221V
/
Misago


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
							from django.contrib.auth import get_user_model
from django.core import mail
from django.urls import reverse

from misago.users.testutils import AuthenticatedUserTestCase


UserModel = get_user_model()


class UserChangeEmailTests(AuthenticatedUserTestCase):
    """tests for user change email RPC (/api/users/1/change-email/)"""

    def setUp(self):
        super().setUp()
        self.link = '/api/users/%s/change-email/' % self.user.pk

    def test_unsupported_methods(self):
        """api isn't supporting GET"""
        response = self.client.get(self.link)
        self.assertEqual(response.status_code, 405)

    def test_empty_input(self):
        """api errors correctly for empty input"""
        response = self.client.post(self.link, data={})

        self.assertEqual(response.status_code, 400)
        self.assertEqual(
            response.json(), {
                'new_email': ["This field is required."],
                'password': ["This field is required."],
            }
        )

    def test_invalid_password(self):
        """api errors correctly for invalid password"""
        response = self.client.post(
            self.link,
            data={
                'new_email': 'new@email.com',
                'password': 'Lor3mIpsum',
            },
        )
        self.assertEqual(response.status_code, 400)
        self.assertEqual(response.json(), {
            'password': ["Entered password is invalid."]
        })

    def test_invalid_input(self):
        """api errors correctly for invalid input"""
        response = self.client.post(
            self.link,
            data={
                'new_email': '',
                'password': self.USER_PASSWORD,
            },
        )

        self.assertEqual(response.status_code, 400)
        self.assertEqual(response.json(), {
            'new_email': ["This field may not be blank."],
        })

        response = self.client.post(
            self.link,
            data={
                'new_email': 'newmail',
                'password': self.USER_PASSWORD,
            },
        )

        self.assertEqual(response.status_code, 400)
        self.assertEqual(response.json(), {
            'new_email': ["Enter a valid email address."],
        })

    def test_email_taken(self):
        """api validates email usage"""
        UserModel.objects.create_user('BobBoberson', 'new@email.com', 'Pass.123')

        response = self.client.post(
            self.link,
            data={
                'new_email': 'new@email.com',
                'password': self.USER_PASSWORD,
            },
        )
        self.assertEqual(response.status_code, 400)
        self.assertEqual(response.json(), {
            'new_email': ["This e-mail address is not available."]
        })

    def test_change_email(self):
        """api allows users to change their e-mail addresses"""
        new_email = 'new@email.com'

        response = self.client.post(
            self.link,
            data={
                'new_email': new_email,
                'password': self.USER_PASSWORD,
            },
        )
        self.assertEqual(response.status_code, 200)

        self.assertIn('Confirm e-mail change', mail.outbox[0].subject)
        for line in [l.strip() for l in mail.outbox[0].body.splitlines()]:
            if line.startswith('http://'):
                token = line.rstrip('/').split('/')[-1]
                break
        else:
            self.fail("E-mail sent didn't contain confirmation url")

        response = self.client.get(
            reverse(
                'misago:options-confirm-email-change',
                kwargs={
                    'token': token,
                },
            )
        )

        self.assertEqual(response.status_code, 200)

        self.reload_user()
        self.assertEqual(self.user.email, new_email)

    def test_change_email_user_password_whitespace(self):
        """api supports users with whitespace around their passwords"""
        user_password = ' old password '
        new_password = ' N3wP@55w0rd '

        new_email = 'new@email.com'

        self.user.set_password(user_password)
        self.user.save()

        self.login_user(self.user)

        response = self.client.post(
            self.link,
            data={
                'new_email': new_email,
                'password': user_password,
            },
        )
        self.assertEqual(response.status_code, 200)

        self.assertIn('Confirm e-mail change', mail.outbox[0].subject)
        for line in [l.strip() for l in mail.outbox[0].body.splitlines()]:
            if line.startswith('http://'):
                token = line.rstrip('/').split('/')[-1]
                break
        else:
            self.fail("E-mail sent didn't contain confirmation url")

        response = self.client.get(
            reverse(
                'misago:options-confirm-email-change',
                kwargs={
                    'token': token,
                },
            )
        )

        self.assertEqual(response.status_code, 200)

        self.reload_user()
        self.assertEqual(self.user.email, new_email)