return only username from /me endpoint, with associated test changes
This commit is contained in:
Sanford Student
@@ -141,14 +141,8 @@ class UserAPITestCase(APITestCase):
|
||||
|
||||
@ddt.ddt
|
||||
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Account APIs are only supported in LMS')
|
||||
@patch('openedx.core.djangoapps.user_api.accounts.image_helpers._PROFILE_IMAGE_SIZES', [50, 10])
|
||||
@patch.dict(
|
||||
'openedx.core.djangoapps.user_api.accounts.image_helpers.PROFILE_IMAGE_SIZES_MAP',
|
||||
{'full': 50, 'small': 10},
|
||||
clear=True
|
||||
)
|
||||
@attr(shard=2)
|
||||
class TestAccountAPI(CacheIsolationTestCase, UserAPITestCase):
|
||||
class TestOwnUsernameAPI(CacheIsolationTestCase, UserAPITestCase):
|
||||
"""
|
||||
Unit tests for the Accounts API.
|
||||
"""
|
||||
@@ -156,47 +150,46 @@ class TestAccountAPI(CacheIsolationTestCase, UserAPITestCase):
|
||||
ENABLED_CACHES = ['default']
|
||||
|
||||
def setUp(self):
|
||||
super(TestAccountAPI, self).setUp()
|
||||
super(TestOwnUsernameAPI, self).setUp()
|
||||
|
||||
self.url = reverse("account_api")
|
||||
self.url = reverse("own_username_api")
|
||||
|
||||
def test_get_account_default(self):
|
||||
def _verify_get_own_username(self, queries, expected_status=200):
|
||||
"""
|
||||
Test that a client (logged in) can get her own account information (using default legacy profile information,
|
||||
as created by the test UserFactory).
|
||||
Internal helper to perform the actual assertion
|
||||
"""
|
||||
def verify_get_own_information(queries):
|
||||
"""
|
||||
Internal helper to perform the actual assertions
|
||||
"""
|
||||
with self.assertNumQueries(queries):
|
||||
response = self.send_get(self.client)
|
||||
with self.assertNumQueries(queries):
|
||||
response = self.send_get(self.client, expected_status=expected_status)
|
||||
if expected_status == 200:
|
||||
data = response.data
|
||||
self.assertEqual(17, len(data))
|
||||
self.assertEqual(1, len(data))
|
||||
self.assertEqual(self.user.username, data["username"])
|
||||
self.assertEqual(self.user.first_name + " " + self.user.last_name, data["name"])
|
||||
for empty_field in ("year_of_birth", "level_of_education", "mailing_address", "bio"):
|
||||
self.assertIsNone(data[empty_field])
|
||||
self.assertIsNone(data["country"])
|
||||
self.assertEqual("m", data["gender"])
|
||||
self.assertEqual("Learn a lot", data["goals"])
|
||||
self.assertEqual(self.user.email, data["email"])
|
||||
self.assertIsNotNone(data["date_joined"])
|
||||
self.assertEqual(self.user.is_active, data["is_active"])
|
||||
self._verify_profile_image_data(data, False)
|
||||
self.assertTrue(data["requires_parental_consent"])
|
||||
self.assertEqual([], data["language_proficiencies"])
|
||||
self.assertEqual(PRIVATE_VISIBILITY, data["account_privacy"])
|
||||
# Badges aren't on by default, so should not be present.
|
||||
self.assertEqual(False, data["accomplishments_shared"])
|
||||
|
||||
def test_get_username(self):
|
||||
"""
|
||||
Test that a client (logged in) can get her own username.
|
||||
"""
|
||||
self.client.login(username=self.user.username, password=self.test_password)
|
||||
verify_get_own_information(17)
|
||||
self._verify_get_own_username(15)
|
||||
|
||||
# Now make sure that the user can get the same information, even if not active
|
||||
def test_get_username_inactive(self):
|
||||
"""
|
||||
Test that a logged-in client can get their
|
||||
username, even if inactive.
|
||||
"""
|
||||
self.client.login(username=self.user.username, password=self.test_password)
|
||||
self.user.is_active = False
|
||||
self.user.save()
|
||||
verify_get_own_information(11)
|
||||
self._verify_get_own_username(15)
|
||||
|
||||
def test_get_username_not_logged_in(self):
|
||||
"""
|
||||
Test that a client (not logged in) gets a 401
|
||||
when trying to retrieve their username.
|
||||
"""
|
||||
|
||||
# verify that the endpoint is inaccessible when not logged in
|
||||
self._verify_get_own_username(12, expected_status=401)
|
||||
|
||||
|
||||
@ddt.ddt
|
||||
@@ -366,6 +359,45 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
|
||||
response = self.send_get(client, query_parameters='view=shared')
|
||||
verify_fields_visible_to_all_users(response)
|
||||
|
||||
def test_get_account_default(self):
|
||||
"""
|
||||
Test that a client (logged in) can get her own account information (using default legacy profile information,
|
||||
as created by the test UserFactory).
|
||||
"""
|
||||
|
||||
def verify_get_own_information(queries):
|
||||
"""
|
||||
Internal helper to perform the actual assertions
|
||||
"""
|
||||
with self.assertNumQueries(queries):
|
||||
response = self.send_get(self.client)
|
||||
data = response.data
|
||||
self.assertEqual(17, len(data))
|
||||
self.assertEqual(self.user.username, data["username"])
|
||||
self.assertEqual(self.user.first_name + " " + self.user.last_name, data["name"])
|
||||
for empty_field in ("year_of_birth", "level_of_education", "mailing_address", "bio"):
|
||||
self.assertIsNone(data[empty_field])
|
||||
self.assertIsNone(data["country"])
|
||||
self.assertEqual("m", data["gender"])
|
||||
self.assertEqual("Learn a lot", data["goals"])
|
||||
self.assertEqual(self.user.email, data["email"])
|
||||
self.assertIsNotNone(data["date_joined"])
|
||||
self.assertEqual(self.user.is_active, data["is_active"])
|
||||
self._verify_profile_image_data(data, False)
|
||||
self.assertTrue(data["requires_parental_consent"])
|
||||
self.assertEqual([], data["language_proficiencies"])
|
||||
self.assertEqual(PRIVATE_VISIBILITY, data["account_privacy"])
|
||||
# Badges aren't on by default, so should not be present.
|
||||
self.assertEqual(False, data["accomplishments_shared"])
|
||||
|
||||
self.client.login(username=self.user.username, password=self.test_password)
|
||||
verify_get_own_information(17)
|
||||
|
||||
# Now make sure that the user can get the same information, even if not active
|
||||
self.user.is_active = False
|
||||
self.user.save()
|
||||
verify_get_own_information(11)
|
||||
|
||||
def test_get_account_empty_string(self):
|
||||
"""
|
||||
Test the conversion of empty strings to None for certain fields.
|
||||
|
||||
@@ -35,7 +35,16 @@ class AccountViewSet(ViewSet):
|
||||
|
||||
PATCH /api/user/v1/accounts/{username}/{"key":"value"} "application/merge-patch+json"
|
||||
|
||||
**Response Values for GET**
|
||||
**Response Values for GET requests to the /me endpoint**
|
||||
If the user is not logged in, an HTTP 401 "Not Authorized" response
|
||||
is returned.
|
||||
|
||||
Otherwise, an HTTP 200 "OK" response is returned. The response
|
||||
contains the following value:
|
||||
|
||||
* username: The username associated with the account.
|
||||
|
||||
**Response Values for GET requests to /accounts endpoints**
|
||||
|
||||
If no user exists with the specified username, an HTTP 404 "Not
|
||||
Found" response is returned.
|
||||
@@ -152,13 +161,7 @@ class AccountViewSet(ViewSet):
|
||||
"""
|
||||
GET /api/user/v1/me
|
||||
"""
|
||||
try:
|
||||
account_settings = get_account_settings(
|
||||
request, [request.user.username], view=request.query_params.get('view'))
|
||||
except UserNotFound:
|
||||
return Response(status=status.HTTP_403_FORBIDDEN if request.user.is_staff else status.HTTP_404_NOT_FOUND)
|
||||
|
||||
return Response(account_settings[0])
|
||||
return Response({'username': request.user.username})
|
||||
|
||||
def list(self, request):
|
||||
"""
|
||||
|
||||
@@ -25,7 +25,7 @@ ACCOUNT_DETAIL = AccountViewSet.as_view({
|
||||
|
||||
urlpatterns = patterns(
|
||||
'',
|
||||
url(r'^v1/me$', ME, name='account_api'),
|
||||
url(r'^v1/me$', ME, name='own_username_api'),
|
||||
url(r'^v1/accounts/{}$'.format(settings.USERNAME_PATTERN), ACCOUNT_DETAIL, name='accounts_api'),
|
||||
url(r'^v1/accounts$', ACCOUNT_LIST, name='accounts_detail_api'),
|
||||
url(
|
||||
|
||||
Reference in New Issue
Block a user