Commit 932fb24f authored by Håkon Finstad's avatar Håkon Finstad
Browse files

Merge remote-tracking branch 'origin/master'

parents 4c64bfb2 13519a31
......@@ -10,6 +10,7 @@ test:
- cd backend/secfit
- apt-get update -qy
- pip install -r requirements.txt
- python ./manage.py test
staging:
type: deploy
......@@ -19,7 +20,7 @@ staging:
- apt-get update -qy
- apt-get install -y ruby-dev
- gem install dpl
- dpl --provider=heroku --app=tdt4242gruppe6frontend --api-key=$HEROKU_STAGING_API_KEY
- dpl --provider=heroku --app=tdt4242gruppe6backend --api-key=$HEROKU_STAGING_API_KEY
- dpl --provider=heroku --app=group6frontend --api-key=$HEROKU_STAGING_API_KEY
- dpl --provider=heroku --app=group6backend --api-key=$HEROKU_STAGING_API_KEY
only:
- master
[[source]]
name = "pypi"
url = "https://pypi.org/simple"
verify_ssl = true
[dev-packages]
[packages]
[requires]
python_version = "3.8.10"
{
"_meta": {
"hash": {
"sha256": "c47fb2ca2deef4c7109ec583a9ff1d1f39be30d63e71aaedfe048ec7bbf13beb"
},
"pipfile-spec": 6,
"requires": {
"python_version": "3.8.10"
},
"sources": [
{
"name": "pypi",
"url": "https://pypi.org/simple",
"verify_ssl": true
}
]
},
"default": {},
"develop": {}
}
File suppressed by a .gitattributes entry or the file's encoding is unsupported.
from django.contrib.auth import get_user_model
from django.test import TestCase
# Create your tests here.
from rest_framework.request import Request
from rest_framework.test import APIRequestFactory
import users.permissions
from users import models
from users.serializers import UserSerializer
from passlib.hash import django_pbkdf2_sha256
class UserSerializerTest(TestCase):
def setUp(self):
factory = APIRequestFactory()
request = factory.get('/')
serializer_context = {
'request': Request(request),
}
self.user_attributes = {
'email': 'hawk@hawk.no',
'username': 'hawky',
'password': 'hawkyboi',
'phone_number': '123',
'country': '123',
'city': '123',
'street_address': '123'
}
self.user = models.User.objects.create(**self.user_attributes)
self.serializer = UserSerializer(data=self.user_attributes, instance=self.user, context=serializer_context)
self.serializer.is_valid()
def test_create_user(self):
user_serializer = UserSerializer()
expected = {
'username': 'hawk',
'email': 'hawkyy@hawk.hawk',
'password': 'hawk',
'phone_number': '12345678',
'country': 'Norway',
'city': 'Leknes',
'street_address': '107'
}
actual = UserSerializer.create(user_serializer, expected)
self.assertEquals(expected.get('username'), actual.username, "assert username are equal")
self.assertEquals(expected.get('email'), actual.email, "assert email are equal")
self.assertTrue(django_pbkdf2_sha256.verify(expected.get("password"), actual.password),
"Password is hashed correctly")
self.assertEquals(expected.get('phone_number'), actual.phone_number, "assert phone number are equal")
self.assertEquals(expected.get('country'), actual.country, "assert country are equal")
self.assertEquals(expected.get('city'), actual.city, "assert city are equal")
self.assertEquals(expected.get('street_address'), actual.street_address, "assert street address are equal")
class PermissionsTest(TestCase):
def test_IsCurrentUser(self):
class test_request:
def __init__(self, method):
self.method = method
self.user = get_user_model().objects.create_user("test", "testpass")
test_request = test_request("POST")
is_CurrentUser = users.permissions.IsCurrentUser()
self.assertTrue(
is_CurrentUser.has_object_permission(
test_request,
None,
test_request.user),
"has_object_permission assert test_request and created user as parameters return True")
self.assertFalse(
is_CurrentUser.has_object_permission(
test_request,
None,
"different_user"),
"has_object_permission assert test_request and random string as parameters return false")
def test_IsAthlete(self):
class test_request:
def __init__(self, method, username, athlete):
self.method = method
self.user = get_user_model().objects.create_user(username, "testpass")
if athlete:
self.data = {"athlete": "hawk/" + str(self.user.id) + "/workout"}
else:
self.data = {}
test_request_1 = test_request("GET", "user1", False)
is_Athlete = users.permissions.IsAthlete()
self.assertTrue(
is_Athlete.has_permission(test_request_1, None),
"has permission to GET athlete data returns True")
test_request_2 = test_request("POST", "user2", False)
self.assertFalse(
is_Athlete.has_permission(test_request_2, None),
"Has permission to POST athlete data, returns false"
)
test_request_3 = test_request("POST", "user3", True)
# The permission class checks string value to int, which means it is always false
hasPermission = is_Athlete.has_permission(test_request_3, None)
self.assertFalse(
hasPermission,
"Has permission to POST athlete data, returns true"
)
class test_obj:
def __init__(self, athlete):
self.athlete = athlete
obj = test_obj(test_request_3.user)
obj2 = test_obj("random_user")
self.assertTrue(
is_Athlete.has_object_permission(test_request_3, None, obj),
"assert request user and obj has the same user as obj athlete returns True"
)
self.assertFalse(
is_Athlete.has_object_permission(test_request_3, None, obj2),
"assert requesting user and obj with random data returns False"
)
def test_IsCoach(self):
class test_request:
def __init__(self, method, username, athlete, coach):
self.method = method
self.user = get_user_model().objects.create_user(username, "testpass")
if coach:
self.user.coach = get_user_model().objects.get(pk=self.user.id)
self.user.save()
if athlete:
self.data = {"athlete": "hawk/" + str(self.user.id) + "/workout"}
else:
self.data = {}
test_request_1 = test_request("GET", "user1", False, False)
is_Coach = users.permissions.IsCoach()
self.assertTrue(
is_Coach.has_permission(test_request_1, None),
"has_permission assert GET request returns True")
test_request_2 = test_request("POST", "user2", False, False)
self.assertFalse(
is_Coach.has_permission(test_request_2, None),
"has_permission assert POST request without athlete data returns False"
)
test_request_3 = test_request("POST", "user3", True, True)
self.assertTrue(
is_Coach.has_permission(test_request_3, None),
"has_permission assert POST request with athlete data and correct id returns True"
)
test_request_4 = test_request("POST", "user4", True, False)
self.assertFalse(
is_Coach.has_permission(test_request_4, None),
"has_permission assert POST request with athlete data and invalid id returns False"
)
class test_obj:
def __init__(self, athlete):
class test_athlete:
def __init__(self, coach):
self.coach = coach
self.athlete = test_athlete(athlete)
obj = test_obj(test_request_3.user)
obj2 = test_obj("random_user")
self.assertTrue(
is_Coach.has_object_permission(test_request_3, None, obj),
"assert requesting user and obj has the same user as obj athlete returns True"
)
self.assertFalse(
is_Coach.has_object_permission(test_request_3, None, obj2),
"assert requesting user and obj has the same user as obj athlete returns True"
)
......@@ -15,7 +15,7 @@ idna==2.10
isort==4.3.21
lazy-object-proxy==1.4.3
mccabe==0.6.1
psycopg2-binary
psycopg2-binary==2.9.3
Pygments==2.6.1
PyJWT==1.7.1
pylint==2.5.3
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment