Merge pull request #91 from Protospace/kb-fun

First handful of API tests

apiserver/apiserver/api/test_api.py

@@ -0,0 +1,63 @@
+from django.urls import reverse
+from rest_framework import status
+from rest_framework.test import APITestCase
+from apiserver.api.models import Member, User
+import json
+from parameterized import parameterized
+
+data = {
+                "username": "registrationtc", 
+                "email": "unittest@email.com",
+                "password1": "unittest",
+                "password2": "unittest",
+                "first_name": "John",
+                "last_name": "Doe",
+
+                # need to fake this for updating progress
+                "request_id": "lol"
+        }
+
+
+class RegistrationTests(APITestCase):
+    def setUp(self):
+        self.url = reverse('rest_name_register')
+        # TODO: expose data to be used for E2E testing from a webclient
+        self.data = data
+        # TODO: match with config
+        self.allowed_ip = '24.66.110.96'
+
+    def test_success(self):
+        """Ensure we can create a new account object."""
+        response = self.client.post(
+                self.url, 
+                self.data, 
+                format='json', 
+                HTTP_X_REAL_IP=self.allowed_ip
+        )
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        user = User.objects.get(username=self.data['username'])
+        assert user is not None
+        assert Member.objects.get(user=user) is not None
+
+    def test_allowed_ip_wrong(self):
+        """Ensure creation only allowed when HTTP_X_REAL_IP header matched IP in whitelist"""
+        response = self.client.post(
+                self.url, 
+                self.data, 
+                format='json', 
+                HTTP_X_REAL_IP="0.0.0.0"
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    @parameterized.expand([(f"{key} is missing", key, status.HTTP_400_BAD_REQUEST) for key in data.keys() if key is not 'request_id'])
+    def test_malformed_data(self, name, inp, expected):
+        """Delete specific properties from data and confirm it is not accepted by API"""
+        copy = self.data.copy()
+        del copy[inp]
+        response = self.client.post(
+                self.url, 
+                copy, 
+                format='json', 
+                HTTP_X_REAL_IP=self.allowed_ip
+        )
+        self.assertEqual(response.status_code, expected)

apiserver/apiserver/api/throttles.py

@@ -26,7 +26,10 @@ class LoggingThrottle(throttling.BaseThrottle):
             return True
 
         if request.data:
-            data = request.data.dict()
+            if type(request.data) is not dict:
+                data = request.data.dict()
+            else:
+                data = request.data
             for key in ['password', 'password1', 'password2', 'old_password', 'new_password1', 'new_password2']:
                 if key in data:
                     data[key] = '[CENSORED]'

apiserver/apiserver/api/utils.py

@@ -294,6 +294,7 @@ clean = Cleaner(tags=ALLOWED_TAGS).clean
 
 
 def is_request_from_protospace(request):
+    # TODO: pull to config
     whitelist = ['24.66.110.96', '205.233.15.76', '205.233.15.69']
 
     if settings.DEBUG:
@@ -346,6 +347,8 @@ def register_user(data, user):
     data['first_name'] = data['first_name'].title().strip()
     data['last_name'] = data['last_name'].title().strip()
 
+    # Sometimes during demos, a user makes a fake account then then has to be cleaned out
+    # Notify me that this has happened so I can go clean out the database
     if 'test' in data['username']:
         msg = 'Someone created a test account: {} {} {} {}'.format(
             data['username'],

apiserver/requirements.txt

@@ -31,6 +31,7 @@ MarkupSafe==1.1.1
 matplotlib-inline==0.1.3
 oauthlib==3.1.0
 packaging==20.0
+parameterized==0.8.1
 parso==0.8.3
 pexpect==4.8.0
 pickleshare==0.7.5