-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement tests for create/delete service accounts
Refs. TS-2320
- Loading branch information
1 parent
490641a
commit 7580d68
Showing
2 changed files
with
214 additions
and
0 deletions.
There are no files selected for viewing
129 changes: 129 additions & 0 deletions
129
django/thunderstore/api/cyberstorm/tests/test_create_service_account.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| import json | ||
|
|
||
| import pytest | ||
| from django.contrib.auth import get_user_model | ||
| from rest_framework.test import APIClient | ||
|
|
||
| from thunderstore.account.models.service_account import ServiceAccount | ||
| from thunderstore.repository.models.team import Team, TeamMember | ||
|
|
||
| User = get_user_model() | ||
|
|
||
|
|
||
| def get_create_service_account_url(team_name: str) -> str: | ||
| return f"/api/cyberstorm/team/{team_name}/service-account/create/" | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_create_service_account_success(api_client: APIClient, team_owner: TeamMember): | ||
| api_client.force_authenticate(team_owner.user) | ||
|
|
||
| url = get_create_service_account_url(team_owner.team.name) | ||
| data = json.dumps({"nickname": "CoolestTeamServiceAccountName"}) | ||
|
|
||
| response = api_client.post(url, data, content_type="application/json") | ||
|
|
||
| expected_response = { | ||
| "nickname": "CoolestTeamServiceAccountName", | ||
| "team_name": team_owner.team.name, | ||
| "api_token": "tss_", | ||
| } | ||
|
|
||
| service_account_count = ServiceAccount.objects.filter( | ||
| owner__name=team_owner.team.name, | ||
| user__first_name="CoolestTeamServiceAccountName", | ||
| ).count() | ||
|
|
||
| assert response.status_code == 201 | ||
| assert response.json()["nickname"] == expected_response["nickname"] | ||
| assert response.json()["team_name"] == expected_response["team_name"] | ||
| assert response.json()["api_token"][:4] == expected_response["api_token"] | ||
| assert service_account_count == 1 | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_create_service_account_not_authenticated( | ||
| api_client: APIClient, team_owner: TeamMember | ||
| ): | ||
| url = get_create_service_account_url(team_owner.team.name) | ||
| data = json.dumps({"nickname": "CoolestTeamServiceAccountName"}) | ||
|
|
||
| response = api_client.post(url, data, content_type="application/json") | ||
| expected_response = {"detail": "Authentication credentials were not provided."} | ||
|
|
||
| assert response.status_code == 401 | ||
| assert response.json() == expected_response | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_create_service_account_fails_because_nickname_too_long( | ||
| api_client: APIClient, | ||
| team_owner: TeamMember, | ||
| ): | ||
| api_client.force_authenticate(team_owner.user) | ||
| url = get_create_service_account_url(team_owner.team.name) | ||
| data = json.dumps({"nickname": "LongestCoolestTeamServiceAccountNameEver"}) | ||
|
|
||
| response = api_client.post(url, data, content_type="application/json") | ||
|
|
||
| expected_response = { | ||
| "nickname": ["Ensure this field has no more than 32 characters."] | ||
| } | ||
|
|
||
| service_account_count = ServiceAccount.objects.filter( | ||
| owner__name=team_owner.team.name, | ||
| user__first_name="LongestCoolestTeamServiceAccountNameEver", | ||
| ).count() | ||
|
|
||
| assert response.status_code == 400 | ||
| assert response.json() == expected_response | ||
| assert service_account_count == 0 | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_create_service_account_fail_because_user_is_not_team_member( | ||
| api_client: APIClient, | ||
| team: Team, | ||
| ): | ||
| non_team_user = User.objects.create() | ||
| api_client.force_authenticate(non_team_user) | ||
|
|
||
| url = get_create_service_account_url(team.name) | ||
| data = json.dumps({"nickname": "CoolestTeamServiceAccountName"}) | ||
|
|
||
| response = api_client.post(url, data, content_type="application/json") | ||
| account_count = ServiceAccount.objects.filter( | ||
| owner__name=team.name, user__first_name="CoolestTeamServiceAccountName" | ||
| ).count() | ||
|
|
||
| expected_response = {"detail": "User does not have permission to access this team."} | ||
|
|
||
| assert response.status_code == 403 | ||
| assert account_count == 0 | ||
| assert response.json() == expected_response | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_create_service_account_fail_because_user_is_not_team_owner( | ||
| api_client: APIClient, | ||
| team: Team, | ||
| team_member: TeamMember, | ||
| ): | ||
| api_client.force_authenticate(team_member.user) | ||
| url = get_create_service_account_url(team.name) | ||
| data = json.dumps({"nickname": "CoolestTeamServiceAccountName"}) | ||
|
|
||
| response = api_client.post(url, data, content_type="application/json") | ||
| account_count = ServiceAccount.objects.filter( | ||
| owner__name=team.name, user__first_name="CoolestTeamServiceAccountName" | ||
| ).count() | ||
|
|
||
| expected_response = { | ||
| "detail": ( | ||
| "User does not have permission to create service accounts for this team." | ||
| ) | ||
| } | ||
|
|
||
| assert response.status_code == 403 | ||
| assert account_count == 0 | ||
| assert response.json() == expected_response |
85 changes: 85 additions & 0 deletions
85
django/thunderstore/api/cyberstorm/tests/test_delete_service_account.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| import json | ||
|
|
||
| import pytest | ||
| from django.contrib.auth import get_user_model | ||
| from rest_framework.test import APIClient | ||
|
|
||
| from thunderstore.account.models.service_account import ServiceAccount | ||
| from thunderstore.repository.models.team import Team, TeamMember | ||
|
|
||
| User = get_user_model() | ||
|
|
||
|
|
||
| def get_delete_service_account_url(team_name: str) -> str: | ||
| return f"/api/cyberstorm/team/{team_name}/service-account/delete/" | ||
|
|
||
|
|
||
| def make_request(api_client: APIClient, team_name: str, account: ServiceAccount): | ||
| return api_client.post( | ||
| path=get_delete_service_account_url(team_name), | ||
| data=json.dumps({"uuid": str(account.uuid)}), | ||
| content_type="application/json", | ||
| ) | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_delete_service_account_success( | ||
| api_client: APIClient, | ||
| team_owner: TeamMember, | ||
| service_account: ServiceAccount, | ||
| ): | ||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
| api_client.force_authenticate(team_owner.user) | ||
| response = make_request(api_client, team_owner.team.name, service_account) | ||
|
|
||
| assert response.status_code == 204 | ||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 0 | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_delete_service_account_fail_user_is_not_authenticated( | ||
| api_client: APIClient, | ||
| team: Team, | ||
| service_account: ServiceAccount, | ||
| ): | ||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
| response = make_request(api_client, team.name, service_account) | ||
| assert response.status_code == 401 | ||
|
|
||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_delete_service_account_fails_because_user_is_not_team_member( | ||
| api_client: APIClient, | ||
| team: Team, | ||
| service_account: ServiceAccount, | ||
| ): | ||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
| non_team_user = User.objects.create() | ||
| api_client.force_authenticate(non_team_user) | ||
|
|
||
| response = make_request(api_client, team.name, service_account) | ||
| assert response.status_code == 403 | ||
|
|
||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_delete_service_account_fail_because_user_is_not_team_owner( | ||
| api_client: APIClient, | ||
| team_member: TeamMember, | ||
| team: Team, | ||
| service_account: ServiceAccount, | ||
| ): | ||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 | ||
|
|
||
| api_client.force_authenticate(team_member.user) | ||
|
|
||
| response = make_request(api_client, team.name, service_account) | ||
| assert response.status_code == 403 | ||
|
|
||
| assert ServiceAccount.objects.filter(uuid=service_account.uuid).count() == 1 |