diff options
| author | Barry Warsaw | 2014-12-15 20:01:53 -0500 |
|---|---|---|
| committer | Barry Warsaw | 2014-12-15 20:01:53 -0500 |
| commit | 068634612210ea447dca21db416724cba88cd64d (patch) | |
| tree | 1cbecf2aa182163aa61ec38269f526c9cd28a692 /src/mailman/rest/tests/test_users.py | |
| parent | acf95993ceb605c71ad07a32a572ae1f0888a7de (diff) | |
| download | mailman-068634612210ea447dca21db416724cba88cd64d.tar.gz mailman-068634612210ea447dca21db416724cba88cd64d.tar.zst mailman-068634612210ea447dca21db416724cba88cd64d.zip | |
Diffstat (limited to 'src/mailman/rest/tests/test_users.py')
| -rw-r--r-- | src/mailman/rest/tests/test_users.py | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/src/mailman/rest/tests/test_users.py b/src/mailman/rest/tests/test_users.py index a130b1cc9..d4d49889d 100644 --- a/src/mailman/rest/tests/test_users.py +++ b/src/mailman/rest/tests/test_users.py @@ -107,6 +107,48 @@ class TestUsers(unittest.TestCase): method='DELETE') self.assertEqual(cm.exception.code, 404) + def test_delete_user_twice(self): + # You cannot DELETE a user twice, either by address or user id. + with transaction(): + anne = getUtility(IUserManager).create_user( + 'anne@example.com', 'Anne Person') + user_id = anne.user_id + content, response = call_api( + 'http://localhost:9001/3.0/users/anne@example.com', + method='DELETE') + self.assertEqual(response.status, 204) + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/users/anne@example.com', + method='DELETE') + self.assertEqual(cm.exception.code, 404) + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/users/{}'.format(user_id), + method='DELETE') + self.assertEqual(cm.exception.code, 404) + + def test_get_after_delete(self): + # You cannot GET a user record after deleting them. + with transaction(): + anne = getUtility(IUserManager).create_user( + 'anne@example.com', 'Anne Person') + user_id = anne.user_id + # You can still GET the user record. + content, response = call_api( + 'http://localhost:9001/3.0/users/anne@example.com') + self.assertEqual(response.status, 200) + # Delete the user. + content, response = call_api( + 'http://localhost:9001/3.0/users/anne@example.com', + method='DELETE') + self.assertEqual(response.status, 204) + # The user record can no longer be retrieved. + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/users/anne@example.com') + self.assertEqual(cm.exception.code, 404) + with self.assertRaises(HTTPError) as cm: + call_api('http://localhost:9001/3.0/users/{}'.format(user_id)) + self.assertEqual(cm.exception.code, 404) + def test_existing_user_error(self): # Creating a user twice results in an error. call_api('http://localhost:9001/3.0/users', { @@ -250,6 +292,21 @@ class TestLogin(unittest.TestCase): 'anne@example.com', 'Anne Person') self.anne.password = config.password_context.encrypt('abc123') + def test_login_with_cleartext_password(self): + # A user can log in with the correct clear text password. + content, response = call_api( + 'http://localhost:9001/3.0/users/anne@example.com/login', { + 'cleartext_password': 'abc123', + }, method='POST') + self.assertEqual(response.status, 204) + # But the user cannot log in with an incorrect password. + with self.assertRaises(HTTPError) as cm: + call_api( + 'http://localhost:9001/3.0/users/anne@example.com/login', { + 'cleartext_password': 'not-the-password', + }, method='POST') + self.assertEqual(cm.exception.code, 403) + def test_wrong_parameter(self): # A bad request because it is mistyped the required attribute. with self.assertRaises(HTTPError) as cm: |