from django.contrib.auth import get_user_model from django.core import mail from misago.users.testutils import AuthenticatedUserTestCase class UserChangeEmailTests(AuthenticatedUserTestCase): """ tests for user change email RPC (/api/users/1/change-email/) """ def setUp(self): super(UserChangeEmailTests, self).setUp() self.link = '/api/users/%s/change-email/' % self.user.pk def test_unsupported_methods(self): """api isn't supporting GET""" response = self.client.get(self.link) self.assertEqual(response.status_code, 405) def test_change_email(self): """api allows users to change their e-mail addresses""" response = self.client.post(self.link, data={ 'new_email': 'new@email.com', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 200) self.assertIn('Confirm e-mail change', mail.outbox[0].subject) for line in [l.strip() for l in mail.outbox[0].body.splitlines()]: if line.startswith('http://'): token = line.rstrip('/').split('/')[-1] break else: self.fail("E-mail sent didn't contain confirmation url") response = self.client.post(self.link, data={'token': token}) self.assertEqual(response.status_code, 200) self.reload_user() self.assertEqual(self.user.email, 'new@email.com') def test_invalid_password(self): """api errors correctly for invalid password""" response = self.client.post(self.link, data={ 'new_email': 'new@email.com', 'password': 'Lor3mIpsum' }) self.assertEqual(response.status_code, 400) self.assertIn('password is invalid', response.content) def test_invalid_input(self): """api errors correctly for invalid input""" response = self.client.post(self.link, data={ 'new_email': '', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 400) self.assertIn('new_email":["This field is required', response.content) response = self.client.post(self.link, data={ 'new_email': 'newmail', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 400) self.assertIn('valid email address', response.content) def test_email_taken(self): """api validates email usage""" User = get_user_model() User.objects.create_user('BobBoberson', 'new@email.com', 'Pass.123') response = self.client.post(self.link, data={ 'new_email': 'new@email.com', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 400) self.assertIn('not available', response.content) def test_invalid_token(self): """api handles invalid token""" response = self.client.post(self.link, data={ 'new_email': 'new@email.com', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 200) response = self.client.post(self.link, data={'token': 'invalid-token'}) self.assertEqual(response.status_code, 400) self.reload_user() self.assertTrue(self.user.email != 'new@email.com') def test_expired_token(self): """api handles invalid token""" response = self.client.post(self.link, data={ 'new_email': 'new@email.com', 'password': self.USER_PASSWORD }) self.assertEqual(response.status_code, 200) for line in [l.strip() for l in mail.outbox[0].body.splitlines()]: if line.startswith('http://'): token = line.rstrip('/').split('/')[-1] break else: self.fail("E-mail sent didn't contain confirmation url") self.user.set_password('L0lN0p3!') self.user.save() self.login_user(self.user, 'L0lN0p3!') response = self.client.post(self.link, data={'token': 'invalid-token'}) self.assertEqual(response.status_code, 400) self.reload_user() self.assertTrue(self.user.email != 'new@email.com')