Files
insta/accounts/tests.py
Beyhan Oğur 2be3a313ad first commit
2026-04-26 22:26:46 +03:00

113 lines
2.9 KiB
Python

from django.test import TestCase
from rest_framework import status
from rest_framework.test import APITestCase
from django.utils import timezone
from .models import CustomUser
class AdminOnlyRegistrationEndpointsTests(APITestCase):
def setUp(self):
self.admin_user = CustomUser.objects.create_superuser(
email='admin@example.com',
password='adminpass123',
)
self.regular_user = CustomUser.objects.create_user(
email='user@example.com',
password='userpass123',
is_active=True,
)
def test_register_endpoint_rejects_non_admin(self):
self.client.force_authenticate(user=self.regular_user)
response = self.client.post(
'/api/v1/auth/users/',
{
'email': 'new-user@example.com',
'password': 'strong-pass-123',
're_password': 'strong-pass-123',
},
format='json',
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_register_endpoint_allows_admin(self):
self.client.force_authenticate(user=self.admin_user)
response = self.client.post(
'/api/v1/auth/users/',
{
'email': 'created-by-admin@example.com',
'password': 'strong-pass-123',
're_password': 'strong-pass-123',
},
format='json',
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_activation_endpoint_rejects_non_admin(self):
self.client.force_authenticate(user=self.regular_user)
response = self.client.post(
'/api/v1/auth/users/activation/',
{'uid': 'invalid', 'token': 'invalid'},
format='json',
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_resend_activation_endpoint_rejects_non_admin(self):
self.client.force_authenticate(user=self.regular_user)
response = self.client.post(
'/api/v1/auth/users/resend_activation/',
{'email': self.regular_user.email},
format='json',
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_resend_activation_endpoint_allows_admin_access(self):
self.client.force_authenticate(user=self.admin_user)
response = self.client.post(
'/api/v1/auth/users/resend_activation/',
{'email': self.regular_user.email},
format='json',
)
self.assertNotEqual(response.status_code, status.HTTP_403_FORBIDDEN)
class AccountExpiryTests(TestCase):
def test_user_is_deactivated_when_expired(self):
user = CustomUser.objects.create_user(
email='expired@example.com',
password='pass123456',
is_active=True,
active_until=timezone.now() - timezone.timedelta(days=1),
)
changed = user.deactivate_if_expired()
user.refresh_from_db()
self.assertTrue(changed)
self.assertFalse(user.is_active)
def test_user_stays_active_before_expiry(self):
user = CustomUser.objects.create_user(
email='active@example.com',
password='pass123456',
is_active=True,
active_until=timezone.now() + timezone.timedelta(days=3),
)
changed = user.deactivate_if_expired()
user.refresh_from_db()
self.assertFalse(changed)
self.assertTrue(user.is_active)