github.com/blystad/deis@v0.11.0/controller/api/tests/test_auth.py (about) 1 """ 2 Unit tests for the Deis api app. 3 4 Run the tests with "./manage.py test api" 5 """ 6 7 from __future__ import unicode_literals 8 9 import json 10 import urllib 11 12 from django.test import TestCase 13 from django.test.utils import override_settings 14 15 16 class AuthTest(TestCase): 17 18 fixtures = ['test_auth.json'] 19 20 """Tests user registration, authentication and authorization""" 21 22 def test_auth(self): 23 """ 24 Test that a user can register using the API, login and logout 25 """ 26 # make sure logging in with an invalid username/password 27 # results in a 200 login page 28 url = '/api/auth/login/' 29 body = {'username': 'fail', 'password': 'this'} 30 response = self.client.post(url, data=json.dumps(body), content_type='application/json') 31 self.assertEqual(response.status_code, 200) 32 # test registration workflow 33 username, password = 'newuser', 'password' 34 first_name, last_name = 'Otto', 'Test' 35 email = 'autotest@deis.io' 36 submit = { 37 'username': username, 38 'password': password, 39 'first_name': first_name, 40 'last_name': last_name, 41 'email': email, 42 # try to abuse superuser/staff level perms (not the first signup!) 43 'is_superuser': True, 44 'is_staff': True, 45 } 46 url = '/api/auth/register' 47 response = self.client.post(url, json.dumps(submit), content_type='application/json') 48 self.assertEqual(response.status_code, 201) 49 self.assertEqual(response.data['username'], username) 50 self.assertNotIn('password', response.data) 51 self.assertEqual(response.data['email'], email) 52 self.assertEqual(response.data['first_name'], first_name) 53 self.assertEqual(response.data['last_name'], last_name) 54 self.assertTrue(response.data['is_active']) 55 self.assertFalse(response.data['is_superuser']) 56 self.assertFalse(response.data['is_staff']) 57 self.assertTrue( 58 self.client.login(username=username, password=password)) 59 # test logout and login 60 url = '/api/auth/logout/' 61 response = self.client.post(url, content_type='application/json') 62 self.assertEqual(response.status_code, 200) 63 url = '/api/auth/login/' 64 payload = urllib.urlencode({'username': username, 'password': password}) 65 response = self.client.post(url, data=payload, 66 content_type='application/x-www-form-urlencoded') 67 self.assertEqual(response.status_code, 302) 68 69 @override_settings(REGISTRATION_ENABLED=False) 70 def test_auth_registration_disabled(self): 71 """test that a new user cannot register when registration is disabled.""" 72 url = '/api/auth/register' 73 submit = { 74 'username': 'testuser', 75 'password': 'password', 76 'first_name': 'test', 77 'last_name': 'user', 78 'email': 'test@user.com', 79 'is_superuser': False, 80 'is_staff': False, 81 } 82 response = self.client.post(url, json.dumps(submit), content_type='application/json') 83 self.assertEqual(response.status_code, 403) 84 85 def test_cancel(self): 86 """Test that a registered user can cancel her account.""" 87 # test registration workflow 88 username, password = 'newuser', 'password' 89 first_name, last_name = 'Otto', 'Test' 90 email = 'autotest@deis.io' 91 submit = { 92 'username': username, 93 'password': password, 94 'first_name': first_name, 95 'last_name': last_name, 96 'email': email, 97 # try to abuse superuser/staff level perms 98 'is_superuser': True, 99 'is_staff': True, 100 } 101 url = '/api/auth/register' 102 response = self.client.post(url, json.dumps(submit), content_type='application/json') 103 self.assertEqual(response.status_code, 201) 104 self.assertTrue( 105 self.client.login(username=username, password=password)) 106 # cancel the account 107 url = '/api/auth/cancel' 108 response = self.client.delete(url) 109 self.assertEqual(response.status_code, 204) 110 self.assertFalse( 111 self.client.login(username=username, password=password))