Skip to content

Commit

Permalink
🚚(backend) split users test file to improve readability
Browse files Browse the repository at this point in the history
"test_api_users" was a single test file of 900+ lines.
We used gitfilesplit to split it into several shorter files
for readability.
  • Loading branch information
mjeammet committed Dec 17, 2024
5 parents d3940f6 + 6061a65 + 4a76339 + fcc63f9 + 0f4db82 commit 38369a8
Show file tree
Hide file tree
Showing 6 changed files with 822 additions and 766 deletions.
1 change: 1 addition & 0 deletions src/backend/core/tests/users/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
"""Users tests package."""
50 changes: 50 additions & 0 deletions src/backend/core/tests/users/test_api_users_create.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
"""
Test users API endpoints in the People core app: focus on "create" action
"""

import pytest
from rest_framework.status import (
HTTP_401_UNAUTHORIZED,
HTTP_405_METHOD_NOT_ALLOWED,
)
from rest_framework.test import APIClient

from core import factories, models

pytestmark = pytest.mark.django_db


def test_api_users_create_anonymous():
"""Anonymous users should not be able to create users via the API."""
response = APIClient().post(
"/api/v1.0/users/",
{
"language": "fr-fr",
"password": "mypassword",
},
)
assert response.status_code == HTTP_401_UNAUTHORIZED
assert "Authentication credentials were not provided." in response.content.decode(
"utf-8"
)
assert models.User.objects.exists() is False


def test_api_users_create_authenticated():
"""Authenticated users should not be able to create users via the API."""
user = factories.UserFactory()

client = APIClient()
client.force_login(user)

response = client.post(
"/api/v1.0/users/",
{
"language": "fr-fr",
"password": "mypassword",
},
format="json",
)
assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED
assert response.json() == {"detail": 'Method "POST" not allowed.'}
assert models.User.objects.exclude(id=user.id).exists() is False
81 changes: 81 additions & 0 deletions src/backend/core/tests/users/test_api_users_delete.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
"""
Test users API endpoints in the People core app: focus on "delete" action
"""

import pytest
from rest_framework.status import (
HTTP_401_UNAUTHORIZED,
HTTP_405_METHOD_NOT_ALLOWED,
)
from rest_framework.test import APIClient

from core import factories, models

pytestmark = pytest.mark.django_db


def test_api_users_delete_list_anonymous():
"""Anonymous users should not be allowed to delete a list of users."""
factories.UserFactory.create_batch(2)

client = APIClient()
response = client.delete("/api/v1.0/users/")

assert response.status_code == HTTP_401_UNAUTHORIZED
assert models.User.objects.count() == 2


def test_api_users_delete_list_authenticated():
"""Authenticated users should not be allowed to delete a list of users."""
user = factories.UserFactory()
factories.UserFactory.create_batch(2)

client = APIClient()
client.force_login(user)

response = client.delete(
"/api/v1.0/users/",
)

assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED
assert models.User.objects.count() == 3


def test_api_users_delete_anonymous():
"""Anonymous users should not be allowed to delete a user."""
user = factories.UserFactory()

response = APIClient().delete(f"/api/v1.0/users/{user.id!s}/")

assert response.status_code == HTTP_401_UNAUTHORIZED
assert models.User.objects.count() == 1


def test_api_users_delete_authenticated():
"""
Authenticated users should not be allowed to delete a user other than themselves.
"""
user, other_user = factories.UserFactory.create_batch(2)

client = APIClient()
client.force_login(user)

response = client.delete(f"/api/v1.0/users/{other_user.id!s}/")

assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED
assert models.User.objects.count() == 2


def test_api_users_delete_self():
"""Authenticated users should not be able to delete their own user."""
user = factories.UserFactory()

client = APIClient()
client.force_login(user)

response = client.delete(
f"/api/v1.0/users/{user.id!s}/",
)

assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED
assert models.User.objects.count() == 1
Loading

0 comments on commit 38369a8

Please sign in to comment.