Главная Обзор Помощь
Вход
SMusatov
/
GlitchTip
зеркало из https://gitlab.com/glitchtip/glitchtip-backend.git
1
0
Ответвить 0
Файлы
Дерево: 98195e40ae
Ветки Метки
GlitchTip
/
apps
/
api_tokens
/
tests.py

tests.py 2.3 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. from django.test import TestCase
    2. 

  2. from django.urls import reverse
    3. 

  3. from model_bakery import baker
    4. 

  4. 

  5. from glitchtip.test_utils import generators  # noqa: F401
    6. 

  6. 

  7. 

  8. class APITokenTests(TestCase):
    9. 

  9.     def setUp(self):
    10. 

  10.         self.user = baker.make("users.user")
    11. 

  11.         self.url = reverse("api:list_api_tokens")
    12. 

  12. 

  13.     def get_detail_url(self, id: int):
    14. 

  14.         return reverse("api:delete_api_token", args=[id])
    15. 

  15. 

  16.     def test_create(self):
    17. 

  17.         self.client.force_login(self.user)
    18. 

  18.         scope_name = "member:read"
    19. 

  19.         data = {"scopes": [scope_name]}
    20. 

  20.         res = self.client.post(self.url, data, content_type="application/json")
    21. 

  21.         self.assertContains(res, scope_name, status_code=201)
    22. 

  22. 

  23.     def test_list(self):
    24. 

  24.         self.client.force_login(self.user)
    25. 

  25.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    26. 

  26.         other_api_token = baker.make("api_tokens.APIToken")
    27. 

  27.         res = self.client.get(self.url)
    28. 

  28.         self.assertContains(res, api_token.token)
    29. 

  29.         self.assertNotContains(res, other_api_token.token)
    30. 

  30. 

  31.     def test_destroy(self):
    32. 

  32.         self.client.force_login(self.user)
    33. 

  33.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    34. 

  34.         url = self.get_detail_url(api_token.id)
    35. 

  35.         self.assertTrue(self.user.apitoken_set.exists())
    36. 

  36.         res = self.client.delete(url)
    37. 

  37.         self.assertEqual(res.status_code, 204)
    38. 

  38.         self.assertFalse(self.user.apitoken_set.exists())
    39. 

  39. 

  40.         other_api_token = baker.make("api_tokens.APIToken")
    41. 

  41.         url = self.get_detail_url(other_api_token.id)
    42. 

  42.         res = self.client.delete(url)
    43. 

  43.         self.assertEqual(res.status_code, 404)
    44. 

  44. 

  45.     def test_token_auth(self):
    46. 

  46.         """Token based auth should not be able to create it's own token"""
    47. 

  47.         organization = baker.make("organizations_ext.Organization")
    48. 

  48.         organization.add_user(self.user)
    49. 

  49.         auth_token = baker.make("api_tokens.APIToken", user=self.user)
    50. 

  50. 

  51.         auth_headers = {"HTTP_AUTHORIZATION": f"Bearer {auth_token.token}"}
    52. 

  52. 

  53.         scope_name = "member:read"
    54. 

  54.         data = {"scopes": [scope_name]}
    55. 

  55.         res = self.client.post(
    56. 

  56.             self.url, data, content_type="application/json", **auth_headers
    57. 

  57.         )
    58. 

  58.         self.assertEqual(res.status_code, 401)  # Was 403, might be better as 403
    59. 

  59. 

  60.         res = self.client.get(self.url, **auth_headers)
    61. 

  61.         self.assertEqual(res.status_code, 401)
    62.