| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559 |
- from django.contrib.auth import get_user_model
- from django.core import mail
- from django.urls import reverse
- from misago.conf.test import override_dynamic_settings
- from misago.legal.models import Agreement
- from misago.users.models import Ban, Online
- from misago.users.testutils import UserTestCase
- User = get_user_model()
- class UserCreateTests(UserTestCase):
- """tests for new user registration (POST to /api/users/)"""
- def setUp(self):
- super().setUp()
-
- Agreement.objects.invalidate_cache()
- self.api_link = '/api/users/'
- def tearDown(self):
- Agreement.objects.invalidate_cache()
- def test_empty_request(self):
- """empty request errors with code 400"""
- response = self.client.post(self.api_link)
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'username': ['This field is required.'],
- 'email': ['This field is required.'],
- 'password': ['This field is required.'],
- })
- def test_invalid_data(self):
- """invalid request data errors with code 400"""
- response = self.client.post(
- self.api_link,
- 'false',
- content_type="application/json",
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'username': ['This field is required.'],
- 'email': ['This field is required.'],
- 'password': ['This field is required.'],
- })
- def test_authenticated_request(self):
- """authentiated user request errors with code 403"""
- self.login_user(self.get_authenticated_user())
- response = self.client.post(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "This action is not available to signed in users."
- })
- @override_dynamic_settings(account_activation="closed")
- def test_registration_off_request(self):
- """registrations off request errors with code 403"""
- response = self.client.post(self.api_link)
- self.assertEqual(response.status_code, 403)
- self.assertEqual(response.json(), {
- "detail": "New users registrations are currently closed."
- })
- def test_registration_validates_ip_ban(self):
- """api validates ip ban"""
- Ban.objects.create(
- check_type=Ban.IP,
- banned_value='127.*',
- user_message="You can't register account like this.",
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 403)
- def test_registration_validates_ip_registration_ban(self):
- """api validates ip registration-only ban"""
- Ban.objects.create(
- check_type=Ban.IP,
- banned_value='127.*',
- user_message="You can't register account like this.",
- registration_only=True,
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- '__all__': ["You can't register account like this."],
- }
- )
- def test_registration_validates_username(self):
- """api validates usernames"""
- user = self.get_authenticated_user()
- response = self.client.post(
- self.api_link,
- data={
- 'username': user.username,
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'username': ["This username is not available."],
- })
- def test_registration_validates_username_ban(self):
- """api validates username ban"""
- Ban.objects.create(
- banned_value='totally*',
- user_message="You can't register account like this.",
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'username': ["You can't register account like this."],
- }
- )
- def test_registration_validates_username_registration_ban(self):
- """api validates username registration-only ban"""
- Ban.objects.create(
- banned_value='totally*',
- user_message="You can't register account like this.",
- registration_only=True,
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'username': ["You can't register account like this."],
- }
- )
- def test_registration_validates_email(self):
- """api validates usernames"""
- user = self.get_authenticated_user()
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': user.email,
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'email': ["This e-mail address is not available."],
- })
- def test_registration_validates_email_ban(self):
- """api validates email ban"""
- Ban.objects.create(
- check_type=Ban.EMAIL,
- banned_value='lorem*',
- user_message="You can't register account like this.",
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'email': ["You can't register account like this."],
- })
- def test_registration_validates_email_registration_ban(self):
- """api validates email registration-only ban"""
- Ban.objects.create(
- check_type=Ban.EMAIL,
- banned_value='lorem*',
- user_message="You can't register account like this.",
- registration_only=True,
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- 'email': ["You can't register account like this."],
- })
- def test_registration_requires_password(self):
- """api uses django's validate_password to validate registrations"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'loremipsum@dolor.met',
- 'password': '',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- "password": ["This field is required."],
- })
- def test_registration_validates_password(self):
- """api uses django's validate_password to validate registrations"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'l.o.r.e.m.i.p.s.u.m@gmail.com',
- 'password': '123',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- "email": ["This email is not allowed."],
- "password": [
- "This password is too short. It must contain at least 7 characters.",
- "This password is entirely numeric.",
- ],
- })
- def test_registration_validates_password_similiarity(self):
- """api uses validate_password to validate registrations"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'BobBoberson',
- 'email': 'l.o.r.e.m.i.p.s.u.m@gmail.com',
- 'password': 'BobBoberson',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- "email": ["This email is not allowed."],
- "password": ["The password is too similar to the username."],
- })
- @override_dynamic_settings(
- captcha_type='qa',
- qa_question='Test',
- qa_answers='Lorem\nIpsum'
- )
- def test_registration_validates_captcha(self):
- """api validates captcha"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'captcha': 'dolor'
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'captcha': ['Entered answer is incorrect.'],
- }
- )
- # valid captcha
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'captcha': 'ipSUM'
- },
- )
- self.assertEqual(response.status_code, 200)
- @override_dynamic_settings(
- captcha_type='qa',
- qa_question='',
- qa_answers='Lorem\n\nIpsum'
- )
- def test_qacaptcha_handles_empty_answers(self):
- """api validates captcha"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'captcha': ''
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'captcha': ['Entered answer is incorrect.'],
- }
- )
- def test_registration_check_agreement(self):
- """api checks agreement"""
- agreement = Agreement.objects.create(
- type=Agreement.TYPE_TOS,
- text="Lorem ipsum",
- is_active=True,
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'terms_of_service': ['This agreement is required.'],
- }
- )
- # invalid agreement id
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'terms_of_service': agreement.id + 1,
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(
- response.json(), {
- 'terms_of_service': ['This agreement is required.'],
- }
- )
- # valid agreement id
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'terms_of_service': agreement.id,
- },
- )
- self.assertEqual(response.status_code, 200)
-
- user = User.objects.get(email='loremipsum@dolor.met')
- self.assertEqual(user.agreements, [agreement.id])
- self.assertEqual(user.useragreement_set.count(), 1)
- def test_registration_ignore_inactive_agreement(self):
- """api ignores inactive agreement"""
- Agreement.objects.create(
- type=Agreement.TYPE_TOS,
- text="Lorem ipsum",
- is_active=False,
- )
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'totallyNew',
- 'email': 'loremipsum@dolor.met',
- 'password': 'LoremP4ssword',
- 'terms_of_service': '',
- },
- )
- self.assertEqual(response.status_code, 200)
-
- user = User.objects.get(email='loremipsum@dolor.met')
- self.assertEqual(user.agreements, [])
- self.assertEqual(user.useragreement_set.count(), 0)
- def test_registration_calls_validate_new_registration(self):
- """api uses validate_new_registration to validate registrations"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'l.o.r.e.m.i.p.s.u.m@gmail.com',
- 'password': 'pas123',
- },
- )
- self.assertEqual(response.status_code, 400)
- self.assertEqual(response.json(), {
- "email": ["This email is not allowed."],
- "password": ["This password is too short. It must contain at least 7 characters."],
- })
- @override_dynamic_settings(account_activation="none")
- def test_registration_creates_active_user(self):
- """api creates active and signed in user on POST"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- 'password': 'pass123',
- },
- )
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {
- 'activation': 'active',
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- })
- User.objects.get_by_username('Bob')
- test_user = User.objects.get_by_email('bob@bob.com')
- self.assertEqual(Online.objects.filter(user=test_user).count(), 1)
- self.assertTrue(test_user.check_password('pass123'))
-
- auth_json = self.client.get(reverse('misago:api:auth')).json()
- self.assertTrue(auth_json['is_authenticated'])
- self.assertEqual(auth_json['username'], 'Bob')
- self.assertIn('Welcome', mail.outbox[0].subject)
- self.assertEqual(test_user.audittrail_set.count(), 1)
- @override_dynamic_settings(account_activation="user")
- def test_registration_creates_inactive_user(self):
- """api creates inactive user on POST"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- 'password': 'pass123',
- },
- )
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {
- 'activation': 'user',
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- })
- auth_json = self.client.get(reverse('misago:api:auth')).json()
- self.assertFalse(auth_json['is_authenticated'])
- User.objects.get_by_username('Bob')
- User.objects.get_by_email('bob@bob.com')
- self.assertIn('Welcome', mail.outbox[0].subject)
- @override_dynamic_settings(account_activation="admin")
- def test_registration_creates_admin_activated_user(self):
- """api creates admin activated user on POST"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- 'password': 'pass123',
- },
- )
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {
- 'activation': 'admin',
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- })
- auth_json = self.client.get(reverse('misago:api:auth')).json()
- self.assertFalse(auth_json['is_authenticated'])
- User.objects.get_by_username('Bob')
- User.objects.get_by_email('bob@bob.com')
- self.assertIn('Welcome', mail.outbox[0].subject)
- @override_dynamic_settings(account_activation="none")
- def test_registration_creates_user_with_whitespace_password(self):
- """api creates user with spaces around password"""
- response = self.client.post(
- self.api_link,
- data={
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- 'password': ' pass123 ',
- },
- )
- self.assertEqual(response.status_code, 200)
- self.assertEqual(response.json(), {
- 'activation': 'active',
- 'username': 'Bob',
- 'email': 'bob@bob.com',
- })
- User.objects.get_by_username('Bob')
- test_user = User.objects.get_by_email('bob@bob.com')
- self.assertEqual(Online.objects.filter(user=test_user).count(), 1)
- self.assertTrue(test_user.check_password(' pass123 '))
- self.assertIn('Welcome', mail.outbox[0].subject)
|
