From 0922460ff4a824b0cf1f44db4e03943415bb77e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C4=93teris=20Caune?= Date: Fri, 14 Aug 2015 14:29:31 +0300 Subject: [PATCH] More tests. --- hc/front/tests/test_channel_checks.py | 35 +++++++++++++++ hc/front/tests/test_remove_channel.py | 43 +++++++++++++++++++ .../{test_remove.py => test_remove_check.py} | 13 +++++- hc/front/tests/test_verify_email.py | 35 +++++++++++++++ hc/front/views.py | 5 ++- 5 files changed, 128 insertions(+), 3 deletions(-) create mode 100644 hc/front/tests/test_channel_checks.py create mode 100644 hc/front/tests/test_remove_channel.py rename hc/front/tests/{test_remove.py => test_remove_check.py} (68%) create mode 100644 hc/front/tests/test_verify_email.py diff --git a/hc/front/tests/test_channel_checks.py b/hc/front/tests/test_channel_checks.py new file mode 100644 index 00000000..d714ce36 --- /dev/null +++ b/hc/front/tests/test_channel_checks.py @@ -0,0 +1,35 @@ +from django.contrib.auth.models import User +from django.test import TestCase + +from hc.api.models import Channel + + +class ChannelChecksTestCase(TestCase): + + def setUp(self): + self.alice = User(username="alice") + self.alice.set_password("password") + self.alice.save() + + self.channel = Channel(user=self.alice, kind="email") + self.channel.value = "alice@example.org" + self.channel.save() + + def test_it_works(self): + url = "/channels/%s/checks/" % self.channel.code + + self.client.login(username="alice", password="password") + r = self.client.get(url) + self.assertContains(r, "alice@example.org", status_code=200) + + def test_it_checks_owner(self): + mallory = User(username="mallory") + mallory.set_password("password") + mallory.save() + + # channel does not belong to mallory so this should come back + # with 403 Forbidden: + url = "/channels/%s/checks/" % self.channel.code + self.client.login(username="mallory", password="password") + r = self.client.get(url) + assert r.status_code == 403 diff --git a/hc/front/tests/test_remove_channel.py b/hc/front/tests/test_remove_channel.py new file mode 100644 index 00000000..4f6571ad --- /dev/null +++ b/hc/front/tests/test_remove_channel.py @@ -0,0 +1,43 @@ +from django.contrib.auth.models import User +from django.test import TestCase + +from hc.api.models import Channel + + +class RemoveChannelTestCase(TestCase): + + def setUp(self): + self.alice = User(username="alice") + self.alice.set_password("password") + self.alice.save() + + self.channel = Channel(user=self.alice, kind="email") + self.channel.value = "alice@example.org" + self.channel.save() + + def test_it_works(self): + url = "/channels/%s/remove/" % self.channel.code + + self.client.login(username="alice", password="password") + r = self.client.post(url) + assert r.status_code == 302 + + assert Channel.objects.count() == 0 + + def test_it_handles_bad_uuid(self): + url = "/channels/not-uuid/remove/" + + self.client.login(username="alice", password="password") + r = self.client.post(url) + assert r.status_code == 400 + + def test_it_checks_owner(self): + url = "/channels/%s/remove/" % self.channel.code + + mallory = User(username="mallory") + mallory.set_password("password") + mallory.save() + + self.client.login(username="mallory", password="password") + r = self.client.post(url) + assert r.status_code == 403 diff --git a/hc/front/tests/test_remove.py b/hc/front/tests/test_remove_check.py similarity index 68% rename from hc/front/tests/test_remove.py rename to hc/front/tests/test_remove_check.py index 76addb0a..843b244f 100644 --- a/hc/front/tests/test_remove.py +++ b/hc/front/tests/test_remove_check.py @@ -4,7 +4,7 @@ from django.test import TestCase from hc.api.models import Check -class RemoveTestCase(TestCase): +class RemoveCheckTestCase(TestCase): def setUp(self): self.alice = User(username="alice") @@ -29,3 +29,14 @@ class RemoveTestCase(TestCase): self.client.login(username="alice", password="password") r = self.client.post(url) assert r.status_code == 400 + + def test_it_checks_owner(self): + url = "/checks/%s/remove/" % self.check.code + + mallory = User(username="mallory") + mallory.set_password("password") + mallory.save() + + self.client.login(username="mallory", password="password") + r = self.client.post(url) + assert r.status_code == 403 diff --git a/hc/front/tests/test_verify_email.py b/hc/front/tests/test_verify_email.py new file mode 100644 index 00000000..da4acfd9 --- /dev/null +++ b/hc/front/tests/test_verify_email.py @@ -0,0 +1,35 @@ +from django.contrib.auth.models import User +from django.test import TestCase + +from hc.api.models import Channel + + +class VerifyEmailTestCase(TestCase): + + def setUp(self): + self.alice = User(username="alice") + self.alice.set_password("password") + self.alice.save() + + self.channel = Channel(user=self.alice, kind="email") + self.channel.value = "alice@example.org" + self.channel.save() + + def test_it_works(self): + token = self.channel.make_token() + url = "/channels/%s/verify/%s/" % (self.channel.code, token) + + r = self.client.post(url) + assert r.status_code == 200, r.status_code + + channel = Channel.objects.get(code=self.channel.code) + assert channel.email_verified + + def test_it_handles_bad_token(self): + url = "/channels/%s/verify/bad-token/" % self.channel.code + + r = self.client.post(url) + assert r.status_code == 200, r.status_code + + channel = Channel.objects.get(code=self.channel.code) + assert not channel.email_verified diff --git a/hc/front/views.py b/hc/front/views.py index 4c5ceae3..af2e96c4 100644 --- a/hc/front/views.py +++ b/hc/front/views.py @@ -159,7 +159,6 @@ def remove_check(request, code): @login_required @uuid_or_400 def log(request, code): - check = Check.objects.get(code=code) if check.user != request.user: return HttpResponseForbidden() @@ -228,8 +227,10 @@ def add_channel(request): @login_required @uuid_or_400 def channel_checks(request, code): - channel = Channel.objects.get(code=code) + if channel.user != request.user: + return HttpResponseForbidden() + assigned = set([check.code for check in channel.checks.all()]) checks = Check.objects.filter(user=request.user).order_by("created")