first commit
This commit is contained in:
112
accounts/tests.py
Normal file
112
accounts/tests.py
Normal file
@@ -0,0 +1,112 @@
|
||||
from django.test import TestCase
|
||||
from rest_framework import status
|
||||
from rest_framework.test import APITestCase
|
||||
from django.utils import timezone
|
||||
|
||||
from .models import CustomUser
|
||||
|
||||
|
||||
class AdminOnlyRegistrationEndpointsTests(APITestCase):
|
||||
def setUp(self):
|
||||
self.admin_user = CustomUser.objects.create_superuser(
|
||||
email='admin@example.com',
|
||||
password='adminpass123',
|
||||
)
|
||||
self.regular_user = CustomUser.objects.create_user(
|
||||
email='user@example.com',
|
||||
password='userpass123',
|
||||
is_active=True,
|
||||
)
|
||||
|
||||
def test_register_endpoint_rejects_non_admin(self):
|
||||
self.client.force_authenticate(user=self.regular_user)
|
||||
|
||||
response = self.client.post(
|
||||
'/api/v1/auth/users/',
|
||||
{
|
||||
'email': 'new-user@example.com',
|
||||
'password': 'strong-pass-123',
|
||||
're_password': 'strong-pass-123',
|
||||
},
|
||||
format='json',
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
|
||||
def test_register_endpoint_allows_admin(self):
|
||||
self.client.force_authenticate(user=self.admin_user)
|
||||
|
||||
response = self.client.post(
|
||||
'/api/v1/auth/users/',
|
||||
{
|
||||
'email': 'created-by-admin@example.com',
|
||||
'password': 'strong-pass-123',
|
||||
're_password': 'strong-pass-123',
|
||||
},
|
||||
format='json',
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
|
||||
def test_activation_endpoint_rejects_non_admin(self):
|
||||
self.client.force_authenticate(user=self.regular_user)
|
||||
|
||||
response = self.client.post(
|
||||
'/api/v1/auth/users/activation/',
|
||||
{'uid': 'invalid', 'token': 'invalid'},
|
||||
format='json',
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
|
||||
def test_resend_activation_endpoint_rejects_non_admin(self):
|
||||
self.client.force_authenticate(user=self.regular_user)
|
||||
|
||||
response = self.client.post(
|
||||
'/api/v1/auth/users/resend_activation/',
|
||||
{'email': self.regular_user.email},
|
||||
format='json',
|
||||
)
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
|
||||
def test_resend_activation_endpoint_allows_admin_access(self):
|
||||
self.client.force_authenticate(user=self.admin_user)
|
||||
|
||||
response = self.client.post(
|
||||
'/api/v1/auth/users/resend_activation/',
|
||||
{'email': self.regular_user.email},
|
||||
format='json',
|
||||
)
|
||||
|
||||
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
|
||||
|
||||
class AccountExpiryTests(TestCase):
|
||||
def test_user_is_deactivated_when_expired(self):
|
||||
user = CustomUser.objects.create_user(
|
||||
email='expired@example.com',
|
||||
password='pass123456',
|
||||
is_active=True,
|
||||
active_until=timezone.now() - timezone.timedelta(days=1),
|
||||
)
|
||||
|
||||
changed = user.deactivate_if_expired()
|
||||
|
||||
user.refresh_from_db()
|
||||
self.assertTrue(changed)
|
||||
self.assertFalse(user.is_active)
|
||||
|
||||
def test_user_stays_active_before_expiry(self):
|
||||
user = CustomUser.objects.create_user(
|
||||
email='active@example.com',
|
||||
password='pass123456',
|
||||
is_active=True,
|
||||
active_until=timezone.now() + timezone.timedelta(days=3),
|
||||
)
|
||||
|
||||
changed = user.deactivate_if_expired()
|
||||
|
||||
user.refresh_from_db()
|
||||
self.assertFalse(changed)
|
||||
self.assertTrue(user.is_active)
|
||||
Reference in New Issue
Block a user