Merge branch 'task_2_coverage_test' into 'master'

Task 2 coverage test

See merge request !4

backend/secfit/requirements.txt

@@ -31,4 +31,5 @@ toml==0.10.1
 urllib3==1.25.10
 whitenoise==5.2.0
 wrapt==1.12.1
-datetime
\ No newline at end of file
+datetime
+coverage==5.5
\ No newline at end of file

backend/secfit/secfit/django_heroku.py

@@ -34,7 +34,8 @@ def settings(config, *, db_colors=False, databases=True, test_runner=False, stat
             # logger.info('Adding $DATABASE_URL to default DATABASE Django setting.')
 
             # Configure Django for DATABASE_URL environment variable.
-            config['DATABASES']['default'] = dj_database_url.config(conn_max_age=conn_max_age, ssl_require=True)
+            config['DATABASES']['default'] = dj_database_url.config(
+                conn_max_age=conn_max_age, ssl_require=True)
 
             # logger.info('Adding $DATABASE_URL to TEST default DATABASE Django setting.')
 
@@ -65,7 +66,8 @@ def settings(config, *, db_colors=False, databases=True, test_runner=False, stat
             config['MIDDLEWARE_CLASSES'] = tuple(
                 ['whitenoise.middleware.WhiteNoiseMiddleware'] + list(config['MIDDLEWARE_CLASSES']))
         except KeyError:
-            config['MIDDLEWARE'] = tuple(['whitenoise.middleware.WhiteNoiseMiddleware'] + list(config['MIDDLEWARE']))
+            config['MIDDLEWARE'] = tuple(
+                ['whitenoise.middleware.WhiteNoiseMiddleware'] + list(config['MIDDLEWARE']))
 
         # Enable GZip.
         config['STATICFILES_STORAGE'] = 'whitenoise.storage.CompressedManifestStaticFilesStorage'

backend/secfit/secfit/settings.py

@@ -64,6 +64,7 @@ INSTALLED_APPS = [
     "comments.apps.CommentsConfig",
     "suggested_workouts.apps.SuggestedWorkoutsConfig",
     "corsheaders",
+    "django_heroku"
 
 ]
 
@@ -147,6 +148,11 @@ REST_FRAMEWORK = {
         'rest_framework.authentication.SessionAuthentication',
     ),
 }
+AUTH_PASSWORD_VALIDATORS = [{
+    'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+            'OPTIONS': {
+                'min_length': 8,
+            }}]
 
 AUTH_USER_MODEL = "users.User"
 

backend/secfit/users/tests.py

-from django.test import TestCase
+from django.contrib.auth import get_user_model, password_validation
+# from django.test import TestCase
+from users.serializers import UserSerializer
+from rest_framework.test import APIRequestFactory, APITestCase
+from rest_framework.request import Request
+from random import choice
+from string import ascii_uppercase
+from users.models import User
+from django import forms
+from rest_framework import serializers
+from rest_framework.exceptions import ValidationError
 
-# Create your tests here.
+
+class UserSerializerTestCase(APITestCase):
+    # Set up test instance of a user and serialized data of that user
+    def setUp(self):
+        self.user_attributes = {
+            "id": 1,
+            "email": "fake@email.com",
+            "username": "fake_user",
+            "phone_number": "92345678",
+            "country": "Norway",
+            "city": "Trondheim",
+            "street_address": "Lade Alle",
+        }
+        factory = APIRequestFactory()
+        request = factory.get('/')
+        self.test_user = get_user_model()(**self.user_attributes)
+        self.test_user.set_password("password")
+        self.serialized_user = UserSerializer(
+            self.test_user, context={'request': Request(request)})
+
+        self.serializer_data = {
+            "id": self.user_attributes["id"],
+            "email": self.user_attributes["email"],
+            "username": self.user_attributes["username"],
+            "password": 'password',
+            "password1": 'password',
+            "athletes": [],
+            "phone_number": self.user_attributes["phone_number"],
+            "country": self.user_attributes["country"],
+            "city": self.user_attributes["city"],
+            "street_address": self.user_attributes["street_address"],
+            "coach": "",
+            "workouts": [],
+            "coach_files": [],
+            "athlete_files": [],
+        }
+        self.new_serializer_data = {
+            "email": 'email@fake.com',
+            "username": 'faker',
+            "athletes": [],
+            "password": 'fuck_django',
+            "password1": 'fuck_django',
+            "phone_number": '12345678',
+            "country": 'Norge',
+            "city": 'Oslo',
+            "street_address": 'Mora di',
+            "workouts": [],
+            "coach_files": [],
+            "athlete_files": [], }
+
+    # Test that the serializer return the expecte fields for a given user instance
+
+    def test_contains_expected_fields(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(set(serialized_data.keys()), set([
+            "url",
+            "id",
+            "email",
+            "username",
+            "athletes",
+            "phone_number",
+            "country",
+            "city",
+            "street_address",
+            "coach",
+            "workouts",
+            "coach_files",
+            "athlete_files",
+        ]))
+    # Testing if serialized data matched the retrieved instance in the database
+
+    def test_corresponding_id_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "id"
+        ], self.user_attributes['id'])
+
+    def test_corresponding_email_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "email"
+        ], self.user_attributes['email'])
+
+    def test_corresponding_username_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "username"
+        ], self.user_attributes['username'])
+
+    def test_corresponding_phone_number_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "phone_number"
+        ], self.user_attributes['phone_number'])
+
+    def test_corresponding_country_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "country"
+        ], self.user_attributes['country'])
+
+    def test_corresponding_city_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "country"
+        ], self.user_attributes['country'])
+
+    def test_corresponding_street_address_field(self):
+        serialized_data = self.serialized_user.data
+        self.assertEqual(serialized_data[
+            "street_address"
+        ], self.user_attributes['street_address'])
+
+    def test_create_user(self):
+        # Sjekker at jeg får serialisert til OrderedDict, kompleks datatype som kan bruker for å lage instans
+        new_serializer = UserSerializer(data=self.new_serializer_data)
+        self.assertTrue(new_serializer.is_valid())
+        # Lage bruker
+        new_serializer.save()
+        # Sjekker at brukeren faktisk ble laget med brukernavner, 'faker'
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).username, self.new_serializer_data['username'])
+        # Sjekk at resten av feltene til instansen faktisk er lik de du definerte i serializer sin data
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).email, self.new_serializer_data['email'])
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).street_address, self.new_serializer_data['street_address'])
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).phone_number, self.new_serializer_data['phone_number'])
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).country, self.new_serializer_data['country'])
+        self.assertEquals(get_user_model().objects.get(
+            username=self.new_serializer_data['username']).city, self.new_serializer_data['city'])
+        user_password = get_user_model().objects.get(username='faker').password
+        # Sjekker om plaintekst passordet matcher med den krypterte i databasen
+        self.assertTrue(self.new_serializer_data['password'], user_password)
+
+    def test_validate_password(self):
+        with self.assertRaises(serializers.ValidationError):
+            UserSerializer(self.new_serializer_data).validate_password(
+                'short')
+
+    def test_valid_pasword(self):
+        self.new_serializer_data['password'] = '12345678910'
+        self.new_serializer_data['password1'] = '12345678910'
+        self.data = {'password': '12345678910', 'password1': '12345678910'}
+        user_ser = UserSerializer(instance=None, data=self.data)
+        # Returns the password as the value
+        self.assertEquals(user_ser.validate_password(
+            '12345678910'), self.data['password'])

backend/secfit/workouts/permissions.py

@@ -33,9 +33,10 @@ class IsCoachAndVisibleToCoach(permissions.BasePermission):
     """Checks whether the requesting user is the existing object's owner's coach
     and whether the object (workout) has a visibility of Public or Coach.
     """
+    # Fixed bug where the function did not check for the visibility level
 
     def has_object_permission(self, request, view, obj):
-        return obj.owner.coach == request.user
+        return obj.owner.coach == request.user and (obj.visibility == 'PU' or obj.visibility == 'CO')
 
 
 class IsCoachOfWorkoutAndVisibleToCoach(permissions.BasePermission):
@@ -44,7 +45,10 @@ class IsCoachOfWorkoutAndVisibleToCoach(permissions.BasePermission):
     """
 
     def has_object_permission(self, request, view, obj):
-        return obj.workout.owner.coach == request.user
+        # Fixed bug where the function did not check for the visibility level
+        return obj.workout.owner.coach == request.user and (
+            obj.workout.visibility == "PU" or obj.workout.visibility == "CO"
+        )
 
 
 class IsPublic(permissions.BasePermission):

backend/secfit/workouts/tests.py

-"""
-Tests for the workouts application.
-"""
-from django.test import TestCase
+from django.contrib.auth import get_user_model
+from django.test import RequestFactory, TestCase
+from workouts.permissions import IsOwner, IsOwnerOfWorkout, IsCoachAndVisibleToCoach, IsCoachOfWorkoutAndVisibleToCoach, IsPublic, IsWorkoutPublic, IsReadOnly
+from django.utils import timezone
+from workouts.models import Workout, ExerciseInstance, Exercise
+from rest_framework.test import APIRequestFactory, APITestCase
 
-# Create your tests here.
+
+class WorkoutPermissionsTestCases(TestCase):
+    def setUp(self):
+        self.owner = get_user_model()(id=1, username='bitch', email='email@email.com', phone_number='92134654',
+                                      country='Norway', city='Paradise city', street_address='Hemmelig'
+                                      )
+        self.owner.save()
+        self.user = get_user_model()(id=2, username='balle', email='email@fake.com', phone_number='92134654',
+                                     country='Norway', city='Hmm', street_address='Hemmelig'
+                                     )
+        self.user.save()
+        self.factory = APIRequestFactory()
+        self.workout = Workout.objects.create(id=1, name='Ballesnerkel', date=timezone.now(), notes='Hva vil du?',
+                                              owner=self.owner, visibility='PU'
+                                              )
+        self.workout.save()
+        # Creating an object that has a workout instance. This object is an ExerciseInstance whichi needs an Exercise
+        self.exercise = Exercise.objects.create(
+            name="dummy_exercise", description='Dummy description', unit='rep')
+        self.exercise.save()
+        self.exercise_instance = ExerciseInstance.objects.create(
+            workout=self.workout, suggested_workout=None, exercise=self.exercise, sets=2, number=2)
+        self.exercise_instance.save()
+        self.request = self.factory.delete('/')
+
+    """
+    Testing IsOwner
+    """
+
+    def test_ownership_workout(self):
+        self.request = self.factory.delete('/')
+        self.request.user = self.owner
+        permission = IsOwner.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout)
+        self.assertTrue(permission)
+        self.request.user = self.user
+        self.assertFalse(IsOwner.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+
+    """
+    Testing IsOwnerOfWorkout
+    """
+
+    def test_is_owner_of_workout(self):
+        """
+        First testing has_permission 
+        """
+        # Make fake request
+        self.request = self.factory.delete('/')
+        # Fake post request
+        fake_request_data = {
+            "workout": "http://127.0.0.1:8000/api/workouts/1/"}
+        # Fake method for request
+        self.request.method = 'POST'
+        # Fake data
+        self.request.data = fake_request_data
+        # Setting initialized user who is the owner for the workout which is going to be retrieved
+        self.request.user = self.owner
+        permission_class = IsOwnerOfWorkout
+        # Check has permission is working
+        self.assertTrue(permission_class.has_permission(
+            self, request=self.request, view=None))
+        # Check for a user who is not owner of workout
+        self.request.user = self.user
+        self.assertFalse(permission_class.has_permission(
+            self, request=self.request, view=None))
+        # Now check for the case where there exist no workout for the id
+        fake_request_data_no_workout = {}
+        self.request.data = fake_request_data_no_workout
+        self.assertFalse(permission_class.has_permission(
+            self, request=self.request, view=None))
+
+        # Should always return True for has_permission when the method is not a POST
+        self.request.method = 'GET'
+        self.assertTrue(permission_class.has_permission(
+            self, request=self.request, view=None))
+        # Check for the case where request.user is owner
+        self.request.user = self.owner
+        self.assertTrue(permission_class.has_permission(
+            self, request=self.request, view=None))
+        """
+        Test has_object_permission
+        """
+        self.assertTrue(permission_class.has_object_permission(
+            self, self.request, view=None, obj=self.exercise_instance))
+        # Test for where the requested user is not the workout for the exercise instance
+        self.request.user = self.user
+        self.assertFalse(permission_class.has_object_permission(
+            self, self.request, view=None, obj=self.exercise_instance))
+
+    """
+    Testing IsCoachAndVisibleToCoach
+    """
+
+    def test_is_coach_and_visible_to_coach(self):
+        # Make a coach to the owner of workout defined in setUp
+        self.coach_of_owner = get_user_model()(id=3, username='coach_of_owner', email='email@owner.com', phone_number='98154654',
+                                               country='England', city='London', street_address='...'
+                                               )
+        self.coach_of_owner.save()
+        self.owner.coach = self.coach_of_owner
+        self.owner.save()
+        print(self.owner.coach)
+        self.request.user = self.coach_of_owner
+        permission_class = IsCoachAndVisibleToCoach
+        self.assertTrue(IsCoachAndVisibleToCoach.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+        # Changing the visibility to coach to see if it still works
+        self.workout.visibility = 'CO'
+        self.workout.save()
+        self.assertTrue(IsCoachAndVisibleToCoach.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+        # Changing request.user to someoner who is not the owner's coach
+        self.request.user = self.user
+        self.assertFalse(IsCoachAndVisibleToCoach.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+        # Check if you get the same result when visibility is set to public and requested user is still not coach of owner
+        self.workout.visibility = 'PU'
+        self.workout.save()
+        self.assertFalse(self.assertFalse(IsCoachAndVisibleToCoach.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout)))
+        # Now, check if the function returns false when visibility is set to private
+        # for both cases where requested user is coach or not coach of owner
+        self.workout.visibility = 'PR'
+        self.workout.save()
+        self.assertFalse(IsCoachAndVisibleToCoach.has_object_permission(
+            self, request=self.request,
+            view=None, obj=self.workout))
+        # Changing requested user back to coach. Should still return false
+        self.request.user = self.coach_of_owner
+        self.assertFalse(IsCoachAndVisibleToCoach.has_object_permission(self, request=self.request,
+                                                                        view=None, obj=self.workout))
+
+        # This test fails. Had to fix the fault in the permission class
+
+    """
+    This one test if the function, IsCoachOfWorkoutAndVisibleToCoach
+    """
+
+    def test_coach_of_workout_and_visible_to_coach(self):
+        """
+        Testing for the exercise_instance instead of the workout directly
+        """
+        permission_class = IsCoachOfWorkoutAndVisibleToCoach
+        # Make a coach to the owner of workout defined in setUp
+        self.coach_of_owner = get_user_model()(id=4, username='coach_of_owner2', email='email@owner.com', phone_number='98154654',
+                                               country='England', city='London', street_address='...'
+                                               )
+        self.coach_of_owner.save()
+        self.owner.coach = self.coach_of_owner
+        self.owner.save()
+        # Check if false when requesting user is not the owner's coach
+        self.request.user = self.user
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.exercise_instance))
+
+        self.request.user = self.coach_of_owner
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.exercise_instance))
+        # Changing the visibility to coach to see if it still works
+        self.workout.visibility = 'CO'
+        self.workout.save()
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.exercise_instance))
+        # Changing request.user to someoner who is not the owner's coach
+        self.request.user = self.user
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.exercise_instance))
+        # Check if you get the same result when visibility is set to public and requested user is still not coach of owner
+        self.workout.visibility = 'PU'
+        self.workout.save()
+        self.assertFalse(self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.exercise_instance)))
+        # Now, check if the function returns false when visibility is set to private
+        # for both cases where requested user is coach or not coach of owner
+        self.workout.visibility = 'PR'
+        self.workout.save()
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request,
+            view=None, obj=self.exercise_instance))
+        # Changing requested user back to coach. Should still return false
+        self.request.user = self.coach_of_owner
+        self.assertFalse(permission_class.has_object_permission(self, request=self.request,
+                                                                view=None, obj=self.exercise_instance))
+
+        # This test fails. Had to fix the fault in the permission class
+    """
+    Testing IsPublic
+    """
+
+    def test_is_public(self):
+        permission_class = IsPublic
+        self.workout.visibility = 'PU'
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+        """
+        Other visibility levels should return false 
+        """
+        self.workout.visibility = 'CO'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+        self.workout.visibility = 'PR'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=self.workout))
+    """
+    Testing IsWorkoutPublic using exercise_instance as the object which has a relation to a workout
+    """
+
+    def test_is_workout_public(self):
+        permission_class = IsWorkoutPublic
+        self.workout.visibility = 'PU'
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=None, view=None, obj=self.exercise_instance))
+        self.workout.visibility = 'CO'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=None, view=None, obj=self.exercise_instance))
+        self.workout.visibility = 'PR'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=None, view=None, obj=self.exercise_instance))
+
+    """
+    Testing IsReadOnly
+    """
+
+    def test_is_read_only(self):
+        permission_class = IsReadOnly
+        """
+        Testing if false when unsafe methods are provided
+        """
+        self.request.method = 'POST'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))
+        self.request.method = 'PUT'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))
+        self.request.method = 'DELETE'
+        self.assertFalse(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))
+        """
+        Testing if safe methods return true
+        """
+        self.request.method = 'HEAD'
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))
+
+        self.request.method = 'GET'
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))
+
+        self.request.method = 'OPTIONS'
+        self.assertTrue(permission_class.has_object_permission(
+            self, request=self.request, view=None, obj=None))