Home Explore Help
Sign In
SMusatov
/
GlitchTip
mirror of https://gitlab.com/glitchtip/glitchtip-backend.git
1
0
Fork 0
Files
Tree: 5b3b80dd11
Branches Tags
GlitchTip
/
api_tokens
/
tests.py

tests.py 2.7 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. from django.urls import reverse
    2. 

  2. from rest_framework.test import APITestCase
    3. 

  3. from model_bakery import baker
    4. 

  4. from glitchtip import test_utils  # pylint: disable=unused-import
    5. 

  5. 

  6. 

  7. class APITokenTests(APITestCase):
    8. 

  8.     def setUp(self):
    9. 

  9.         self.user = baker.make("users.user")
    10. 

  10. 

  11.     def test_create(self):
    12. 

  12.         self.client.force_login(self.user)
    13. 

  13.         url = reverse("api-tokens-list")
    14. 

  14.         scope_name = "member:read"
    15. 

  15.         data = {"scopes": [scope_name]}
    16. 

  16.         res = self.client.post(url, data, format="json")
    17. 

  17.         self.assertContains(res, scope_name, status_code=201)
    18. 

  18. 

  19.     def test_list(self):
    20. 

  20.         self.client.force_login(self.user)
    21. 

  21.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    22. 

  22.         other_api_token = baker.make("api_tokens.APIToken")
    23. 

  23.         url = reverse("api-tokens-list")
    24. 

  24.         res = self.client.get(url)
    25. 

  25.         self.assertContains(res, api_token.token)
    26. 

  26.         self.assertNotContains(res, other_api_token.token)
    27. 

  27. 

  28.     def test_retrieve(self):
    29. 

  29.         self.client.force_login(self.user)
    30. 

  30.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    31. 

  31.         url = reverse("api-tokens-detail", args=[api_token.id])
    32. 

  32.         res = self.client.get(url)
    33. 

  33.         self.assertContains(res, api_token.token)
    34. 

  34. 

  35.         other_api_token = baker.make("api_tokens.APIToken")
    36. 

  36.         res = self.client.get(reverse("api-tokens-detail", args=[other_api_token.id]))
    37. 

  37.         self.assertEqual(res.status_code, 404)
    38. 

  38. 

  39.     def test_destroy(self):
    40. 

  40.         self.client.force_login(self.user)
    41. 

  41.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    42. 

  42.         url = reverse("api-tokens-detail", args=[api_token.id])
    43. 

  43.         self.assertTrue(self.user.apitoken_set.exists())
    44. 

  44.         res = self.client.delete(url)
    45. 

  45.         self.assertEqual(res.status_code, 204)
    46. 

  46.         self.assertFalse(self.user.apitoken_set.exists())
    47. 

  47. 

  48.         other_api_token = baker.make("api_tokens.APIToken")
    49. 

  49.         url = reverse("api-tokens-detail", args=[other_api_token.id])
    50. 

  50.         res = self.client.delete(url)
    51. 

  51.         self.assertEqual(res.status_code, 404)
    52. 

  52. 

  53.     def test_token_auth(self):
    54. 

  54.         """ Token based auth should not be able to create it's own token """
    55. 

  55.         organization = baker.make("organizations_ext.Organization")
    56. 

  56.         organization.add_user(self.user)
    57. 

  57.         auth_token = baker.make("api_tokens.APIToken", user=self.user)
    58. 

  58.         self.client.credentials(HTTP_AUTHORIZATION="Bearer " + auth_token.token)
    59. 

  59. 

  60.         url = reverse("api-tokens-list")
    61. 

  61.         scope_name = "member:read"
    62. 

  62.         data = {"scopes": [scope_name]}
    63. 

  63.         res = self.client.post(url, data, format="json")
    64. 

  64.         self.assertEqual(res.status_code, 403)
    65. 

  65. 

  66.         res = self.client.get(url)
    67. 

  67.         self.assertEqual(res.status_code, 403)
    68.