56 'is_staff': False 57 } 58 self.assertDictContainsSubset(expected, response.data) 59 # test login 60 url = '/v1/auth/login/' 61 payload = urllib.urlencode({'username': username, 'password': password}) 62 response = self.client.post(url, data=payload, 63 content_type='application/x-www-form-urlencoded') 64 self.assertEqual(response.status_code, 200) 65 66 @override_settings(REGISTRATION_ENABLED=False) 67 def test_auth_registration_disabled(self): 68 """test that a new user cannot register when registration is disabled.""" 69 url = '/v1/auth/register' 70 submit = { 71 'username': 'testuser', 72 'password': 'password', 73 'first_name': 'test', 74 'last_name': 'user', 75 'email': 'test@user.com', 76 'is_superuser': False, 77 'is_staff': False, 78 } 79 response = self.client.post(url, json.dumps(submit), content_type='application/json') 80 self.assertEqual(response.status_code, 403) 81 82 def test_cancel(self): 83 """Test that a registered user can cancel her account.""" 84 # test registration workflow 85 username, password = 'newuser', 'password' 86 first_name, last_name = 'Otto', 'Test' 87 email = 'autotest@deis.io' 88 submit = { 89 'username': username, 90 'password': password, 91 'first_name': first_name, 92 'last_name': last_name, 93 'email': email, 94 # try to abuse superuser/staff level perms 95 'is_superuser': True, 96 'is_staff': True, 97 } 98 url = '/v1/auth/register' 99 response = self.client.post(url, json.dumps(submit), content_type='application/json') 100 self.assertEqual(response.status_code, 201) 101 # cancel the account 102 url = '/v1/auth/cancel' 103 user = User.objects.get(username=username) 104 token = Token.objects.get(user=user).key 105 response = self.client.delete(url, 106 HTTP_AUTHORIZATION='token {}'.format(token)) 107 self.assertEqual(response.status_code, 204) 108 109 def test_passwd(self): 110 """Test that a registered user can change the password.""" 111 # test registration workflow 112 username, password = 'newuser', 'password' 113 first_name, last_name = 'Otto', 'Test' 114 email = 'autotest@deis.io' 115 submit = { 116 'username': username, 117 'password': password, 118 'first_name': first_name, 119 'last_name': last_name, 120 'email': email, 121 } 122 url = '/v1/auth/register' 123 response = self.client.post(url, json.dumps(submit), content_type='application/json') 124 self.assertEqual(response.status_code, 201) 125 # change password 126 url = '/v1/auth/passwd' 127 user = User.objects.get(username=username) 128 token = Token.objects.get(user=user).key 129 submit = { 130 'password': 'password2', 131 'new_password': password, 132 } 133 response = self.client.post(url, json.dumps(submit), content_type='application/json', 134 HTTP_AUTHORIZATION='token {}'.format(token)) 135 self.assertEqual(response.status_code, 400) 136 self.assertEqual(response.data, {'detail': 'Current password does not match'}) 137 self.assertEqual(response.get('content-type'), 'application/json') 138 submit = { 139 'password': password, 140 'new_password': 'password2', 141 } 142 response = self.client.post(url, json.dumps(submit), content_type='application/json', 143 HTTP_AUTHORIZATION='token {}'.format(token)) 144 self.assertEqual(response.status_code, 200) 145 # test login with old password 146 url = '/v1/auth/login/' 147 payload = urllib.urlencode({'username': username, 'password': password}) 148 response = self.client.post(url, data=payload, 149 content_type='application/x-www-form-urlencoded') 150 self.assertEqual(response.status_code, 400) 151 # test login with new password 152 payload = urllib.urlencode({'username': username, 'password': 'password2'}) 153 response = self.client.post(url, data=payload, 154 content_type='application/x-www-form-urlencoded') 155 self.assertEqual(response.status_code, 200)