514686d9d5
* Basic setup for drf-spectacular * Updated to only handle /api/v1 endpoints * feat: add asset and user endpoints with URL routing - Introduced new asset-related endpoints for user assets and server assets, allowing for asset uploads and management. - Added user endpoint to retrieve current user information. - Updated URL routing to include new asset and user patterns. - Enhanced issue handling with a new search endpoint for issues across multiple fields. - Expanded member management with a new endpoint for workspace members. * Group endpoints by tags * Detailed schema definitions and examples for asset endpoints * Removed unnecessary extension * Specify avatar_url field separately * chore: add project docs * chore: correct all errors * chore: added open spec in work items * feat: enhance cycle API endpoints with detailed OpenAPI specifications - Updated CycleAPIEndpoint and CycleIssueAPIEndpoint to include detailed OpenAPI schema definitions for GET, POST, PATCH, and DELETE operations. - Specified allowed HTTP methods for each endpoint in the URL routing. - Improved documentation for cycle creation, updating, and deletion, including request and response examples. * chore: added open spec in labels * chore: work item properties * feat: enhance API endpoints with OpenAPI specifications and HTTP method definitions - Added detailed OpenAPI schema definitions for various API endpoints including Intake, Module, and State. - Specified allowed HTTP methods for each endpoint in the URL routing for better clarity and documentation. - Improved request and response examples for better understanding of API usage. - Introduced unarchive functionality for cycles and modules with appropriate endpoint definitions. * chore: run formatter * Removed unnecessary settings for authentication * Refactors OpenAPI documentation structure Improves the organization and maintainability of the OpenAPI documentation by modularizing the `openapi_spec_helpers.py` file. The changes include: - Migrates common parameters, responses, examples, and authentication extensions to separate modules. - Introduces helper decorators for different endpoint types. - Updates view imports to use the new module paths. - Removes the legacy `openapi_spec_helpers.py` file. This refactoring results in a more structured and easier-to-maintain OpenAPI documentation setup. * Refactor OpenAPI endpoint specifications - Removed unnecessary parameters from the OpenAPI documentation for various endpoints in the asset, cycle, and project views. - Updated request structures to improve clarity and consistency across the API documentation. - Enhanced response formatting for better readability and maintainability. * Enhance API documentation with detailed endpoint descriptions Updated various API endpoints across the application to include comprehensive docstrings that clarify their functionality. Each endpoint now features a summary and detailed description, improving the overall understanding of their purpose and usage. This change enhances the OpenAPI specifications for better developer experience and documentation clarity. * Enhance API serializers and views with new request structures - Added new serializers for handling cycle and module issue requests, including `CycleIssueRequestSerializer`, `TransferCycleIssueRequestSerializer`, `ModuleIssueRequestSerializer`, and intake issue creation/updating serializers. - Updated existing serializers to improve clarity and maintainability, including the `UserAssetUploadSerializer` and `IssueAttachmentUploadSerializer`. - Refactored API views to utilize the new serializers, enhancing the request handling for cycle and intake issue endpoints. - Improved OpenAPI documentation by replacing inline request definitions with serializer references for better consistency and readability. * Refactor OpenAPI documentation and endpoint specifications - Replaced inline schema definitions with dedicated decorators for various endpoint types, enhancing clarity and maintainability. - Updated API views to utilize new decorators for user, cycle, intake, module, and project endpoints, improving consistency in OpenAPI documentation. - Removed unnecessary parameters and responses from endpoint specifications, streamlining the documentation for better readability. - Enhanced the organization of OpenAPI documentation by modularizing endpoint-specific decorators and parameters. * chore: correct formatting * chore: correct formatting for all api folder files * refactor: clean up serializer imports and test setup - Removed unused `StateLiteSerializer` import from the serializer module. - Updated test setup to include a noqa comment for the `django_db_setup` fixture, ensuring clarity in the code. - Added missing commas in user data dictionary for consistency. * feat: add project creation and update serializers with validation - Introduced `ProjectCreateSerializer` and `ProjectUpdateSerializer` to handle project creation and updates, respectively. - Implemented validation to ensure project leads and default assignees are members of the workspace. - Updated API views to utilize the new serializers for creating and updating projects, enhancing request handling. - Added OpenAPI documentation references for the new serializers in the project API endpoints. * feat: update serializers to include additional read-only fields * refactor: rename intake issue serializers and enhance structure - Renamed `CreateIntakeIssueRequestSerializer` to `IntakeIssueCreateSerializer` and `UpdateIntakeIssueRequestSerializer` to `IntakeIssueUpdateSerializer` for clarity. - Introduced `IssueSerializer` for nested issue data in intake requests, improving the organization of serializer logic. - Updated API views to utilize the new serializer names, ensuring consistency across the codebase. * refactor: rename issue serializer for intake and enhance API documentation - Renamed `IssueSerializer` to `IssueForIntakeSerializer` for better clarity in the context of intake issues. - Updated references in `IntakeIssueCreateSerializer` and `IntakeIssueUpdateSerializer` to use the new `IssueForIntakeSerializer`. - Added OpenAPI documentation for the `get_workspace_work_item` endpoint, detailing parameters and responses for improved clarity. * chore: modules and cycles serializers * feat: add new serializers for label and issue link management - Introduced `LabelCreateUpdateSerializer`, `IssueLinkCreateSerializer`, `IssueLinkUpdateSerializer`, and `IssueCommentCreateSerializer` to enhance the handling of label and issue link data. - Updated existing API views to utilize the new serializers for creating and updating labels, issue links, and comments, improving request handling and validation. - Added `IssueSearchSerializer` for searching issues, streamlining the search functionality in the API. * Don't consider read only fields as required * Add setting to separate request and response definitions * Fixed avatar_url warning on openapi spec generation * Made spectacular disabled by default * Moved spectacular settings into separate file and added detailed descriptions to tags * Specify methods for asset urls * Better server names * Enhance API documentation with summaries for various endpoints - Added summary descriptions for user asset, cycle, intake, issue, member, module, project, state, and user API endpoints to improve clarity and usability of the API documentation. - Updated the OpenAPI specifications to reflect these changes, ensuring better understanding for developers interacting with the API. * Add contact information to OpenAPI settings - Included contact details for Plane in the OpenAPI settings to enhance API documentation and provide developers with a direct point of contact for support. - This addition aims to improve the overall usability and accessibility of the API documentation. * Reordered tags and improved description relavancy * Enhance OpenAPI documentation for cycle and issue endpoints - Added response definitions for the `get_cycle_issues` and `delete_cycle_issue` methods in the CycleIssueAPIEndpoint to clarify expected outcomes. - Included additional response codes for the IssueSearchEndpoint to handle various error scenarios, improving the overall API documentation and usability. * Enhance serializer documentation across multiple files - Updated docstrings for various serializers including UserAssetUploadSerializer, AssetUpdateSerializer, and others to provide clearer descriptions of their functionality and usage. - Improved consistency in formatting and language across serializer classes to enhance readability and maintainability. - Added detailed explanations for new serializers related to project, module, and cycle management, ensuring comprehensive documentation for developers. * Refactor API endpoints for cycles, intake, modules, projects, and states - Replaced existing API endpoint classes with more descriptive names such as CycleListCreateAPIEndpoint, CycleDetailAPIEndpoint, IntakeIssueListCreateAPIEndpoint, and others to enhance clarity. - Updated URL patterns to reflect the new endpoint names, ensuring consistency across the API. - Improved documentation and method summaries for better understanding of endpoint functionalities. - Enhanced query handling in the new endpoint classes to streamline data retrieval and improve performance. * Refactor issue and label API endpoints for clarity and functionality - Renamed existing API endpoint classes to more descriptive names such as IssueListCreateAPIEndpoint, IssueDetailAPIEndpoint, LabelListCreateAPIEndpoint, and LabelDetailAPIEndpoint to enhance clarity. - Updated URL patterns to reflect the new endpoint names, ensuring consistency across the API. - Improved method summaries and documentation for better understanding of endpoint functionalities. - Streamlined query handling in the new endpoint classes to enhance data retrieval and performance. * Refactor asset API endpoint methods and introduce new status enums - Updated the GenericAssetEndpoint to only allow POST requests for asset creation, removing the GET method. - Modified the get method to require asset_id, ensuring that asset retrieval is always tied to a specific asset. - Added new IntakeIssueStatus and ModuleStatus enums to improve clarity and management of asset and module states. - Enhanced OpenAPI settings to include these new enums for better documentation and usability. * enforce naming convention * Added LICENSE to openapi spec * Enhance OpenAPI documentation for various API endpoints - Updated API endpoints in asset, cycle, intake, issue, module, project, and state views to include OpenApiRequest and OpenApiExample for better request documentation. - Added example requests for creating and updating resources, improving clarity for API consumers. - Ensured consistent use of OpenApi utilities across all relevant endpoints to enhance overall API documentation quality. * Enhance OpenAPI documentation for various API endpoints - Added detailed descriptions to multiple API endpoints across asset, cycle, intake, issue, module, project, state, and user views to improve clarity for API consumers. - Ensured consistent documentation practices by including descriptions that outline the purpose and functionality of each endpoint. - This update aims to enhance the overall usability and understanding of the API documentation. * Update OpenAPI examples and enhance project queryset logic - Changed example fields in OpenAPI documentation for issue comments from "content" to "comment_html" to reflect the correct structure. - Introduced a new `get_queryset` method in the ProjectDetailAPIEndpoint to filter projects based on user membership and workspace, while also annotating additional project-related data such as total members, cycles, and modules. - Updated permission checks to use the correct attribute name for project identifiers, ensuring accurate permission handling. * Enhance OpenAPI documentation and add response examples - Updated multiple API endpoints across asset, cycle, intake, issue, module, project, state, and user views to include new OpenApiResponse examples for better clarity on expected outcomes. - Introduced new parameters for project and issue identifiers to improve request handling and documentation consistency. - Enhanced existing responses with detailed examples to aid API consumers in understanding the expected data structure and error handling. - This update aims to improve the overall usability and clarity of the API documentation. * refactor: update terminology from 'issues' to 'work items' across multiple API endpoints for consistency and clarity * use common timezones from pytz for choices * Moved the openapi utils to the new folder structure * Added exception logging in GenericAssetEndpoint to improve error handling * Fixed code rabbit suggestions * Refactored IssueDetailAPIEndpoint to streamline issue retrieval and response handling, removing redundant external ID checks and custom ordering logic. --------- Co-authored-by: pablohashescobar <nikhilschacko@gmail.com> Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
469 lines
18 KiB
Python
469 lines
18 KiB
Python
import json
|
|
import uuid
|
|
import pytest
|
|
from django.urls import reverse
|
|
from django.utils import timezone
|
|
from rest_framework import status
|
|
from django.test import Client
|
|
from django.core.exceptions import ValidationError
|
|
from unittest.mock import patch
|
|
|
|
from plane.db.models import User
|
|
from plane.settings.redis import redis_instance
|
|
from plane.license.models import Instance
|
|
|
|
|
|
@pytest.fixture
|
|
def setup_instance(db):
|
|
"""Create and configure an instance for authentication tests"""
|
|
instance_id = (
|
|
uuid.uuid4() if not Instance.objects.exists() else Instance.objects.first().id
|
|
)
|
|
|
|
# Create or update instance with all required fields
|
|
instance, _ = Instance.objects.update_or_create(
|
|
id=instance_id,
|
|
defaults={
|
|
"instance_name": "Test Instance",
|
|
"instance_id": str(uuid.uuid4()),
|
|
"current_version": "1.0.0",
|
|
"domain": "http://localhost:8000",
|
|
"last_checked_at": timezone.now(),
|
|
"is_setup_done": True,
|
|
},
|
|
)
|
|
return instance
|
|
|
|
|
|
@pytest.fixture
|
|
def django_client():
|
|
"""Return a Django test client with User-Agent header for handling redirects"""
|
|
client = Client(
|
|
HTTP_USER_AGENT="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1"
|
|
)
|
|
return client
|
|
|
|
|
|
@pytest.mark.contract
|
|
class TestMagicLinkGenerate:
|
|
"""Test magic link generation functionality"""
|
|
|
|
@pytest.fixture
|
|
def setup_user(self, db):
|
|
"""Create a test user for magic link tests"""
|
|
user = User.objects.create(email="user@plane.so")
|
|
user.set_password("user@123")
|
|
user.save()
|
|
return user
|
|
|
|
@pytest.mark.django_db
|
|
def test_without_data(self, api_client, setup_user, setup_instance):
|
|
"""Test magic link generation with empty data"""
|
|
url = reverse("magic-generate")
|
|
try:
|
|
response = api_client.post(url, {}, format="json")
|
|
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
|
except ValidationError:
|
|
# If a ValidationError is raised directly, that's also acceptable
|
|
# as it indicates the empty email was rejected
|
|
assert True
|
|
|
|
@pytest.mark.django_db
|
|
def test_email_validity(self, api_client, setup_user, setup_instance):
|
|
"""Test magic link generation with invalid email format"""
|
|
url = reverse("magic-generate")
|
|
try:
|
|
response = api_client.post(url, {"email": "useremail.com"}, format="json")
|
|
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
|
assert "error_code" in response.data # Check for error code in response
|
|
except ValidationError:
|
|
# If a ValidationError is raised directly, that's also acceptable
|
|
# as it indicates the invalid email was rejected
|
|
assert True
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_magic_generate(
|
|
self, mock_magic_link, api_client, setup_user, setup_instance
|
|
):
|
|
"""Test successful magic link generation"""
|
|
url = reverse("magic-generate")
|
|
|
|
ri = redis_instance()
|
|
ri.delete("magic_user@plane.so")
|
|
|
|
response = api_client.post(url, {"email": "user@plane.so"}, format="json")
|
|
assert response.status_code == status.HTTP_200_OK
|
|
assert "key" in response.data # Check for key in response
|
|
|
|
# Verify the mock was called with the expected arguments
|
|
mock_magic_link.assert_called_once()
|
|
args = mock_magic_link.call_args[0]
|
|
assert args[0] == "user@plane.so" # First arg should be the email
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_max_generate_attempt(
|
|
self, mock_magic_link, api_client, setup_user, setup_instance
|
|
):
|
|
"""Test exceeding maximum magic link generation attempts"""
|
|
url = reverse("magic-generate")
|
|
|
|
ri = redis_instance()
|
|
ri.delete("magic_user@plane.so")
|
|
|
|
for _ in range(4):
|
|
api_client.post(url, {"email": "user@plane.so"}, format="json")
|
|
|
|
response = api_client.post(url, {"email": "user@plane.so"}, format="json")
|
|
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
|
assert "error_code" in response.data # Check for error code in response
|
|
|
|
|
|
@pytest.mark.contract
|
|
class TestSignInEndpoint:
|
|
"""Test sign-in functionality"""
|
|
|
|
@pytest.fixture
|
|
def setup_user(self, db):
|
|
"""Create a test user for authentication tests"""
|
|
user = User.objects.create(email="user@plane.so")
|
|
user.set_password("user@123")
|
|
user.save()
|
|
return user
|
|
|
|
@pytest.mark.django_db
|
|
def test_without_data(self, django_client, setup_user, setup_instance):
|
|
"""Test sign-in with empty data"""
|
|
url = reverse("sign-in")
|
|
response = django_client.post(url, {}, follow=True)
|
|
|
|
# Check redirect contains error code
|
|
assert "REQUIRED_EMAIL_PASSWORD_SIGN_IN" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_email_validity(self, django_client, setup_user, setup_instance):
|
|
"""Test sign-in with invalid email format"""
|
|
url = reverse("sign-in")
|
|
response = django_client.post(
|
|
url, {"email": "useremail.com", "password": "user@123"}, follow=True
|
|
)
|
|
|
|
# Check redirect contains error code
|
|
assert "INVALID_EMAIL_SIGN_IN" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_user_exists(self, django_client, setup_user, setup_instance):
|
|
"""Test sign-in with non-existent user"""
|
|
url = reverse("sign-in")
|
|
response = django_client.post(
|
|
url, {"email": "user@email.so", "password": "user123"}, follow=True
|
|
)
|
|
|
|
# Check redirect contains error code
|
|
assert "USER_DOES_NOT_EXIST" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_password_validity(self, django_client, setup_user, setup_instance):
|
|
"""Test sign-in with incorrect password"""
|
|
url = reverse("sign-in")
|
|
response = django_client.post(
|
|
url, {"email": "user@plane.so", "password": "user123"}, follow=True
|
|
)
|
|
|
|
# Check for the specific authentication error in the URL
|
|
redirect_urls = [url for url, _ in response.redirect_chain]
|
|
redirect_contents = " ".join(redirect_urls)
|
|
|
|
# The actual error code for invalid password is AUTHENTICATION_FAILED_SIGN_IN
|
|
assert "AUTHENTICATION_FAILED_SIGN_IN" in redirect_contents
|
|
|
|
@pytest.mark.django_db
|
|
def test_user_login(self, django_client, setup_user, setup_instance):
|
|
"""Test successful sign-in"""
|
|
url = reverse("sign-in")
|
|
|
|
# First make the request without following redirects
|
|
response = django_client.post(
|
|
url, {"email": "user@plane.so", "password": "user@123"}, follow=False
|
|
)
|
|
|
|
# Check that the initial response is a redirect (302) without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# Now follow just the first redirect to avoid 404s
|
|
response = django_client.get(response.url, follow=False)
|
|
|
|
# The user should be authenticated regardless of the final page
|
|
assert "_auth_user_id" in django_client.session
|
|
|
|
@pytest.mark.django_db
|
|
def test_next_path_redirection(self, django_client, setup_user, setup_instance):
|
|
"""Test sign-in with next_path parameter"""
|
|
url = reverse("sign-in")
|
|
next_path = "workspaces"
|
|
|
|
# First make the request without following redirects
|
|
response = django_client.post(
|
|
url,
|
|
{"email": "user@plane.so", "password": "user@123", "next_path": next_path},
|
|
follow=False,
|
|
)
|
|
|
|
# Check that the initial response is a redirect (302) without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# In a real browser, the next_path would be used to build the absolute URL
|
|
# Since we're just testing the authentication logic, we won't check for the exact URL structure
|
|
# Instead, just verify that we're authenticated
|
|
assert "_auth_user_id" in django_client.session
|
|
|
|
|
|
@pytest.mark.contract
|
|
class TestMagicSignIn:
|
|
"""Test magic link sign-in functionality"""
|
|
|
|
@pytest.fixture
|
|
def setup_user(self, db):
|
|
"""Create a test user for magic sign-in tests"""
|
|
user = User.objects.create(email="user@plane.so")
|
|
user.set_password("user@123")
|
|
user.save()
|
|
return user
|
|
|
|
@pytest.mark.django_db
|
|
def test_without_data(self, django_client, setup_user, setup_instance):
|
|
"""Test magic link sign-in with empty data"""
|
|
url = reverse("magic-sign-in")
|
|
response = django_client.post(url, {}, follow=True)
|
|
|
|
# Check redirect contains error code
|
|
assert "MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_expired_invalid_magic_link(
|
|
self, django_client, setup_user, setup_instance
|
|
):
|
|
"""Test magic link sign-in with expired/invalid link"""
|
|
ri = redis_instance()
|
|
ri.delete("magic_user@plane.so")
|
|
|
|
url = reverse("magic-sign-in")
|
|
response = django_client.post(
|
|
url, {"email": "user@plane.so", "code": "xxxx-xxxxx-xxxx"}, follow=False
|
|
)
|
|
|
|
# Check that we get a redirect
|
|
assert response.status_code == 302
|
|
|
|
# The actual error code is EXPIRED_MAGIC_CODE_SIGN_IN (when key doesn't exist)
|
|
# or INVALID_MAGIC_CODE_SIGN_IN (when key exists but code doesn't match)
|
|
assert (
|
|
"EXPIRED_MAGIC_CODE_SIGN_IN" in response.url
|
|
or "INVALID_MAGIC_CODE_SIGN_IN" in response.url
|
|
)
|
|
|
|
@pytest.mark.django_db
|
|
def test_user_does_not_exist(self, django_client, setup_instance):
|
|
"""Test magic sign-in with non-existent user"""
|
|
url = reverse("magic-sign-in")
|
|
response = django_client.post(
|
|
url,
|
|
{"email": "nonexistent@plane.so", "code": "xxxx-xxxxx-xxxx"},
|
|
follow=True,
|
|
)
|
|
|
|
# Check redirect contains error code
|
|
assert "USER_DOES_NOT_EXIST" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_magic_code_sign_in(
|
|
self, mock_magic_link, django_client, api_client, setup_user, setup_instance
|
|
):
|
|
"""Test successful magic link sign-in process"""
|
|
# First generate a magic link token
|
|
gen_url = reverse("magic-generate")
|
|
response = api_client.post(gen_url, {"email": "user@plane.so"}, format="json")
|
|
|
|
# Check that the token generation was successful
|
|
assert response.status_code == status.HTTP_200_OK
|
|
|
|
# Since we're mocking the magic_link task, we need to manually get the token from Redis
|
|
ri = redis_instance()
|
|
user_data = json.loads(ri.get("magic_user@plane.so"))
|
|
token = user_data["token"]
|
|
|
|
# Use Django client to test the redirect flow without following redirects
|
|
url = reverse("magic-sign-in")
|
|
response = django_client.post(
|
|
url, {"email": "user@plane.so", "code": token}, follow=False
|
|
)
|
|
|
|
# Check that the initial response is a redirect without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# The user should now be authenticated
|
|
assert "_auth_user_id" in django_client.session
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_magic_sign_in_with_next_path(
|
|
self, mock_magic_link, django_client, api_client, setup_user, setup_instance
|
|
):
|
|
"""Test magic sign-in with next_path parameter"""
|
|
# First generate a magic link token
|
|
gen_url = reverse("magic-generate")
|
|
response = api_client.post(gen_url, {"email": "user@plane.so"}, format="json")
|
|
|
|
# Check that the token generation was successful
|
|
assert response.status_code == status.HTTP_200_OK
|
|
|
|
# Since we're mocking the magic_link task, we need to manually get the token from Redis
|
|
ri = redis_instance()
|
|
user_data = json.loads(ri.get("magic_user@plane.so"))
|
|
token = user_data["token"]
|
|
|
|
# Use Django client to test the redirect flow without following redirects
|
|
url = reverse("magic-sign-in")
|
|
next_path = "workspaces"
|
|
response = django_client.post(
|
|
url,
|
|
{"email": "user@plane.so", "code": token, "next_path": next_path},
|
|
follow=False,
|
|
)
|
|
|
|
# Check that the initial response is a redirect without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# Check that the redirect URL contains the next_path
|
|
assert next_path in response.url
|
|
|
|
# The user should now be authenticated
|
|
assert "_auth_user_id" in django_client.session
|
|
|
|
|
|
@pytest.mark.contract
|
|
class TestMagicSignUp:
|
|
"""Test magic link sign-up functionality"""
|
|
|
|
@pytest.mark.django_db
|
|
def test_without_data(self, django_client, setup_instance):
|
|
"""Test magic link sign-up with empty data"""
|
|
url = reverse("magic-sign-up")
|
|
response = django_client.post(url, {}, follow=True)
|
|
|
|
# Check redirect contains error code
|
|
assert "MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_user_already_exists(self, django_client, db, setup_instance):
|
|
"""Test magic sign-up with existing user"""
|
|
# Create a user that already exists
|
|
User.objects.create(email="existing@plane.so")
|
|
|
|
url = reverse("magic-sign-up")
|
|
response = django_client.post(
|
|
url, {"email": "existing@plane.so", "code": "xxxx-xxxxx-xxxx"}, follow=True
|
|
)
|
|
|
|
# Check redirect contains error code
|
|
assert "USER_ALREADY_EXIST" in response.redirect_chain[-1][0]
|
|
|
|
@pytest.mark.django_db
|
|
def test_expired_invalid_magic_link(self, django_client, setup_instance):
|
|
"""Test magic link sign-up with expired/invalid link"""
|
|
url = reverse("magic-sign-up")
|
|
response = django_client.post(
|
|
url, {"email": "new@plane.so", "code": "xxxx-xxxxx-xxxx"}, follow=False
|
|
)
|
|
|
|
# Check that we get a redirect
|
|
assert response.status_code == 302
|
|
|
|
# The actual error code is EXPIRED_MAGIC_CODE_SIGN_UP (when key doesn't exist)
|
|
# or INVALID_MAGIC_CODE_SIGN_UP (when key exists but code doesn't match)
|
|
assert (
|
|
"EXPIRED_MAGIC_CODE_SIGN_UP" in response.url
|
|
or "INVALID_MAGIC_CODE_SIGN_UP" in response.url
|
|
)
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_magic_code_sign_up(
|
|
self, mock_magic_link, django_client, api_client, setup_instance
|
|
):
|
|
"""Test successful magic link sign-up process"""
|
|
email = "newuser@plane.so"
|
|
|
|
# First generate a magic link token
|
|
gen_url = reverse("magic-generate")
|
|
response = api_client.post(gen_url, {"email": email}, format="json")
|
|
|
|
# Check that the token generation was successful
|
|
assert response.status_code == status.HTTP_200_OK
|
|
|
|
# Since we're mocking the magic_link task, we need to manually get the token from Redis
|
|
ri = redis_instance()
|
|
user_data = json.loads(ri.get(f"magic_{email}"))
|
|
token = user_data["token"]
|
|
|
|
# Use Django client to test the redirect flow without following redirects
|
|
url = reverse("magic-sign-up")
|
|
response = django_client.post(
|
|
url, {"email": email, "code": token}, follow=False
|
|
)
|
|
|
|
# Check that the initial response is a redirect without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# Check if user was created
|
|
assert User.objects.filter(email=email).exists()
|
|
|
|
# Check if user is authenticated
|
|
assert "_auth_user_id" in django_client.session
|
|
|
|
@pytest.mark.django_db
|
|
@patch("plane.bgtasks.magic_link_code_task.magic_link.delay")
|
|
def test_magic_sign_up_with_next_path(
|
|
self, mock_magic_link, django_client, api_client, setup_instance
|
|
):
|
|
"""Test magic sign-up with next_path parameter"""
|
|
email = "newuser2@plane.so"
|
|
|
|
# First generate a magic link token
|
|
gen_url = reverse("magic-generate")
|
|
response = api_client.post(gen_url, {"email": email}, format="json")
|
|
|
|
# Check that the token generation was successful
|
|
assert response.status_code == status.HTTP_200_OK
|
|
|
|
# Since we're mocking the magic_link task, we need to manually get the token from Redis
|
|
ri = redis_instance()
|
|
user_data = json.loads(ri.get(f"magic_{email}"))
|
|
token = user_data["token"]
|
|
|
|
# Use Django client to test the redirect flow without following redirects
|
|
url = reverse("magic-sign-up")
|
|
next_path = "onboarding"
|
|
response = django_client.post(
|
|
url, {"email": email, "code": token, "next_path": next_path}, follow=False
|
|
)
|
|
|
|
# Check that the initial response is a redirect without error code
|
|
assert response.status_code == 302
|
|
assert "error_code" not in response.url
|
|
|
|
# In a real browser, the next_path would be used to build the absolute URL
|
|
# Since we're just testing the authentication logic, we won't check for the exact URL structure
|
|
|
|
# Check if user was created
|
|
assert User.objects.filter(email=email).exists()
|
|
|
|
# Check if user is authenticated
|
|
assert "_auth_user_id" in django_client.session
|