Merge pull request #74 from UNLV-CS472-672/user_tests

User tests

Author: omgdory

backend/apps/users/tests.py

@@ -1,3 +1,96 @@
+from django.contrib.auth.models import User
 from django.test import TestCase
+from django.urls import reverse
+from rest_framework.test import APIClient
+from rest_framework import status
+from .models import Profile
+from rest_framework_simplejwt.tokens import RefreshToken
 
-# Create your tests here.
+class UserAPITestCase(TestCase):
+    def setUp(self):
+        """Set up test data and API client."""
+        self.client = APIClient()
+        self.user = User.objects.create_user(
+            username="testuser",
+            password="testpassword",
+            first_name="Test",
+            last_name="User",
+            email="test@example.com"
+        )
+        self.profile = Profile.objects.create(user=self.user, role=Profile.STUDENT)
+        self.login_url = "/users/login/"
+        self.register_url = "/users/register/"
+        self.csrf_token_url = "/users/csrf/"
+        self.delete_user_url = "/users/delete_user/"
+        self.logout_url = "/users/logout/"
+        
+        # Obtain JWT tokens
+        response = self.client.post(self.login_url, {"username": "testuser", "password": "testpassword"})
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.refresh_token = response.json().get("refreshToken")
+        self.access_token = response.json().get("accessToken")
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {self.access_token}")
+
+    def test_csrf_token_view(self):
+        """Test CSRF token endpoint."""
+        response = self.client.get(self.csrf_token_url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("csrfToken", response.json())
+    
+    def test_login_view_success(self):
+        """Test successful login."""
+        response = self.client.post(self.login_url, {
+            "username": "testuser",
+            "password": "testpassword"
+        })
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("accessToken", response.json())
+    
+    def test_login_view_failure(self):
+        """Test failed login with incorrect credentials."""
+        response = self.client.post(self.login_url, {
+            "username": "wronguser",
+            "password": "wrongpassword"
+        })
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertIn("error", response.json())
+    
+    def test_register_profile(self):
+        """Test user registration."""
+        response = self.client.post(self.register_url, {
+            "country": "USA",
+            "displayName": "newuser",
+            "email": "newuser@example.com",
+            "firstName": "New",
+            "lastName": "User",
+            "password": "newpassword",
+            "role": Profile.STUDENT
+        })
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertTrue(User.objects.filter(username="newuser").exists())
+        self.assertTrue(Profile.objects.filter(user__username="newuser").exists())
+        self.assertEqual(str(Profile.objects.filter(user__username="newuser")[0]), "newuser")
+    
+    def test_delete_user_success(self):
+        """Test deleting an existing user."""
+        response = self.client.post(self.delete_user_url, {"username": "testuser"})
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertFalse(User.objects.filter(username="testuser").exists())
+    
+    def test_delete_user_not_found(self):
+        """Test deleting a non-existent user."""
+        response = self.client.post(self.delete_user_url, {"username": "nonexistent"})
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertIn("User not found!", response.content.decode())
+    
+    def test_logout_view(self):
+        """Test logout functionality."""
+        response = self.client.post(self.logout_url, {"refresh_token": self.refresh_token})
+        if(response.status_code==status.HTTP_400_BAD_REQUEST):
+            print(response.data["error"])
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("message", response.json())
+    
+    # as per Allison's recommendation
+    def tearDown(self):
+      self.user.delete()

backend/apps/users/urls.py

@@ -3,5 +3,7 @@
 urlpatterns = [
   path("login/", login_view, name="login"),
   path("logout/", logout_view, name="logout"),
+  path("register/", register_profile, name="register"),
+  path("delete_user/", delete_user, name="delete"),
   path("csrf/", csrf_token_view, name="csrf"),
 ]

backend/apps/users/views.py

@@ -1,67 +1,88 @@
-from django.shortcuts import render, redirect
+# https://chatgpt.com/share/67df13f7-a784-8005-8349-637a36bf1765
+
 from django.contrib.auth.models import User
-from django.contrib.auth import authenticate, login, logout
+from django.contrib.auth import authenticate
 from django.http import JsonResponse, HttpResponse
 from django.middleware.csrf import get_token
 from .models import Profile
+from rest_framework import status
+from rest_framework.response import Response
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import AllowAny
+from rest_framework_simplejwt.tokens import RefreshToken
 
 login_template = "login.html"
 register_profile_template = "register.html"
 delete_user_template = "delete_user.html"
 
+@api_view(['GET'])
 def csrf_token_view(request):
   return JsonResponse({"csrfToken": get_token(request)})
 
+# Login View
+@api_view(['POST'])
+@permission_classes([AllowAny])
 def login_view(request):
-  user = request.user if request.user.is_authenticated else None
-  error = None
+    username = request.data['username']
+    password = request.data['password']
+    user = authenticate(username=username, password=password)
 
-  if request.method == "POST":
-    username = request.POST.get("username")
-    password = request.POST.get("password")
-    
-    user = authenticate(request, username=username, password=password)
     if user:
-      login(request, user)
-    else:
-      return render(request, "login.html", {"error": "Invalid username or password"})
-
-  return render(request, "login.html", {"user": user, "error": error})
+        refresh = RefreshToken.for_user(user)
+        return Response({
+            'refreshToken': str(refresh),
+            'accessToken': str(refresh.access_token),
+            'username': user.username
+        }, status=status.HTTP_200_OK)
+        # https://stackoverflow.com/questions/7064374/proper-http-headers-for-login-success-fail-responses
+    return Response({"error": "Invalid credentials"}, status=status.HTTP_401_UNAUTHORIZED)
 
+# Logout View
+@api_view(['POST'])
 def logout_view(request):
-  logout(request)
-  return redirect("login")
+    try:
+        refresh_token = request.data["refresh_token"]
+        if refresh_token:
+            token = RefreshToken(refresh_token)
+            token.blacklist()
+        return Response({"message": "Logout successful"}, status=status.HTTP_200_OK)
+    except Exception as e:
+        return Response({"error": str(e)}, status=status.HTTP_400_BAD_REQUEST)
 
-def register_profile(request):
-  if request.method == "POST":
-    username = request.POST["username"]
-    password = request.POST["password"]
-    first_name = request.POST["first_name"]
-    last_name = request.POST["last_name"]
-    email = request.POST["email"]
-    role = request.POST["role"]  # Get the selected role
-    # Create user
-    user = User.objects.create_user(
-      username=username,
-      password=password,
-      first_name=first_name,
-      last_name=last_name,
-      email=email,
-    )
-    # Create associated Profile
-    Profile.objects.create(user=user, role=role)
-    return HttpResponse(f"User {user.username} created successfully with role {role}!")
 
-  return render(request, register_profile_template)
+@api_view(['POST'])
+@permission_classes([AllowAny])
+def register_profile(request):
+  country = request.data["country"]
+  username = request.data["displayName"]
+  email = request.data["email"]
+  first_name = request.data["firstName"]
+  last_name = request.data["lastName"]
+  password = request.data["password"]
+  role = request.data["role"]  # Get the selected role
+  # Create user
+  user = User.objects.create_user(
+    username=username,
+    password=password,
+    first_name=first_name,
+    last_name=last_name,
+    email=email,
+  )
+  # Create associated Profile
+  Profile.objects.create(user=user, role=role)
+  return Response({"message": "User registered successfully"}, status=status.HTTP_201_CREATED)
 
+@api_view(['POST'])
 def delete_user(request):
   if request.method == "POST":
-    username = request.POST["username"]
+    username = request.data["username"]
     try:
       user = User.objects.get(username=username)
       user.delete()
-      return HttpResponse(f"User {username} deleted successfully!")
+      return Response(f"User {username} deleted successfully!", status=status.HTTP_200_OK)
     except User.DoesNotExist:
-      return HttpResponse("User not found!")
-  return render(request, delete_user_template)
-
+      # https://stackoverflow.com/questions/17884469/what-is-the-http-response-code-for-failed-http-delete-operation
+      return Response("User not found!", status=status.HTTP_404_NOT_FOUND)
+  # should never reach here, but still just in case
+  return Response("FATAL: Undefined functionality, please contact system administrator", 
+                  status=status.HTTP_404_NOT_FOUND)

backend/backend/settings.py

@@ -72,6 +72,7 @@
     "apps.uploads",       # our uploads app
     "apps.search",        # out search app
     "rest_framework",     # rest framework
+    'rest_framework_simplejwt.token_blacklist', # for logout functionality
     "channels",           # Django channels
     "django_celery_results", # get celery results in Django admin
     "django_celery_beat", # celery beat