moviewyrm/bookwyrm/tests/views/test_authentication.py

303 lines
11 KiB
Python
Raw Normal View History

2021-01-12 17:09:05 +00:00
''' test for app action functionality '''
from unittest.mock import patch
from django.contrib.auth.models import AnonymousUser
from django.core.exceptions import PermissionDenied
from django.http.response import Http404
from django.template.response import TemplateResponse
from django.test import TestCase
2021-01-12 17:53:04 +00:00
from django.test.client import RequestFactory
2021-01-12 17:09:05 +00:00
from bookwyrm import models, views
from bookwyrm.settings import DOMAIN
# pylint: disable=too-many-public-methods
class AuthenticationViews(TestCase):
''' login and password management '''
2021-01-12 17:53:04 +00:00
def setUp(self):
''' we need basic test data and mocks '''
self.factory = RequestFactory()
self.local_user = models.User.objects.create_user(
'mouse@local.com', 'mouse@mouse.com', 'password',
local=True, localname='mouse')
self.anonymous_user = AnonymousUser
self.anonymous_user.is_authenticated = False
self.settings = models.SiteSettings.objects.create(id=1)
def test_login_get(self):
2021-01-12 17:09:05 +00:00
''' there are so many views, this just makes sure it LOADS '''
2021-01-12 17:53:04 +00:00
login = views.Login.as_view()
2021-01-12 17:09:05 +00:00
request = self.factory.get('')
2021-01-12 17:53:04 +00:00
request.user = self.anonymous_user
result = login(request)
2021-01-12 17:09:05 +00:00
self.assertIsInstance(result, TemplateResponse)
self.assertEqual(result.template_name, 'login.html')
self.assertEqual(result.status_code, 200)
request.user = self.local_user
2021-01-12 17:53:04 +00:00
result = login(request)
2021-01-12 17:09:05 +00:00
self.assertEqual(result.url, '/')
self.assertEqual(result.status_code, 302)
def test_password_reset_request(self):
''' there are so many views, this just makes sure it LOADS '''
2021-01-12 17:53:04 +00:00
view = views.PasswordResetRequest.as_view()
2021-01-12 17:09:05 +00:00
request = self.factory.get('')
request.user = self.local_user
2021-01-12 17:53:04 +00:00
result = view(request)
2021-01-12 17:09:05 +00:00
self.assertIsInstance(result, TemplateResponse)
self.assertEqual(result.template_name, 'password_reset_request.html')
self.assertEqual(result.status_code, 200)
def test_password_reset_request_post(self):
''' send 'em an email '''
request = self.factory.post('', {'email': 'aa@bb.ccc'})
2021-01-12 17:53:04 +00:00
view = views.PasswordResetRequest.as_view()
resp = view(request)
2021-01-12 17:09:05 +00:00
self.assertEqual(resp.status_code, 302)
2021-01-12 17:53:04 +00:00
request = self.factory.post('', {'email': 'mouse@mouse.com'})
2021-01-12 17:09:05 +00:00
with patch('bookwyrm.emailing.send_email.delay'):
2021-01-12 17:53:04 +00:00
resp = view(request)
2021-01-12 17:09:05 +00:00
self.assertEqual(resp.template_name, 'password_reset_request.html')
self.assertEqual(
models.PasswordReset.objects.get().user, self.local_user)
def test_password_reset(self):
''' there are so many views, this just makes sure it LOADS '''
2021-01-12 17:53:04 +00:00
view = views.PasswordReset.as_view()
2021-01-12 17:09:05 +00:00
code = models.PasswordReset.objects.create(user=self.local_user)
request = self.factory.get('')
2021-01-12 17:53:04 +00:00
request.user = self.anonymous_user
result = view(request, code.code)
2021-01-12 17:09:05 +00:00
self.assertIsInstance(result, TemplateResponse)
self.assertEqual(result.template_name, 'password_reset.html')
self.assertEqual(result.status_code, 200)
def test_password_reset_post(self):
''' reset from code '''
2021-01-12 17:53:04 +00:00
view = views.PasswordReset.as_view()
2021-01-12 17:09:05 +00:00
code = models.PasswordReset.objects.create(user=self.local_user)
request = self.factory.post('', {
'password': 'hi',
'confirm-password': 'hi'
})
2021-01-12 17:53:04 +00:00
with patch('bookwyrm.views.password.login'):
resp = view(request, code.code)
2021-01-12 17:09:05 +00:00
self.assertEqual(resp.status_code, 302)
self.assertFalse(models.PasswordReset.objects.exists())
def test_password_reset_wrong_code(self):
''' reset from code '''
2021-01-12 17:53:04 +00:00
view = views.PasswordReset.as_view()
2021-01-12 17:09:05 +00:00
models.PasswordReset.objects.create(user=self.local_user)
request = self.factory.post('', {
'password': 'hi',
'confirm-password': 'hi'
})
2021-01-12 17:53:04 +00:00
resp = view(request, 'jhgdkfjgdf')
2021-01-12 17:09:05 +00:00
self.assertEqual(resp.template_name, 'password_reset.html')
self.assertTrue(models.PasswordReset.objects.exists())
def test_password_reset_mismatch(self):
''' reset from code '''
2021-01-12 17:53:04 +00:00
view = views.PasswordReset.as_view()
2021-01-12 17:09:05 +00:00
code = models.PasswordReset.objects.create(user=self.local_user)
request = self.factory.post('', {
'password': 'hi',
'confirm-password': 'hihi'
})
2021-01-12 17:53:04 +00:00
resp = view(request, code.code)
2021-01-12 17:09:05 +00:00
self.assertEqual(resp.template_name, 'password_reset.html')
self.assertTrue(models.PasswordReset.objects.exists())
def test_register(self):
''' create a user '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
request = self.factory.post(
'register/',
{
'localname': 'nutria-user.user_nutria',
'password': 'mouseword',
'email': 'aa@bb.cccc'
})
2021-01-12 17:53:04 +00:00
with patch('bookwyrm.views.authentication.login'):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.status_code, 302)
nutria = models.User.objects.last()
self.assertEqual(nutria.username, 'nutria-user.user_nutria@%s' % DOMAIN)
self.assertEqual(nutria.localname, 'nutria-user.user_nutria')
self.assertEqual(nutria.local, True)
def test_register_trailing_space(self):
''' django handles this so weirdly '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
2021-01-12 17:09:05 +00:00
request = self.factory.post(
'register/',
{
'localname': 'nutria ',
'password': 'mouseword',
'email': 'aa@bb.ccc'
})
2021-01-12 17:53:04 +00:00
with patch('bookwyrm.views.authentication.login'):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.status_code, 302)
nutria = models.User.objects.last()
self.assertEqual(nutria.username, 'nutria@%s' % DOMAIN)
self.assertEqual(nutria.localname, 'nutria')
self.assertEqual(nutria.local, True)
def test_register_invalid_email(self):
''' gotta have an email '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
request = self.factory.post(
'register/',
{
'localname': 'nutria',
'password': 'mouseword',
'email': 'aa'
})
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.template_name, 'login.html')
def test_register_invalid_username(self):
''' gotta have an email '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
request = self.factory.post(
'register/',
{
'localname': 'nut@ria',
'password': 'mouseword',
'email': 'aa@bb.ccc'
})
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.template_name, 'login.html')
request = self.factory.post(
'register/',
{
'localname': 'nutr ia',
'password': 'mouseword',
'email': 'aa@bb.ccc'
})
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.template_name, 'login.html')
request = self.factory.post(
'register/',
{
'localname': 'nut@ria',
'password': 'mouseword',
'email': 'aa@bb.ccc'
})
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.template_name, 'login.html')
def test_register_closed_instance(self):
''' you can't just register '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
2021-01-12 17:09:05 +00:00
self.settings.allow_registration = False
self.settings.save()
request = self.factory.post(
'register/',
{
'localname': 'nutria ',
'password': 'mouseword',
'email': 'aa@bb.ccc'
})
with self.assertRaises(PermissionDenied):
2021-01-12 17:53:04 +00:00
view(request)
2021-01-12 17:09:05 +00:00
def test_register_invite(self):
''' you can't just register '''
2021-01-12 17:53:04 +00:00
view = views.Register.as_view()
2021-01-12 17:09:05 +00:00
self.settings.allow_registration = False
self.settings.save()
models.SiteInvite.objects.create(
code='testcode', user=self.local_user, use_limit=1)
self.assertEqual(models.SiteInvite.objects.get().times_used, 0)
request = self.factory.post(
'register/',
{
'localname': 'nutria',
'password': 'mouseword',
'email': 'aa@bb.ccc',
'invite_code': 'testcode'
})
2021-01-12 17:53:04 +00:00
with patch('bookwyrm.views.authentication.login'):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
2021-01-12 17:09:05 +00:00
self.assertEqual(response.status_code, 302)
self.assertEqual(models.SiteInvite.objects.get().times_used, 1)
# invite already used to max capacity
request = self.factory.post(
'register/',
{
'localname': 'nutria2',
'password': 'mouseword',
'email': 'aa@bb.ccc',
'invite_code': 'testcode'
})
with self.assertRaises(PermissionDenied):
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
2021-01-12 17:09:05 +00:00
# bad invite code
request = self.factory.post(
'register/',
{
'localname': 'nutria3',
'password': 'mouseword',
'email': 'aa@bb.ccc',
'invite_code': 'dkfkdjgdfkjgkdfj'
})
with self.assertRaises(Http404):
2021-01-12 17:53:04 +00:00
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
2021-01-12 17:09:05 +00:00
def test_password_change(self):
''' change password '''
2021-01-12 17:53:04 +00:00
view = views.ChangePassword.as_view()
2021-01-12 17:09:05 +00:00
password_hash = self.local_user.password
request = self.factory.post('', {
'password': 'hi',
'confirm-password': 'hi'
})
request.user = self.local_user
2021-01-12 17:53:04 +00:00
with patch('bookwyrm.views.password.login'):
view(request)
2021-01-12 17:09:05 +00:00
self.assertNotEqual(self.local_user.password, password_hash)
def test_password_change_mismatch(self):
''' change password '''
2021-01-12 17:53:04 +00:00
view = views.ChangePassword.as_view()
2021-01-12 17:09:05 +00:00
password_hash = self.local_user.password
request = self.factory.post('', {
'password': 'hi',
'confirm-password': 'hihi'
})
request.user = self.local_user
2021-01-12 17:53:04 +00:00
view(request)
2021-01-12 17:09:05 +00:00
self.assertEqual(self.local_user.password, password_hash)