-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
🚚(backend) split users test file to improve readability
"test_api_users" was a single test file of 900+ lines. We used gitfilesplit to split it into several shorter files for readability.
- Loading branch information
Showing
6 changed files
with
822 additions
and
766 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
"""Users tests package.""" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
""" | ||
Test users API endpoints in the People core app: focus on "create" action | ||
""" | ||
|
||
import pytest | ||
from rest_framework.status import ( | ||
HTTP_401_UNAUTHORIZED, | ||
HTTP_405_METHOD_NOT_ALLOWED, | ||
) | ||
from rest_framework.test import APIClient | ||
|
||
from core import factories, models | ||
|
||
pytestmark = pytest.mark.django_db | ||
|
||
|
||
def test_api_users_create_anonymous(): | ||
"""Anonymous users should not be able to create users via the API.""" | ||
response = APIClient().post( | ||
"/api/v1.0/users/", | ||
{ | ||
"language": "fr-fr", | ||
"password": "mypassword", | ||
}, | ||
) | ||
assert response.status_code == HTTP_401_UNAUTHORIZED | ||
assert "Authentication credentials were not provided." in response.content.decode( | ||
"utf-8" | ||
) | ||
assert models.User.objects.exists() is False | ||
|
||
|
||
def test_api_users_create_authenticated(): | ||
"""Authenticated users should not be able to create users via the API.""" | ||
user = factories.UserFactory() | ||
|
||
client = APIClient() | ||
client.force_login(user) | ||
|
||
response = client.post( | ||
"/api/v1.0/users/", | ||
{ | ||
"language": "fr-fr", | ||
"password": "mypassword", | ||
}, | ||
format="json", | ||
) | ||
assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED | ||
assert response.json() == {"detail": 'Method "POST" not allowed.'} | ||
assert models.User.objects.exclude(id=user.id).exists() is False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
""" | ||
Test users API endpoints in the People core app: focus on "delete" action | ||
""" | ||
|
||
import pytest | ||
from rest_framework.status import ( | ||
HTTP_401_UNAUTHORIZED, | ||
HTTP_405_METHOD_NOT_ALLOWED, | ||
) | ||
from rest_framework.test import APIClient | ||
|
||
from core import factories, models | ||
|
||
pytestmark = pytest.mark.django_db | ||
|
||
|
||
def test_api_users_delete_list_anonymous(): | ||
"""Anonymous users should not be allowed to delete a list of users.""" | ||
factories.UserFactory.create_batch(2) | ||
|
||
client = APIClient() | ||
response = client.delete("/api/v1.0/users/") | ||
|
||
assert response.status_code == HTTP_401_UNAUTHORIZED | ||
assert models.User.objects.count() == 2 | ||
|
||
|
||
def test_api_users_delete_list_authenticated(): | ||
"""Authenticated users should not be allowed to delete a list of users.""" | ||
user = factories.UserFactory() | ||
factories.UserFactory.create_batch(2) | ||
|
||
client = APIClient() | ||
client.force_login(user) | ||
|
||
response = client.delete( | ||
"/api/v1.0/users/", | ||
) | ||
|
||
assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED | ||
assert models.User.objects.count() == 3 | ||
|
||
|
||
def test_api_users_delete_anonymous(): | ||
"""Anonymous users should not be allowed to delete a user.""" | ||
user = factories.UserFactory() | ||
|
||
response = APIClient().delete(f"/api/v1.0/users/{user.id!s}/") | ||
|
||
assert response.status_code == HTTP_401_UNAUTHORIZED | ||
assert models.User.objects.count() == 1 | ||
|
||
|
||
def test_api_users_delete_authenticated(): | ||
""" | ||
Authenticated users should not be allowed to delete a user other than themselves. | ||
""" | ||
user, other_user = factories.UserFactory.create_batch(2) | ||
|
||
client = APIClient() | ||
client.force_login(user) | ||
|
||
response = client.delete(f"/api/v1.0/users/{other_user.id!s}/") | ||
|
||
assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED | ||
assert models.User.objects.count() == 2 | ||
|
||
|
||
def test_api_users_delete_self(): | ||
"""Authenticated users should not be able to delete their own user.""" | ||
user = factories.UserFactory() | ||
|
||
client = APIClient() | ||
client.force_login(user) | ||
|
||
response = client.delete( | ||
f"/api/v1.0/users/{user.id!s}/", | ||
) | ||
|
||
assert response.status_code == HTTP_405_METHOD_NOT_ALLOWED | ||
assert models.User.objects.count() == 1 |
Oops, something went wrong.