Commit 11953bbc authored by Thom Wiggers's avatar Thom Wiggers 📐
Browse files

Merge branch 'test_thaliapi' into 'master'

Test the Thaliapp API

See merge request !290
parents d12ec173 d05be778
......@@ -22,7 +22,13 @@ class MemberViewset(viewsets.ViewSet):
start_year = max(start.year, member.birthday.year)
for year in range(start_year, end.year + 1):
bday = copy.deepcopy(member)
bday.birthday = bday.birthday.replace(year=year)
try:
bday.birthday = bday.birthday.replace(year=year)
except ValueError as e:
if bday.birthday.month == 2 and bday.birthday.day == 29:
bday.birthday = bday.birthday.replace(year=year, day=28)
else:
raise e
if start.date() <= bday.birthday <= end.date():
birthdays.append(bday)
......
from datetime import datetime
from django.contrib.auth import get_user_model
from django.test import SimpleTestCase, TestCase, override_settings
from members.models import Member
from thaliapp.models import Token
class RaaSTestCase(SimpleTestCase):
def test_raas(self):
response = self.client.get('/api/randomasaservice')
self.assertEqual(response.json()['status'], 'ok')
self.assertIn('random', response.json())
response = self.client.post('/api/randomasaservice')
self.assertEqual(response.json()['status'], 'ok')
self.assertIn('random', response.json())
# preimage: key
@override_settings(
THALIAPP_API_KEY=('2c70e12b7a0646f92279f427c7b38e'
'7334d8e5389cff167a1dc30e73f826b683'))
class AppApiTestCase(TestCase):
"""Tests event registrations"""
def setUp(self):
self.user = get_user_model().objects.create_user(
username='testuser',
first_name='first',
last_name='last_name',
email='foo@bar.com',
password='top secret')
self.member = Member.objects.create(
user=self.user,
birthday=datetime(1993, 3, 2)
)
self.token = Token.create_token(self.user)
def test_GET_denied(self):
response = self.client.get('/api/login')
self.assertEqual(response.status_code, 405)
response = self.client.get('/api/app')
self.assertEqual(response.status_code, 405)
def test_wrong_apikey(self):
response = self.client.post('/api/login',
{'apikey': 'bla',
'username': 'testuser',
'password': 'top secret'})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.json()['status'], "error")
response = self.client.post('/api/app',
{'apikey': 'bla',
'username': 'testuser',
'token': self.token})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.json()['status'], "error")
def test_wrong_arguments(self):
response = self.client.post('/api/login',
{'apikey': 'key',
'username': 'testuser',
'pas': 'top secret'})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json()['status'], "error")
response = self.client.post('/api/login',
{'apikey': 'key',
'user': 'testuser',
'password': 'top secret'})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json()['status'], "error")
response = self.client.post('/api/app',
{'apikey': 'key',
'username': 'testuser',
'tok': self.token})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json()['status'], "error")
response = self.client.post('/api/login',
{'apikey': 'key',
'user': 'testuser',
'token': self.token})
self.assertEqual(response.status_code, 400)
self.assertEqual(response.json()['status'], "error")
def test_wrong_password(self):
response = self.client.post('/api/login',
{'apikey': 'key',
'username': 'testuser',
'password': 'wrong'})
self.assertEqual(response.status_code, 403)
self.assertEqual(response.json()['status'], "error")
def test_correct_login(self):
response = self.client.post('/api/login',
{'apikey': 'key',
'username': 'testuser',
'password': 'top secret'})
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()['status'], 'ok')
self.assertEqual(response.json()['username'], 'testuser')
self.assertIn('token', response.json())
self.assertIn('profile_image', response.json())
def test_correct_token_login(self):
response = self.client.post('/api/app',
{'apikey': 'key',
'username': 'testuser',
'token': self.token})
self.assertEqual(response.status_code, 200)
data = response.json()
self.assertIn('profile_image', data)
del data['profile_image']
self.assertEqual(data['status'], 'ok')
self.assertEqual(data['birthday'], '1993-03-02')
self.assertEqual(data['real_name'], 'first last_name')
self.assertEqual(data['display_name'], 'first last_name')
self.assertEqual(data['membership_type'], 'Expired')
self.assertEqual(data['over18'], True)
self.assertEqual(data['is_thalia_member'], False)
......@@ -38,7 +38,9 @@ def get_photo(user):
def login(request):
if (sha256(request.POST.get('apikey', '').encode('ascii')).hexdigest() !=
settings.THALIAPP_API_KEY):
return HttpResponseForbidden()
return HttpResponseForbidden(
'{"status":"error","msg":"wrong api key"}',
content_type='application/json')
user = request.POST.get('username')
password = request.POST.get('password')
if user is None or password is None:
......@@ -68,24 +70,35 @@ def app(request):
token = request.POST.get('token')
if (sha256(request.POST.get('apikey', '').encode('ascii')).hexdigest() !=
settings.THALIAPP_API_KEY):
return HttpResponseForbidden()
return HttpResponseForbidden(
'{"status": "error", "message": "wrong api key"}',
content_type='application/json')
if username is None or token is None:
return HttpResponseBadRequest()
return HttpResponseBadRequest(
'{"status": "error","msg": "Missing arguments"}',
content_type='application/json')
user = Token.authenticate(username, token)
if user is None:
return JsonResponse({'status': 'error',
'msg': 'Authentication Failed'},
status=403)
today = datetime.date.today()
eightteen_years_ago = today.replace(year=today.year - 18)
over18 = str(user.member.birthday <= eightteen_years_ago)
try:
eightteen_years_ago = today.replace(year=today.year - 18)
except ValueError as e:
# handle leap years
if today.month == 2 and today.day == 29:
eightteen_years_ago = today.replace(year=today.year - 18, day=28)
else:
raise e
over18 = user.member.birthday <= eightteen_years_ago
membership = user.member.current_membership
if membership:
membership_type = membership.type
is_member = 'True'
is_member = True
else:
membership_type = 'Expired'
is_member = 'False'
is_member = False
return JsonResponse({'status': 'ok',
'real_name': user.member.get_full_name(),
'display_name': user.member.display_name(),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment