from django.conf import settings from django.contrib.auth import aget_user, get_user, get_user_model from django.contrib.auth.models import AnonymousUser, User from django.core.exceptions import ImproperlyConfigured from django.db import IntegrityError from django.http import HttpRequest from django.test import TestCase, override_settings from django.utils import translation from .models import CustomUser class BasicTestCase(TestCase): def test_user(self): "Users can be created and can set their password" u = User.objects.create_user("testuser", "test@example.com", "testpw") self.assertTrue(u.has_usable_password()) self.assertFalse(u.check_password("bad")) self.assertTrue(u.check_password("testpw")) # Check we can manually set an unusable password u.set_unusable_password() u.save() self.assertFalse(u.check_password("testpw")) self.assertFalse(u.has_usable_password()) u.set_password("testpw") self.assertTrue(u.check_password("testpw")) u.set_password(None) self.assertFalse(u.has_usable_password()) # Check username getter self.assertEqual(u.get_username(), "testuser") # Check authentication/permissions self.assertFalse(u.is_anonymous) self.assertTrue(u.is_authenticated) self.assertFalse(u.is_staff) self.assertTrue(u.is_active) self.assertFalse(u.is_superuser) # Check API-based user creation with no password u2 = User.objects.create_user("testuser2", "test2@example.com") self.assertFalse(u2.has_usable_password()) async def test_acreate(self): u = await User.objects.acreate_user("testuser", "test@example.com", "testpw") self.assertTrue(u.has_usable_password()) self.assertFalse(await u.acheck_password("bad")) self.assertTrue(await u.acheck_password("testpw")) def test_unicode_username(self): User.objects.create_user("jörg") User.objects.create_user("Григорий") # Two equivalent Unicode normalized usernames are duplicates. omega_username = "iamtheΩ" # U+03A9 GREEK CAPITAL LETTER OMEGA ohm_username = "iamtheΩ" # U+2126 OHM SIGN User.objects.create_user(ohm_username) with self.assertRaises(IntegrityError): User.objects.create_user(omega_username) def test_user_no_email(self): "Users can be created without an email" cases = [ {}, {"email": ""}, {"email": None}, ] for i, kwargs in enumerate(cases): with self.subTest(**kwargs): u = User.objects.create_user("testuser{}".format(i), **kwargs) self.assertEqual(u.email, "") def test_superuser(self): "Check the creation and properties of a superuser" super = User.objects.create_superuser("super", "super@example.com", "super") self.assertTrue(super.is_superuser) self.assertTrue(super.is_active) self.assertTrue(super.is_staff) async def test_asuperuser(self): "Check the creation and properties of a superuser" super = await User.objects.acreate_superuser( "super", "super@example.com", "super" ) self.assertTrue(super.is_superuser) self.assertTrue(super.is_active) self.assertTrue(super.is_staff) def test_superuser_no_email_or_password(self): cases = [ {}, {"email": ""}, {"email": None}, {"password": None}, ] for i, kwargs in enumerate(cases): with self.subTest(**kwargs): superuser = User.objects.create_superuser("super{}".format(i), **kwargs) self.assertEqual(superuser.email, "") self.assertFalse(superuser.has_usable_password()) def test_get_user_model(self): "The current user model can be retrieved" self.assertEqual(get_user_model(), User) @override_settings(AUTH_USER_MODEL="auth_tests.CustomUser") def test_swappable_user(self): "The current user model can be swapped out for another" self.assertEqual(get_user_model(), CustomUser) with self.assertRaises(AttributeError): User.objects.all() @override_settings(AUTH_USER_MODEL="badsetting") def test_swappable_user_bad_setting(self): "The alternate user setting must point to something in the format app.model" msg = "AUTH_USER_MODEL must be of the form 'app_label.model_name'" with self.assertRaisesMessage(ImproperlyConfigured, msg): get_user_model() @override_settings(AUTH_USER_MODEL="thismodel.doesntexist") def test_swappable_user_nonexistent_model(self): "The current user model must point to an installed model" msg = ( "AUTH_USER_MODEL refers to model 'thismodel.doesntexist' " "that has not been installed" ) with self.assertRaisesMessage(ImproperlyConfigured, msg): get_user_model() def test_user_verbose_names_translatable(self): "Default User model verbose names are translatable (#19945)" with translation.override("en"): self.assertEqual(User._meta.verbose_name, "user") self.assertEqual(User._meta.verbose_name_plural, "users") with translation.override("es"): self.assertEqual(User._meta.verbose_name, "usuario") self.assertEqual(User._meta.verbose_name_plural, "usuarios") class TestGetUser(TestCase): def test_get_user_anonymous(self): request = HttpRequest() request.session = self.client.session user = get_user(request) self.assertIsInstance(user, AnonymousUser) async def test_aget_user_anonymous(self): request = HttpRequest() request.session = await self.client.asession() user = await aget_user(request) self.assertIsInstance(user, AnonymousUser) def test_get_user(self): created_user = User.objects.create_user( "testuser", "test@example.com", "testpw" ) self.client.login(username="testuser", password="testpw") request = HttpRequest() request.session = self.client.session user = get_user(request) self.assertIsInstance(user, User) self.assertEqual(user.username, created_user.username) def test_get_user_fallback_secret(self): created_user = User.objects.create_user( "testuser", "test@example.com", "testpw" ) self.client.login(username="testuser", password="testpw") request = HttpRequest() request.session = self.client.session prev_session_key = request.session.session_key with override_settings( SECRET_KEY="newsecret", SECRET_KEY_FALLBACKS=[settings.SECRET_KEY], ): user = get_user(request) self.assertIsInstance(user, User) self.assertEqual(user.username, created_user.username) self.assertNotEqual(request.session.session_key, prev_session_key) # Remove the fallback secret. # The session hash should be updated using the current secret. with override_settings(SECRET_KEY="newsecret"): user = get_user(request) self.assertIsInstance(user, User) self.assertEqual(user.username, created_user.username) async def test_aget_user_fallback_secret(self): created_user = await User.objects.acreate_user( "testuser", "test@example.com", "testpw" ) await self.client.alogin(username="testuser", password="testpw") request = HttpRequest() request.session = await self.client.asession() prev_session_key = request.session.session_key with override_settings( SECRET_KEY="newsecret", SECRET_KEY_FALLBACKS=[settings.SECRET_KEY], ): user = await aget_user(request) self.assertIsInstance(user, User) self.assertEqual(user.username, created_user.username) self.assertNotEqual(request.session.session_key, prev_session_key) # Remove the fallback secret. # The session hash should be updated using the current secret. with override_settings(SECRET_KEY="newsecret"): user = await aget_user(request) self.assertIsInstance(user, User) self.assertEqual(user.username, created_user.username)