Compare commits

..

No commits in common. "1c98a6a73c6f4e5eccbd34219f1a9a30e6f34d16" and "fb5ff0dad73484ddc108522bfc9c64aea19f1d66" have entirely different histories.

6 changed files with 29 additions and 303 deletions

3
django/.gitignore vendored
View File

@ -1,4 +1,3 @@
.env .env
*.pyc *.pyc
db.sqlite3 db.sqlite3
**/migrations/*

View File

@ -1,3 +1,7 @@
from django.db import models from django.db import models
# Create your models here. # Create your models here.
class Profile(models.Model):
uuid = models.CharField()
username = models.CharField()
avatar_url = models.CharField()

View File

@ -1,4 +0,0 @@
PASSWORD_MIN_SIZE = 3
PASSWORD_MAX_SIZE = 128
USERNAME_MIN_SIZE = 3
USERNAME_MAX_SIZE = 40

View File

@ -1,9 +0,0 @@
INVALID_USERNAME: str = "error: username invalid"
INVALID_PASSWORD: str = "error: password invalid"
INVALID_USERNAME_PASSWORD: str = "error: username or password invalid"
USERNAME_ALREADY_USED: str = "error: username already used"
USER_ADDED: str = "ok: user added"
USER_DELETED: str = "ok: account has been deleted"
USER_VALID: str = "ok: account valid"
PASSWORD_UPDATED: str = "ok: password has been updated"

View File

@ -1,264 +1,3 @@
from django.test import TestCase from django.test import TestCase
# Create your tests here. # Create your tests here.
from django.test.client import Client
from django.http import HttpResponse
import uuid
from .status_code import *
from .settings import *
class RegisterTest(TestCase):
def setUp(self):
self.client = Client()
self.url: str = "/api/accounts/register"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
def test_incomplet_form_no_username_no_password(self):
response: HttpResponse = self.client.post(self.url)
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_incomplet_form_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_incomplet_form_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, "error: username invalid")
def test_incomplet_form_no_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_normal_register(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_ADDED)
def test_username_too_short(self):
response: HttpResponse = self.client.post(self.url, {"username": "a" * (USERNAME_MIN_SIZE - (USERNAME_MIN_SIZE > 0)), "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
def test_username_too_long(self):
response: HttpResponse = self.client.post(self.url, {"username": "a" * (USERNAME_MAX_SIZE + 1), "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
def test_password_too_short(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": "a" * (PASSWORD_MIN_SIZE - (PASSWORD_MIN_SIZE > 0))})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_password_too_long(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": "a" * (PASSWORD_MAX_SIZE + 1)})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_already_registered(self):
self.client.post(self.url, {"username": self.username, "password": self.password})
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USERNAME_ALREADY_USED)
class LoginTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/login"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
class LoginTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/login"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
class DeleteTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/delete"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_normal_delete(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_DELETED)
class ChangePasswordTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/change_password"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.new_password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post("/api/accounts/login", {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_no_new_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_new_password_to_short(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": "a" * (PASSWORD_MIN_SIZE - (PASSWORD_MIN_SIZE > 0))})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_new_password_to_long(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": "a" * (PASSWORD_MAX_SIZE + 1)})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_normal_change_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": self.new_password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, PASSWORD_UPDATED)

View File

@ -6,9 +6,6 @@ from django.http import HttpResponse
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.db.models.query import QuerySet from django.db.models.query import QuerySet
from .status_code import *
from .settings import *
class Login(View): class Login(View):
def get(self, request): def get(self, request):
return render(request, "login.html") return render(request, "login.html")
@ -16,21 +13,21 @@ class Login(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
password = request.POST.get("password") password = request.POST.get("password")
if (password == None): if (password == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(password)): if (not user.check_password(password)):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
return HttpResponse(USER_VALID) return HttpResponse("ok: account valid")
class Register(View): class Register(View):
def get(self, request): def get(self, request):
@ -38,19 +35,19 @@ class Register(View):
def post(self, request): def post(self, request):
password = request.POST.get("password") password = request.POST.get("password")
if (password == None or not PASSWORD_MAX_SIZE >= len(password) >= PASSWORD_MIN_SIZE): if (password == None or len(password) < 3):
return HttpResponse(INVALID_PASSWORD) return HttpResponse("error: password invalid")
username = request.POST.get("username") username = request.POST.get("username")
if (username == None or not USERNAME_MAX_SIZE >= len(username) >= USERNAME_MIN_SIZE): if (username == None or len(username) < 3):
return HttpResponse(INVALID_USERNAME) return HttpResponse("error: username invalid")
if User.objects.filter(username=username).exists(): if User.objects.filter(username=username).exists():
return HttpResponse(USERNAME_ALREADY_USED) return HttpResponse("error: username already used")
user = User.objects.create_user(username, password=password) user = User.objects.create_user(username, password=password)
user.save() user.save()
return HttpResponse(USER_ADDED) return HttpResponse("ok: user added")
class Delete(View): class Delete(View):
def get(self, request): def get(self, request):
@ -59,23 +56,23 @@ class Delete(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
password = request.POST.get("password") password = request.POST.get("password")
if (password == None): if (password == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(password)): if (not user.check_password(password)):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
user.delete() user.delete()
return HttpResponse(USER_DELETED) return HttpResponse("ok: account has been deleted")
class ChangePassword(View): class ChangePassword(View):
def get(self, request): def get(self, request):
@ -84,25 +81,25 @@ class ChangePassword(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
current_password = request.POST.get("current_password") current_password = request.POST.get("current_password")
if (current_password == None): if (current_password == None):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(current_password)): if (not user.check_password(current_password)):
return HttpResponse(INVALID_USERNAME_PASSWORD) return HttpResponse("error: username or password invalid")
new_password = request.POST.get("new_password") new_password = request.POST.get("new_password")
if (new_password == None or not PASSWORD_MAX_SIZE >= len(new_password) >= PASSWORD_MIN_SIZE): if (new_password == None or len(new_password) < 3):
return HttpResponse(INVALID_PASSWORD) return HttpResponse("error: new password too short")
user.set_password(new_password) user.set_password(new_password)
user.save() user.save()
return HttpResponse(PASSWORD_UPDATED) return HttpResponse("ok: password has been updated")