Skip to content

Commit

Permalink
✅ [#574] Update tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@SilviaAmAm
SilviaAmAm committed Dec 27, 2024
1 parent f36a050 commit e4c32f2
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 10 deletions.
22 changes: 16 additions & 6 deletions backend/src/openarchiefbeheer/accounts/tests/test_endpoints.py
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
from furl import furl
from rest_framework import status
from rest_framework.reverse import reverse
from rest_framework.test import APITestCase

from ..api.constants import RoleFilterChoices
from .factories import UserFactory


Expand Down Expand Up @@ -45,9 +47,10 @@ def test_post(self):

class ArchivistViewTest(APITestCase):
def test_not_authenticated_cant_access(self):
endpoint = reverse("api:archivists")
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.archivist

response = self.client.get(endpoint)
response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

Expand All @@ -58,17 +61,21 @@ def test_get_archivists(self):
record_manager = UserFactory.create(post__can_start_destruction=True)

self.client.force_login(record_manager)
response = self.client.get(reverse("api:archivists"))
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.archivist

response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.json()), 2)


class CoReviewerViewTest(APITestCase):
def test_not_authenticated_cant_access(self):
endpoint = reverse("api:co-reviewers")
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.co_reviewer

response = self.client.get(endpoint)
response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

Expand All @@ -79,7 +86,10 @@ def test_get_archivists(self):
record_manager = UserFactory.create(post__can_start_destruction=True)

self.client.force_login(record_manager)
response = self.client.get(reverse("api:co-reviewers"))
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.co_reviewer

response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response.json()), 2)
6 changes: 5 additions & 1 deletion backend/src/openarchiefbeheer/accounts/tests/test_hijacking.py
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,15 @@
from unittest import skipIf

from django.test import TestCase
from django.urls import NoReverseMatch, reverse

from openarchiefbeheer.conf.utils import config

from .factories import UserFactory


class HijackSecurityTests(TestCase):

@skipIf(config("DISABLE_2FA", False), "2FA is disabled")
def test_cannot_hijack_without_second_factor(self):
staff_user = UserFactory.create(is_staff=True)
superuser = UserFactory.create(superuser=True)
Expand Down
17 changes: 14 additions & 3 deletions backend/src/openarchiefbeheer/api/tests/test_role_endpoints.py
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
from furl import furl
from rest_framework import status
from rest_framework.reverse import reverse
from rest_framework.test import APITestCase

from openarchiefbeheer.accounts.api.constants import RoleFilterChoices
from openarchiefbeheer.accounts.tests.factories import UserFactory


class RoleEndpointTests(APITestCase):
def test_user_not_logged_in(self):
response = self.client.get(reverse("api:reviewers"))
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.main_reviewer

response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

Expand All @@ -30,7 +35,10 @@ def test_retrieve_record_managers(self):
UserFactory.create_batch(2, post__can_start_destruction=False)

self.client.force_authenticate(user=admin)
response = self.client.get(reverse("api:record-managers"))
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.record_manager

response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_200_OK)

Expand All @@ -46,7 +54,10 @@ def test_retrieve_reviewers(self):
UserFactory.create_batch(2, post__can_review_destruction=False)

self.client.force_authenticate(user=admin)
response = self.client.get(reverse("api:reviewers"))
endpoint = furl(reverse("api:users"))
endpoint.args["role"] = RoleFilterChoices.main_reviewer

response = self.client.get(endpoint.url)

self.assertEqual(response.status_code, status.HTTP_200_OK)

Expand Down

0 comments on commit e4c32f2

Please sign in to comment.