Skip to content

ckz8780/drf_user_manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
drf_user_manager
drf_user_manager
 
 
templates
templates
 
 
users
users
 
 
.gitignore
.gitignore
 
 
Procfile
Procfile
 
 
README.md
README.md
 
 
manage.py
manage.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

DRF User Manager

Provides the ability to create/update/delete users via a Django REST API. No listing capabilities are allowed, even for superusers. This is a "write only" API, which uses explicit view types and allowed methods to allow very specific access. There is no API root.

The API validates password strength with Django's built in password validators.

Endpoints:

Creating Users:

/api/v1/users/create/

- Allowed Methods: POST
- Access: Allow any
- Required Data Format:
	{
		"username": "someusername",
		"first_name": "Firstname",
		"last_name": "Lastname",
		"email": "[email protected]",
		"password": "somePassword!"
	}

Updating Users:

/api/v1/users/id/update/

- Allowed Methods: PUT (full updates), PATCH (partial updates)
- Access: Admin and authenticated object owners
- Required Data Format:
	PUT requests:
		{
			"username": "newusername",
			"first_name": "newfirstname",
			"last_name": "newlastname",
			"email": "[email protected]",
			"password": "newPassword!"
		}

	PATCH requests:
		{
			"username": "newusername"
			... other valid fields
		}

Deleting Users:

/api/v1/users/id/delete/

- Allowed Methods: DELETE
- Access: Admin users only
- Required Data Format:
	DELETE request (no payload)

This API implements a number of automated tests to ensure proper functionality

Tests implemented:

Setup:

- setUp
- test_setup_created_correct_test_users

User Creation:

- test_can_create_user_anonymously
- test_created_user_can_actually_login

  Username Validation:
- test_cannot_create_user_with_blank_username
- test_cannot_create_user_with_long_username
- test_cannot_create_user_with_invalid_username

  Email Validation:
- test_cannot_create_user_with_blank_email
- test_cannot_create_user_with_invalid_email

  Password Validation:
- test_cannot_create_user_with_short_password
- test_cannot_create_user_with_common_password
- test_cannot_create_user_with_numeric_password
- test_cannot_create_user_with_blank_password
- test_cannot_create_user_with_password_like_personal_info

User Updates:

- test_cannot_update_user_anonymously
- test_regular_user_cannot_update_other_users_info
- test_regular_user_can_update_own_info
- test_admin_user_can_update_regular_users_info
- test_partial_update_fails_with_put_request

- test_regular_user_can_partially_update_own_info
- test_admin_user_can_partially_update_own_info
- test_admin_user_can_partially_update_regular_users_info

User Deletions:

- test_cannot_delete_user_anonymously
- test_regular_user_cannot_delete_other_user
- test_user_cannot_delete_self
- test_admin_user_can_delete_regular_user
- test_admin_user_cannot_delete_self

API Responses/Security:

- test_api_response_to_user_creation_matches_post_data
- test_password_not_in_create_user_api_response
- test_password_not_in_update_user_api_response
- test_password_not_in_delete_user_api_response
- test_password_is_hashed_properly_on_create
- test_password_is_hashed_properly_on_update
- test_get_request_disabled_for_all_views

About

A simple user management API

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages