##// END OF EJS Templates
repo-forks: security, check for access to fork_id parameter to prevent...
repo-forks: security, check for access to fork_id parameter to prevent resource discovery.

File last commit:

r1832:d176880c default
r2173:d100eea4 default
Show More
test_create_user.py
206 lines | 7.2 KiB | text/x-python | PythonLexer
/ rhodecode / api / tests / test_create_user.py
project: added all source files and assets
r1 # -*- coding: utf-8 -*-
license: updated copyright year to 2017
r1271 # Copyright (C) 2010-2017 RhodeCode GmbH
project: added all source files and assets
r1 #
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License, version 3
# (only), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This program is dual-licensed. If you wish to learn more about the
# RhodeCode Enterprise Edition, including its added features, Support services,
# and proprietary license terms, please see https://rhodecode.com/licenses/
import mock
import pytest
from rhodecode.lib.auth import check_password
from rhodecode.model.user import UserModel
from rhodecode.tests import (
TEST_USER_ADMIN_LOGIN, TEST_USER_REGULAR_EMAIL)
from rhodecode.api.tests.utils import (
build_data, api_call, assert_ok, assert_error, jsonify, crash)
from rhodecode.tests.fixture import Fixture
tests: api add_user tests for personal groups
r1096 from rhodecode.model.db import RepoGroup
project: added all source files and assets
r1
# TODO: mikhail: remove fixture from here
fixture = Fixture()
@pytest.mark.usefixtures("testuser_api", "app")
class TestCreateUser(object):
def test_api_create_existing_user(self):
id_, params = build_data(
self.apikey, 'create_user',
username=TEST_USER_ADMIN_LOGIN,
email='test@foo.com',
password='trololo')
response = api_call(self.app, params)
expected = "user `%s` already exist" % (TEST_USER_ADMIN_LOGIN,)
assert_error(id_, expected, given=response.body)
def test_api_create_user_with_existing_email(self):
id_, params = build_data(
self.apikey, 'create_user',
username=TEST_USER_ADMIN_LOGIN + 'new',
email=TEST_USER_REGULAR_EMAIL,
password='trololo')
response = api_call(self.app, params)
expected = "email `%s` already exist" % (TEST_USER_REGULAR_EMAIL,)
assert_error(id_, expected, given=response.body)
user-api: use simple schema validator to be consistent how we validate between API and web views.
r1832 def test_api_create_user_with_wrong_username(self):
bad_username = '<> HELLO WORLD <>'
id_, params = build_data(
self.apikey, 'create_user',
username=bad_username,
email='new@email.com',
password='trololo')
response = api_call(self.app, params)
expected = {'username':
"Username may only contain alphanumeric characters "
"underscores, periods or dashes and must begin with "
"alphanumeric character or underscore"}
assert_error(id_, expected, given=response.body)
project: added all source files and assets
r1 def test_api_create_user(self):
username = 'test_new_api_user'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email,
password='example')
response = api_call(self.app, params)
usr = UserModel().get_by_username(username)
ret = {
'msg': 'created new user `%s`' % (username,),
'user': jsonify(usr.get_api_data(include_secrets=True)),
}
try:
expected = ret
assert check_password('example', usr.password)
assert_ok(id_, expected, given=response.body)
finally:
fixture.destroy_user(usr.user_id)
def test_api_create_user_without_password(self):
username = 'test_new_api_user_passwordless'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email)
response = api_call(self.app, params)
usr = UserModel().get_by_username(username)
ret = {
'msg': 'created new user `%s`' % (username,),
'user': jsonify(usr.get_api_data(include_secrets=True)),
}
try:
expected = ret
assert_ok(id_, expected, given=response.body)
finally:
fixture.destroy_user(usr.user_id)
def test_api_create_user_with_extern_name(self):
username = 'test_new_api_user_passwordless'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email, extern_name='rhodecode')
response = api_call(self.app, params)
usr = UserModel().get_by_username(username)
ret = {
'msg': 'created new user `%s`' % (username,),
'user': jsonify(usr.get_api_data(include_secrets=True)),
}
try:
expected = ret
assert_ok(id_, expected, given=response.body)
finally:
fixture.destroy_user(usr.user_id)
def test_api_create_user_with_password_change(self):
username = 'test_new_api_user_password_change'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email, extern_name='rhodecode',
force_password_change=True)
response = api_call(self.app, params)
usr = UserModel().get_by_username(username)
ret = {
'msg': 'created new user `%s`' % (username,),
'user': jsonify(usr.get_api_data(include_secrets=True)),
}
try:
expected = ret
assert_ok(id_, expected, given=response.body)
finally:
fixture.destroy_user(usr.user_id)
tests: api add_user tests for personal groups
r1096 def test_api_create_user_with_personal_repo_group(self):
username = 'test_new_api_user_personal_group'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email, extern_name='rhodecode',
create_personal_repo_group=True)
response = api_call(self.app, params)
usr = UserModel().get_by_username(username)
ret = {
'msg': 'created new user `%s`' % (username,),
'user': jsonify(usr.get_api_data(include_secrets=True)),
}
personal_group = RepoGroup.get_by_group_name(username)
assert personal_group
assert personal_group.personal == True
assert personal_group.user.username == username
try:
expected = ret
assert_ok(id_, expected, given=response.body)
finally:
fixture.destroy_repo_group(username)
fixture.destroy_user(usr.user_id)
project: added all source files and assets
r1 @mock.patch.object(UserModel, 'create_or_update', crash)
def test_api_create_user_when_exception_happened(self):
username = 'test_new_api_user'
email = username + "@foo.com"
id_, params = build_data(
self.apikey, 'create_user',
username=username,
email=email,
password='trololo')
response = api_call(self.app, params)
expected = 'failed to create user `%s`' % (username,)
assert_error(id_, expected, given=response.body)