archive/bramw_baserow
1
0
Fork 0
mirror of https://gitlab.com/bramw/baserow.git synced 2025-05-21 07:56:54 +00:00
Code Issues Projects Releases Wiki Activity
bramw_baserow/backend/tests/baserow/api/users/test_user_views.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

1264 lines
41 KiB
Python
Raw Permalink Normal View History

Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
import os
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
from unittest.mock import patch
Add setttings for isort
2022-08-02 10:28:28 +02:00
from django.conf import settings
from django.contrib.auth import get_user_model
from django.shortcuts import reverse
import pytest
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
from freezegun import freeze_time
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
from rest_framework.status import (
HTTP_200_OK,
Add setttings for isort
2022-08-02 10:28:28 +02:00
HTTP_204_NO_CONTENT,
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
HTTP_400_BAD_REQUEST,
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
HTTP_401_UNAUTHORIZED,
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
HTTP_404_NOT_FOUND,
)
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
from rest_framework_simplejwt.settings import api_settings as jwt_settings
from rest_framework_simplejwt.tokens import RefreshToken
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
Add setttings for isort
2022-08-02 10:28:28 +02:00
from baserow.api.user.registries import UserDataType, user_data_registry
Resolve "Sent all emails via a Celery task instead of synchronous"
2021-04-13 18:08:19 +00:00
from baserow.contrib.database.models import Database, Table
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
from baserow.core.handler import CoreHandler
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
from baserow.core.models import Workspace, WorkspaceUser
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
from baserow.core.user.handler import UserHandler
implemented authentication endpoints, user login and registration
2019-07-11 17:23:10 +00:00
User = get_user_model()
@pytest.mark.django_db
Resolve "Disable Signup"
2021-02-17 20:36:11 +00:00
def test_create_user(client, data_fixture):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
valid_password = "thisIsAValidPassword"
short_password = "short"
removed api v0 namespace
2020-06-23 14:09:48 +02:00
response = client.post(
reverse("api:user:index"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"name": "Test1", "email": "test@test.nl", "password": valid_password},
made it possible to manage groups in the app
2019-08-26 17:49:28 +00:00
format="json",
)
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_200_OK
implemented authentication endpoints, user login and registration
2019-07-11 17:23:10 +00:00
user = User.objects.get(email="test@test.nl")
assert user.first_name == "Test1"
assert user.email == "test@test.nl"
assert user.password != ""
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert "password" not in response_json["user"]
assert response_json["user"]["username"] == "test@test.nl"
assert response_json["user"]["first_name"] == "Test1"
Give the first ever user created in a new instance of baserow staff as they must be the admin user and currently there is no other easy way for users to configure or grant staff themselves.
2021-03-12 10:37:16 +00:00
assert response_json["user"]["is_staff"] is True
Update row comments in realtime and don't block users from sending more comments whilst previous server post requests are pending.
2021-08-05 10:02:14 +00:00
assert response_json["user"]["id"] == user.id
Reformat entire codebase using black. See the file .git-blame-ignore-revs for how to remove this commit from your blame view.
2021-04-12 10:42:34 +02:00
Add user Profile model to store language setting
2021-08-24 13:51:12 +00:00
# Test profile properties
response = client.post(
reverse("api:user:index"),
{
"name": "Test1Bis",
"email": "test1bis@test.nl",
"password": valid_password,
"language": "fr",
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
user = User.objects.get(email="test1bis@test.nl")
assert user.profile.language == "fr"
assert response_json["user"]["language"] == "fr"
removed api v0 namespace
2020-06-23 14:09:48 +02:00
response_failed = client.post(
reverse("api:user:index"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"name": "Test1", "email": "test@test.nl", "password": valid_password},
made it possible to manage groups in the app
2019-08-26 17:49:28 +00:00
format="json",
)
implemented authentication endpoints, user login and registration
2019-07-11 17:23:10 +00:00
assert response_failed.status_code == 400
Resolve "Fix error messages when logging in or registering"
2020-03-24 20:26:16 +00:00
assert response_failed.json()["error"] == "ERROR_EMAIL_ALREADY_EXISTS"
implemented authentication endpoints, user login and registration
2019-07-11 17:23:10 +00:00
removed api v0 namespace
2020-06-23 14:09:48 +02:00
response_failed = client.post(
reverse("api:user:index"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"name": "Test1", "email": " teSt@teST.nl ", "password": valid_password},
normalize the users email
2020-05-21 08:14:47 +02:00
format="json",
)
assert response_failed.status_code == 400
assert response_failed.json()["error"] == "ERROR_EMAIL_ALREADY_EXISTS"
Upgrade Django to v3 and do Major/Minor bumps for all other libraries. Also...
2021-09-14 08:30:26 +00:00
too_long_name = "x" * 151
response_failed = client.post(
reverse("api:user:index"),
{
"name": too_long_name,
"email": "new@example.com ",
"password": valid_password,
},
format="json",
)
assert response_failed.status_code == 400
assert response_failed.json()["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_failed.json()["detail"] == {
"name": [
{
"code": "max_length",
"error": "Ensure this field has no more than 150 characters.",
}
]
}
Resolve "Disable Signup"
2021-02-17 20:36:11 +00:00
data_fixture.update_settings(allow_new_signups=False)
response_failed = client.post(
reverse("api:user:index"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"name": "Test1", "email": "test10@test.nl", "password": valid_password},
Resolve "Disable Signup"
2021-02-17 20:36:11 +00:00
format="json",
)
assert response_failed.status_code == 400
assert response_failed.json()["error"] == "ERROR_DISABLED_SIGNUP"
data_fixture.update_settings(allow_new_signups=True)
removed api v0 namespace
2020-06-23 14:09:48 +02:00
response_failed_2 = client.post(
reverse("api:user:index"), {"email": "test"}, format="json"
made it possible to manage groups in the app
2019-08-26 17:49:28 +00:00
)
implemented authentication endpoints, user login and registration
2019-07-11 17:23:10 +00:00
assert response_failed_2.status_code == 400
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
Resolve "Increase amount of password characters"
2020-08-31 08:27:34 +00:00
long_password = "x" * 256
response = client.post(
reverse("api:user:index"),
{"name": "Test2", "email": "test2@test.nl", "password": long_password},
format="json",
)
assert response.status_code == HTTP_200_OK
user = User.objects.get(email="test2@test.nl")
assert user.check_password(long_password)
long_password = "x" * 257
response = client.post(
reverse("api:user:index"),
{"name": "Test2", "email": "test2@test.nl", "password": long_password},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
assert (
response_json["detail"]["password"][0]["code"] == "password_validation_failed"
)
assert (
response_json["detail"]["password"][0]["error"]
== "This password is too long. It must not exceed 256 characters."
)
response = client.post(
reverse("api:user:index"),
{"name": "Test2", "email": "random@test.nl", "password": short_password},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["password"][0]["code"] == "password_validation_failed"
)
assert (
response_json["detail"]["password"][0]["error"]
== "This password is too short. It must contain at least 8 characters."
)
Resolve "Increase amount of password characters"
2020-08-31 08:27:34 +00:00
Add user Profile model to store language setting
2021-08-24 13:51:12 +00:00
# Test profile attribute errors
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test20@test.nl",
"password": valid_password,
"language": "invalid",
},
format="json",
)
response_json = response_failed.json()
assert response_failed.status_code == 400
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_json["detail"]["language"][0]["code"] == "invalid_language"
Add user account endpoints
2021-09-09 08:59:19 +00:00
assert response_json["detail"]["language"][0]["error"] == (
"Only the following language keys are "
f"valid: {','.join([l[0] for l in settings.LANGUAGES])}"
)
Resolve "Backend fails hard when creating a new user and providing a name longer than 40 characters"
2022-01-03 17:47:08 +00:00
# Test username with maximum length
long_username = "x" * 150
response = client.post(
reverse("api:user:index"),
{
"name": long_username,
"email": "longusername@email.com",
"password": "password",
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
user = User.objects.get(email="longusername@email.com")
assert user.first_name == long_username
# Test username with length exceeding the maximum
even_longer_username = "x" * 200
response = client.post(
reverse("api:user:index"),
{
"name": even_longer_username,
"email": "evenlongerusername@email.com",
"password": "password",
},
format="json",
)
response_json = response.json()
assert response_failed.status_code == 400
Add user account endpoints
2021-09-09 08:59:19 +00:00
@pytest.mark.django_db
def test_user_account(data_fixture, api_client):
user, token = data_fixture.create_user_and_token(
email="test@localhost.nl", language="en", first_name="Nikolas"
)
response = api_client.patch(
reverse("api:user:account"),
{
"first_name": "NewOriginalName",
"language": "fr",
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["first_name"] == "NewOriginalName"
assert response_json["language"] == "fr"
Improved onboarding
2024-05-24 13:26:26 +00:00
assert response_json["completed_onboarding"] is False
Introduce guided tours
2025-04-01 20:52:11 +00:00
assert response_json["completed_guided_tours"] == []
Add user account endpoints
2021-09-09 08:59:19 +00:00
user.refresh_from_db()
assert user.first_name == "NewOriginalName"
assert user.profile.language == "fr"
Resolve "Send notifications via email"
2023-08-11 12:14:21 +00:00
response = api_client.patch(
reverse("api:user:account"),
{},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 400
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_json["detail"]["non_field_errors"][0]["code"] == "invalid"
assert response_json["detail"]["non_field_errors"][0]["error"] == (
Improved onboarding
2024-05-24 13:26:26 +00:00
"At least one of the fields first_name, language, email_notification_frequency,"
Introduce guided tours
2025-04-01 20:52:11 +00:00
" completed_onboarding, completed_guided_tours must be provided."
Resolve "Send notifications via email"
2023-08-11 12:14:21 +00:00
)
Add user account endpoints
2021-09-09 08:59:19 +00:00
response = api_client.patch(
reverse("api:user:account"),
{
"language": "invalid",
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 400
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_json["detail"]["language"][0]["code"] == "invalid_language"
Add user Profile model to store language setting
2021-08-24 13:51:12 +00:00
assert response_json["detail"]["language"][0]["error"] == (
"Only the following language keys are "
f"valid: {','.join([l[0] for l in settings.LANGUAGES])}"
)
Resolve "Send notifications via email"
2023-08-11 12:14:21 +00:00
response = api_client.patch(
reverse("api:user:account"),
{
"email_notification_frequency": "invalid",
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 400
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["email_notification_frequency"][0]["code"]
== "invalid_choice"
)
assert response_json["detail"]["email_notification_frequency"][0]["error"] == (
'"invalid" is not a valid choice.'
)
response = api_client.patch(
reverse("api:user:account"),
{
"email_notification_frequency": "daily",
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert response_json["first_name"] == "NewOriginalName"
assert response_json["language"] == "fr"
assert response_json["email_notification_frequency"] == "daily"
Improved onboarding
2024-05-24 13:26:26 +00:00
response = api_client.patch(
reverse("api:user:account"),
{
"completed_onboarding": True,
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert response_json["first_name"] == "NewOriginalName"
assert response_json["language"] == "fr"
assert response_json["email_notification_frequency"] == "daily"
assert response_json["completed_onboarding"] is True
Introduce guided tours
2025-04-01 20:52:11 +00:00
assert response_json["completed_guided_tours"] == []
response = api_client.patch(
reverse("api:user:account"),
{
"completed_onboarding": True,
"completed_guided_tours": ["core"],
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert response_json["first_name"] == "NewOriginalName"
assert response_json["language"] == "fr"
assert response_json["email_notification_frequency"] == "daily"
assert response_json["completed_onboarding"] is True
assert response_json["completed_guided_tours"] == ["core"]
@pytest.mark.django_db
def test_user_account_completed_guided_tours(data_fixture, api_client):
user, token = data_fixture.create_user_and_token(
email="test@localhost.nl", language="en", first_name="Nikolas"
)
response = api_client.patch(
reverse("api:user:account"),
{
"completed_guided_tours": ["core"],
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert set(response_json["completed_guided_tours"]) == set(["core"])
response = api_client.patch(
reverse("api:user:account"),
{
"completed_guided_tours": ["core", "database"],
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert set(response_json["completed_guided_tours"]) == set(["core", "database"])
# It should not be possible to remove entries.
response = api_client.patch(
reverse("api:user:account"),
{
"completed_guided_tours": ["core", "application"],
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == 200
assert set(response_json["completed_guided_tours"]) == set(
["core", "database", "application"]
)
Improved onboarding
2024-05-24 13:26:26 +00:00
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
@pytest.mark.django_db
def test_create_user_with_invitation(data_fixture, client):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
core_handler = CoreHandler()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
valid_password = "thisIsAValidPassword"
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
invitation = data_fixture.create_workspace_invitation(email="test0@test.nl")
signer = core_handler.get_workspace_invitation_signer()
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
"workspace_invitation_token": "INVALID",
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
},
format="json",
)
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
assert response_failed.status_code == HTTP_400_BAD_REQUEST
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert response_failed.json()["error"] == "BAD_TOKEN_SIGNATURE"
Reformat entire codebase using black. See the file .git-blame-ignore-revs for how to remove this commit from your blame view.
2021-04-12 10:42:34 +02:00
Resolve "Translatable labels for the password forgot and reset pages"
2021-08-26 11:17:43 +00:00
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test0@test.nl",
"password": valid_password,
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
"workspace_invitation_token": f"{signer.dumps(invitation.id)}2",
Resolve "Translatable labels for the password forgot and reset pages"
2021-08-26 11:17:43 +00:00
},
format="json",
)
assert response_failed.status_code == HTTP_400_BAD_REQUEST
assert response_failed.json()["error"] == "BAD_TOKEN_SIGNATURE"
assert User.objects.all().count() == 1
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
"workspace_invitation_token": signer.dumps(99999),
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
},
format="json",
)
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
assert response_failed.status_code == HTTP_404_NOT_FOUND
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert response_failed.json()["error"] == "ERROR_GROUP_INVITATION_DOES_NOT_EXIST"
Reformat entire codebase using black. See the file .git-blame-ignore-revs for how to remove this commit from your blame view.
2021-04-12 10:42:34 +02:00
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
"workspace_invitation_token": signer.dumps(invitation.id),
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
},
format="json",
)
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
assert response_failed.status_code == HTTP_400_BAD_REQUEST
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert response_failed.json()["error"] == "ERROR_GROUP_INVITATION_EMAIL_MISMATCH"
assert User.objects.all().count() == 1
response_failed = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test0@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
"workspace_invitation_token": signer.dumps(invitation.id),
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
},
format="json",
)
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
assert response_failed.status_code == HTTP_200_OK
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert User.objects.all().count() == 2
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
assert Workspace.objects.all().count() == 1
assert Workspace.objects.all().first().id == invitation.workspace_id
assert WorkspaceUser.objects.all().count() == 2
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
assert Database.objects.all().count() == 0
assert Table.objects.all().count() == 0
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
@pytest.mark.django_db
def test_create_user_with_template(data_fixture, client):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
old_templates = settings.APPLICATION_TEMPLATES_DIR
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
valid_password = "thisIsAValidPassword"
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
settings.APPLICATION_TEMPLATES_DIR = os.path.join(
settings.BASE_DIR, "../../../tests/templates"
)
template = data_fixture.create_template(slug="example-template")
response = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test0@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
"template_id": -1,
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_json["detail"]["template_id"][0]["code"] == "does_not_exist"
response = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test0@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
"template_id": "random",
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert response_json["detail"]["template_id"][0]["code"] == "incorrect_type"
response = client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test0@test.nl",
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
"password": valid_password,
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
"template_id": template.id,
},
format="json",
)
assert response.status_code == HTTP_200_OK
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
assert Workspace.objects.all().count() == 2
assert WorkspaceUser.objects.all().count() == 1
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
# We expect the example template to be installed
Resolve "Audit log"
2023-01-16 14:40:12 +00:00
assert Database.objects.all().count() == 1, Database.objects.values_list(
"name", flat=True
)
Resolve "Small changes related to the preview of templates on the SaaS website"
2021-04-20 12:44:56 +00:00
assert Database.objects.all().first().name == "Event marketing"
assert Table.objects.all().count() == 2
settings.APPLICATION_TEMPLATES_DIR = old_templates
Resolve "Sent all emails via a Celery task instead of synchronous"
2021-04-13 18:08:19 +00:00
@pytest.mark.django_db(transaction=True)
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
def test_send_reset_password_email(data_fixture, client, mailoutbox):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
normalize the users email
2020-05-21 08:14:47 +02:00
data_fixture.create_user(email="test@localhost.nl")
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:send_reset_password_email"), {}, format="json"
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
)
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:send_reset_password_email"),
block non web frontend domains when requesting a password reset
2020-08-28 16:12:37 +02:00
{"email": "unknown@localhost.nl", "base_url": "http://localhost:3000"},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
assert response.status_code == 204
assert len(mailoutbox) == 0
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:send_reset_password_email"),
normalize the users email
2020-05-21 08:14:47 +02:00
{"email": "test@localhost.nl", "base_url": "http://test.nl"},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
block non web frontend domains when requesting a password reset
2020-08-28 16:12:37 +02:00
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Remove the _DOMAIN variables"
2020-11-11 20:16:30 +00:00
assert response_json["error"] == "ERROR_HOSTNAME_IS_NOT_ALLOWED"
block non web frontend domains when requesting a password reset
2020-08-28 16:12:37 +02:00
assert len(mailoutbox) == 0
response = client.post(
reverse("api:user:send_reset_password_email"),
{"email": "test@localhost.nl", "base_url": "http://localhost:3000"},
format="json",
)
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response.status_code == 204
assert len(mailoutbox) == 1
normalize the users email
2020-05-21 08:14:47 +02:00
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:send_reset_password_email"),
block non web frontend domains when requesting a password reset
2020-08-28 16:12:37 +02:00
{"email": " teST@locAlhost.nl ", "base_url": "http://localhost:3000"},
normalize the users email
2020-05-21 08:14:47 +02:00
format="json",
)
assert response.status_code == 204
assert len(mailoutbox) == 2
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
email = mailoutbox[0]
normalize the users email
2020-05-21 08:14:47 +02:00
assert "test@localhost.nl" in email.to
block non web frontend domains when requesting a password reset
2020-08-28 16:12:37 +02:00
assert email.body.index("http://localhost:3000")
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
Resolve "Implement a way to disable "Password forgotten" feature"
2022-05-24 20:07:14 +00:00
user = data_fixture.create_user(is_staff=True)
CoreHandler().update_settings(user, allow_reset_password=False)
response = client.post(
reverse("api:user:send_reset_password_email"),
{"email": " teST@locAlhost.nl ", "base_url": "http://localhost:3000"},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
@pytest.mark.django_db
def test_send_reset_password_email_password_auth_disabled(
api_client, data_fixture, mailoutbox
):
data_fixture.create_password_provider(enabled=False)
data_fixture.create_user(email="test@localhost.nl")
response = api_client.post(
reverse("api:user:send_reset_password_email"),
{"email": "test@localhost.nl", "base_url": "http://localhost:3000"},
format="json",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
"error": "ERROR_AUTH_PROVIDER_DISABLED",
"detail": "Authentication provider is disabled.",
}
assert len(mailoutbox) == 0
@pytest.mark.django_db(transaction=True)
def test_send_reset_password_email_password_auth_disabled_staff(
api_client, data_fixture, mailoutbox
):
data_fixture.create_password_provider(enabled=False)
data_fixture.create_user(email="test@localhost.nl", is_staff=True)
response = api_client.post(
reverse("api:user:send_reset_password_email"),
{"email": "test@localhost.nl", "base_url": "http://localhost:3000"},
format="json",
)
assert response.status_code == HTTP_204_NO_CONTENT
assert len(mailoutbox) == 1
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
@pytest.mark.django_db
def test_password_reset(data_fixture, client):
user = data_fixture.create_user(email="test@localhost")
handler = UserHandler()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
valid_password = "thisIsAValidPassword"
short_password = "short"
long_password = (
"Bgvmt95en6HGJZ9Xz0F8xysQ6eYgo2Y54YzRPxxv10b5n16F4rZ6YH4ulonocwiFK6970KiAxoYhU"
"LYA3JFDPIQGj5gMZZl25M46sO810Zd3nyBg699a2TDMJdHG7hAAi0YeDnuHuabyBawnb4962OQ1OO"
"f1MxzFyNWG7NR2X6MZQL5G1V61x56lQTXbvK1AG1IPM87bQ3YAtIBtGT2vK3Wd83q3he5ezMtUfzK"
"2ibj0WWhf86DyQB4EHRUJjYcBiI78iEJv5hcu33X2I345YosO66cTBWK45SqJEDudrCOq"
)
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
signer = handler.get_reset_password_signer()
removed api v0 namespace
2020-06-23 14:09:48 +02:00
response = client.post(reverse("api:user:reset_password"), {}, format="json")
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:reset_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"token": "test", "password": valid_password},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response_json["error"] == "BAD_TOKEN_SIGNATURE"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(user.id)
with freeze_time("2020-01-04 12:00"):
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:reset_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"token": token, "password": valid_password},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response_json["error"] == "EXPIRED_TOKEN_SIGNATURE"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(9999)
with freeze_time("2020-01-02 12:00"):
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:reset_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"token": token, "password": valid_password},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
response_json = response.json()
use django rest framework status codes instead of integers
2020-05-21 09:15:10 +02:00
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
assert response_json["error"] == "ERROR_USER_NOT_FOUND"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(user.id)
with freeze_time("2020-01-02 12:00"):
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:reset_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"token": token, "password": valid_password},
Resolve "Implement password forgot"
2020-05-18 15:50:48 +00:00
format="json",
)
assert response.status_code == 204
user.refresh_from_db()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
assert user.check_password(valid_password)
with freeze_time("2020-01-02 12:00"):
token = signer.dumps(user.id)
with freeze_time("2020-01-02 12:00"):
response = client.post(
reverse("api:user:reset_password"),
{"token": token, "password": short_password},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["password"][0]["code"]
== "password_validation_failed"
)
assert (
response_json["detail"]["password"][0]["error"]
== "This password is too short. It must contain at least 8 characters."
)
user.refresh_from_db()
assert not user.check_password(short_password)
with freeze_time("2020-01-02 12:00"):
response = client.post(
reverse("api:user:reset_password"),
{"token": token, "password": long_password},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["password"][0]["code"]
== "password_validation_failed"
)
assert (
response_json["detail"]["password"][0]["error"]
== "This password is too long. It must not exceed 256 characters."
)
user.refresh_from_db()
assert not user.check_password(long_password)
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
Resolve "Implement a way to disable "Password forgotten" feature"
2022-05-24 20:07:14 +00:00
user = data_fixture.create_user(is_staff=True)
CoreHandler().update_settings(user, allow_reset_password=False)
response = client.post(
reverse("api:user:reset_password"),
{"token": token, "password": long_password},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
Email verification
2024-04-25 08:34:01 +00:00
@pytest.mark.django_db(transaction=True)
def test_password_reset_email_verified_email(data_fixture, client, mailoutbox):
data_fixture.create_password_provider()
user = data_fixture.create_user()
handler = UserHandler()
signer = handler.get_reset_password_signer()
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(user.id)
response = client.post(
reverse("api:user:reset_password"),
{"token": token, "password": "newpassword"},
format="json",
)
assert response.status_code == 204
user.refresh_from_db()
assert user.profile.email_verified is True
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
@pytest.mark.django_db
def test_change_password(data_fixture, client):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
valid_old_password = "thisIsAValidPassword"
valid_new_password = "thisIsAValidNewPassword"
short_password = "short"
long_password = (
"Bgvmt95en6HGJZ9Xz0F8xysQ6eYgo2Y54YzRPxxv10b5n16F4rZ6YH4ulonocwiFK6970KiAxoYhU"
"LYA3JFDPIQGj5gMZZl25M46sO810Zd3nyBg699a2TDMJdHG7hAAi0YeDnuHuabyBawnb4962OQ1OO"
"f1MxzFyNWG7NR2X6MZQL5G1V61x56lQTXbvK1AG1IPM87bQ3YAtIBtGT2vK3Wd83q3he5ezMtUfzK"
"2ibj0WWhf86DyQB4EHRUJjYcBiI78iEJv5hcu33X2I345YosO66cTBWK45SqJEDudrCOq"
)
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
user, token = data_fixture.create_user_and_token(
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
email="test@localhost", password=valid_old_password
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
)
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:change_password"),
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
{},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:change_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"old_password": "INCORRECT", "new_password": valid_new_password},
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_INVALID_OLD_PASSWORD"
user.refresh_from_db()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
assert user.check_password(valid_old_password)
response = client.post(
reverse("api:user:change_password"),
{"old_password": valid_old_password, "new_password": short_password},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["new_password"][0]["code"]
== "password_validation_failed"
)
assert (
response_json["detail"]["new_password"][0]["error"]
== "This password is too short. It must contain at least 8 characters."
)
user.refresh_from_db()
assert user.check_password(valid_old_password)
response = client.post(
reverse("api:user:change_password"),
{"old_password": valid_old_password, "new_password": long_password},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
assert (
response_json["detail"]["new_password"][0]["code"]
== "password_validation_failed"
)
assert (
response_json["detail"]["new_password"][0]["error"]
== "This password is too long. It must not exceed 256 characters."
)
user.refresh_from_db()
assert user.check_password(valid_old_password)
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
response = client.post(
removed api v0 namespace
2020-06-23 14:09:48 +02:00
reverse("api:user:change_password"),
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
{"old_password": valid_old_password, "new_password": valid_new_password},
Resolve "Implement password change"
2020-06-05 12:02:21 +00:00
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == 204
user.refresh_from_db()
Resolve "Add password validation to backend"
2021-08-06 12:22:54 +00:00
assert user.check_password(valid_new_password)
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
@pytest.mark.django_db
def test_change_password_auth_disabled(api_client, data_fixture):
data_fixture.create_password_provider(enabled=False)
valid_old_password = "thisIsAValidPassword"
valid_new_password = "thisIsAValidNewPassword"
user, token = data_fixture.create_user_and_token(
email="test@localhost", password=valid_old_password
)
response = api_client.post(
reverse("api:user:change_password"),
{"old_password": valid_old_password, "new_password": valid_new_password},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
"error": "ERROR_AUTH_PROVIDER_DISABLED",
"detail": "Authentication provider is disabled.",
}
@pytest.mark.django_db
def test_change_password_auth_disabled_staff(api_client, data_fixture):
data_fixture.create_password_provider(enabled=False)
valid_old_password = "thisIsAValidPassword"
valid_new_password = "thisIsAValidNewPassword"
user, token = data_fixture.create_user_and_token(
email="test@localhost", password=valid_old_password, is_staff=True
)
response = api_client.post(
reverse("api:user:change_password"),
{"old_password": valid_old_password, "new_password": valid_new_password},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_204_NO_CONTENT
user.refresh_from_db()
assert user.check_password(valid_new_password)
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
@pytest.mark.django_db
def test_dashboard(data_fixture, client):
user, token = data_fixture.create_user_and_token(email="test@localhost")
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
workspace_1 = data_fixture.create_workspace(name="Test1")
workspace_2 = data_fixture.create_workspace()
invitation_1 = data_fixture.create_workspace_invitation(
workspace=workspace_1, email="test@localhost"
)
data_fixture.create_workspace_invitation(
workspace=workspace_1, email="test2@localhost"
)
data_fixture.create_workspace_invitation(
workspace=workspace_2, email="test3@localhost"
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
)
response = client.get(
reverse("api:user:dashboard"), format="json", HTTP_AUTHORIZATION=f"JWT {token}"
)
response_json = response.json()
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
assert len(response_json["workspace_invitations"]) == 1
assert response_json["workspace_invitations"][0]["id"] == invitation_1.id
assert response_json["workspace_invitations"][0]["email"] == invitation_1.email
assert response_json["workspace_invitations"][0]["invited_by"] == (
Resolve "Inviting users to a group"
2021-02-04 16:16:33 +00:00
invitation_1.invited_by.first_name
)
Resolve "Rename group to workspace in the backend"
2023-03-14 14:43:35 +00:00
assert response_json["workspace_invitations"][0]["workspace"] == "Test1"
assert response_json["workspace_invitations"][0]["message"] == invitation_1.message
assert "created_on" in response_json["workspace_invitations"][0]
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
@pytest.mark.django_db
def test_additional_user_data(api_client, data_fixture):
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
data_fixture.create_password_provider()
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
class TmpUserDataType(UserDataType):
type = "type"
def get_user_data(self, user, request) -> dict:
return True
plugin_mock = TmpUserDataType()
with patch.dict(user_data_registry.registry, {"tmp": plugin_mock}):
response = api_client.post(
reverse("api:user:index"),
{
"name": "Test1",
"email": "test@test.nl",
"password": "thisIsAValidPassword",
"authenticate": True,
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_200_OK
assert response_json["tmp"] is True
response = api_client.post(
reverse("api:user:token_auth"),
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
{"email": "test@test.nl", "password": "thisIsAValidPassword"},
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
format="json",
)
response_json = response.json()
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
assert response.status_code == HTTP_200_OK
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
assert response_json["tmp"] is True
response = api_client.post(
reverse("api:user:token_refresh"),
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
{"refresh_token": response_json["refresh_token"]},
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
format="json",
)
response_json = response.json()
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
assert response.status_code == HTTP_200_OK
Final branch licensing system 2
2021-10-20 19:28:51 +00:00
assert response_json["tmp"] is True
Add user account deletion process
2022-06-21 07:48:49 +00:00
@pytest.mark.django_db
def test_schedule_user_deletion(client, data_fixture):
valid_password = "aValidPassword"
user, token = data_fixture.create_user_and_token(
email="test@localhost", password=valid_password, is_staff=True
)
response = client.post(
reverse("api:user:schedule_account_deletion"),
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_USER_IS_LAST_ADMIN"
# Creates a new staff user
data_fixture.create_user(email="test2@localhost", is_staff=True)
response = client.post(
reverse("api:user:schedule_account_deletion"),
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_204_NO_CONTENT
user.refresh_from_db()
assert user.profile.to_be_deleted is True
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
@pytest.mark.django_db
def test_token_error_if_user_deleted_or_disabled(api_client, data_fixture):
Resolve "Frontend fails to renew the access token after a network error"
2022-11-24 10:19:27 +00:00
user, _ = data_fixture.create_user_and_token(
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
email="test@localhost", password="test"
)
refresh_token = data_fixture.generate_refresh_token(user)
# deactivate user and see that token is no longer valid
user.is_active = False
user.save()
response = api_client.post(
reverse("api:user:token_refresh"),
{"refresh_token": refresh_token},
format="json",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
Resolve "Frontend fails to renew the access token after a network error"
2022-11-24 10:19:27 +00:00
"error": "ERROR_INVALID_REFRESH_TOKEN",
"detail": "Refresh token is expired or invalid.",
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
}
# reactivate the user
user.is_active = True
user.save()
response = api_client.post(
reverse("api:user:token_refresh"),
{"refresh_token": refresh_token},
format="json",
)
assert response.status_code == HTTP_200_OK
# schedule the user for deletion and see that token is no longer valid again
user.profile.to_be_deleted = True
user.profile.save()
response = api_client.post(
reverse("api:user:token_refresh"),
{"refresh_token": refresh_token},
format="json",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
Resolve "Frontend fails to renew the access token after a network error"
2022-11-24 10:19:27 +00:00
"error": "ERROR_INVALID_REFRESH_TOKEN",
"detail": "Refresh token is expired or invalid.",
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
}
# remove the user_id from the token
token_object = RefreshToken(refresh_token)
del token_object.payload[jwt_settings.USER_ID_CLAIM]
response = api_client.post(
reverse("api:user:token_refresh"),
{"refresh_token": str(token_object)},
format="json",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
Resolve "Frontend fails to renew the access token after a network error"
2022-11-24 10:19:27 +00:00
"error": "ERROR_INVALID_REFRESH_TOKEN",
"detail": "Refresh token is expired or invalid.",
Resolve "Fix the refresh_token for longer user sessions"
2022-10-27 09:45:34 +00:00
}
Allow password authentication to be disabled
2022-12-12 09:09:32 +00:00
@pytest.mark.django_db
def test_create_user_password_auth_disabled(api_client, data_fixture):
data_fixture.create_password_provider(enabled=False)
user, token = data_fixture.create_user_and_token(
email="test@localhost", password="test"
)
response = api_client.post(
reverse("api:user:index"),
{"name": "Test1", "email": "test@test.nl", "password": "thisIsAValidPassword"},
format="json",
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert response.json() == {
"error": "ERROR_AUTH_PROVIDER_DISABLED",
"detail": "Authentication provider is disabled.",
}
Email verification
2024-04-25 08:34:01 +00:00
@pytest.mark.django_db
Auto-login after email verification
2024-05-08 12:49:43 +00:00
def test_verify_email_address_with_login(client, data_fixture):
Email verification
2024-04-25 08:34:01 +00:00
user = data_fixture.create_user()
token = UserHandler().create_email_verification_token(user)
response = client.post(
reverse("api:user:verify_email"),
{"token": token},
format="json",
)
Auto-login after email verification
2024-05-08 12:49:43 +00:00
response_json = response.json()
assert "token" in response_json
assert "refresh_token" in response_json
assert "user" in response_json
assert response_json["user"]["username"] == user.email
assert response.status_code == HTTP_200_OK
user.refresh_from_db()
assert user.profile.email_verified is True
@pytest.mark.django_db
def test_verify_email_address_no_login(client, data_fixture):
user, jwt_token = data_fixture.create_user_and_token()
token = UserHandler().create_email_verification_token(user)
response = client.post(
reverse("api:user:verify_email"),
{"token": token},
HTTP_AUTHORIZATION=f"JWT {jwt_token}",
format="json",
)
response_json = response.json()
assert response_json["email"] == user.email
assert response.status_code == HTTP_200_OK
user.refresh_from_db()
assert user.profile.email_verified is True
Email verification
2024-04-25 08:34:01 +00:00
@pytest.mark.django_db
def test_verify_email_address_already_verified(client, data_fixture):
user = data_fixture.create_user()
profile = user.profile
profile.email_verified = True
profile.save()
token = UserHandler().create_email_verification_token(user)
response = client.post(
reverse("api:user:verify_email"),
{"token": token},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
@pytest.mark.django_db
def test_verify_email_address_inactive_user(client, data_fixture):
user = data_fixture.create_user(is_active=False)
token = UserHandler().create_email_verification_token(user)
response = client.post(
reverse("api:user:verify_email"),
{"token": token},
format="json",
)
assert response.status_code == HTTP_400_BAD_REQUEST
@pytest.mark.django_db(transaction=True)
def test_send_verify_email_address(client, data_fixture, mailoutbox):
user, token = data_fixture.create_user_and_token()
response = client.post(
reverse("api:user:send_verify_email"),
{
"email": user.email,
},
format="json",
)
assert response.status_code == HTTP_204_NO_CONTENT
assert len(mailoutbox) == 1
@pytest.mark.django_db(transaction=True)
def test_send_verify_email_address_user_not_found(client, data_fixture, mailoutbox):
response = client.post(
reverse("api:user:send_verify_email"),
{
"email": "doesntexist@example.com",
},
format="json",
)
assert response.status_code == HTTP_204_NO_CONTENT
assert len(mailoutbox) == 0
@pytest.mark.django_db
def test_send_verify_email_address_already_verified(client, data_fixture, mailoutbox):
user, token = data_fixture.create_user_and_token()
profile = user.profile
profile.email_verified = True
profile.save()
response = client.post(
reverse("api:user:send_verify_email"),
{
"email": user.email,
},
format="json",
)
assert response.status_code == HTTP_204_NO_CONTENT
assert len(mailoutbox) == 0
@pytest.mark.django_db
def test_send_verify_email_address_inactive_user(client, data_fixture, mailoutbox):
user, token = data_fixture.create_user_and_token(is_active=False)
response = client.post(
reverse("api:user:send_verify_email"),
{
"email": user.email,
},
format="json",
)
assert response.status_code == HTTP_204_NO_CONTENT
assert len(mailoutbox) == 0
Resolve "Send information to baserow.io if the user agrees during the onboarding"
2024-05-27 14:24:54 +00:00
@pytest.mark.django_db
@patch("baserow.core.user.handler.share_onboarding_details_with_baserow")
def test_share_onboarding_details_with_baserow(mock_task, client, data_fixture):
data_fixture.update_settings(instance_id="1")
user, token = data_fixture.create_user_and_token()
response = client.post(
reverse("api:user:share_onboarding_details_with_baserow"),
{
"team": "Marketing",
"role": "CEO",
"size": "11 - 50",
"country": "The Netherlands",
},
format="json",
HTTP_AUTHORIZATION=f"JWT {token}",
)
assert response.status_code == HTTP_204_NO_CONTENT
mock_task.delay.assert_called_with(
email=user.email,
team="Marketing",
role="CEO",
size="11 - 50",
country="The Netherlands",
)
Reference in a new issue Copy permalink