diff --git a/tests/api/apitestbase.py b/tests/api/apitestbase.py index 76b84edcd0..04ef698418 100644 --- a/tests/api/apitestbase.py +++ b/tests/api/apitestbase.py @@ -5,12 +5,15 @@ import requests import unittest from nose.tools import assert_equal, assert_in # pylint: disable=E0611 -from tests.common.common import USERNAME, PASSWORD, IS_PRO +from tests.common.common import USERNAME, PASSWORD, IS_PRO, \ + ADMIN_USERNAME, ADMIN_PASSWORD + from tests.common.utils import apiurl, urljoin, randstring from tests.api.urls import TOKEN_URL, GROUPS_URL, ACCOUNTS_URL, REPOS_URL class ApiTestBase(unittest.TestCase): _token = None + _admin_token = None use_test_user = False use_test_group = False @@ -98,14 +101,40 @@ class ApiTestBase(unittest.TestCase): return cls._req('DELETE', *args, **kwargs) @classmethod - def _req(cls, method, *args, **kwargs): - auth = kwargs.pop('auth', True) - if auth: - if cls._token is None: - cls._token = get_auth_token() + def admin_get(cls, *args, **kwargs): + kwargs['admin'] = True + return cls.get(*args, **kwargs) - headers = kwargs.pop('headers', {}) - headers.setdefault('Authorization', 'Token ' + cls._token) + @classmethod + def admin_post(cls, *args, **kwargs): + kwargs['admin'] = True + return cls.post(*args, **kwargs) + + @classmethod + def admin_put(cls, *args, **kwargs): + kwargs['admin'] = True + return cls.put(*args, **kwargs) + + @classmethod + def admin_delete(cls, *args, **kwargs): + kwargs['admin'] = True + return cls.delete(*args, **kwargs) + + @classmethod + def _req(cls, method, *args, **kwargs): + admin = kwargs.pop('admin', False) + if admin: + if cls._admin_token is None: + cls._admin_token = get_auth_token(ADMIN_USERNAME, + ADMIN_PASSWORD) + token = cls._admin_token + else: + if cls._token is None: + cls._token = get_auth_token(USERNAME, PASSWORD) + token = cls._token + + headers = kwargs.get('headers', {}) + headers.setdefault('Authorization', 'Token ' + token) kwargs['headers'] = headers expected = kwargs.pop('expected', 200) @@ -136,9 +165,9 @@ class ApiTestBase(unittest.TestCase): msg = 'Expected not empty, but it is' self.assertGreater(len(lst), 0, msg) -def get_auth_token(): +def get_auth_token(username, password): res = requests.post(TOKEN_URL, - data=dict(username=USERNAME, password=PASSWORD)) + data=dict(username=username, password=password)) assert_equal(res.status_code, 200) token = res.json()['token'] assert_equal(len(token), 40) diff --git a/tests/api/test_accounts.py b/tests/api/test_accounts.py index 8e25b9250a..9901c7d387 100644 --- a/tests/api/test_accounts.py +++ b/tests/api/test_accounts.py @@ -1,18 +1,17 @@ +import requests import unittest -from tests.common.utils import apiurl, urljoin +from tests.common.utils import apiurl, urljoin, randstring from tests.api.apitestbase import USERNAME, ApiTestBase from tests.api.urls import ACCOUNTS_URL, ACCOUNT_INFO_URL, PING_URL, \ AUTH_PING_URL -test_account_username = u'test_tmp@test.com' -test_account_password = r'test_test' -test_account_password2 = r'test_test2' +test_account_username = 'test_%s@test.com' % randstring(10) +test_account_password = randstring(20) +test_account_password2 = randstring(20) test_account_url = urljoin(ACCOUNTS_URL, test_account_username) class AccountsApiTest(ApiTestBase): - use_test_uesr = True - def test_check_account_info(self): info = self.get(ACCOUNT_INFO_URL).json() self.assertIsNotNone(info) @@ -21,47 +20,34 @@ class AccountsApiTest(ApiTestBase): self.assertIsNotNone(info['usage']) def test_list_accounts(self): - accounts = self.get(ACCOUNTS_URL).json() - found = False - for account in accounts: - if account['email'] == USERNAME: - found = True - self.assertTrue(found) + # Normal user can not list accounts + self.get(ACCOUNTS_URL, expected=403) + accounts = self.admin_get(ACCOUNTS_URL).json() + self.assertGreaterEqual(accounts, 2) + # TODO: check returned json, test start/limit param - def test_create_account(self): + def test_create_delete_account(self): data = {'password': test_account_password} - res = self.put(test_account_url, data=data, expected=201) - self.assertEqual(res.text, u'"success"') - self.delete(test_account_url) + # non-admin user can not create new user + self.put(test_account_url, data=data, expected=403) - def test_update_account(self): - data = {'password': test_account_password} - self.put(test_account_url, data=data, expected=201) - data = { - 'password': test_account_password2, - 'is_staff': 1, - 'is_active': 1, - } - res = self.put(test_account_url, data=data) + res = self.admin_put(test_account_url, data=data, expected=201) self.assertEqual(res.text, u'"success"') - self.delete(test_account_url) - def test_delete_account(self): - data = {'password': test_account_password} - self.put(test_account_url, data=data, expected=201) - res = self.delete(test_account_url) - self.assertEqual(res.text, u'"success"') - accounts = self.get(ACCOUNTS_URL).json() - found = False - for account in accounts: - if account['email'] == test_account_username: - found = True - self.assertFalse(found) + # non-admin user can not delete a user + self.delete(test_account_url, expected=403) + + self.admin_delete(test_account_url) + # check the user is really deleted + self.admin_get(test_account_url, expected=404) def test_auth_ping(self): res = self.get(AUTH_PING_URL) self.assertRegexpMatches(res.text, u'"pong"') + res = requests.get(AUTH_PING_URL) + self.assertEqual(res.status_code, 403) def test_ping(self): - res = self.get(PING_URL, auth=False) + res = requests.get(PING_URL) self.assertRegexpMatches(res.text, u'"pong"') + self.assertEqual(res.status_code, 200) diff --git a/tests/common/common.py b/tests/common/common.py index 20a9ed9bb8..49fa23c5e6 100644 --- a/tests/common/common.py +++ b/tests/common/common.py @@ -1,13 +1,16 @@ import os -BASE_URL = os.getenv('CI_BASE_URL', u'http://127.0.0.1:8000') -USERNAME = os.getenv('CI_USERNAME', u'test@test.com') -PASSWORD = os.getenv('CI_PASSWORD', u'testtest') +BASE_URL = os.getenv('TEST_BASE_URL', u'http://127.0.0.1:8000') +USERNAME = os.getenv('TEST_USERNAME', u'test@seahubtest.com') +PASSWORD = os.getenv('TEST_PASSWORD', u'testtest') + +ADMIN_USERNAME = os.getenv('TEST_ADMIN_USERNAME', u'admin@seahubtest.com') +ADMIN_PASSWORD = os.getenv('TEST_ADMIN_PASSWORD', u'adminadmin') if BASE_URL[-1] != '/': BASE_URL += '/' -if os.getenv('CI_IS_PRO', u'') == u'': - IS_PRO = False +if os.getenv('TEST_IS_PRO', u'') == u'': + IS_PRO = False else: - IS_PRO = True + S_PRO = True diff --git a/tests/seahubtests.sh b/tests/seahubtests.sh index f2da2d3a7e..0157afe83d 100755 --- a/tests/seahubtests.sh +++ b/tests/seahubtests.sh @@ -1,8 +1,9 @@ #!/bin/bash : ${PYTHON=python} -# Change these if you run on local machine -export CI_USERNAME="test@test.com" -export CI_PASSWORD="testtest" +export TEST_USERNAME="test@seahubtest.com" +export TEST_PASSWORD="testtest" +export TEST_ADMIN_USERNAME="admin@seahubtest.com" +export TEST_ADMIN_PASSWORD="adminadmin" # If you run this script on your local machine, you must set CCNET_CONF_DIR # and SEAFILE_CONF_DIR like this: @@ -25,10 +26,14 @@ cd "$SEAHUB_SRCDIR" function init() { ############################### - # create database and a new user + # create database and two new users: an admin, and a normal user ############################### $PYTHON ./manage.py syncdb - $PYTHON -c "import ccnet; pool = ccnet.ClientPool('${CCNET_CONF_DIR}'); ccnet_threaded_rpc = ccnet.CcnetThreadedRpcClient(pool, req_pool=True); ccnet_threaded_rpc.add_emailuser('${CI_USERNAME}', '${CI_PASSWORD}', 1, 1);" + + # create normal user + $PYTHON -c "import ccnet; pool = ccnet.ClientPool('${CCNET_CONF_DIR}'); ccnet_threaded_rpc = ccnet.CcnetThreadedRpcClient(pool, req_pool=True); ccnet_threaded_rpc.add_emailuser('${TEST_USERNAME}', '${TEST_PASSWORD}', 0, 1);" + # create admin + $PYTHON -c "import ccnet; pool = ccnet.ClientPool('${CCNET_CONF_DIR}'); ccnet_threaded_rpc = ccnet.CcnetThreadedRpcClient(pool, req_pool=True); ccnet_threaded_rpc.add_emailuser('${TEST_ADMIN_USERNAME}', '${TEST_ADMIN_PASSWORD}', 1, 1);" } function start_seahub() {