More tests.

2015-08-14 14:29:31 +03:00 · 2015-08-14 14:29:31 +03:00 · 0922460ff4
commit 0922460ff4
parent 5c15058567
5 changed files with 128 additions and 3 deletions
--- a/hc/front/tests/test_channel_checks.py
+++ b/hc/front/tests/test_channel_checks.py
@ -0,0 +1,35 @@
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from hc.api.models import Channel
+
+
+class ChannelChecksTestCase(TestCase):
+
+    def setUp(self):
+        self.alice = User(username="alice")
+        self.alice.set_password("password")
+        self.alice.save()
+
+        self.channel = Channel(user=self.alice, kind="email")
+        self.channel.value = "alice@example.org"
+        self.channel.save()
+
+    def test_it_works(self):
+        url = "/channels/%s/checks/" % self.channel.code
+
+        self.client.login(username="alice", password="password")
+        r = self.client.get(url)
+        self.assertContains(r, "alice@example.org", status_code=200)
+
+    def test_it_checks_owner(self):
+        mallory = User(username="mallory")
+        mallory.set_password("password")
+        mallory.save()
+
+        # channel does not belong to mallory so this should come back
+        # with 403 Forbidden:
+        url = "/channels/%s/checks/" % self.channel.code
+        self.client.login(username="mallory", password="password")
+        r = self.client.get(url)
+        assert r.status_code == 403
--- a/hc/front/tests/test_remove_channel.py
+++ b/hc/front/tests/test_remove_channel.py
@ -0,0 +1,43 @@
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from hc.api.models import Channel
+
+
+class RemoveChannelTestCase(TestCase):
+
+    def setUp(self):
+        self.alice = User(username="alice")
+        self.alice.set_password("password")
+        self.alice.save()
+
+        self.channel = Channel(user=self.alice, kind="email")
+        self.channel.value = "alice@example.org"
+        self.channel.save()
+
+    def test_it_works(self):
+        url = "/channels/%s/remove/" % self.channel.code
+
+        self.client.login(username="alice", password="password")
+        r = self.client.post(url)
+        assert r.status_code == 302
+
+        assert Channel.objects.count() == 0
+
+    def test_it_handles_bad_uuid(self):
+        url = "/channels/not-uuid/remove/"
+
+        self.client.login(username="alice", password="password")
+        r = self.client.post(url)
+        assert r.status_code == 400
+
+    def test_it_checks_owner(self):
+        url = "/channels/%s/remove/" % self.channel.code
+
+        mallory = User(username="mallory")
+        mallory.set_password("password")
+        mallory.save()
+
+        self.client.login(username="mallory", password="password")
+        r = self.client.post(url)
+        assert r.status_code == 403
--- a/hc/front/tests/test_remove_check.py
+++ b/hc/front/tests/test_remove_check.py
@ -4,7 +4,7 @@ from django.test import TestCase
 from hc.api.models import Check


-class RemoveTestCase(TestCase):
+class RemoveCheckTestCase(TestCase):

    def setUp(self):
        self.alice = User(username="alice")
@ -29,3 +29,14 @@ class RemoveTestCase(TestCase):
        self.client.login(username="alice", password="password")
        r = self.client.post(url)
        assert r.status_code == 400
+
+    def test_it_checks_owner(self):
+        url = "/checks/%s/remove/" % self.check.code
+
+        mallory = User(username="mallory")
+        mallory.set_password("password")
+        mallory.save()
+
+        self.client.login(username="mallory", password="password")
+        r = self.client.post(url)
+        assert r.status_code == 403
--- a/hc/front/tests/test_verify_email.py
+++ b/hc/front/tests/test_verify_email.py
@ -0,0 +1,35 @@
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from hc.api.models import Channel
+
+
+class VerifyEmailTestCase(TestCase):
+
+    def setUp(self):
+        self.alice = User(username="alice")
+        self.alice.set_password("password")
+        self.alice.save()
+
+        self.channel = Channel(user=self.alice, kind="email")
+        self.channel.value = "alice@example.org"
+        self.channel.save()
+
+    def test_it_works(self):
+        token = self.channel.make_token()
+        url = "/channels/%s/verify/%s/" % (self.channel.code, token)
+
+        r = self.client.post(url)
+        assert r.status_code == 200, r.status_code
+
+        channel = Channel.objects.get(code=self.channel.code)
+        assert channel.email_verified
+
+    def test_it_handles_bad_token(self):
+        url = "/channels/%s/verify/bad-token/" % self.channel.code
+
+        r = self.client.post(url)
+        assert r.status_code == 200, r.status_code
+
+        channel = Channel.objects.get(code=self.channel.code)
+        assert not channel.email_verified
--- a/hc/front/views.py
+++ b/hc/front/views.py
@ -159,7 +159,6 @@ def remove_check(request, code):
@login_required
@uuid_or_400
 def log(request, code):
-
    check = Check.objects.get(code=code)
    if check.user != request.user:
        return HttpResponseForbidden()
@ -228,8 +227,10 @@ def add_channel(request):
@login_required
@uuid_or_400
 def channel_checks(request, code):
-
    channel = Channel.objects.get(code=code)
+    if channel.user != request.user:
+        return HttpResponseForbidden()
+
    assigned = set([check.code for check in channel.checks.all()])
    checks = Check.objects.filter(user=request.user).order_by("created")