pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2026-01-02 03:07:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement initial schema and add various API, service, and management command enhancements across the application.

Browse Source
This commit is contained in:
pacnpal
2026-01-01 15:13:01 -05:00
parent c95f99ca10
commit b243b17af7
413 changed files with 11164 additions and 17433 deletions
Download Patch File Download Diff File Expand all files Collapse all files

207
backend/tests/api/test_auth_api.py
View File

@@ -32,63 +32,47 @@ class TestLoginAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.user.set_password('testpass123')
self.user.set_password("testpass123")
self.user.save()
self.url = '/api/v1/auth/login/'
self.url = "/api/v1/auth/login/"
def test__login__with_valid_credentials__returns_tokens(self):
"""Test successful login returns JWT tokens."""
response = self.client.post(self.url, {
'username': self.user.username,
'password': 'testpass123'
})
response = self.client.post(self.url, {"username": self.user.username, "password": "testpass123"})
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn('access', response.data)
self.assertIn('refresh', response.data)
self.assertIn('user', response.data)
self.assertIn("access", response.data)
self.assertIn("refresh", response.data)
self.assertIn("user", response.data)
def test__login__with_email__returns_tokens(self):
"""Test login with email instead of username."""
response = self.client.post(self.url, {
'username': self.user.email,
'password': 'testpass123'
})
response = self.client.post(self.url, {"username": self.user.email, "password": "testpass123"})
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
def test__login__with_invalid_password__returns_400(self):
"""Test login with wrong password returns error."""
response = self.client.post(self.url, {
'username': self.user.username,
'password': 'wrongpassword'
})
response = self.client.post(self.url, {"username": self.user.username, "password": "wrongpassword"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertIn('error', response.data)
self.assertIn("detail", response.data)
def test__login__with_nonexistent_user__returns_400(self):
"""Test login with nonexistent username returns error."""
response = self.client.post(self.url, {
'username': 'nonexistentuser',
'password': 'testpass123'
})
response = self.client.post(self.url, {"username": "nonexistentuser", "password": "testpass123"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__login__with_missing_username__returns_400(self):
"""Test login without username returns error."""
response = self.client.post(self.url, {
'password': 'testpass123'
})
response = self.client.post(self.url, {"password": "testpass123"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__login__with_missing_password__returns_400(self):
"""Test login without password returns error."""
response = self.client.post(self.url, {
'username': self.user.username
})
response = self.client.post(self.url, {"username": self.user.username})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -103,10 +87,7 @@ class TestLoginAPIView(EnhancedAPITestCase):
self.user.is_active = False
self.user.save()
response = self.client.post(self.url, {
'username': self.user.username,
'password': 'testpass123'
})
response = self.client.post(self.url, {"username": self.user.username, "password": "testpass123"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -117,12 +98,12 @@ class TestSignupAPIView(EnhancedAPITestCase):
def setUp(self):
"""Set up test data."""
self.client = APIClient()
self.url = '/api/v1/auth/signup/'
self.url = "/api/v1/auth/signup/"
self.valid_data = {
'username': 'newuser',
'email': 'newuser@example.com',
'password1': 'ComplexPass123!',
'password2': 'ComplexPass123!'
"username": "newuser",
"email": "newuser@example.com",
"password1": "ComplexPass123!",
"password2": "ComplexPass123!",
}
def test__signup__with_valid_data__creates_user(self):
@@ -133,10 +114,10 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_existing_username__returns_400(self):
"""Test signup with existing username returns error."""
UserFactory(username='existinguser')
UserFactory(username="existinguser")
data = self.valid_data.copy()
data['username'] = 'existinguser'
data["username"] = "existinguser"
response = self.client.post(self.url, data)
@@ -144,10 +125,10 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_existing_email__returns_400(self):
"""Test signup with existing email returns error."""
UserFactory(email='existing@example.com')
UserFactory(email="existing@example.com")
data = self.valid_data.copy()
data['email'] = 'existing@example.com'
data["email"] = "existing@example.com"
response = self.client.post(self.url, data)
@@ -156,7 +137,7 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_password_mismatch__returns_400(self):
"""Test signup with mismatched passwords returns error."""
data = self.valid_data.copy()
data['password2'] = 'DifferentPass123!'
data["password2"] = "DifferentPass123!"
response = self.client.post(self.url, data)
@@ -165,8 +146,8 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_weak_password__returns_400(self):
"""Test signup with weak password returns error."""
data = self.valid_data.copy()
data['password1'] = '123'
data['password2'] = '123'
data["password1"] = "123"
data["password2"] = "123"
response = self.client.post(self.url, data)
@@ -175,7 +156,7 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_invalid_email__returns_400(self):
"""Test signup with invalid email returns error."""
data = self.valid_data.copy()
data['email'] = 'notanemail'
data["email"] = "notanemail"
response = self.client.post(self.url, data)
@@ -183,7 +164,7 @@ class TestSignupAPIView(EnhancedAPITestCase):
def test__signup__with_missing_fields__returns_400(self):
"""Test signup with missing required fields returns error."""
response = self.client.post(self.url, {'username': 'onlyusername'})
response = self.client.post(self.url, {"username": "onlyusername"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -195,7 +176,7 @@ class TestLogoutAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/logout/'
self.url = "/api/v1/auth/logout/"
def test__logout__authenticated_user__returns_success(self):
"""Test successful logout for authenticated user."""
@@ -204,7 +185,7 @@ class TestLogoutAPIView(EnhancedAPITestCase):
response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn('message', response.data)
self.assertIn("detail", response.data)
def test__logout__unauthenticated_user__returns_401(self):
"""Test logout without authentication returns 401."""
@@ -217,7 +198,7 @@ class TestLogoutAPIView(EnhancedAPITestCase):
self.client.force_authenticate(user=self.user)
# Simulate providing a refresh token
response = self.client.post(self.url, {'refresh': 'dummy-token'})
response = self.client.post(self.url, {"refresh": "dummy-token"})
self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -229,7 +210,7 @@ class TestCurrentUserAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/user/'
self.url = "/api/v1/auth/user/"
def test__current_user__authenticated__returns_user_data(self):
"""Test getting current user data when authenticated."""
@@ -238,7 +219,7 @@ class TestCurrentUserAPIView(EnhancedAPITestCase):
response = self.client.get(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['username'], self.user.username)
self.assertEqual(response.data["username"], self.user.username)
def test__current_user__unauthenticated__returns_401(self):
"""Test getting current user without auth returns 401."""
@@ -254,18 +235,18 @@ class TestPasswordResetAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/password/reset/'
self.url = "/api/v1/auth/password/reset/"
def test__password_reset__with_valid_email__returns_success(self):
"""Test password reset request with valid email."""
response = self.client.post(self.url, {'email': self.user.email})
response = self.client.post(self.url, {"email": self.user.email})
# Should return success (don't reveal if email exists)
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
def test__password_reset__with_nonexistent_email__returns_success(self):
"""Test password reset with nonexistent email returns success (security)."""
response = self.client.post(self.url, {'email': 'nonexistent@example.com'})
response = self.client.post(self.url, {"email": "nonexistent@example.com"})
# Should return success to not reveal email existence
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
@@ -278,7 +259,7 @@ class TestPasswordResetAPIView(EnhancedAPITestCase):
def test__password_reset__with_invalid_email_format__returns_400(self):
"""Test password reset with invalid email format returns error."""
response = self.client.post(self.url, {'email': 'notanemail'})
response = self.client.post(self.url, {"email": "notanemail"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -290,19 +271,22 @@ class TestPasswordChangeAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.user.set_password('oldpassword123')
self.user.set_password("oldpassword123")
self.user.save()
self.url = '/api/v1/auth/password/change/'
self.url = "/api/v1/auth/password/change/"
def test__password_change__with_valid_data__changes_password(self):
"""Test password change with valid data."""
self.client.force_authenticate(user=self.user)
response = self.client.post(self.url, {
'old_password': 'oldpassword123',
'new_password1': 'NewComplexPass123!',
'new_password2': 'NewComplexPass123!'
})
response = self.client.post(
self.url,
{
"old_password": "oldpassword123",
"new_password1": "NewComplexPass123!",
"new_password2": "NewComplexPass123!",
},
)
self.assertIn(response.status_code, [status.HTTP_200_OK, status.HTTP_400_BAD_REQUEST])
@@ -310,21 +294,27 @@ class TestPasswordChangeAPIView(EnhancedAPITestCase):
"""Test password change with wrong old password."""
self.client.force_authenticate(user=self.user)
response = self.client.post(self.url, {
'old_password': 'wrongpassword',
'new_password1': 'NewComplexPass123!',
'new_password2': 'NewComplexPass123!'
})
response = self.client.post(
self.url,
{
"old_password": "wrongpassword",
"new_password1": "NewComplexPass123!",
"new_password2": "NewComplexPass123!",
},
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__password_change__unauthenticated__returns_401(self):
"""Test password change without authentication."""
response = self.client.post(self.url, {
'old_password': 'oldpassword123',
'new_password1': 'NewComplexPass123!',
'new_password2': 'NewComplexPass123!'
})
response = self.client.post(
self.url,
{
"old_password": "oldpassword123",
"new_password1": "NewComplexPass123!",
"new_password2": "NewComplexPass123!",
},
)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@@ -335,7 +325,7 @@ class TestSocialProvidersAPIView(EnhancedAPITestCase):
def setUp(self):
"""Set up test data."""
self.client = APIClient()
self.url = '/api/v1/auth/social/providers/'
self.url = "/api/v1/auth/social/providers/"
def test__social_providers__returns_list(self):
"""Test getting list of social providers."""
@@ -352,7 +342,7 @@ class TestAuthStatusAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/status/'
self.url = "/api/v1/auth/status/"
def test__auth_status__authenticated__returns_authenticated_true(self):
"""Test auth status for authenticated user."""
@@ -361,15 +351,15 @@ class TestAuthStatusAPIView(EnhancedAPITestCase):
response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertTrue(response.data.get('authenticated'))
self.assertIsNotNone(response.data.get('user'))
self.assertTrue(response.data.get("authenticated"))
self.assertIsNotNone(response.data.get("user"))
def test__auth_status__unauthenticated__returns_authenticated_false(self):
"""Test auth status for unauthenticated user."""
response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertFalse(response.data.get('authenticated'))
self.assertFalse(response.data.get("authenticated"))
class TestAvailableProvidersAPIView(EnhancedAPITestCase):
@@ -378,7 +368,7 @@ class TestAvailableProvidersAPIView(EnhancedAPITestCase):
def setUp(self):
"""Set up test data."""
self.client = APIClient()
self.url = '/api/v1/auth/social/available/'
self.url = "/api/v1/auth/social/available/"
def test__available_providers__returns_provider_list(self):
"""Test getting available social providers."""
@@ -395,7 +385,7 @@ class TestConnectedProvidersAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/social/connected/'
self.url = "/api/v1/auth/social/connected/"
def test__connected_providers__authenticated__returns_list(self):
"""Test getting connected providers for authenticated user."""
@@ -423,9 +413,7 @@ class TestConnectProviderAPIView(EnhancedAPITestCase):
def test__connect_provider__unauthenticated__returns_401(self):
"""Test connecting provider without auth."""
response = self.client.post('/api/v1/auth/social/connect/google/', {
'access_token': 'dummy-token'
})
response = self.client.post("/api/v1/auth/social/connect/google/", {"access_token": "dummy-token"})
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@@ -433,9 +421,7 @@ class TestConnectProviderAPIView(EnhancedAPITestCase):
"""Test connecting invalid provider."""
self.client.force_authenticate(user=self.user)
response = self.client.post('/api/v1/auth/social/connect/invalid/', {
'access_token': 'dummy-token'
})
response = self.client.post("/api/v1/auth/social/connect/invalid/", {"access_token": "dummy-token"})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -443,7 +429,7 @@ class TestConnectProviderAPIView(EnhancedAPITestCase):
"""Test connecting provider without token."""
self.client.force_authenticate(user=self.user)
response = self.client.post('/api/v1/auth/social/connect/google/', {})
response = self.client.post("/api/v1/auth/social/connect/google/", {})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -458,7 +444,7 @@ class TestDisconnectProviderAPIView(EnhancedAPITestCase):
def test__disconnect_provider__unauthenticated__returns_401(self):
"""Test disconnecting provider without auth."""
response = self.client.post('/api/v1/auth/social/disconnect/google/')
response = self.client.post("/api/v1/auth/social/disconnect/google/")
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@@ -466,7 +452,7 @@ class TestDisconnectProviderAPIView(EnhancedAPITestCase):
"""Test disconnecting invalid provider."""
self.client.force_authenticate(user=self.user)
response = self.client.post('/api/v1/auth/social/disconnect/invalid/')
response = self.client.post("/api/v1/auth/social/disconnect/invalid/")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
@@ -478,7 +464,7 @@ class TestSocialAuthStatusAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory()
self.url = '/api/v1/auth/social/status/'
self.url = "/api/v1/auth/social/status/"
def test__social_auth_status__authenticated__returns_status(self):
"""Test getting social auth status."""
@@ -504,7 +490,7 @@ class TestEmailVerificationAPIView(EnhancedAPITestCase):
def test__email_verification__invalid_token__returns_404(self):
"""Test email verification with invalid token."""
response = self.client.get('/api/v1/auth/verify-email/invalid-token/')
response = self.client.get("/api/v1/auth/verify-email/invalid-token/")
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
@@ -516,7 +502,7 @@ class TestResendVerificationAPIView(EnhancedAPITestCase):
"""Set up test data."""
self.client = APIClient()
self.user = UserFactory(is_active=False)
self.url = '/api/v1/auth/resend-verification/'
self.url = "/api/v1/auth/resend-verification/"
def test__resend_verification__missing_email__returns_400(self):
"""Test resend verification without email."""
@@ -528,13 +514,13 @@ class TestResendVerificationAPIView(EnhancedAPITestCase):
"""Test resend verification for already verified user."""
active_user = UserFactory(is_active=True)
response = self.client.post(self.url, {'email': active_user.email})
response = self.client.post(self.url, {"email": active_user.email})
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__resend_verification__nonexistent_email__returns_success(self):
"""Test resend verification for nonexistent email (security)."""
response = self.client.post(self.url, {'email': 'nonexistent@example.com'})
response = self.client.post(self.url, {"email": "nonexistent@example.com"})
# Should return success to not reveal email existence
self.assertEqual(response.status_code, status.HTTP_200_OK)
@@ -556,35 +542,26 @@ class TestAuthAPIEdgeCases(EnhancedAPITestCase):
]
for username in special_usernames:
response = self.client.post('/api/v1/auth/login/', {
'username': username,
'password': 'testpass123'
})
response = self.client.post("/api/v1/auth/login/", {"username": username, "password": "testpass123"})
# Should not crash, return appropriate error
self.assertIn(response.status_code, [
status.HTTP_400_BAD_REQUEST,
status.HTTP_401_UNAUTHORIZED
])
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])
def test__signup__with_very_long_username__handled_safely(self):
"""Test signup with very long username."""
response = self.client.post('/api/v1/auth/signup/', {
'username': 'a' * 1000,
'email': 'test@example.com',
'password1': 'ComplexPass123!',
'password2': 'ComplexPass123!'
})
response = self.client.post(
"/api/v1/auth/signup/",
{
"username": "a" * 1000,
"email": "test@example.com",
"password1": "ComplexPass123!",
"password2": "ComplexPass123!",
},
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test__login__with_unicode_characters__handled_safely(self):
"""Test login with unicode characters."""
response = self.client.post('/api/v1/auth/login/', {
'username': 'user\u202e',
'password': 'pass\u202e'
})
response = self.client.post("/api/v1/auth/login/", {"username": "user\u202e", "password": "pass\u202e"})
self.assertIn(response.status_code, [
status.HTTP_400_BAD_REQUEST,
status.HTTP_401_UNAUTHORIZED
])
self.assertIn(response.status_code, [status.HTTP_400_BAD_REQUEST, status.HTTP_401_UNAUTHORIZED])