| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686 |
- import json
- from datetime import timedelta
- from django.contrib.auth import get_user_model
- from django.urls import reverse
- from django.utils.encoding import smart_str
- from misago.acl.testutils import override_acl
- from misago.categories.models import Category
- from misago.core import threadstore
- from misago.core.cache import cache
- from misago.threads.models import Post, Thread
- from misago.threads.testutils import post_thread
- from misago.users.activepostersranking import build_active_posters_ranking
- from misago.users.models import Ban, Rank
- from misago.users.testutils import AuthenticatedUserTestCase
- UserModel = get_user_model()
- class ActivePostersListTests(AuthenticatedUserTestCase):
- """tests for active posters list (GET /users/?list=active)"""
- def setUp(self):
- super(ActivePostersListTests, self).setUp()
- self.link = '/api/users/?list=active'
- cache.clear()
- threadstore.clear()
- self.category = Category.objects.all_categories()[:1][0]
- self.category.labels = []
- def test_empty_list(self):
- """empty list is served"""
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertNotContains(response, self.user.username)
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertNotContains(response, self.user.username)
- def test_filled_list(self):
- """filled list is served"""
- post_thread(self.category, poster=self.user)
- self.user.posts = 1
- self.user.save()
- build_active_posters_ranking()
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, self.user.username)
- self.assertContains(response, '"is_online":true')
- self.assertContains(response, '"is_offline":false')
- self.logout_user()
- build_active_posters_ranking()
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, self.user.username)
- self.assertContains(response, '"is_online":false')
- self.assertContains(response, '"is_offline":true')
- class FollowersListTests(AuthenticatedUserTestCase):
- """tests for generic list (GET /users/) filtered by followers"""
- def setUp(self):
- super(FollowersListTests, self).setUp()
- self.link = '/api/users/%s/followers/'
- def test_nonexistent_user(self):
- """list for non-existing user returns 404"""
- response = self.client.get(self.link % 31242)
- self.assertEqual(response.status_code, 404)
- def test_empty_list(self):
- """user without followers returns 200"""
- response = self.client.get(self.link % self.user.pk)
- self.assertEqual(response.status_code, 200)
- def test_filled_list(self):
- """user with followers returns 200"""
- test_follower = UserModel.objects.create_user(
- "TestFollower",
- "test@follower.com",
- self.USER_PASSWORD,
- )
- self.user.followed_by.add(test_follower)
- response = self.client.get(self.link % self.user.pk)
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, test_follower.username)
- def test_filled_list_search(self):
- """followers list is searchable"""
- test_follower = UserModel.objects.create_user(
- "TestFollower",
- "test@follower.com",
- self.USER_PASSWORD,
- )
- self.user.followed_by.add(test_follower)
- api_link = self.link % self.user.pk
- response = self.client.get('%s?search=%s' % (api_link, 'test'))
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, test_follower.username)
- class FollowsListTests(AuthenticatedUserTestCase):
- """tests for generic list (GET /users/) filtered by follows"""
- def setUp(self):
- super(FollowsListTests, self).setUp()
- self.link = '/api/users/%s/follows/'
- def test_nonexistent_user(self):
- """list for non-existing user returns 404"""
- response = self.client.get(self.link % 1321)
- self.assertEqual(response.status_code, 404)
- def test_empty_list(self):
- """user without follows returns 200"""
- response = self.client.get(self.link % self.user.pk)
- self.assertEqual(response.status_code, 200)
- def test_filled_list(self):
- """user with follows returns 200"""
- test_follower = UserModel.objects.create_user(
- "TestFollower",
- "test@follower.com",
- self.USER_PASSWORD,
- )
- self.user.follows.add(test_follower)
- response = self.client.get(self.link % self.user.pk)
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, test_follower.username)
- def test_filled_list_search(self):
- """follows list is searchable"""
- test_follower = UserModel.objects.create_user(
- "TestFollower",
- "test@follower.com",
- self.USER_PASSWORD,
- )
- self.user.follows.add(test_follower)
- api_link = self.link % self.user.pk
- response = self.client.get('%s?search=%s' % (api_link, 'test'))
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, test_follower.username)
- class RankListTests(AuthenticatedUserTestCase):
- """tests for generic list (GET /users/) filtered by rank"""
- def setUp(self):
- super(RankListTests, self).setUp()
- self.link = '/api/users/?rank=%s'
- def test_nonexistent_rank(self):
- """list for non-existing rank returns 404"""
- response = self.client.get(self.link % 1421)
- self.assertEqual(response.status_code, 404)
- def test_empty_list(self):
- """tab rank without members returns 200"""
- test_rank = Rank.objects.create(
- name="Test rank",
- slug="test-rank",
- is_tab=True,
- )
- response = self.client.get(self.link % test_rank.pk)
- self.assertEqual(response.status_code, 200)
- def test_disabled_list(self):
- """non-tab rank returns 404"""
- self.user.rank.is_tab = False
- self.user.rank.save()
- response = self.client.get(self.link % self.user.rank.pk)
- self.assertEqual(response.status_code, 404)
- def test_list_search(self):
- """rank list is not searchable"""
- api_link = self.link % self.user.rank.pk
- response = self.client.get('%s&name=%s' % (api_link, 'test'))
- self.assertEqual(response.status_code, 404)
- def test_filled_list(self):
- """tab rank with members return 200"""
- self.user.rank.is_tab = True
- self.user.rank.save()
- response = self.client.get(self.link % self.user.rank.pk)
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, self.user.username)
- def test_disabled_users(self):
- """api follows disabled users visibility"""
- test_rank = Rank.objects.create(
- name="Test rank",
- slug="test-rank",
- is_tab=True,
- )
- test_user = UserModel.objects.create_user(
- 'Visible',
- 'visible@te.com',
- 'Pass.123',
- rank=test_rank,
- is_active=False,
- )
- response = self.client.get(self.link % test_rank.pk)
- self.assertNotContains(response, test_user.get_absolute_url())
- # api shows disabled accounts to staff
- self.user.is_staff = True
- self.user.save()
- response = self.client.get(self.link % test_rank.pk)
- self.assertContains(response, test_user.get_absolute_url())
- class SearchNamesListTests(AuthenticatedUserTestCase):
- """tests for generic list (GET /users/) filtered by username disallowing searches"""
- def setUp(self):
- super(SearchNamesListTests, self).setUp()
- self.link = '/api/users/?&name='
- def test_empty_list(self):
- """empty list returns 404"""
- response = self.client.get(self.link + 'this-user-is-fake')
- self.assertEqual(response.status_code, 404)
- def test_filled_list(self):
- """results list returns 404"""
- response = self.client.get(self.link + self.user.slug)
- self.assertEqual(response.status_code, 404)
- class UserRetrieveTests(AuthenticatedUserTestCase):
- def setUp(self):
- super(UserRetrieveTests, self).setUp()
- self.test_user = UserModel.objects.create_user('Tyrael', 't123@test.com', 'pass123')
- self.link = reverse(
- 'misago:api:user-detail', kwargs={
- 'pk': self.test_user.pk,
- }
- )
- def test_get_user(self):
- """api user retrieve endpoint has no showstoppers"""
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- def test_disabled_user(self):
- """api user retrieve handles disabled users"""
- self.user.is_staff = False
- self.user.save()
- self.test_user.is_active = False
- self.test_user.save()
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 404)
- self.user.is_staff = True
- self.user.save()
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- class UserForumOptionsTests(AuthenticatedUserTestCase):
- """tests for user forum options RPC (POST to /api/users/1/forum-options/)"""
- def setUp(self):
- super(UserForumOptionsTests, self).setUp()
- self.link = '/api/users/%s/forum-options/' % self.user.pk
- def test_empty_request(self):
- """empty request is handled"""
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'limits_private_thread_invites_to': [
- 'This field is required.',
- ],
- 'subscribe_to_started_threads': [
- 'This field is required.',
- ],
- 'subscribe_to_replied_threads': [
- 'This field is required.',
- ],
- }
- )
- def test_change_forum_invalid_ranges(self):
- """api validates ranges for fields"""
- response = self.client.post(
- self.link,
- data={
- 'limits_private_thread_invites_to': 541,
- 'subscribe_to_started_threads': 44,
- 'subscribe_to_replied_threads': 321,
- }
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'limits_private_thread_invites_to': [
- '"541" is not a valid choice.',
- ],
- 'subscribe_to_started_threads': [
- '"44" is not a valid choice.',
- ],
- 'subscribe_to_replied_threads': [
- '"321" is not a valid choice.',
- ],
- }
- )
- def test_change_forum_options(self):
- """forum options are changed"""
- response = self.client.post(
- self.link,
- data={
- 'limits_private_thread_invites_to': 1,
- 'subscribe_to_started_threads': 2,
- 'subscribe_to_replied_threads': 1,
- }
- )
- self.assertEqual(response.status_code, 204)
- self.reload_user()
- self.assertFalse(self.user.is_hiding_presence)
- self.assertEqual(self.user.limits_private_thread_invites_to, 1)
- self.assertEqual(self.user.subscribe_to_started_threads, 2)
- self.assertEqual(self.user.subscribe_to_replied_threads, 1)
- response = self.client.post(
- self.link,
- data={
- 'is_hiding_presence': True,
- 'limits_private_thread_invites_to': 1,
- 'subscribe_to_started_threads': 2,
- 'subscribe_to_replied_threads': 1,
- }
- )
- self.assertEqual(response.status_code, 204)
- self.reload_user()
- self.assertTrue(self.user.is_hiding_presence)
- self.assertEqual(self.user.limits_private_thread_invites_to, 1)
- self.assertEqual(self.user.subscribe_to_started_threads, 2)
- self.assertEqual(self.user.subscribe_to_replied_threads, 1)
- response = self.client.post(
- self.link,
- data={
- 'is_hiding_presence': False,
- 'limits_private_thread_invites_to': 1,
- 'subscribe_to_started_threads': 2,
- 'subscribe_to_replied_threads': 1,
- }
- )
- self.assertEqual(response.status_code, 204)
- self.reload_user()
- self.assertFalse(self.user.is_hiding_presence)
- self.assertEqual(self.user.limits_private_thread_invites_to, 1)
- self.assertEqual(self.user.subscribe_to_started_threads, 2)
- self.assertEqual(self.user.subscribe_to_replied_threads, 1)
- class UserFollowTests(AuthenticatedUserTestCase):
- """tests for user follow RPC (POST to /api/users/1/follow/)"""
- def setUp(self):
- super(UserFollowTests, self).setUp()
- self.other_user = UserModel.objects.create_user("OtherUser", "other@user.com", "pass123")
- self.link = '/api/users/%s/follow/' % self.other_user.pk
- def test_follow_unauthenticated(self):
- """you have to sign in to follow users"""
- self.logout_user()
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "This action is not available to guests.",
- })
- def test_follow_myself(self):
- """you can't follow yourself"""
- response = self.client.post('/api/users/%s/follow/' % self.user.pk)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't add yourself to followed.",
- })
- def test_cant_follow(self):
- """no permission to follow users"""
- override_acl(self.user, {
- 'can_follow_users': 0,
- })
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't follow other users.",
- })
- def test_follow(self):
- """follow and unfollow other user"""
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 200)
- user = UserModel.objects.get(pk=self.user.pk)
- self.assertEqual(user.followers, 0)
- self.assertEqual(user.following, 1)
- self.assertEqual(user.follows.count(), 1)
- self.assertEqual(user.followed_by.count(), 0)
- followed = UserModel.objects.get(pk=self.other_user.pk)
- self.assertEqual(followed.followers, 1)
- self.assertEqual(followed.following, 0)
- self.assertEqual(followed.follows.count(), 0)
- self.assertEqual(followed.followed_by.count(), 1)
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 200)
- user = UserModel.objects.get(pk=self.user.pk)
- self.assertEqual(user.followers, 0)
- self.assertEqual(user.following, 0)
- self.assertEqual(user.follows.count(), 0)
- self.assertEqual(user.followed_by.count(), 0)
- followed = UserModel.objects.get(pk=self.other_user.pk)
- self.assertEqual(followed.followers, 0)
- self.assertEqual(followed.following, 0)
- self.assertEqual(followed.follows.count(), 0)
- self.assertEqual(followed.followed_by.count(), 0)
- class UserBanTests(AuthenticatedUserTestCase):
- """tests for ban endpoint (GET to /api/users/1/ban/)"""
- def setUp(self):
- super(UserBanTests, self).setUp()
- self.other_user = UserModel.objects.create_user("OtherUser", "other@user.com", "pass123")
- self.link = '/api/users/%s/ban/' % self.other_user.pk
- def test_no_permission(self):
- """user has no permission to access ban"""
- override_acl(self.user, {'can_see_ban_details': 0})
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't see users bans details.",
- })
- def test_no_ban(self):
- """api returns empty json"""
- override_acl(self.user, {'can_see_ban_details': 1})
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {})
- def test_ban_details(self):
- """api returns ban json"""
- override_acl(self.user, {'can_see_ban_details': 1})
- Ban.objects.create(
- check_type=Ban.USERNAME,
- banned_value=self.other_user.username,
- user_message='Nope!',
- )
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {
- 'user_message': {
- 'plain': 'Nope!',
- 'html': '<p>Nope!</p>',
- },
- 'staff_message': None,
- 'expires_on': None,
- })
- class UserDeleteTests(AuthenticatedUserTestCase):
- """tests for user delete RPC (POST to /api/users/1/delete/)"""
- def setUp(self):
- super(UserDeleteTests, self).setUp()
- self.other_user = UserModel.objects.create_user("OtherUser", "other@user.com", "pass123")
- self.link = '/api/users/%s/delete/' % self.other_user.pk
- self.threads = Thread.objects.count()
- self.posts = Post.objects.count()
- self.category = Category.objects.all_categories()[:1][0]
- post_thread(self.category, poster=self.other_user)
- self.other_user.posts = 1
- self.other_user.threads = 1
- self.other_user.save()
- def test_delete_no_permission(self):
- """raises 403 error when no permission to delete"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 0,
- 'can_delete_users_with_less_posts_than': 0,
- }
- )
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete users.",
- })
- def test_delete_too_many_posts(self):
- """raises 403 error when user has too many posts"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 0,
- 'can_delete_users_with_less_posts_than': 5,
- }
- )
- self.other_user.posts = 6
- self.other_user.save()
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete users that made more than 5 posts.",
- })
- def test_delete_too_old_member(self):
- """raises 403 error when user is too old"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 5,
- 'can_delete_users_with_less_posts_than': 0,
- }
- )
- self.other_user.joined_on -= timedelta(days=6)
- self.other_user.save()
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete users that are members for more than 5 days.",
- })
- def test_delete_self(self):
- """raises 403 error when attempting to delete oneself"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 10,
- 'can_delete_users_with_less_posts_than': 10,
- }
- )
- response = self.client.post('/api/users/%s/delete/' % self.user.pk)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete yourself.",
- })
- def test_delete_admin(self):
- """raises 403 error when attempting to delete admin"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 10,
- 'can_delete_users_with_less_posts_than': 10,
- }
- )
- self.other_user.is_staff = True
- self.other_user.save()
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete administrators.",
- })
- def test_delete_superadmin(self):
- """raises 403 error when attempting to delete superadmin"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 10,
- 'can_delete_users_with_less_posts_than': 10,
- }
- )
- self.other_user.is_superuser = True
- self.other_user.save()
- response = self.client.post(self.link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- 'detail': "You can't delete administrators.",
- })
- def test_delete_with_content(self):
- """returns 200 and deletes user with content"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 10,
- 'can_delete_users_with_less_posts_than': 10,
- }
- )
- response = self.client.post(
- self.link,
- json.dumps({
- 'with_content': True
- }),
- content_type='application/json',
- )
- self.assertEqual(response.status_code, 200)
- with self.assertRaises(UserModel.DoesNotExist):
- UserModel.objects.get(pk=self.other_user.pk)
- self.assertEqual(Thread.objects.count(), self.threads)
- self.assertEqual(Post.objects.count(), self.posts)
- def test_delete_without_content(self):
- """returns 200 and deletes user without content"""
- override_acl(
- self.user, {
- 'can_delete_users_newer_than': 10,
- 'can_delete_users_with_less_posts_than': 10,
- }
- )
- response = self.client.post(
- self.link,
- json.dumps({
- 'with_content': False
- }),
- content_type='application/json',
- )
- self.assertEqual(response.status_code, 200)
- with self.assertRaises(UserModel.DoesNotExist):
- UserModel.objects.get(pk=self.other_user.pk)
- self.assertEqual(Thread.objects.count(), self.threads + 1)
- self.assertEqual(Post.objects.count(), self.posts + 2)
|
