forked from mirrors/bookwyrm
commit
310c814399
3 changed files with 250 additions and 3 deletions
|
@ -5,7 +5,6 @@ from uuid import uuid4
|
||||||
|
|
||||||
import dateutil.parser
|
import dateutil.parser
|
||||||
from dateutil.parser import ParserError
|
from dateutil.parser import ParserError
|
||||||
from django.contrib.auth.models import AbstractUser
|
|
||||||
from django.contrib.postgres.fields import ArrayField as DjangoArrayField
|
from django.contrib.postgres.fields import ArrayField as DjangoArrayField
|
||||||
from django.core.exceptions import ValidationError
|
from django.core.exceptions import ValidationError
|
||||||
from django.core.files.base import ContentFile
|
from django.core.files.base import ContentFile
|
||||||
|
@ -25,6 +24,14 @@ def validate_remote_id(value):
|
||||||
params={'value': value},
|
params={'value': value},
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def validate_username(value):
|
||||||
|
''' make sure usernames look okay '''
|
||||||
|
if not re.match(r'^[A-Za-z\-_\.]+$', value):
|
||||||
|
raise ValidationError(
|
||||||
|
_('%(value)s is not a valid remote_id'),
|
||||||
|
params={'value': value},
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class ActivitypubFieldMixin:
|
class ActivitypubFieldMixin:
|
||||||
''' make a database field serializable '''
|
''' make a database field serializable '''
|
||||||
|
@ -134,7 +141,7 @@ class UsernameField(ActivitypubFieldMixin, models.CharField):
|
||||||
_('username'),
|
_('username'),
|
||||||
max_length=150,
|
max_length=150,
|
||||||
unique=True,
|
unique=True,
|
||||||
validators=[AbstractUser.username_validator],
|
validators=[validate_username],
|
||||||
error_messages={
|
error_messages={
|
||||||
'unique': _('A user with that username already exists.'),
|
'unique': _('A user with that username already exists.'),
|
||||||
},
|
},
|
||||||
|
|
239
bookwyrm/tests/test_view_actions.py
Normal file
239
bookwyrm/tests/test_view_actions.py
Normal file
|
@ -0,0 +1,239 @@
|
||||||
|
''' test for app action functionality '''
|
||||||
|
from unittest.mock import patch
|
||||||
|
|
||||||
|
from django.core.exceptions import PermissionDenied
|
||||||
|
from django.http.response import Http404
|
||||||
|
from django.test import TestCase
|
||||||
|
from django.test.client import RequestFactory
|
||||||
|
|
||||||
|
from bookwyrm import view_actions as actions, models
|
||||||
|
from bookwyrm.settings import DOMAIN
|
||||||
|
|
||||||
|
|
||||||
|
#pylint: disable=too-many-public-methods
|
||||||
|
class ViewActions(TestCase):
|
||||||
|
''' a lot here: all handlers for receiving activitypub requests '''
|
||||||
|
def setUp(self):
|
||||||
|
''' we need basic things, like users '''
|
||||||
|
self.local_user = models.User.objects.create_user(
|
||||||
|
'mouse', 'mouse@mouse.com', 'mouseword', local=True)
|
||||||
|
self.local_user.remote_id = 'https://example.com/user/mouse'
|
||||||
|
self.local_user.save()
|
||||||
|
with patch('bookwyrm.models.user.set_remote_server.delay'):
|
||||||
|
self.remote_user = models.User.objects.create_user(
|
||||||
|
'rat', 'rat@rat.com', 'ratword',
|
||||||
|
local=False,
|
||||||
|
remote_id='https://example.com/users/rat',
|
||||||
|
inbox='https://example.com/users/rat/inbox',
|
||||||
|
outbox='https://example.com/users/rat/outbox',
|
||||||
|
)
|
||||||
|
self.status = models.Status.objects.create(
|
||||||
|
user=self.local_user,
|
||||||
|
content='Test status',
|
||||||
|
remote_id='https://example.com/status/1',
|
||||||
|
)
|
||||||
|
self.settings = models.SiteSettings.objects.create(id=1)
|
||||||
|
self.factory = RequestFactory()
|
||||||
|
|
||||||
|
|
||||||
|
def test_register(self):
|
||||||
|
''' create a user '''
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria-user.user_nutria',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.cccc'
|
||||||
|
})
|
||||||
|
with patch('bookwyrm.view_actions.login'):
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 3)
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
nutria = models.User.objects.last()
|
||||||
|
self.assertEqual(nutria.username, 'nutria-user.user_nutria@%s' % DOMAIN)
|
||||||
|
self.assertEqual(nutria.localname, 'nutria-user.user_nutria')
|
||||||
|
self.assertEqual(nutria.local, True)
|
||||||
|
|
||||||
|
def test_register_trailing_space(self):
|
||||||
|
''' django handles this so weirdly '''
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria ',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc'
|
||||||
|
})
|
||||||
|
with patch('bookwyrm.view_actions.login'):
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 3)
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
nutria = models.User.objects.last()
|
||||||
|
self.assertEqual(nutria.username, 'nutria@%s' % DOMAIN)
|
||||||
|
self.assertEqual(nutria.localname, 'nutria')
|
||||||
|
self.assertEqual(nutria.local, True)
|
||||||
|
|
||||||
|
def test_register_invalid_email(self):
|
||||||
|
''' gotta have an email '''
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa'
|
||||||
|
})
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
self.assertEqual(response.template_name, 'login.html')
|
||||||
|
|
||||||
|
def test_register_invalid_username(self):
|
||||||
|
''' gotta have an email '''
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nut@ria',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc'
|
||||||
|
})
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
self.assertEqual(response.template_name, 'login.html')
|
||||||
|
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutr ia',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc'
|
||||||
|
})
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
self.assertEqual(response.template_name, 'login.html')
|
||||||
|
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nut@ria',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc'
|
||||||
|
})
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 2)
|
||||||
|
self.assertEqual(response.template_name, 'login.html')
|
||||||
|
|
||||||
|
|
||||||
|
def test_register_closed_instance(self):
|
||||||
|
''' you can't just register '''
|
||||||
|
self.settings.allow_registration = False
|
||||||
|
self.settings.save()
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria ',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc'
|
||||||
|
})
|
||||||
|
with self.assertRaises(PermissionDenied):
|
||||||
|
actions.register(request)
|
||||||
|
|
||||||
|
def test_register_invite(self):
|
||||||
|
''' you can't just register '''
|
||||||
|
self.settings.allow_registration = False
|
||||||
|
self.settings.save()
|
||||||
|
models.SiteInvite.objects.create(
|
||||||
|
code='testcode', user=self.local_user, use_limit=1)
|
||||||
|
self.assertEqual(models.SiteInvite.objects.get().times_used, 0)
|
||||||
|
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc',
|
||||||
|
'invite_code': 'testcode'
|
||||||
|
})
|
||||||
|
with patch('bookwyrm.view_actions.login'):
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 3)
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
self.assertEqual(models.SiteInvite.objects.get().times_used, 1)
|
||||||
|
|
||||||
|
# invalid invite
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria2',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc',
|
||||||
|
'invite_code': 'testcode'
|
||||||
|
})
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 3)
|
||||||
|
|
||||||
|
# bad invite code
|
||||||
|
request = self.factory.post(
|
||||||
|
'register/',
|
||||||
|
{
|
||||||
|
'username': 'nutria3',
|
||||||
|
'password': 'mouseword',
|
||||||
|
'email': 'aa@bb.ccc',
|
||||||
|
'invite_code': 'dkfkdjgdfkjgkdfj'
|
||||||
|
})
|
||||||
|
with self.assertRaises(Http404):
|
||||||
|
response = actions.register(request)
|
||||||
|
self.assertEqual(models.User.objects.count(), 3)
|
||||||
|
|
||||||
|
|
||||||
|
def test_password_reset_request(self):
|
||||||
|
''' send 'em an email '''
|
||||||
|
request = self.factory.post('', {'email': 'aa@bb.ccc'})
|
||||||
|
resp = actions.password_reset_request(request)
|
||||||
|
self.assertEqual(resp.status_code, 302)
|
||||||
|
|
||||||
|
request = self.factory.post(
|
||||||
|
'', {'email': 'mouse@mouse.com'})
|
||||||
|
with patch('bookwyrm.emailing.send_email.delay'):
|
||||||
|
resp = actions.password_reset_request(request)
|
||||||
|
self.assertEqual(resp.template_name, 'password_reset_request.html')
|
||||||
|
|
||||||
|
self.assertEqual(
|
||||||
|
models.PasswordReset.objects.get().user, self.local_user)
|
||||||
|
|
||||||
|
def test_password_reset(self):
|
||||||
|
''' reset from code '''
|
||||||
|
code = models.PasswordReset.objects.create(user=self.local_user)
|
||||||
|
request = self.factory.post('', {
|
||||||
|
'reset-code': code.code,
|
||||||
|
'password': 'hi',
|
||||||
|
'confirm-password': 'hi'
|
||||||
|
})
|
||||||
|
with patch('bookwyrm.view_actions.login'):
|
||||||
|
resp = actions.password_reset(request)
|
||||||
|
self.assertEqual(resp.status_code, 302)
|
||||||
|
self.assertFalse(models.PasswordReset.objects.exists())
|
||||||
|
|
||||||
|
def test_password_reset_wrong_code(self):
|
||||||
|
''' reset from code '''
|
||||||
|
models.PasswordReset.objects.create(user=self.local_user)
|
||||||
|
request = self.factory.post('', {
|
||||||
|
'reset-code': 'jhgdkfjgdf',
|
||||||
|
'password': 'hi',
|
||||||
|
'confirm-password': 'hi'
|
||||||
|
})
|
||||||
|
resp = actions.password_reset(request)
|
||||||
|
self.assertEqual(resp.template_name, 'password_reset.html')
|
||||||
|
self.assertTrue(models.PasswordReset.objects.exists())
|
||||||
|
|
||||||
|
def test_password_reset_mismatch(self):
|
||||||
|
''' reset from code '''
|
||||||
|
code = models.PasswordReset.objects.create(user=self.local_user)
|
||||||
|
request = self.factory.post('', {
|
||||||
|
'reset-code': code.code,
|
||||||
|
'password': 'hi',
|
||||||
|
'confirm-password': 'hihi'
|
||||||
|
})
|
||||||
|
resp = actions.password_reset(request)
|
||||||
|
self.assertEqual(resp.template_name, 'password_reset.html')
|
||||||
|
self.assertTrue(models.PasswordReset.objects.exists())
|
|
@ -66,7 +66,7 @@ def register(request):
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
errors = True
|
errors = True
|
||||||
|
|
||||||
username = form.data['username']
|
username = form.data['username'].strip()
|
||||||
email = form.data['email']
|
email = form.data['email']
|
||||||
password = form.data['password']
|
password = form.data['password']
|
||||||
|
|
||||||
|
@ -215,6 +215,7 @@ def edit_profile(request):
|
||||||
return redirect('/user/%s' % request.user.localname)
|
return redirect('/user/%s' % request.user.localname)
|
||||||
|
|
||||||
|
|
||||||
|
@require_POST
|
||||||
def resolve_book(request):
|
def resolve_book(request):
|
||||||
''' figure out the local path to a book from a remote_id '''
|
''' figure out the local path to a book from a remote_id '''
|
||||||
remote_id = request.POST.get('remote_id')
|
remote_id = request.POST.get('remote_id')
|
||||||
|
|
Loading…
Reference in a new issue