Compare commits

..

5 Commits

Author SHA1 Message Date
1c98a6a73c add: unitest to accounts 2023-10-25 15:11:56 +02:00
b7a41701ea remove trash 2023-10-24 22:56:45 +02:00
85f273b726 fix: use variable to len 2023-10-24 22:56:37 +02:00
d469466e66 add: gitignore migration 2023-10-24 22:33:35 +02:00
07ad080551 replace: hardcoded html return by variable 2023-10-24 22:33:13 +02:00
6 changed files with 303 additions and 29 deletions

3
django/.gitignore vendored
View File

@ -1,3 +1,4 @@
.env .env
*.pyc *.pyc
db.sqlite3 db.sqlite3
**/migrations/*

View File

@ -1,7 +1,3 @@
from django.db import models from django.db import models
# Create your models here. # Create your models here.
class Profile(models.Model):
uuid = models.CharField()
username = models.CharField()
avatar_url = models.CharField()

View File

@ -0,0 +1,4 @@
PASSWORD_MIN_SIZE = 3
PASSWORD_MAX_SIZE = 128
USERNAME_MIN_SIZE = 3
USERNAME_MAX_SIZE = 40

View File

@ -0,0 +1,9 @@
INVALID_USERNAME: str = "error: username invalid"
INVALID_PASSWORD: str = "error: password invalid"
INVALID_USERNAME_PASSWORD: str = "error: username or password invalid"
USERNAME_ALREADY_USED: str = "error: username already used"
USER_ADDED: str = "ok: user added"
USER_DELETED: str = "ok: account has been deleted"
USER_VALID: str = "ok: account valid"
PASSWORD_UPDATED: str = "ok: password has been updated"

View File

@ -1,3 +1,264 @@
from django.test import TestCase from django.test import TestCase
# Create your tests here. # Create your tests here.
from django.test.client import Client
from django.http import HttpResponse
import uuid
from .status_code import *
from .settings import *
class RegisterTest(TestCase):
def setUp(self):
self.client = Client()
self.url: str = "/api/accounts/register"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
def test_incomplet_form_no_username_no_password(self):
response: HttpResponse = self.client.post(self.url)
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_incomplet_form_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_incomplet_form_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, "error: username invalid")
def test_incomplet_form_no_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_normal_register(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_ADDED)
def test_username_too_short(self):
response: HttpResponse = self.client.post(self.url, {"username": "a" * (USERNAME_MIN_SIZE - (USERNAME_MIN_SIZE > 0)), "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
def test_username_too_long(self):
response: HttpResponse = self.client.post(self.url, {"username": "a" * (USERNAME_MAX_SIZE + 1), "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
def test_password_too_short(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": "a" * (PASSWORD_MIN_SIZE - (PASSWORD_MIN_SIZE > 0))})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_password_too_long(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": "a" * (PASSWORD_MAX_SIZE + 1)})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_already_registered(self):
self.client.post(self.url, {"username": self.username, "password": self.password})
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USERNAME_ALREADY_USED)
class LoginTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/login"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME)
class LoginTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/login"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
class DeleteTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/delete"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_normal_delete(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_DELETED)
class ChangePasswordTest(TestCase):
def setUp(self):
self.client = Client()
self.url = "/api/accounts/change_password"
self.username: str = str(uuid.uuid4())[:USERNAME_MAX_SIZE]
self.password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.new_password: str = str(uuid.uuid4())[:PASSWORD_MAX_SIZE]
self.client.post("/api/accounts/register", {"username": self.username, "password": self.password})
def test_normal_login(self):
response: HttpResponse = self.client.post("/api/accounts/login", {"username": self.username, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, USER_VALID)
def test_invalid_username(self):
response: HttpResponse = self.client.post(self.url, {"username": self.password, "password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "password": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_username(self):
response: HttpResponse = self.client.post(self.url, {"password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_invalid_no_password_no_username(self):
response: HttpResponse = self.client.post(self.url, {})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_USERNAME_PASSWORD)
def test_no_new_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_new_password_to_short(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": "a" * (PASSWORD_MIN_SIZE - (PASSWORD_MIN_SIZE > 0))})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_new_password_to_long(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": "a" * (PASSWORD_MAX_SIZE + 1)})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, INVALID_PASSWORD)
def test_normal_change_password(self):
response: HttpResponse = self.client.post(self.url, {"username": self.username, "current_password": self.password, "new_password": self.new_password})
response_text: str = response.content.decode("utf-8")
self.assertEqual(response_text, PASSWORD_UPDATED)

View File

@ -6,6 +6,9 @@ from django.http import HttpResponse
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.db.models.query import QuerySet from django.db.models.query import QuerySet
from .status_code import *
from .settings import *
class Login(View): class Login(View):
def get(self, request): def get(self, request):
return render(request, "login.html") return render(request, "login.html")
@ -13,21 +16,21 @@ class Login(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
password = request.POST.get("password") password = request.POST.get("password")
if (password == None): if (password == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(password)): if (not user.check_password(password)):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
return HttpResponse("ok: account valid") return HttpResponse(USER_VALID)
class Register(View): class Register(View):
def get(self, request): def get(self, request):
@ -35,19 +38,19 @@ class Register(View):
def post(self, request): def post(self, request):
password = request.POST.get("password") password = request.POST.get("password")
if (password == None or len(password) < 3): if (password == None or not PASSWORD_MAX_SIZE >= len(password) >= PASSWORD_MIN_SIZE):
return HttpResponse("error: password invalid") return HttpResponse(INVALID_PASSWORD)
username = request.POST.get("username") username = request.POST.get("username")
if (username == None or len(username) < 3): if (username == None or not USERNAME_MAX_SIZE >= len(username) >= USERNAME_MIN_SIZE):
return HttpResponse("error: username invalid") return HttpResponse(INVALID_USERNAME)
if User.objects.filter(username=username).exists(): if User.objects.filter(username=username).exists():
return HttpResponse("error: username already used") return HttpResponse(USERNAME_ALREADY_USED)
user = User.objects.create_user(username, password=password) user = User.objects.create_user(username, password=password)
user.save() user.save()
return HttpResponse("ok: user added") return HttpResponse(USER_ADDED)
class Delete(View): class Delete(View):
def get(self, request): def get(self, request):
@ -56,23 +59,23 @@ class Delete(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
password = request.POST.get("password") password = request.POST.get("password")
if (password == None): if (password == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(password)): if (not user.check_password(password)):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
user.delete() user.delete()
return HttpResponse("ok: account has been deleted") return HttpResponse(USER_DELETED)
class ChangePassword(View): class ChangePassword(View):
def get(self, request): def get(self, request):
@ -81,25 +84,25 @@ class ChangePassword(View):
def post(self, request): def post(self, request):
username = request.POST.get("username") username = request.POST.get("username")
if (username == None): if (username == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
current_password = request.POST.get("current_password") current_password = request.POST.get("current_password")
if (current_password == None): if (current_password == None):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
query: QuerySet = User.objects.filter(username=username) query: QuerySet = User.objects.filter(username=username)
if (not query.exists()): if (not query.exists()):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
user: User = User.objects.get(username=username) user: User = User.objects.get(username=username)
if (not user.check_password(current_password)): if (not user.check_password(current_password)):
return HttpResponse("error: username or password invalid") return HttpResponse(INVALID_USERNAME_PASSWORD)
new_password = request.POST.get("new_password") new_password = request.POST.get("new_password")
if (new_password == None or len(new_password) < 3): if (new_password == None or not PASSWORD_MAX_SIZE >= len(new_password) >= PASSWORD_MIN_SIZE):
return HttpResponse("error: new password too short") return HttpResponse(INVALID_PASSWORD)
user.set_password(new_password) user.set_password(new_password)
user.save() user.save()
return HttpResponse("ok: password has been updated") return HttpResponse(PASSWORD_UPDATED)