from datetime import timedelta from django.contrib.auth import get_user_model from django.test import TestCase from django.utils import timezone from core.factories import UserFactory from core.utils import is_private_api_call_allowed class MiddlewareTestCase(TestCase): def test_user_without_hep_id_cannot_see_private_api(self): user = get_user_model().objects.create_user(username='sme') body = b'"{mutation {\\n addRoom}"' self.assertFalse(is_private_api_call_allowed(user, body)) def test_user_with_license_can_see_private_api(self): tomorrow = timezone.now() + timedelta(1) user = UserFactory(username='aschiman@ch.ch') user.license_expiry_date = tomorrow.date() body = b'"{mutation {\\n addRoom}"' self.assertTrue(is_private_api_call_allowed(user, body)) def test_user_with_expired_license_can_see_private_api(self): yesterday = timezone.now() - timedelta(1) user = UserFactory(username='aschiman@ch.ch', hep_id=23) user.license_expiry_date = yesterday.date() body = b'"{mutation {\\n addRoom}"' self.assertTrue(is_private_api_call_allowed(user, body)) def test_user_without_valid_license_cannot_see_private_api(self): user = UserFactory(username='aschiman@ch.ch', hep_id=23) user.license_expiry_date = None body = b'"{mutation {\\n addRoom}"' self.assertFalse(is_private_api_call_allowed(user, body)) def test_logout_is_allowed_without_valid_license(self): yesterday = timezone.now() - timedelta(1) user = UserFactory(username='aschiman@ch.ch', hep_id=34) user.license_expiry_date = yesterday.date() body = b'"{mutation { logout {"' self.assertTrue(is_private_api_call_allowed(user, body)) def test_me_query_is_allowed_without_valid_license(self): yesterday = timezone.now() - timedelta(1) user = UserFactory(username='aschiman@ch.ch', hep_id=34) user.license_expiry_date = yesterday body = b'"{query { me {"' self.assertTrue(is_private_api_call_allowed(user, body))