kopia lustrzana https://dev.funkwhale.audio/funkwhale/funkwhale
290 wiersze
8.7 KiB
Python
290 wiersze
8.7 KiB
Python
import pytest
|
|
from django.urls import reverse
|
|
|
|
from funkwhale_api.users.models import User
|
|
|
|
|
|
def test_can_create_user_via_api(preferences, api_client, db):
|
|
url = reverse("rest_register")
|
|
data = {
|
|
"username": "test1",
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
}
|
|
preferences["users__registration_enabled"] = True
|
|
response = api_client.post(url, data)
|
|
assert response.status_code == 201
|
|
|
|
u = User.objects.get(email="test1@test.com")
|
|
assert u.username == "test1"
|
|
|
|
|
|
@pytest.mark.parametrize("username", ["wrong.name", "wrong-name", "éaeu", "wrong name"])
|
|
def test_username_only_accepts_letters_and_underscores(
|
|
username, preferences, api_client, db
|
|
):
|
|
url = reverse("rest_register")
|
|
data = {
|
|
"username": username,
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
}
|
|
preferences["users__registration_enabled"] = True
|
|
response = api_client.post(url, data)
|
|
assert response.status_code == 400
|
|
|
|
|
|
def test_can_restrict_usernames(settings, preferences, db, api_client):
|
|
url = reverse("rest_register")
|
|
preferences["users__registration_enabled"] = True
|
|
settings.USERNAME_BLACKLIST = ["funkwhale"]
|
|
data = {
|
|
"username": "funkwhale",
|
|
"email": "contact@funkwhale.io",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
}
|
|
|
|
response = api_client.post(url, data)
|
|
|
|
assert response.status_code == 400
|
|
assert "username" in response.data
|
|
|
|
|
|
def test_can_disable_registration_view(preferences, api_client, db):
|
|
url = reverse("rest_register")
|
|
data = {
|
|
"username": "test1",
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
}
|
|
preferences["users__registration_enabled"] = False
|
|
response = api_client.post(url, data)
|
|
assert response.status_code == 403
|
|
|
|
|
|
def test_can_signup_with_invitation(preferences, factories, api_client):
|
|
url = reverse("rest_register")
|
|
invitation = factories["users.Invitation"](code="Hello")
|
|
data = {
|
|
"username": "test1",
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
"invitation": "hello",
|
|
}
|
|
preferences["users__registration_enabled"] = False
|
|
response = api_client.post(url, data)
|
|
assert response.status_code == 201
|
|
u = User.objects.get(email="test1@test.com")
|
|
assert u.username == "test1"
|
|
assert u.invitation == invitation
|
|
|
|
|
|
def test_can_signup_with_invitation_invalid(preferences, factories, api_client):
|
|
url = reverse("rest_register")
|
|
factories["users.Invitation"](code="hello")
|
|
data = {
|
|
"username": "test1",
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
"invitation": "nope",
|
|
}
|
|
response = api_client.post(url, data)
|
|
assert response.status_code == 400
|
|
assert "invitation" in response.data
|
|
|
|
|
|
def test_can_fetch_data_from_api(api_client, factories):
|
|
url = reverse("api:v1:users:users-me")
|
|
response = api_client.get(url)
|
|
# login required
|
|
assert response.status_code == 401
|
|
|
|
user = factories["users.User"](permission_library=True)
|
|
api_client.login(username=user.username, password="test")
|
|
response = api_client.get(url)
|
|
assert response.status_code == 200
|
|
assert response.data["username"] == user.username
|
|
assert response.data["is_staff"] == user.is_staff
|
|
assert response.data["is_superuser"] == user.is_superuser
|
|
assert response.data["email"] == user.email
|
|
assert response.data["name"] == user.name
|
|
assert response.data["permissions"] == user.get_permissions()
|
|
|
|
|
|
def test_can_get_token_via_api(api_client, factories):
|
|
user = factories["users.User"]()
|
|
url = reverse("api:v1:token")
|
|
payload = {"username": user.username, "password": "test"}
|
|
|
|
response = api_client.post(url, payload)
|
|
assert response.status_code == 200
|
|
assert "token" in response.data
|
|
|
|
|
|
def test_can_get_token_via_api_inactive(api_client, factories):
|
|
user = factories["users.User"](is_active=False)
|
|
url = reverse("api:v1:token")
|
|
payload = {"username": user.username, "password": "test"}
|
|
|
|
response = api_client.post(url, payload)
|
|
assert response.status_code == 400
|
|
|
|
|
|
def test_can_refresh_token_via_api(api_client, factories, mocker):
|
|
# first, we get a token
|
|
user = factories["users.User"]()
|
|
url = reverse("api:v1:token")
|
|
payload = {"username": user.username, "password": "test"}
|
|
|
|
response = api_client.post(url, payload)
|
|
assert response.status_code == 200
|
|
|
|
token = response.data["token"]
|
|
url = reverse("api:v1:token_refresh")
|
|
response = api_client.post(url, {"token": token})
|
|
|
|
assert response.status_code == 200
|
|
assert "token" in response.data
|
|
|
|
|
|
def test_changing_password_updates_secret_key(logged_in_api_client):
|
|
user = logged_in_api_client.user
|
|
password = user.password
|
|
secret_key = user.secret_key
|
|
payload = {"old_password": "test", "new_password1": "new", "new_password2": "new"}
|
|
url = reverse("change_password")
|
|
|
|
logged_in_api_client.post(url, payload)
|
|
|
|
user.refresh_from_db()
|
|
|
|
assert user.secret_key != secret_key
|
|
assert user.password != password
|
|
|
|
|
|
def test_can_request_password_reset(factories, api_client, mailoutbox):
|
|
user = factories["users.User"]()
|
|
payload = {"email": user.email}
|
|
emails = len(mailoutbox)
|
|
url = reverse("rest_password_reset")
|
|
|
|
response = api_client.post(url, payload)
|
|
assert response.status_code == 200
|
|
assert len(mailoutbox) > emails
|
|
|
|
|
|
def test_user_can_patch_his_own_settings(logged_in_api_client):
|
|
user = logged_in_api_client.user
|
|
payload = {"privacy_level": "me"}
|
|
url = reverse("api:v1:users:users-detail", kwargs={"username": user.username})
|
|
|
|
response = logged_in_api_client.patch(url, payload)
|
|
|
|
assert response.status_code == 200
|
|
user.refresh_from_db()
|
|
|
|
assert user.privacy_level == "me"
|
|
|
|
|
|
def test_user_can_request_new_subsonic_token(logged_in_api_client):
|
|
user = logged_in_api_client.user
|
|
user.subsonic_api_token = "test"
|
|
user.save()
|
|
|
|
url = reverse(
|
|
"api:v1:users:users-subsonic-token", kwargs={"username": user.username}
|
|
)
|
|
|
|
response = logged_in_api_client.post(url)
|
|
|
|
assert response.status_code == 200
|
|
user.refresh_from_db()
|
|
assert user.subsonic_api_token != "test"
|
|
assert user.subsonic_api_token is not None
|
|
assert response.data == {"subsonic_api_token": user.subsonic_api_token}
|
|
|
|
|
|
def test_user_can_get_subsonic_token(logged_in_api_client):
|
|
user = logged_in_api_client.user
|
|
user.subsonic_api_token = "test"
|
|
user.save()
|
|
|
|
url = reverse(
|
|
"api:v1:users:users-subsonic-token", kwargs={"username": user.username}
|
|
)
|
|
|
|
response = logged_in_api_client.get(url)
|
|
|
|
assert response.status_code == 200
|
|
assert response.data == {"subsonic_api_token": "test"}
|
|
|
|
|
|
def test_user_can_delete_subsonic_token(logged_in_api_client):
|
|
user = logged_in_api_client.user
|
|
user.subsonic_api_token = "test"
|
|
user.save()
|
|
|
|
url = reverse(
|
|
"api:v1:users:users-subsonic-token", kwargs={"username": user.username}
|
|
)
|
|
|
|
response = logged_in_api_client.delete(url)
|
|
|
|
assert response.status_code == 204
|
|
user.refresh_from_db()
|
|
assert user.subsonic_api_token is None
|
|
|
|
|
|
@pytest.mark.parametrize("method", ["put", "patch"])
|
|
def test_user_cannot_patch_another_user(method, logged_in_api_client, factories):
|
|
user = factories["users.User"]()
|
|
payload = {"privacy_level": "me"}
|
|
url = reverse("api:v1:users:users-detail", kwargs={"username": user.username})
|
|
|
|
handler = getattr(logged_in_api_client, method)
|
|
response = handler(url, payload)
|
|
|
|
assert response.status_code == 403
|
|
|
|
|
|
def test_user_can_patch_their_own_avatar(logged_in_api_client, avatar):
|
|
user = logged_in_api_client.user
|
|
url = reverse("api:v1:users:users-detail", kwargs={"username": user.username})
|
|
content = avatar.read()
|
|
avatar.seek(0)
|
|
payload = {"avatar": avatar}
|
|
response = logged_in_api_client.patch(url, payload)
|
|
|
|
assert response.status_code == 200
|
|
user.refresh_from_db()
|
|
|
|
assert user.avatar.read() == content
|
|
|
|
|
|
def test_creating_user_creates_actor_as_well(
|
|
api_client, factories, mocker, preferences
|
|
):
|
|
actor = factories["federation.Actor"]()
|
|
url = reverse("rest_register")
|
|
data = {
|
|
"username": "test1",
|
|
"email": "test1@test.com",
|
|
"password1": "testtest",
|
|
"password2": "testtest",
|
|
}
|
|
preferences["users__registration_enabled"] = True
|
|
mocker.patch("funkwhale_api.users.models.create_actor", return_value=actor)
|
|
response = api_client.post(url, data)
|
|
|
|
assert response.status_code == 201
|
|
|
|
user = User.objects.get(username="test1")
|
|
|
|
assert user.actor == actor
|