Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests/test_settings.py

425 lines
18 KiB
Python
Raw Normal View History

auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
import mock
import time
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
import ujson
from django.http import HttpResponse
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
from django.test import override_settings
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
from typing import Any, Dict, Union
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
from zerver.lib.initial_password import initial_password
from zerver.lib.test_classes import ZulipTestCase
test_settings: Migrate ldap tests to the new format.
2019-10-16 18:12:59 +02:00
from zerver.lib.test_helpers import get_test_image_file
users: Get all API keys via wrapper method. Now reading API keys from a user is done with the get_api_key wrapper method, rather than directly fetching it from the user object. Also, every place where an action should be done for each API key is now using get_all_api_keys. This method returns for the moment a single-item list, containing the specified user's API key. This commit is the first step towards allowing users have multiple API keys.
2018-08-01 10:53:40 +02:00
from zerver.lib.users import get_all_api_keys
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
from zerver.lib.rate_limiter import add_ratelimit_rule, remove_ratelimit_rule
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
from zerver.models import (
UserProfile,
test_settings: Extend caching section of API key test.
2019-01-05 02:16:38 +01:00
get_user_profile_by_api_key
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
)
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
class ChangeSettingsTest(ZulipTestCase):
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def check_well_formed_change_settings_response(self, result: Dict[str, Any]) -> None:
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertIn("full_name", result)
# DEPRECATED, to be deleted after all uses of check_for_toggle_param
# are converted into check_for_toggle_param_patch.
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def check_for_toggle_param(self, pattern: str, param: str) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
json_result = self.client_post(pattern,
{param: ujson.dumps(True)})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertEqual(getattr(user_profile, param), True)
json_result = self.client_post(pattern,
{param: ujson.dumps(False)})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertEqual(getattr(user_profile, param), False)
# TODO: requires method consolidation, right now, there's no alternative
# for check_for_toggle_param for PATCH.
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def check_for_toggle_param_patch(self, pattern: str, param: str) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
json_result = self.client_patch(pattern,
{param: ujson.dumps(True)})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertEqual(getattr(user_profile, param), True)
json_result = self.client_patch(pattern,
{param: ujson.dumps(False)})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
tests: Added ZulipTestCase.example_user() function. The example_user() function is specifically designed for AARON, hamlet, cordelia, and friends, and it allows a concise way of using their built-in user profiles. Eventually, the widespread use of example_user() should help us with refactorings such as moving the tests users out of the "zulip.com" realm and deprecating get_user_profile_by_email.
2017-05-07 17:21:26 +02:00
user_profile = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertEqual(getattr(user_profile, param), False)
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_successful_change_settings(self) -> None:
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
"""
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
A call to /json/settings with valid parameters changes the user's
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
settings correctly and returns correct values.
"""
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
user = self.example_user('hamlet')
self.login_user(user)
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
json_result = self.client_patch(
"/json/settings",
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
dict(
full_name='Foo Bar',
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
old_password=initial_password(user.delivery_email),
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
new_password='foobar1',
))
self.assert_json_success(json_result)
result = ujson.loads(json_result.content)
self.check_well_formed_change_settings_response(result)
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
user.refresh_from_db()
self.assertEqual(user.full_name, "Foo Bar")
tests: Add wrapper for client.logout in ZulipTestCase. In this commit we add a logout wrapper so as to enable developers to just do self.logout instead of doing a post request at API endpoint for logout. This is achieved by adding a wrapper function for the Django's client.logout contained in TestCase. We add this by extending ZulipTestCase to have a logout function.
2017-04-18 03:23:32 +02:00
self.logout()
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
# This is one of the few places we log in directly
# with Django's client (to test the password change
# with as few moving parts as possible).
self.assertTrue(
self.client.login(
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
username=user.delivery_email,
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
password='foobar1',
realm=user.realm
)
)
self.assert_logged_in_user_id(user.id)
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
def test_password_change_check_strength(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
auth: Use zxcvbn to ensure password strength on server side. For a long time, we've been only doing the zxcvbn password strength checks on the browser, which is helpful, but means users could through hackery (or a bug in the frontend validation code) manage to set a too-weak password. We fix this by running our password strength validation on the backend as well, using python-zxcvbn. In theory, a bug in python-zxcvbn could result in it producing a different opinion than the frontend version; if so, it'd be a pretty bad bug in the library, and hopefully we'd hear about it from users, report upstream, and get it fixed that way. Alternatively, we can switch to shelling out to node like we do for KaTeX. Fixes #6880.
2019-11-18 08:11:03 +01:00
with self.settings(PASSWORD_MIN_LENGTH=3, PASSWORD_MIN_GUESSES=1000):
json_result = self.client_patch(
"/json/settings",
dict(
full_name='Foo Bar',
old_password=initial_password(self.example_email("hamlet")),
new_password='easy',
))
self.assert_json_error(json_result, "New password is too weak!")
json_result = self.client_patch(
"/json/settings",
dict(
full_name='Foo Bar',
old_password=initial_password(self.example_email("hamlet")),
new_password='f657gdGGk9',
))
self.assert_json_success(json_result)
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_illegal_name_changes(self) -> None:
tests: Use example_user() in more places.
2017-05-07 21:25:59 +02:00
user = self.example_user('hamlet')
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
full_name = user.full_name
with self.settings(NAME_CHANGES_DISABLED=True):
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
json_result = self.client_patch("/json/settings",
dict(full_name='Foo Bar'))
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
# We actually fail silently here, since this only happens if
# somebody is trying to game our API, and there's no reason to
# give them the courtesy of an error reason.
self.assert_json_success(json_result)
tests: Remove get_user_profile_by_email from most tests.
2017-05-24 02:42:31 +02:00
user = self.example_user('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assertEqual(user.full_name, full_name)
# Now try a too-long name
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
json_result = self.client_patch("/json/settings",
dict(full_name='x' * 1000))
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assert_json_error(json_result, 'Name too long!')
users: Ban names shorter than 3 characters. The empty string is not a reasonable name.
2017-05-12 04:21:49 +02:00
# Now try a too-short name
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
json_result = self.client_patch("/json/settings",
dict(full_name='x'))
users: Ban names shorter than 3 characters. The empty string is not a reasonable name.
2017-05-12 04:21:49 +02:00
self.assert_json_error(json_result, 'Name too short!')
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_illegal_characters_in_name_changes(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
# Now try a name with invalid characters
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
json_result = self.client_patch("/json/settings",
dict(full_name='Opheli*'))
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.assert_json_error(json_result, 'Invalid characters in name!')
settings: Fix 500 when trying to change email to disposable email. Fixes #9240
2018-05-04 18:15:54 +02:00
def test_change_email_to_disposable_email(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
hamlet = self.example_user("hamlet")
self.login_user(hamlet)
realm = hamlet.realm
settings: Fix 500 when trying to change email to disposable email. Fixes #9240
2018-05-04 18:15:54 +02:00
realm.disallow_disposable_email_addresses = True
models: Rename Realm.restricted_to_domain field. This renames Realm.restricted_to_domain field to emails_restricted_to_domains, for greater clarity as to what it does just from seeing the setting name, without having to look it up. Fixes part of #10042.
2018-07-27 23:26:29 +02:00
realm.emails_restricted_to_domains = False
settings: Fix 500 when trying to change email to disposable email. Fixes #9240
2018-05-04 18:15:54 +02:00
realm.save()
json_result = self.client_patch("/json/settings",
dict(email='hamlet@mailnator.com'))
self.assert_json_error(json_result, 'Please use your real email address.')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
# This is basically a don't-explode test.
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_notify_settings(self) -> None:
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
for notification_setting in UserProfile.notification_setting_types:
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
# `notification_sound` is a string not a boolean, so this test
# doesn't work for it.
#
# TODO: Make this work more like do_test_realm_update_api
requirements: Upgrade pyflakes. Pyflakes has been upgraded from 2.0.0 to 2.1.0 and a few new linter errors have been fixed. Fixes #11397.
2019-02-01 14:08:45 +01:00
if notification_setting != 'notification_sound':
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
self.check_for_toggle_param_patch("/json/settings/notifications",
notification_setting)
def test_change_notification_sound(self) -> None:
pattern = "/json/settings/notifications"
param = "notification_sound"
user_profile = self.example_user('hamlet')
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
notifications: Add a setting for changing the notification sound. Also, add a new notification sound, "ding". It comes from https://freesound.org, where the original Zulip notification sound comes from as well. In the future, new sounds can be added by adding audio files to the `static/audio/notification_sounds` directory. Tweaked significantly by tabbott: * Avoided removing static/audio/zulip.ogg, because that file is checked for by old versions of the desktop app. * Added a views check for the sound being valid + tests. * Added additional tests. * Restructured the test_events test to be cleaner. * Removed check_bool_or_string. * Increased max length of notification_sound. * Provide available_notification_sounds in events data set if global notifications settings are requested. Fixes #8051.
2018-01-11 21:36:11 +01:00
json_result = self.client_patch(pattern,
{param: ujson.dumps("invalid")})
self.assert_json_error(json_result, "Invalid notification sound 'invalid'")
json_result = self.client_patch(pattern,
{param: ujson.dumps("ding")})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
user_profile = self.example_user('hamlet')
self.assertEqual(getattr(user_profile, param), "ding")
json_result = self.client_patch(pattern,
{param: ujson.dumps('zulip')})
self.assert_json_success(json_result)
# refetch user_profile object to correctly handle caching
user_profile = self.example_user('hamlet')
self.assertEqual(getattr(user_profile, param), 'zulip')
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_toggling_boolean_user_display_settings(self) -> None:
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
"""Test updating each boolean setting in UserProfile property_types"""
boolean_settings = (s for s in UserProfile.property_types if UserProfile.property_types[s] is bool)
for display_setting in boolean_settings:
self.check_for_toggle_param_patch("/json/settings/display", display_setting)
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_enter_sends_setting(self) -> None:
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
self.check_for_toggle_param('/json/users/me/enter-sends', "enter_sends")
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_wrong_old_password(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
result = self.client_patch(
"/json/settings",
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
dict(
old_password='bad_password',
new_password="ignored",
))
self.assert_json_error(result, "Wrong password!")
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
def test_wrong_old_password_rate_limiter(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
with self.settings(RATE_LIMITING_AUTHENTICATE=True):
rate_limiter: Rename authenticate domain to authenticate_by_username. This prepares for adding authenticate_by_ip_address.
2019-12-30 21:17:11 +01:00
add_ratelimit_rule(10, 2, domain='authenticate_by_username')
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
start_time = time.time()
with mock.patch('time.time', return_value=start_time):
result = self.client_patch(
"/json/settings",
dict(
old_password='bad_password',
new_password="ignored",
))
self.assert_json_error(result, "Wrong password!")
result = self.client_patch(
"/json/settings",
dict(
old_password='bad_password',
new_password="ignored",
))
self.assert_json_error(result, "Wrong password!")
# We're over the limit, so we'll get blocked even with the correct password.
result = self.client_patch(
"/json/settings",
dict(
old_password=initial_password(self.example_email("hamlet")),
new_password="ignored",
))
self.assert_json_error(result, "You're making too many attempts! Try again in 10 seconds.")
# After time passes, we should be able to succeed if we give the correct password.
with mock.patch('time.time', return_value=start_time + 11):
json_result = self.client_patch(
"/json/settings",
dict(
old_password=initial_password(self.example_email("hamlet")),
new_password='foobar1',
))
self.assert_json_success(json_result)
rate_limiter: Rename authenticate domain to authenticate_by_username. This prepares for adding authenticate_by_ip_address.
2019-12-30 21:17:11 +01:00
remove_ratelimit_rule(10, 2, domain='authenticate_by_username')
auth: Handle rate limiting in OurAuthenticationForm and user_settings. These parts of the code should catch the RateLimited exception and generate their own, apprioprate user-facing error message.
2019-12-30 02:21:51 +01:00
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
'zproject.backends.EmailAuthBackend',
test_settings: Migrate ldap tests to the new format.
2019-10-16 18:12:59 +02:00
'zproject.backends.ZulipDummyBackend'))
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
def test_change_password_ldap_backend(self) -> None:
test_settings: Migrate ldap tests to the new format.
2019-10-16 18:12:59 +02:00
self.init_default_ldap_database()
ldap_user_attr_map = {'full_name': 'cn', 'short_name': 'sn'}
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
test_settings: Migrate ldap tests to the new format.
2019-10-16 18:12:59 +02:00
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
with self.settings(LDAP_APPEND_DOMAIN="zulip.com",
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
result = self.client_patch(
"/json/settings",
dict(
old_password=initial_password(self.example_email("hamlet")),
new_password="ignored",
))
self.assert_json_error(result, "Your Zulip password is managed in LDAP")
result = self.client_patch(
"/json/settings",
dict(
tests: For ldap tests, give each ldap user a unique password. To avoid some hidden bugs in tests caused by every ldap user having the same password, we give each user a different password, generated based on their uids (to avoid some ugly hard-coding in a bunch of places).
2020-02-19 19:40:49 +01:00
old_password=self.ldap_password("hamlet"), # hamlet's password in ldap
user_settings: Prevent LDAP users from setting a Zulip password. Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled, LDAP users could set a password using EmailAuthBackend and continue to use that password, even if their LDAP account was later deactivated. That configuration wasn't supported at all before, so this doesn't fix a pre-existing security issue, but now that we're making that a valid configuration, we need to cover this case.
2018-05-29 07:25:08 +02:00
new_password="ignored",
))
self.assert_json_error(result, "Your Zulip password is managed in LDAP")
with self.settings(LDAP_APPEND_DOMAIN="example.com",
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
result = self.client_patch(
"/json/settings",
dict(
old_password=initial_password(self.example_email("hamlet")),
new_password="ignored",
))
self.assert_json_success(result)
with self.settings(LDAP_APPEND_DOMAIN=None,
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map):
result = self.client_patch(
"/json/settings",
dict(
old_password=initial_password(self.example_email("hamlet")),
new_password="ignored",
))
self.assert_json_error(result, "Your Zulip password is managed in LDAP")
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_changing_nothing_returns_error(self) -> None:
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
"""
We need to supply at least one non-empty parameter
to this API, or it should fail. (Eventually, we should
probably use a patch interface for these changes.)
"""
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
result = self.client_patch("/json/settings",
dict(old_password='ignored',))
settings: Change error for "no data" to something more friendly.
2018-01-11 20:28:44 +01:00
self.assert_json_error(result, "Please fill out all fields.")
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def do_test_change_user_display_setting(self, setting_name: str) -> None:
tests: Extract zerver/tests/test_settings.py.
2017-03-08 12:12:02 +01:00
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
test_changes = dict(
default_language = 'de',
emoji: Disable support for letting users switch emojisets. Due to copyright issues with potentially displaying Apple emojisets on non-apple devices, as well as iamcal dropping support for the emojione emojiset (see https://github.com/iamcal/emoji-data/pull/142), we are dropping (perhaps temporarily) support for allowing users to switch emojisets in Zulip. This commit just hides the feature from the user but leaves most of the infrastructure in place so that in the future if we decide to re-enable the support we will not need to redo the infrastructure work (some JS-side code is deleted, mostly because we'll want to re-add the feature using the do_settings_change infrastructure anyway). The most likely emoji set to add is the legacy "blobs" Google emoji set, since it seems popular with some users. Tweaked by tabbott to remove some additional JS code and update the changelog.
2018-07-20 09:28:32 +02:00
emojiset = 'google',
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
timezone = 'US/Mountain',
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
demote_inactive_streams = 2,
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
) # type: Dict[str, Any]
tests: Move UserChangesTest to test_settings.py.
2017-03-08 12:20:56 +01:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
test_value = test_changes.get(setting_name)
# Error if a setting in UserProfile.property_types does not have test values
if test_value is None:
lint: Fix code that evaded our lint checks for string % non-tuple. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-20 01:00:46 +02:00
raise AssertionError('No test created for %s' % (setting_name,))
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
if setting_name == 'demote_inactive_streams':
invalid_value = 4 # type: Union[int, str]
else:
invalid_value = 'invalid_' + setting_name
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
data = {setting_name: ujson.dumps(test_value)}
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
result = self.client_patch("/json/settings/display", data)
self.assert_json_success(result)
tests: Remove get_user_profile_by_email from most tests.
2017-05-24 02:42:31 +02:00
user_profile = self.example_user('hamlet')
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
self.assertEqual(getattr(user_profile, setting_name), test_value)
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
# Test to make sure invalid settings are not accepted
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
# and saved in the db.
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
data = {setting_name: ujson.dumps(invalid_value)}
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
result = self.client_patch("/json/settings/display", data)
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
# the json error for multiple word setting names (ex: default_language)
# displays as 'Invalid language'. Using setting_name.split('_') to format.
settings: Add display setting for demoting inactive streams. This adds a setting to control Zulip's default behavior of sorting to bottom and graying out inactive streams. The previous logic is still the default "automatic", but this gives users more control. See the models.py comment for details. Fixes #11524.
2019-03-17 14:48:51 +01:00
if setting_name == 'demote_inactive_streams':
self.assert_json_error(result, "Invalid setting value '%s'" % (invalid_value,))
else:
self.assert_json_error(result, "Invalid %s '%s'" % (setting_name.split('_')[-1],
invalid_value))
tests: Remove get_user_profile_by_email from most tests.
2017-05-24 02:42:31 +02:00
user_profile = self.example_user('hamlet')
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
self.assertNotEqual(getattr(user_profile, setting_name), invalid_value)
Add timezone field in UserProfile. Implements backend of #1506.
2017-03-14 10:53:09 +01:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_change_user_display_setting(self) -> None:
test_settings: Refactor to use UserProfile property_types framework.
2017-07-14 00:30:55 +02:00
"""Test updating each non-boolean setting in UserProfile property_types"""
user_settings = (s for s in UserProfile.property_types if UserProfile.property_types[s] is not bool)
for setting in user_settings:
self.do_test_change_user_display_setting(setting)
backend: Allow to change UserProfile's `emojiset` field via api.
2017-04-02 21:05:33 +02:00
emoji: Disable support for letting users switch emojisets. Due to copyright issues with potentially displaying Apple emojisets on non-apple devices, as well as iamcal dropping support for the emojione emojiset (see https://github.com/iamcal/emoji-data/pull/142), we are dropping (perhaps temporarily) support for allowing users to switch emojisets in Zulip. This commit just hides the feature from the user but leaves most of the infrastructure in place so that in the future if we decide to re-enable the support we will not need to redo the infrastructure work (some JS-side code is deleted, mostly because we'll want to re-add the feature using the do_settings_change infrastructure anyway). The most likely emoji set to add is the legacy "blobs" Google emoji set, since it seems popular with some users. Tweaked by tabbott to remove some additional JS code and update the changelog.
2018-07-20 09:28:32 +02:00
def do_change_emojiset(self, emojiset: str) -> HttpResponse:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
emoji: Disable support for letting users switch emojisets. Due to copyright issues with potentially displaying Apple emojisets on non-apple devices, as well as iamcal dropping support for the emojione emojiset (see https://github.com/iamcal/emoji-data/pull/142), we are dropping (perhaps temporarily) support for allowing users to switch emojisets in Zulip. This commit just hides the feature from the user but leaves most of the infrastructure in place so that in the future if we decide to re-enable the support we will not need to redo the infrastructure work (some JS-side code is deleted, mostly because we'll want to re-add the feature using the do_settings_change infrastructure anyway). The most likely emoji set to add is the legacy "blobs" Google emoji set, since it seems popular with some users. Tweaked by tabbott to remove some additional JS code and update the changelog.
2018-07-20 09:28:32 +02:00
data = {'emojiset': ujson.dumps(emojiset)}
result = self.client_patch("/json/settings/display", data)
return result
def test_emojiset(self) -> None:
"""Test banned emojisets are not accepted."""
emoji: Bring back the feature of changing emojisets. This is largely inspired by requests from people not liking the Google's new emojiset. A lot of people were requesting to revert back to old blobs emojiset so we are re-enabling this feature after making relevant infrastructure changes for supporting google's old blob emojiset and re-adding support for twitter emojiset. Fixes: #10158.
2018-08-25 09:18:49 +02:00
banned_emojisets = ['apple', 'emojione']
valid_emojisets = ['google', 'google-blob', 'text', 'twitter']
emoji: Disable support for letting users switch emojisets. Due to copyright issues with potentially displaying Apple emojisets on non-apple devices, as well as iamcal dropping support for the emojione emojiset (see https://github.com/iamcal/emoji-data/pull/142), we are dropping (perhaps temporarily) support for allowing users to switch emojisets in Zulip. This commit just hides the feature from the user but leaves most of the infrastructure in place so that in the future if we decide to re-enable the support we will not need to redo the infrastructure work (some JS-side code is deleted, mostly because we'll want to re-add the feature using the do_settings_change infrastructure anyway). The most likely emoji set to add is the legacy "blobs" Google emoji set, since it seems popular with some users. Tweaked by tabbott to remove some additional JS code and update the changelog.
2018-07-20 09:28:32 +02:00
for emojiset in banned_emojisets:
result = self.do_change_emojiset(emojiset)
lint: Fix code that evaded our lint checks for string % non-tuple. Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2019-04-20 01:00:46 +02:00
self.assert_json_error(result, "Invalid emojiset '%s'" % (emojiset,))
emoji: Disable support for letting users switch emojisets. Due to copyright issues with potentially displaying Apple emojisets on non-apple devices, as well as iamcal dropping support for the emojione emojiset (see https://github.com/iamcal/emoji-data/pull/142), we are dropping (perhaps temporarily) support for allowing users to switch emojisets in Zulip. This commit just hides the feature from the user but leaves most of the infrastructure in place so that in the future if we decide to re-enable the support we will not need to redo the infrastructure work (some JS-side code is deleted, mostly because we'll want to re-add the feature using the do_settings_change infrastructure anyway). The most likely emoji set to add is the legacy "blobs" Google emoji set, since it seems popular with some users. Tweaked by tabbott to remove some additional JS code and update the changelog.
2018-07-20 09:28:32 +02:00
for emojiset in valid_emojisets:
result = self.do_change_emojiset(emojiset)
self.assert_json_success(result)
settings: Add AVATAR_CHANGES_DISABLED server setting. Fixes #12132. Realm setting to disable avatar changes is already present. The `AVATAR_CHANGES_DISABLED` setting now follows the same 2-setting model as `NAME_CHANGES_DISABLED`.
2019-04-29 08:41:00 +02:00
def test_avatar_changes_disabled(self) -> None:
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login('hamlet')
settings: Add AVATAR_CHANGES_DISABLED server setting. Fixes #12132. Realm setting to disable avatar changes is already present. The `AVATAR_CHANGES_DISABLED` setting now follows the same 2-setting model as `NAME_CHANGES_DISABLED`.
2019-04-29 08:41:00 +02:00
with self.settings(AVATAR_CHANGES_DISABLED=True):
result = self.client_delete("/json/users/me/avatar")
self.assert_json_error(result, "Avatar changes are disabled in this organization.", 400)
with self.settings(AVATAR_CHANGES_DISABLED=True):
with get_test_image_file('img.png') as fp1:
result = self.client_post("/json/users/me/avatar", {'f1': fp1})
self.assert_json_error(result, "Avatar changes are disabled in this organization.", 400)
backend: Allow to change UserProfile's `emojiset` field via api.
2017-04-02 21:05:33 +02:00
tests: Move UserChangesTest to test_settings.py.
2017-03-08 12:20:56 +01:00
class UserChangesTest(ZulipTestCase):
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them.
2017-11-05 10:51:25 +01:00
def test_update_api_key(self) -> None:
tests: Use example_user() in more places.
2017-05-07 21:25:59 +02:00
user = self.example_user('hamlet')
email = user.email
settings: Fix flushing of API key cache. The logic for flushing the API key has been broken every since we added the cache, since we were incorrectly flushing the new API key, not the old API key, from the cache after regeneration.
2019-01-05 02:25:06 +01:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user)
users: Get all API keys via wrapper method. Now reading API keys from a user is done with the get_api_key wrapper method, rather than directly fetching it from the user object. Also, every place where an action should be done for each API key is now using get_all_api_keys. This method returns for the moment a single-item list, containing the specified user's API key. This commit is the first step towards allowing users have multiple API keys.
2018-08-01 10:53:40 +02:00
old_api_keys = get_all_api_keys(user)
settings: Fix flushing of API key cache. The logic for flushing the API key has been broken every since we added the cache, since we were incorrectly flushing the new API key, not the old API key, from the cache after regeneration.
2019-01-05 02:25:06 +01:00
# Ensure the old API keys are in the authentication cache, so
# that the below logic can test whether we have a cache-flushing bug.
for api_key in old_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)
tests: Move UserChangesTest to test_settings.py.
2017-03-08 12:20:56 +01:00
result = self.client_post('/json/users/me/api_key/regenerate')
self.assert_json_success(result)
result.json: Upgrade test_settings.
2017-08-17 08:44:10 +02:00
new_api_key = result.json()['api_key']
users: Get all API keys via wrapper method. Now reading API keys from a user is done with the get_api_key wrapper method, rather than directly fetching it from the user object. Also, every place where an action should be done for each API key is now using get_all_api_keys. This method returns for the moment a single-item list, containing the specified user's API key. This commit is the first step towards allowing users have multiple API keys.
2018-08-01 10:53:40 +02:00
self.assertNotIn(new_api_key, old_api_keys)
tests: Remove get_user_profile_by_email from most tests.
2017-05-24 02:42:31 +02:00
user = self.example_user('hamlet')
users: Get all API keys via wrapper method. Now reading API keys from a user is done with the get_api_key wrapper method, rather than directly fetching it from the user object. Also, every place where an action should be done for each API key is now using get_all_api_keys. This method returns for the moment a single-item list, containing the specified user's API key. This commit is the first step towards allowing users have multiple API keys.
2018-08-01 10:53:40 +02:00
current_api_keys = get_all_api_keys(user)
self.assertIn(new_api_key, current_api_keys)
test_settings: Extend caching section of API key test.
2019-01-05 02:16:38 +01:00
for api_key in old_api_keys:
with self.assertRaises(UserProfile.DoesNotExist):
get_user_profile_by_api_key(api_key)
for api_key in current_api_keys:
self.assertEqual(get_user_profile_by_api_key(api_key).email, email)