annotate accounts/tests/test_views.py @ 845:41d0389fc85a

For issue #78, check is_public before showing weblinks or downloads.
author Brian Neal <bgneal@gmail.com>
date Sun, 19 Oct 2014 19:36:43 -0500
parents 9133b4626a4b
children be233ba7ca31
rev   line source
bgneal@565 1 """
bgneal@565 2 View tests for the accounts application.
bgneal@565 3
bgneal@565 4 """
bgneal@565 5 import datetime
bgneal@762 6 import re
bgneal@565 7
bgneal@565 8 from django.test import TestCase
bgneal@565 9 from django.core.urlresolvers import reverse
bgneal@659 10 from django.core import mail
bgneal@576 11 from django.contrib.auth.models import User
bgneal@576 12 from django.contrib.auth.hashers import check_password
bgneal@565 13
bgneal@565 14 from accounts.models import PendingUser
bgneal@565 15 from accounts.models import IllegalUsername
bgneal@565 16 from accounts.models import IllegalEmail
bgneal@565 17
bgneal@565 18
bgneal@565 19 class RegistrationTest(TestCase):
bgneal@565 20
bgneal@565 21 def setUp(self):
bgneal@565 22 u = User.objects.create_user('existing_user', 'existing_user@example.com', 'pw')
bgneal@565 23 u.save()
bgneal@565 24
bgneal@565 25 # a 2nd user has the same email as another
bgneal@565 26 u = User.objects.create_user('existing_user2', 'existing_user@example.com', 'pw')
bgneal@565 27 u.save()
bgneal@565 28
bgneal@565 29 PendingUser.objects.create(username='pending_user',
bgneal@565 30 email='pending_user@example.com',
bgneal@565 31 password='pw',
bgneal@565 32 date_joined=datetime.datetime.now(),
bgneal@565 33 key='key')
bgneal@565 34
bgneal@565 35 IllegalUsername.objects.create(username='illegalusername')
bgneal@565 36 IllegalEmail.objects.create(email='illegal@example.com')
bgneal@565 37
bgneal@782 38 self.post_vals = {
bgneal@782 39 'username': 'a_new_user',
bgneal@782 40 'email': 'test@example.com',
bgneal@782 41 'password1': 'my_password',
bgneal@782 42 'password2': 'my_password',
bgneal@782 43 'agree_age': 'on',
bgneal@782 44 'agree_tos': 'on',
bgneal@782 45 'agree_privacy': 'on',
bgneal@782 46 'question1': '101',
bgneal@782 47 'question2': '',
bgneal@782 48 'question3': '',
bgneal@782 49 'question4': u'2',
bgneal@782 50 'question5': u'328',
bgneal@782 51 'question6': u'4',
bgneal@782 52 'question7': [u'2', u'4', u'5', u'7'],
bgneal@782 53 }
bgneal@782 54
bgneal@565 55 def test_get_view(self):
bgneal@565 56 """
bgneal@565 57 Test a simple get of the registration view
bgneal@565 58
bgneal@565 59 """
bgneal@565 60 response = self.client.get(reverse('accounts-register'))
bgneal@565 61 self.assertEqual(response.status_code, 200)
bgneal@565 62
bgneal@565 63 def test_existing_user(self):
bgneal@565 64 """
bgneal@565 65 Ensure we can't register with an existing username.
bgneal@565 66
bgneal@565 67 """
bgneal@565 68 response = self.client.post(reverse('accounts-register'), {
bgneal@565 69 'username': 'existing_user',
bgneal@565 70 'email': 'test@example.com',
bgneal@565 71 'password1': 'my_password',
bgneal@565 72 'password2': 'my_password',
bgneal@565 73 'agree_age': 'on',
bgneal@565 74 'agree_tos': 'on',
bgneal@565 75 'agree_privacy': 'on',
bgneal@565 76 'question1': '101',
bgneal@565 77 'question2': '',
bgneal@565 78 })
bgneal@565 79
bgneal@565 80 self.assertEqual(response.status_code, 200)
bgneal@565 81 self.assertContains(response, 'A user with that username already exists')
bgneal@565 82
bgneal@565 83 def test_pending_user(self):
bgneal@565 84 """
bgneal@565 85 Ensure we can't register with a pending username.
bgneal@565 86
bgneal@565 87 """
bgneal@782 88 self.post_vals['username'] = 'pending_user'
bgneal@782 89 response = self.client.post(reverse('accounts-register'),
bgneal@782 90 self.post_vals)
bgneal@565 91 self.assertEqual(response.status_code, 200)
bgneal@565 92 self.assertContains(response, 'A pending user with that username already exists')
bgneal@565 93
bgneal@565 94 def test_illegal_username(self):
bgneal@565 95 """
bgneal@565 96 Ensure we can't register with a banned username.
bgneal@565 97
bgneal@565 98 """
bgneal@782 99 self.post_vals['username'] = 'illegalusername'
bgneal@782 100 response = self.client.post(reverse('accounts-register'),
bgneal@782 101 self.post_vals)
bgneal@565 102 self.assertEqual(response.status_code, 200)
bgneal@565 103 self.assertContains(response, 'That username is not allowed')
bgneal@565 104
bgneal@565 105 def test_duplicate_existing_email(self):
bgneal@565 106 """
bgneal@565 107 Ensure we can't register with a duplicate email address.
bgneal@565 108
bgneal@565 109 """
bgneal@782 110 self.post_vals['email'] = 'existing_user@example.com'
bgneal@782 111 response = self.client.post(reverse('accounts-register'),
bgneal@782 112 self.post_vals)
bgneal@565 113 self.assertEqual(response.status_code, 200)
bgneal@565 114 self.assertContains(response, 'A user with that email address already exists')
bgneal@565 115
bgneal@565 116 def test_duplicate_pending_email(self):
bgneal@565 117 """
bgneal@565 118 Ensure we can't register with a duplicate email address.
bgneal@565 119
bgneal@565 120 """
bgneal@782 121 self.post_vals['email'] = 'pending_user@example.com'
bgneal@782 122 response = self.client.post(reverse('accounts-register'),
bgneal@782 123 self.post_vals)
bgneal@565 124 self.assertEqual(response.status_code, 200)
bgneal@565 125 self.assertContains(response, 'A pending user with that email address already exists')
bgneal@565 126
bgneal@565 127 def test_illegal_email(self):
bgneal@565 128 """
bgneal@565 129 Ensure we can't register with a banned email address.
bgneal@565 130
bgneal@565 131 """
bgneal@782 132 self.post_vals['email'] = 'illegal@example.com'
bgneal@782 133 response = self.client.post(reverse('accounts-register'),
bgneal@782 134 self.post_vals)
bgneal@565 135 self.assertEqual(response.status_code, 200)
bgneal@565 136 self.assertContains(response, 'That email address is not allowed')
bgneal@565 137
bgneal@565 138 def test_password_match(self):
bgneal@565 139 """
bgneal@565 140 Ensure the passwords match.
bgneal@565 141
bgneal@565 142 """
bgneal@782 143 self.post_vals['password2'] = "doesn't match"
bgneal@782 144 response = self.client.post(reverse('accounts-register'),
bgneal@782 145 self.post_vals)
bgneal@565 146 self.assertEqual(response.status_code, 200)
bgneal@565 147 self.assertContains(response, "The two password fields didn&#39;t match")
bgneal@565 148
bgneal@565 149 def test_question1(self):
bgneal@565 150 """
bgneal@565 151 Ensure our anti-spam question is answered.
bgneal@565 152
bgneal@565 153 """
bgneal@782 154 self.post_vals['question1'] = 'huh'
bgneal@782 155 response = self.client.post(reverse('accounts-register'),
bgneal@782 156 self.post_vals)
bgneal@565 157 self.assertEqual(response.status_code, 200)
bgneal@565 158 self.assertContains(response, "Incorrect answer to our anti-spam question")
bgneal@565 159
bgneal@565 160 def test_question2(self):
bgneal@565 161 """
bgneal@565 162 Ensure our honeypot question check works.
bgneal@565 163
bgneal@565 164 """
bgneal@782 165 self.post_vals['question2'] = 'non blank'
bgneal@782 166 response = self.client.post(reverse('accounts-register'),
bgneal@782 167 self.post_vals)
bgneal@782 168 self.assertEqual(response.status_code, 200)
bgneal@565 169
bgneal@782 170 def test_question3(self):
bgneal@782 171 """
bgneal@782 172 Ensure our non-hidden honeypot question check works.
bgneal@782 173
bgneal@782 174 """
bgneal@782 175 self.post_vals['question3'] = 'non blank'
bgneal@782 176 response = self.client.post(reverse('accounts-register'),
bgneal@782 177 self.post_vals)
bgneal@782 178 self.assertEqual(response.status_code, 200)
bgneal@782 179
bgneal@782 180 def test_question4(self):
bgneal@782 181 """
bgneal@782 182 Ensure our security question 4 works
bgneal@782 183
bgneal@782 184 """
bgneal@782 185 self.post_vals['question4'] = u'1'
bgneal@782 186 response = self.client.post(reverse('accounts-register'),
bgneal@782 187 self.post_vals)
bgneal@782 188 self.assertEqual(response.status_code, 200)
bgneal@782 189
bgneal@782 190 self.post_vals['question4'] = u'4'
bgneal@782 191 response = self.client.post(reverse('accounts-register'),
bgneal@782 192 self.post_vals)
bgneal@782 193 self.assertEqual(response.status_code, 200)
bgneal@782 194
bgneal@782 195 self.post_vals['question4'] = u'8'
bgneal@782 196 response = self.client.post(reverse('accounts-register'),
bgneal@782 197 self.post_vals)
bgneal@782 198 self.assertEqual(response.status_code, 200)
bgneal@782 199
bgneal@782 200 def test_question5(self):
bgneal@782 201 """
bgneal@782 202 Ensure our security question 5 works
bgneal@782 203
bgneal@782 204 """
bgneal@782 205 self.post_vals['question5'] = u'1'
bgneal@782 206 response = self.client.post(reverse('accounts-register'),
bgneal@782 207 self.post_vals)
bgneal@782 208 self.assertEqual(response.status_code, 200)
bgneal@782 209
bgneal@782 210 self.post_vals['question5'] = u'X'
bgneal@782 211 response = self.client.post(reverse('accounts-register'),
bgneal@782 212 self.post_vals)
bgneal@782 213 self.assertEqual(response.status_code, 200)
bgneal@782 214
bgneal@782 215 self.post_vals['question5'] = u'2983'
bgneal@782 216 response = self.client.post(reverse('accounts-register'),
bgneal@782 217 self.post_vals)
bgneal@782 218 self.assertEqual(response.status_code, 200)
bgneal@782 219
bgneal@782 220 def test_question6(self):
bgneal@782 221 """
bgneal@782 222 Ensure our security question 6 works
bgneal@782 223
bgneal@782 224 """
bgneal@782 225 self.post_vals['question6'] = u'1'
bgneal@782 226 response = self.client.post(reverse('accounts-register'),
bgneal@782 227 self.post_vals)
bgneal@782 228 self.assertEqual(response.status_code, 200)
bgneal@782 229
bgneal@782 230 self.post_vals['question6'] = u'2'
bgneal@782 231 response = self.client.post(reverse('accounts-register'),
bgneal@782 232 self.post_vals)
bgneal@782 233 self.assertEqual(response.status_code, 200)
bgneal@782 234
bgneal@782 235 self.post_vals['question6'] = u'8'
bgneal@782 236 response = self.client.post(reverse('accounts-register'),
bgneal@782 237 self.post_vals)
bgneal@782 238 self.assertEqual(response.status_code, 200)
bgneal@782 239
bgneal@782 240 def test_question7(self):
bgneal@782 241 """Test security question 7"""
bgneal@782 242
bgneal@782 243 self.post_vals['question7'] = []
bgneal@782 244 response = self.client.post(reverse('accounts-register'),
bgneal@782 245 self.post_vals)
bgneal@782 246 self.assertEqual(response.status_code, 200)
bgneal@782 247
bgneal@782 248 self.post_vals['question7'] = [u'1']
bgneal@782 249 response = self.client.post(reverse('accounts-register'),
bgneal@782 250 self.post_vals)
bgneal@782 251 self.assertEqual(response.status_code, 200)
bgneal@782 252
bgneal@782 253 self.post_vals['question7'] = [u'6', u'2', u'4', u'5', u'7']
bgneal@782 254 response = self.client.post(reverse('accounts-register'),
bgneal@782 255 self.post_vals)
bgneal@782 256 self.assertEqual(response.status_code, 200)
bgneal@782 257
bgneal@782 258 self.post_vals['question7'] = [u'4', u'3', u'7']
bgneal@782 259 response = self.client.post(reverse('accounts-register'),
bgneal@782 260 self.post_vals)
bgneal@690 261 self.assertEqual(response.status_code, 200)
bgneal@565 262
bgneal@565 263 def test_success(self):
bgneal@565 264 """
bgneal@565 265 Ensure we can successfully register.
bgneal@565 266
bgneal@565 267 """
bgneal@782 268 response = self.client.post(reverse('accounts-register'),
bgneal@782 269 self.post_vals)
bgneal@565 270 self.assertEqual(response.status_code, 302)
bgneal@565 271
bgneal@565 272 try:
bgneal@565 273 pending = PendingUser.objects.get(username='a_new_user')
bgneal@565 274 except PendingUser.DoesNotExist:
bgneal@565 275 self.fail("PendingUser was not created")
bgneal@565 276
bgneal@565 277 self.assertEqual(pending.email, 'test@example.com')
bgneal@565 278 self.assertTrue(datetime.datetime.now() - pending.date_joined <
bgneal@565 279 datetime.timedelta(minutes=1))
bgneal@565 280 self.assertTrue(check_password('my_password', pending.password))
bgneal@659 281
bgneal@659 282
bgneal@659 283 class ForgotUsernameTest(TestCase):
bgneal@659 284
bgneal@659 285 def setUp(self):
bgneal@659 286 u = User.objects.create_user('existing_user', 'existing_user@example.com', 'pw')
bgneal@659 287 u.save()
bgneal@659 288
bgneal@659 289 def test_get_query_view(self):
bgneal@659 290 """Test a simple get of the username query view"""
bgneal@659 291 response = self.client.get(reverse('accounts-username_query'))
bgneal@659 292 self.assertEqual(response.status_code, 200)
bgneal@659 293
bgneal@659 294 def test_get_username_sent_view(self):
bgneal@659 295 """Test a simple get of the username sent view"""
bgneal@659 296 response = self.client.get(reverse('accounts-username_sent'))
bgneal@659 297 self.assertEqual(response.status_code, 200)
bgneal@659 298
bgneal@659 299 def test_invalid_email(self):
bgneal@659 300 """Test form submittal of unknown email address."""
bgneal@659 301 response = self.client.post(reverse('accounts-username_query'), {
bgneal@659 302 'email': 'bad_address@example.com',
bgneal@659 303 },
bgneal@659 304 follow=True)
bgneal@659 305
bgneal@659 306 self.assertRedirects(response, reverse('accounts-username_sent'))
bgneal@659 307
bgneal@659 308 self.assertEqual(len(mail.outbox), 0)
bgneal@659 309
bgneal@659 310 def test_valid_email(self):
bgneal@659 311 """Test form submittal of valid email address."""
bgneal@659 312 response = self.client.post(reverse('accounts-username_query'), {
bgneal@659 313 'email': 'existing_user@example.com',
bgneal@659 314 },
bgneal@659 315 follow=True)
bgneal@659 316
bgneal@659 317 self.assertRedirects(response, reverse('accounts-username_sent'))
bgneal@659 318
bgneal@659 319 self.assertEqual(len(mail.outbox), 1)
bgneal@659 320 if len(mail.outbox):
bgneal@659 321 self.assertTrue(mail.outbox[0].subject.startswith('Forgotten username'))
bgneal@762 322
bgneal@762 323
bgneal@762 324 class ForgotEmailTest(TestCase):
bgneal@762 325 """Because we use a custom URL its important to test this. This got broken
bgneal@762 326 in Django 1.6 when the URL pattern changed.
bgneal@762 327
bgneal@762 328 """
bgneal@762 329
bgneal@762 330 def setUp(self):
bgneal@762 331 u = User.objects.create_user('user1', 'user1@example.com', 'pw')
bgneal@762 332 u.save()
bgneal@762 333
bgneal@762 334 def test_nominal_case(self):
bgneal@762 335 """Test a full forgot password scenario."""
bgneal@762 336
bgneal@762 337 # GET password reset page
bgneal@762 338 response = self.client.get(reverse('accounts-password_reset'))
bgneal@762 339 self.assertEqual(response.status_code, 200)
bgneal@762 340
bgneal@762 341 # POST email address
bgneal@762 342 args = {'email': 'user1@example.com'}
bgneal@762 343 response = self.client.post(reverse('accounts-password_reset'), args,
bgneal@762 344 follow=True)
bgneal@762 345 self.assertRedirects(response, reverse('accounts-password_reset_sent'))
bgneal@762 346
bgneal@762 347 # Ensure the email was sent
bgneal@762 348 self.assertEqual(len(mail.outbox), 1)
bgneal@762 349 if (len(mail.outbox)):
bgneal@762 350 msg = mail.outbox[0]
bgneal@762 351 self.assertTrue(msg.subject.startswith('Password reset'))
bgneal@762 352 self.assertTrue(len(msg.to) == 1 and msg.to[0] == 'user1@example.com')
bgneal@762 353 msg_text = msg.message().as_string()
bgneal@762 354 m = re.search(r'http://example.com/accounts/password/reset/confirm/'
bgneal@762 355 r'(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9a-z]+-\w+)/',
bgneal@762 356 msg_text)
bgneal@762 357 self.assertTrue(m is not None)
bgneal@762 358 if m:
bgneal@762 359 uidb64, token = m.group('uidb64'), m.group('token')
bgneal@762 360
bgneal@762 361 # visit the password reset page
bgneal@762 362 response = self.client.get(
bgneal@762 363 reverse('accounts-password_reset_confirm',
bgneal@762 364 kwargs={'uidb64': uidb64, 'token': token}))
bgneal@762 365 self.assertEqual(response.status_code, 200)
bgneal@762 366
bgneal@762 367 # POST new password
bgneal@762 368 args = {'new_password1': 'pw2', 'new_password2': 'pw2'}
bgneal@762 369 response = self.client.post(
bgneal@762 370 reverse('accounts-password_reset_confirm',
bgneal@762 371 kwargs={'uidb64': uidb64, 'token': token}),
bgneal@762 372 args, follow=True)
bgneal@762 373 self.assertRedirects(response,
bgneal@762 374 reverse('accounts-password_reset_success'))
bgneal@762 375 self.assertEqual(response.status_code, 200)
bgneal@762 376
bgneal@762 377 # Check new password
bgneal@762 378 u = User.objects.get(username='user1')
bgneal@762 379 self.assertTrue(check_password('pw2', u.password))