X-Git-Url: https://git.mdrn.pl/wolnelektury.git/blobdiff_plain/5aa13410812d3fc4b35c039bdc3f0a2edc5185a1..ea221b2bc448ce22dfda4f1ead2968fa7de31771:/src/api/tests/tests.py diff --git a/src/api/tests/tests.py b/src/api/tests/tests.py index 91e5bbf84..ee3d66e6f 100644 --- a/src/api/tests/tests.py +++ b/src/api/tests/tests.py @@ -253,7 +253,7 @@ class OAuth1Tests(ApiTest): User.objects.all().delete() def test_create_token(self): - base_query = ("oauth_consumer_key=client&oauth_nonce=123&" + base_query = ("oauth_consumer_key=client&oauth_nonce=12345678&" "oauth_signature_method=HMAC-SHA1&oauth_timestamp={}&" "oauth_version=1.0".format(int(time()))) raw = '&'.join([ @@ -274,7 +274,7 @@ class OAuth1Tests(ApiTest): key=request_token['oauth_token'][0], token_type=Token.REQUEST ).update(user=self.user, is_approved=True) - base_query = ("oauth_consumer_key=client&oauth_nonce=123&" + base_query = ("oauth_consumer_key=client&oauth_nonce=12345678&" "oauth_signature_method=HMAC-SHA1&oauth_timestamp={}&" "oauth_token={}&oauth_version=1.0".format( int(time()), request_token['oauth_token'][0])) @@ -327,10 +327,10 @@ class AuthorizedTests(ApiTest): cls.consumer.delete() super(AuthorizedTests, cls).tearDownClass() - def signed(self, url, method='GET', params=None): + def signed(self, url, method='GET', params=None, data=None): auth_params = { "oauth_consumer_key": self.consumer.key, - "oauth_nonce": "%f" % time(), + "oauth_nonce": ("%f" % time()).replace('.', ''), "oauth_signature_method": "HMAC-SHA1", "oauth_timestamp": int(time()), "oauth_token": self.token.key, @@ -340,12 +340,14 @@ class AuthorizedTests(ApiTest): sign_params = {} if params: sign_params.update(params) + if data: + sign_params.update(data) sign_params.update(auth_params) raw = "&".join([ method.upper(), quote('http://testserver' + url, safe=''), quote("&".join( - quote(str(k)) + "=" + quote(str(v)) + quote(str(k), safe='') + "=" + quote(str(v), safe='') for (k, v) in sorted(sign_params.items()))) ]) auth_params["oauth_signature"] = quote(b64encode(hmac.new( @@ -356,22 +358,23 @@ class AuthorizedTests(ApiTest): if params: url = url + '?' + urlencode(params) return getattr(self.client, method.lower())( - url, - HTTP_AUTHORIZATION=auth - ) + url, + data=urlencode(data) if data else None, + content_type='application/x-www-form-urlencoded', + HTTP_AUTHORIZATION=auth, + ) - def signed_json(self, url, method='GET', params=None): - return json.loads(self.signed(url, method, params).content) + def signed_json(self, url, method='GET', params=None, data=None): + return json.loads(self.signed(url, method, params, data).content) def test_books(self): self.assertEqual( [b['liked'] for b in self.signed_json('/api/books/')], [False, False, False] ) - # This one fails in the legacy implementation - # data = self.signed_json('/api/books/child/') - # self.assertFalse(data['parent']['liked']) - # self.assertFalse(data['children'][0]['liked']) + data = self.signed_json('/api/books/child/') + self.assertFalse(data['parent']['liked']) + self.assertFalse(data['children'][0]['liked']) self.assertEqual( self.signed_json('/api/like/parent/'), @@ -387,9 +390,8 @@ class AuthorizedTests(ApiTest): self.assertTrue(self.signed_json( '/api/filter-books/', params={"search": "parent"})[0]['liked']) - # This one fails in the legacy implementation. - #self.assertTrue(self.signed_json( - # '/api/books/child/')['parent']['liked']) + self.assertTrue(self.signed_json( + '/api/books/child/')['parent']['liked']) # Liked books go on shelf. self.assertEqual( [x['slug'] for x in self.signed_json('/api/shelf/likes/')], @@ -423,14 +425,51 @@ class AuthorizedTests(ApiTest): {"username": "test", "premium": False}) self.assertEqual( self.signed('/api/epub/grandchild/').status_code, - 401) # Not 403 because Piston. + 403) - with patch('api.handlers.user_is_subscribed', return_value=True): + with patch('api.fields.user_is_subscribed', return_value=True): self.assertEqual( self.signed_json('/api/username/'), {"username": "test", "premium": True}) + with patch('paypal.permissions.user_is_subscribed', return_value=True): with patch('django.core.files.storage.Storage.open', return_value=StringIO("")): self.assertEqual( self.signed('/api/epub/grandchild/').content, "") + + def test_publish(self): + response = self.signed('/api/books/', + method='POST', + data={"data": json.dumps({})}) + self.assertEqual(response.status_code, 403) + + response = self.signed('/api/pictures/', + method='POST', + data={"data": json.dumps({})}) + self.assertEqual(response.status_code, 403) + + self.user.is_superuser = True + self.user.save() + + with patch('catalogue.models.Book.from_xml_file') as mock: + response = self.signed('/api/books/', + method='POST', + data={"data": json.dumps({ + "book_xml": "" + })}) + self.assertTrue(mock.called) + self.assertEqual(response.status_code, 201) + + with patch('picture.models.Picture.from_xml_file') as mock: + response = self.signed('/api/pictures/', + method='POST', + data={"data": json.dumps({ + "picture_xml": "", + "picture_image_data": "Kg==", + })}) + self.assertTrue(mock.called) + self.assertEqual(response.status_code, 201) + + self.user.is_superuser = False + self.user.save()