github.com/tmlbl/deis@v1.0.2/controller/api/tests/test_auth.py (about) 1 """ 2 Unit tests for the Deis api app. 3 4 Run the tests with "./manage.py test api" 5 """ 6 7 from __future__ import unicode_literals 8 9 import json 10 import urllib 11 12 from django.contrib.auth.models import User 13 from django.test import TestCase 14 from django.test.utils import override_settings 15 from rest_framework.authtoken.models import Token 16 17 18 class AuthTest(TestCase): 19 20 fixtures = ['test_auth.json'] 21 22 """Tests user registration, authentication and authorization""" 23 24 def test_auth(self): 25 """ 26 Test that a user can register using the API, login and logout 27 """ 28 # test registration workflow 29 username, password = 'newuser', 'password' 30 first_name, last_name = 'Otto', 'Test' 31 email = 'autotest@deis.io' 32 submit = { 33 'username': username, 34 'password': password, 35 'first_name': first_name, 36 'last_name': last_name, 37 'email': email, 38 # try to abuse superuser/staff level perms (not the first signup!) 39 'is_superuser': True, 40 'is_staff': True, 41 } 42 url = '/v1/auth/register' 43 response = self.client.post(url, json.dumps(submit), content_type='application/json') 44 self.assertEqual(response.status_code, 201) 45 self.assertEqual(response.data['username'], username) 46 self.assertNotIn('password', response.data) 47 self.assertEqual(response.data['email'], email) 48 self.assertEqual(response.data['first_name'], first_name) 49 self.assertEqual(response.data['last_name'], last_name) 50 self.assertTrue(response.data['is_active']) 51 self.assertFalse(response.data['is_superuser']) 52 self.assertFalse(response.data['is_staff']) 53 # test login 54 url = '/v1/auth/login/' 55 payload = urllib.urlencode({'username': username, 'password': password}) 56 response = self.client.post(url, data=payload, 57 content_type='application/x-www-form-urlencoded') 58 self.assertEqual(response.status_code, 200) 59 60 @override_settings(REGISTRATION_ENABLED=False) 61 def test_auth_registration_disabled(self): 62 """test that a new user cannot register when registration is disabled.""" 63 url = '/v1/auth/register' 64 submit = { 65 'username': 'testuser', 66 'password': 'password', 67 'first_name': 'test', 68 'last_name': 'user', 69 'email': 'test@user.com', 70 'is_superuser': False, 71 'is_staff': False, 72 } 73 response = self.client.post(url, json.dumps(submit), content_type='application/json') 74 self.assertEqual(response.status_code, 403) 75 76 def test_cancel(self): 77 """Test that a registered user can cancel her account.""" 78 # test registration workflow 79 username, password = 'newuser', 'password' 80 first_name, last_name = 'Otto', 'Test' 81 email = 'autotest@deis.io' 82 submit = { 83 'username': username, 84 'password': password, 85 'first_name': first_name, 86 'last_name': last_name, 87 'email': email, 88 # try to abuse superuser/staff level perms 89 'is_superuser': True, 90 'is_staff': True, 91 } 92 url = '/v1/auth/register' 93 response = self.client.post(url, json.dumps(submit), content_type='application/json') 94 self.assertEqual(response.status_code, 201) 95 # cancel the account 96 url = '/v1/auth/cancel' 97 user = User.objects.get(username=username) 98 token = Token.objects.get(user=user).key 99 response = self.client.delete(url, 100 HTTP_AUTHORIZATION='token {}'.format(token)) 101 self.assertEqual(response.status_code, 204) 102 103 def test_passwd(self): 104 """Test that a registered user can change the password.""" 105 # test registration workflow 106 username, password = 'newuser', 'password' 107 first_name, last_name = 'Otto', 'Test' 108 email = 'autotest@deis.io' 109 submit = { 110 'username': username, 111 'password': password, 112 'first_name': first_name, 113 'last_name': last_name, 114 'email': email, 115 } 116 url = '/v1/auth/register' 117 response = self.client.post(url, json.dumps(submit), content_type='application/json') 118 self.assertEqual(response.status_code, 201) 119 # change password 120 url = '/v1/auth/passwd' 121 user = User.objects.get(username=username) 122 token = Token.objects.get(user=user).key 123 submit = { 124 'password': 'password2', 125 'new_password': password, 126 } 127 response = self.client.post(url, json.dumps(submit), content_type='application/json', 128 HTTP_AUTHORIZATION='token {}'.format(token)) 129 self.assertEqual(response.status_code, 400) 130 submit = { 131 'password': password, 132 'new_password': 'password2', 133 } 134 response = self.client.post(url, json.dumps(submit), content_type='application/json', 135 HTTP_AUTHORIZATION='token {}'.format(token)) 136 self.assertEqual(response.status_code, 200) 137 # test login with old password 138 url = '/v1/auth/login/' 139 payload = urllib.urlencode({'username': username, 'password': password}) 140 response = self.client.post(url, data=payload, 141 content_type='application/x-www-form-urlencoded') 142 self.assertEqual(response.status_code, 400) 143 # test login with new password 144 payload = urllib.urlencode({'username': username, 'password': 'password2'}) 145 response = self.client.post(url, data=payload, 146 content_type='application/x-www-form-urlencoded') 147 self.assertEqual(response.status_code, 200)