~sirodoht/mataroa

ref: 85fede93239589626fb538eeeb65cea3856a49b6 mataroa/main/tests/test_images.py -rw-r--r-- 6.8 KiB
85fede93Theodore Keloglou fix validator message to be inclusive all fields a month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
from django.test import TestCase
from django.urls import reverse

from main import models


class ImageCreateTestCase(TestCase):
    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")

    def test_image_upload(self):
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
            self.assertTrue(models.Image.objects.filter(name="vulf").exists())
            self.assertEqual(models.Image.objects.get(name="vulf").extension, "jpeg")
            self.assertIsNotNone(models.Image.objects.get(name="vulf").slug)


class ImageCreateAnonTestCase(TestCase):
    def test_image_upload_anon(self):
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            response = self.client.post(reverse("image_list"), {"file": fp})
            self.assertEqual(response.status_code, 302)
            self.assertTrue(reverse("login") in response.url)


class ImageDetailTestCase(TestCase):
    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")

    def test_image_detail(self):
        response = self.client.get(
            reverse("image_detail", args=(self.image.slug,)),
        )
        self.assertEqual(response.status_code, 200)
        self.assertInHTML("<h1>vulf</h1>", response.content.decode("utf-8"))
        self.assertContains(response, "Uploaded on")


class ImageUpdateTestCase(TestCase):
    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")

    def test_image_update(self):
        new_data = {
            "name": "new vulf",
        }
        self.client.post(reverse("image_update", args=(self.image.slug,)), new_data)
        updated_image = models.Image.objects.get(id=self.image.id)
        self.assertEqual(updated_image.name, new_data["name"])


class ImageUpdateAnonTestCase(TestCase):
    """Tests non logged in user cannot update image."""

    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")
        self.client.logout()

    def test_image_update(self):
        new_data = {
            "name": "new vulf",
        }
        self.client.post(reverse("image_update", args=(self.image.slug,)), new_data)
        image_now = models.Image.objects.get(id=self.image.id)
        self.assertEqual(image_now.name, "vulf")


class ImageUpdateNotOwnTestCase(TestCase):
    """Tests user cannot update other user's image name."""

    def setUp(self):
        self.victim = models.User.objects.create(username="bob")
        self.victim.set_password("abcdef123456")
        self.victim.save()
        self.client.login(username="bob", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")
        self.client.logout()

        self.attacker = models.User.objects.create(username="alice")
        self.attacker.set_password("abcdef123456")
        self.attacker.save()
        self.client.login(username="alice", password="abcdef123456")

    def test_image_update_not_own(self):
        new_data = {
            "name": "bad vulf",
        }
        self.client.post(reverse("image_update", args=(self.image.slug,)), new_data)
        image_now = models.Image.objects.get(id=self.image.id)
        self.assertEqual(image_now.name, "vulf")


class ImageDeleteTestCase(TestCase):
    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")

    def test_image_delete(self):
        self.client.post(reverse("image_delete", args=(self.image.slug,)))
        self.assertFalse(
            models.Image.objects.filter(name="vulf", owner=self.user).exists()
        )


class ImageDeleteAnonTestCase(TestCase):
    """Tests non logged in user cannot delete image."""

    def setUp(self):
        self.user = models.User.objects.create(username="alice")
        self.user.set_password("abcdef123456")
        self.user.save()
        self.client.login(username="alice", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")
        self.client.logout()

    def test_image_delete_anon(self):
        self.client.post(reverse("image_delete", args=(self.image.slug,)))
        self.assertTrue(
            models.Image.objects.filter(name="vulf", owner=self.user).exists()
        )


class ImageDeleteNotOwnTestCase(TestCase):
    """Tests user cannot delete other's image."""

    def setUp(self):
        self.victim = models.User.objects.create(username="bob")
        self.victim.set_password("abcdef123456")
        self.victim.save()
        self.client.login(username="bob", password="abcdef123456")
        with open("main/tests/testdata/vulf.jpeg", "rb") as fp:
            self.client.post(reverse("image_list"), {"file": fp})
        self.image = models.Image.objects.get(name="vulf")
        self.client.logout()

        self.attacker = models.User.objects.create(username="alice")
        self.attacker.set_password("abcdef123456")
        self.attacker.save()
        self.client.login(username="alice", password="abcdef123456")

    def test_image_delete_not_own(self):
        self.client.post(reverse("image_delete", args=(self.image.slug,)))
        self.assertTrue(
            models.Image.objects.filter(name="vulf", owner=self.victim).exists()
        )