Home Explore Help
Sign In
SMusatov
/
GlitchTip
mirror of https://gitlab.com/glitchtip/glitchtip-backend.git
1
0
Fork 0
Files
Tree: c0f745dbb6
Branches Tags
GlitchTip
/
api_tokens
/
tests.py

tests.py 2.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. from django.urls import reverse
    2. 

  2. from model_bakery import baker
    3. 

  3. from rest_framework.test import APITestCase
    4. 

  4. 

  5. from glitchtip import test_utils  # pylint: disable=unused-import
    6. 

  6. 

  7. 

  8. class APITokenTests(APITestCase):
    9. 

  9.     def setUp(self):
    10. 

  10.         self.user = baker.make("users.user")
    11. 

  11. 

  12.     def test_create(self):
    13. 

  13.         self.client.force_login(self.user)
    14. 

  14.         url = reverse("api-tokens-list")
    15. 

  15.         scope_name = "member:read"
    16. 

  16.         data = {"scopes": [scope_name]}
    17. 

  17.         res = self.client.post(url, data, format="json")
    18. 

  18.         self.assertContains(res, scope_name, status_code=201)
    19. 

  19. 

  20.     def test_list(self):
    21. 

  21.         self.client.force_login(self.user)
    22. 

  22.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    23. 

  23.         other_api_token = baker.make("api_tokens.APIToken")
    24. 

  24.         url = reverse("api-tokens-list")
    25. 

  25.         res = self.client.get(url)
    26. 

  26.         self.assertContains(res, api_token.token)
    27. 

  27.         self.assertNotContains(res, other_api_token.token)
    28. 

  28. 

  29.     def test_retrieve(self):
    30. 

  30.         self.client.force_login(self.user)
    31. 

  31.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    32. 

  32.         url = reverse("api-tokens-detail", args=[api_token.id])
    33. 

  33.         res = self.client.get(url)
    34. 

  34.         self.assertContains(res, api_token.token)
    35. 

  35. 

  36.         other_api_token = baker.make("api_tokens.APIToken")
    37. 

  37.         res = self.client.get(reverse("api-tokens-detail", args=[other_api_token.id]))
    38. 

  38.         self.assertEqual(res.status_code, 404)
    39. 

  39. 

  40.     def test_destroy(self):
    41. 

  41.         self.client.force_login(self.user)
    42. 

  42.         api_token = baker.make("api_tokens.APIToken", user=self.user)
    43. 

  43.         url = reverse("api-tokens-detail", args=[api_token.id])
    44. 

  44.         self.assertTrue(self.user.apitoken_set.exists())
    45. 

  45.         res = self.client.delete(url)
    46. 

  46.         self.assertEqual(res.status_code, 204)
    47. 

  47.         self.assertFalse(self.user.apitoken_set.exists())
    48. 

  48. 

  49.         other_api_token = baker.make("api_tokens.APIToken")
    50. 

  50.         url = reverse("api-tokens-detail", args=[other_api_token.id])
    51. 

  51.         res = self.client.delete(url)
    52. 

  52.         self.assertEqual(res.status_code, 404)
    53. 

  53. 

  54.     def test_token_auth(self):
    55. 

  55.         """Token based auth should not be able to create it's own token"""
    56. 

  56.         organization = baker.make("organizations_ext.Organization")
    57. 

  57.         organization.add_user(self.user)
    58. 

  58.         auth_token = baker.make("api_tokens.APIToken", user=self.user)
    59. 

  59.         self.client.credentials(HTTP_AUTHORIZATION="Bearer " + auth_token.token)
    60. 

  60. 

  61.         url = reverse("api-tokens-list")
    62. 

  62.         scope_name = "member:read"
    63. 

  63.         data = {"scopes": [scope_name]}
    64. 

  64.         res = self.client.post(url, data, format="json")
    65. 

  65.         self.assertEqual(res.status_code, 403)
    66. 

  66. 

  67.         res = self.client.get(url)
    68. 

  68.         self.assertEqual(res.status_code, 403)
    69.