Created
August 27, 2020 01:49
-
-
Save BrockHerion/363f42827a7b41ff74d03e3f1cb6447c to your computer and use it in GitHub Desktop.
Tests for role based auth
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| from django.urls import include, path, reverse | |
| from rest_framework import status | |
| from rest_framework.test import APITestCase, APIClient, URLPatternsTestCase | |
| from .models import User | |
| # Create your tests here. | |
| class UserTest(APITestCase, URLPatternsTestCase): | |
| """ Test module for User """ | |
| urlpatterns = [ | |
| path('api/auth/', include('api.urls')), | |
| ] | |
| def setUp(self): | |
| self.user1 = User.objects.create_user( | |
| email='[email protected]', | |
| password='test', | |
| ) | |
| self.admin = User.objects.create_superuser( | |
| email='[email protected]', | |
| password='admin', | |
| ) | |
| def test_login(self): | |
| """ Test if a user can login and get a JWT response token """ | |
| url = reverse('login') | |
| data = { | |
| 'email': '[email protected]', | |
| 'password': 'admin' | |
| } | |
| response = self.client.post(url, data) | |
| response_data = json.loads(response.content) | |
| self.assertEqual(response.status_code, status.HTTP_200_OK) | |
| self.assertEqual(response_data['success'], True) | |
| self.assertTrue('access' in response_data) | |
| def test_user_registration(self): | |
| """ Test if a user can register """ | |
| url = reverse('register') | |
| data = { | |
| 'email': '[email protected]', | |
| 'password': 'test', | |
| } | |
| response = self.client.post(url, data) | |
| self.assertEqual(response.status_code, status.HTTP_201_CREATED) | |
| def test_list_all_users_as_admin(self): | |
| """ Test fetching all users. Restricted to admins """ | |
| # Setup the token | |
| url = reverse('login') | |
| data = {'email': '[email protected]', 'password': 'admin'} | |
| response = self.client.post(url, data) | |
| login_response_data = json.loads(response.content) | |
| self.assertEqual(response.status_code, status.HTTP_200_OK) | |
| self.assertTrue('access' in login_response_data) | |
| token = login_response_data['access'] | |
| # Test the endpoint | |
| client = APIClient() | |
| client.credentials(HTTP_AUTHORIZATION='JWT ' + token) | |
| response = client.get(reverse('users')) | |
| response_data = json.loads(response.content) | |
| self.assertEqual(response.status_code, status.HTTP_200_OK) | |
| self.assertEqual(User.objects.count(), len(response_data['users'])) | |
| def test_access_denied_all_users(self): | |
| """ Test fetching all users. Restricted to admins """ | |
| # Setup the token | |
| url = reverse('login') | |
| data = {'email': '[email protected]', 'password': 'test'} | |
| response = self.client.post(url, data) | |
| login_response_data = json.loads(response.content) | |
| self.assertEqual(response.status_code, status.HTTP_200_OK) | |
| self.assertTrue('access' in login_response_data) | |
| token = login_response_data['access'] | |
| # Test the endpoint | |
| client = APIClient() | |
| client.credentials(HTTP_AUTHORIZATION='JWT ' + token) | |
| response = client.get(reverse('users')) | |
| response_data = json.loads(response.content) | |
| self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) | |
| self.assertFalse(response_data['success']) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment