| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320 |
- import json
- from path import Path
- from django.contrib.auth import get_user_model
- from django.core.urlresolvers import reverse
- from django.utils.encoding import smart_str
- from misago.acl.testutils import override_acl
- from misago.conf import settings
- from ..avatars import store
- from ..testutils import AuthenticatedUserTestCase
- class UserAvatarTests(AuthenticatedUserTestCase):
- """
- tests for user avatar RPC (/api/users/1/avatar/)
- """
- def setUp(self):
- super(UserAvatarTests, self).setUp()
- self.link = '/api/users/%s/avatar/' % self.user.pk
- def test_avatars_off(self):
- """custom avatars are not allowed"""
- with self.settings(allow_custom_avatars=False):
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- options = json.loads(smart_str(response.content))
- self.assertTrue(options['generated'])
- self.assertFalse(options['gravatar'])
- self.assertFalse(options['crop_org'])
- self.assertFalse(options['crop_tmp'])
- self.assertFalse(options['upload'])
- self.assertTrue(options['galleries'])
- def test_avatars_on(self):
- """custom avatars are not allowed"""
- with self.settings(allow_custom_avatars=True):
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- options = json.loads(smart_str(response.content))
- self.assertTrue(options['generated'])
- self.assertTrue(options['gravatar'])
- self.assertFalse(options['crop_org'])
- self.assertFalse(options['crop_tmp'])
- self.assertTrue(options['upload'])
- self.assertTrue(options['galleries'])
- def test_avatar_locked(self):
- """requests to api error if user's avatar is locked"""
- self.user.is_avatar_locked = True
- self.user.avatar_lock_user_message = 'Your avatar is pwnt.'
- self.user.save()
- response = self.client.get(self.link)
- self.assertContains(response, 'Your avatar is pwnt', status_code=403)
- def test_other_user_avatar(self):
- """requests to api error if user tries to access other user"""
- self.logout_user();
- response = self.client.get(self.link)
- self.assertContains(response, 'You have to sign in', status_code=403)
- User = get_user_model()
- self.login_user(User.objects.create_user(
- "BobUser", "bob@bob.com", self.USER_PASSWORD))
- response = self.client.get(self.link)
- self.assertContains(response, 'can\'t change other users avatars', status_code=403)
- def test_empty_requests(self):
- """empty request errors with code 400"""
- response = self.client.post(self.link)
- self.assertContains(response, 'Unknown avatar type.', status_code=400)
- def test_failed_gravatar_request(self):
- """no gravatar RPC fails"""
- self.user.email_hash = 'wolololo'
- self.user.save()
- response = self.client.post(self.link, data={'avatar': 'gravatar'})
- self.assertContains(response, 'No Gravatar is associated', status_code=400)
- def test_successful_gravatar_request(self):
- """gravatar RPC fails"""
- self.user.set_email('rafio.xudb@gmail.com')
- self.user.save()
- response = self.client.post(self.link, data={'avatar': 'gravatar'})
- self.assertContains(response, 'Gravatar was downloaded and set')
- def test_generation_request(self):
- """generated avatar is set"""
- response = self.client.post(self.link, data={'avatar': 'generated'})
- self.assertContains(response, 'New avatar based on your account')
- def test_avatar_upload_and_crop(self):
- """avatar can be uploaded and cropped"""
- response = self.client.post(self.link, data={'avatar': 'generated'})
- self.assertEqual(response.status_code, 200)
- response = self.client.post(self.link, data={'avatar': 'upload'})
- self.assertContains(response, 'No file was sent.', status_code=400)
- avatar_path = (settings.MEDIA_ROOT, 'avatars', 'blank.png')
- with open('/'.join(avatar_path), 'rb') as avatar:
- response = self.client.post(self.link,
- data={
- 'avatar': 'upload',
- 'image': avatar
- })
- self.assertEqual(response.status_code, 200)
- response_json = json.loads(smart_str(response.content))
- self.assertTrue(response_json['options']['crop_tmp'])
- avatar_dir = store.get_existing_avatars_dir(self.user)
- avatar = Path('%s/%s_tmp.png' % (avatar_dir, self.user.pk))
- self.assertTrue(avatar.exists())
- self.assertTrue(avatar.isfile())
- tmp_avatar_kwargs = {
- 'pk': self.user.pk,
- 'secret': response_json['options']['crop_tmp']['secret'],
- 'hash': response_json['avatar_hash'],
- }
- tmp_avatar_path = reverse('misago:user-avatar-source',
- kwargs=tmp_avatar_kwargs)
- response = self.client.get(tmp_avatar_path)
- self.assertEqual(response.status_code, 200)
- response = self.client.post(self.link, json.dumps({
- 'avatar': 'crop_tmp',
- 'crop': {
- 'offset': {
- 'x': 0, 'y': 0
- },
- 'zoom': 1
- }
- }),
- content_type="application/json")
- response_json = json.loads(smart_str(response.content))
- self.assertEqual(response.status_code, 200)
- self.assertContains(response, 'Uploaded avatar was set.')
- avatar_dir = store.get_existing_avatars_dir(self.user)
- avatar = Path('%s/%s_tmp.png' % (avatar_dir, self.user.pk))
- self.assertFalse(avatar.exists())
- avatar = Path('%s/%s_org.png' % (avatar_dir, self.user.pk))
- self.assertTrue(avatar.exists())
- self.assertTrue(avatar.isfile())
- org_avatar_kwargs = {
- 'pk': self.user.pk,
- 'secret': response_json['options']['crop_org']['secret'],
- 'hash': response_json['avatar_hash'],
- }
- org_avatar_path = reverse('misago:user-avatar-source',
- kwargs=tmp_avatar_kwargs)
- response = self.client.get(org_avatar_path)
- self.assertEqual(response.status_code, 200)
- response = self.client.post(self.link, json.dumps({
- 'avatar': 'crop_tmp',
- 'crop': {
- 'offset': {
- 'x': 0, 'y': 0
- },
- 'zoom': 1
- }
- }),
- content_type="application/json")
- self.assertContains(response, 'This avatar type is not allowed.', status_code=400)
- response = self.client.post(self.link, json.dumps({
- 'avatar': 'crop_org',
- 'crop': {
- 'offset': {
- 'x': 0, 'y': 0
- },
- 'zoom': 1
- }
- }),
- content_type="application/json")
- self.assertContains(response, 'Avatar was re-cropped.')
- def test_gallery(self):
- """its possible to set avatar from gallery"""
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- options = json.loads(smart_str(response.content))
- self.assertTrue(options['galleries'])
- for gallery in options['galleries']:
- for image in gallery['images']:
- response = self.client.post(self.link, data={
- 'avatar': 'galleries',
- 'image': image
- })
- self.assertContains(response, 'Avatar from gallery was set.')
- class UserAvatarModerationTests(AuthenticatedUserTestCase):
- """
- tests for moderate user avatar RPC (/api/users/1/moderate-avatar/)
- """
- def setUp(self):
- super(UserAvatarModerationTests, self).setUp()
- User = get_user_model()
- self.other_user = User.objects.create_user(
- "OtherUser", "other@user.com", "pass123")
- self.link = '/api/users/%s/moderate-avatar/' % self.other_user.pk
- def test_no_permission(self):
- """no permission to moderate avatar"""
- override_acl(self.user, {
- 'can_moderate_avatars': 0,
- })
- response = self.client.get(self.link)
- self.assertContains(response, "can't moderate avatars", status_code=403)
- override_acl(self.user, {
- 'can_moderate_avatars': 0,
- })
- response = self.client.post(self.link)
- self.assertContains(response, "can't moderate avatars", status_code=403)
- def test_moderate_avatar(self):
- """moderate avatar"""
- override_acl(self.user, {
- 'can_moderate_avatars': 1,
- })
- response = self.client.get(self.link)
- self.assertEqual(response.status_code, 200)
- options = json.loads(smart_str(response.content))
- self.assertEqual(options['is_avatar_locked'],
- self.other_user.is_avatar_locked)
- self.assertEqual(options['avatar_lock_user_message'],
- self.other_user.avatar_lock_user_message)
- self.assertEqual(options['avatar_lock_staff_message'],
- self.other_user.avatar_lock_staff_message)
- override_acl(self.user, {
- 'can_moderate_avatars': 1,
- })
- response = self.client.post(self.link, json.dumps({
- 'is_avatar_locked': True,
- 'avatar_lock_user_message': "Test user message.",
- 'avatar_lock_staff_message': "Test staff message.",
- }),
- content_type="application/json")
- self.assertEqual(response.status_code, 200)
- User = get_user_model()
- other_user = User.objects.get(pk=self.other_user.pk)
- options = json.loads(smart_str(response.content))
- self.assertEqual(other_user.is_avatar_locked, True)
- self.assertEqual(
- other_user.avatar_lock_user_message, "Test user message.")
- self.assertEqual(
- other_user.avatar_lock_staff_message, "Test staff message.")
- self.assertEqual(options['avatar_hash'],
- other_user.avatar_hash)
- self.assertEqual(options['is_avatar_locked'],
- other_user.is_avatar_locked)
- self.assertEqual(options['avatar_lock_user_message'],
- other_user.avatar_lock_user_message)
- self.assertEqual(options['avatar_lock_staff_message'],
- other_user.avatar_lock_staff_message)
- override_acl(self.user, {
- 'can_moderate_avatars': 1,
- })
- response = self.client.post(self.link, json.dumps({
- 'is_avatar_locked': False,
- 'avatar_lock_user_message': None,
- 'avatar_lock_staff_message': None,
- }),
- content_type="application/json")
- self.assertEqual(response.status_code, 200)
- other_user = User.objects.get(pk=self.other_user.pk)
- options = json.loads(smart_str(response.content))
- self.assertEqual(options['avatar_hash'],
- other_user.avatar_hash)
- self.assertEqual(options['is_avatar_locked'],
- other_user.is_avatar_locked)
- self.assertEqual(options['avatar_lock_user_message'],
- other_user.avatar_lock_user_message)
- self.assertEqual(options['avatar_lock_staff_message'],
- other_user.avatar_lock_staff_message)
- def test_moderate_own_avatar(self):
- """moderate own avatar"""
- override_acl(self.user, {
- 'can_moderate_avatars': 1,
- })
- response = self.client.get(
- '/api/users/%s/moderate-avatar/' % self.user.pk)
- self.assertEqual(response.status_code, 200)
|
