2023-08-14 22:20:52 +00:00
|
|
|
import urllib.parse
|
|
|
|
|
|
|
|
from django.urls import reverse
|
|
|
|
from rest_framework import status
|
|
|
|
from rest_framework.authtoken.models import Token
|
|
|
|
|
|
|
|
from bookmarks.tests.helpers import LinkdingApiTestCase, BookmarkFactoryMixin
|
|
|
|
|
|
|
|
|
|
|
|
class BookmarksApiPermissionsTestCase(LinkdingApiTestCase, BookmarkFactoryMixin):
|
|
|
|
def authenticate(self) -> None:
|
2024-01-27 10:29:16 +00:00
|
|
|
self.api_token = Token.objects.get_or_create(
|
|
|
|
user=self.get_or_create_test_user()
|
|
|
|
)[0]
|
|
|
|
self.client.credentials(HTTP_AUTHORIZATION="Token " + self.api_token.key)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
def test_list_bookmarks_requires_authentication(self):
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-list"),
|
|
|
|
expected_status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.authenticate()
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-list"), expected_status_code=status.HTTP_200_OK
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
def test_list_archived_bookmarks_requires_authentication(self):
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-archived"),
|
|
|
|
expected_status_code=status.HTTP_401_UNAUTHORIZED,
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.authenticate()
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-archived"),
|
|
|
|
expected_status_code=status.HTTP_200_OK,
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
def test_list_shared_bookmarks_does_not_require_authentication(self):
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-shared"),
|
|
|
|
expected_status_code=status.HTTP_200_OK,
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.authenticate()
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
reverse("bookmarks:bookmark-shared"),
|
|
|
|
expected_status_code=status.HTTP_200_OK,
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
def test_create_bookmark_requires_authentication(self):
|
|
|
|
data = {
|
2024-01-27 10:29:16 +00:00
|
|
|
"url": "https://example.com/",
|
|
|
|
"title": "Test title",
|
|
|
|
"description": "Test description",
|
|
|
|
"notes": "Test notes",
|
|
|
|
"is_archived": False,
|
|
|
|
"unread": False,
|
|
|
|
"shared": False,
|
|
|
|
"tag_names": ["tag1", "tag2"],
|
2023-08-14 22:20:52 +00:00
|
|
|
}
|
|
|
|
|
2024-01-27 10:29:16 +00:00
|
|
|
self.post(
|
|
|
|
reverse("bookmarks:bookmark-list"), data, status.HTTP_401_UNAUTHORIZED
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.authenticate()
|
2024-01-27 10:29:16 +00:00
|
|
|
self.post(reverse("bookmarks:bookmark-list"), data, status.HTTP_201_CREATED)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
def test_get_bookmark_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark()
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:bookmark-detail", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.get(url, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.get(url, expected_status_code=status.HTTP_200_OK)
|
|
|
|
|
|
|
|
def test_update_bookmark_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark()
|
2024-01-27 10:29:16 +00:00
|
|
|
data = {"url": "https://example.com/"}
|
|
|
|
url = reverse("bookmarks:bookmark-detail", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.put(url, data, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.put(url, data, expected_status_code=status.HTTP_200_OK)
|
|
|
|
|
|
|
|
def test_patch_bookmark_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark()
|
2024-01-27 10:29:16 +00:00
|
|
|
data = {"url": "https://example.com"}
|
|
|
|
url = reverse("bookmarks:bookmark-detail", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.patch(url, data, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.patch(url, data, expected_status_code=status.HTTP_200_OK)
|
|
|
|
|
|
|
|
def test_delete_bookmark_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark()
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:bookmark-detail", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.delete(url, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.delete(url, expected_status_code=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
|
|
|
def test_archive_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark()
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:bookmark-archive", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.post(url, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.post(url, expected_status_code=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
|
|
|
def test_unarchive_requires_authentication(self):
|
|
|
|
bookmark = self.setup_bookmark(is_archived=True)
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:bookmark-unarchive", args=[bookmark.id])
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.post(url, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.post(url, expected_status_code=status.HTTP_204_NO_CONTENT)
|
|
|
|
|
|
|
|
def test_check_requires_authentication(self):
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:bookmark-check")
|
|
|
|
check_url = urllib.parse.quote_plus("https://example.com")
|
2023-08-14 22:20:52 +00:00
|
|
|
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(
|
|
|
|
f"{url}?url={check_url}", expected_status_code=status.HTTP_401_UNAUTHORIZED
|
|
|
|
)
|
2023-08-14 22:20:52 +00:00
|
|
|
|
|
|
|
self.authenticate()
|
2024-01-27 10:29:16 +00:00
|
|
|
self.get(f"{url}?url={check_url}", expected_status_code=status.HTTP_200_OK)
|
2023-10-01 19:57:32 +00:00
|
|
|
|
|
|
|
def test_user_profile_requires_authentication(self):
|
2024-01-27 10:29:16 +00:00
|
|
|
url = reverse("bookmarks:user-profile")
|
2023-10-01 19:57:32 +00:00
|
|
|
|
|
|
|
self.get(url, expected_status_code=status.HTTP_401_UNAUTHORIZED)
|
|
|
|
|
|
|
|
self.authenticate()
|
|
|
|
self.get(url, expected_status_code=status.HTTP_200_OK)
|