Add validation views

rafalp · May 30, 2024 · 1a4e57b · 1a4e57b
1 parent f52c402
commit 1a4e57b
Show file tree

Hide file tree

Showing 2 changed files with 153 additions and 10 deletions.
diff --git a/misago/account/tests/test_validate.py b/misago/account/tests/test_validate.py
@@ -0,0 +1,140 @@
+import json
+
+from django.urls import reverse
+
+
+def test_validate_views_return_400_if_method_is_not_post(db, client):
+    response = client.get(reverse("misago:account-validate-username"))
+    assert response.status_code == 400
+
+
+def test_validate_views_return_400_if_value_is_missing(db, client):
+    response = client.post(reverse("misago:account-validate-username"))
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["'value' can't be empty."],
+    }
+
+
+def test_validate_views_return_400_if_value_is_empty(db, client):
+    response = client.post(reverse("misago:account-validate-username"), {"value": ""})
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["'value' can't be empty."],
+    }
+
+
+def test_validate_views_return_400_if_user_is_not_valid_int(db, client):
+    response = client.post(
+        reverse("misago:account-validate-username"), {"value": "Joh", "user": "invalid"}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["'user' must be a positive integer."],
+    }
+
+
+def test_validate_views_return_400_if_user_is_not_positive_int(db, client):
+    response = client.post(
+        reverse("misago:account-validate-username"), {"value": "Joh", "user": "-5"}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["'user' must be a positive integer."],
+    }
+
+
+def test_validate_username_view_returns_validation_errors(db, client):
+    response = client.post(
+        reverse("misago:account-validate-username"), {"value": "Jo!"}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": [
+            "Username can only contain Latin alphabet letters, digits, and an underscore sign."
+        ],
+    }
+
+
+def test_validate_username_view_returns_no_errors_for_valid_name(db, client):
+    response = client.post(
+        reverse("misago:account-validate-username"), {"value": "Valid"}
+    )
+    assert response.status_code == 200
+    assert json.loads(response.content) == {"errors": []}
+
+
+def test_validate_username_view_validates_username_availability(db, client, user):
+    response = client.post(
+        reverse("misago:account-validate-username"), {"value": user.username}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["This username is not available."]
+    }
+
+
+def test_validate_username_view_validates_username_availability_for_user(
+    db, client, user
+):
+    response = client.post(
+        reverse("misago:account-validate-username"),
+        {"value": user.username, "user": str(user.id)},
+    )
+    assert response.status_code == 200
+    assert json.loads(response.content) == {"errors": []}
+
+
+def test_validate_email_view_returns_validation_errors(db, client):
+    response = client.post(
+        reverse("misago:account-validate-email"), {"value": "invalid"}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["Enter a valid e-mail address."],
+    }
+
+
+def test_validate_email_view_returns_no_errors_for_valid_email(db, client):
+    response = client.post(
+        reverse("misago:account-validate-email"), {"value": "[email protected]"}
+    )
+    assert response.status_code == 200
+    assert json.loads(response.content) == {"errors": []}
+
+
+def test_validate_email_view_validates_email_availability(db, client, user):
+    response = client.post(
+        reverse("misago:account-validate-email"), {"value": user.email}
+    )
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": ["This e-mail address is not available."]
+    }
+
+
+def test_validate_email_view_validates_email_availability_for_user(db, client, user):
+    response = client.post(
+        reverse("misago:account-validate-email"),
+        {"value": user.email, "user": str(user.id)},
+    )
+    assert response.status_code == 200
+    assert json.loads(response.content) == {"errors": []}
+
+
+def test_validate_password_view_returns_validation_errors(db, client):
+    response = client.post(reverse("misago:account-validate-password"), {"value": "p"})
+    assert response.status_code == 400
+    assert json.loads(response.content) == {
+        "errors": [
+            "This password is too short. It must contain at least 7 characters."
+        ],
+    }
+
+
+def test_validate_password_view_returns_no_errors_for_valid_password(db, client):
+    response = client.post(
+        reverse("misago:account-validate-password"), {"value": "l0r3m1p5um"}
+    )
+    assert response.status_code == 200
+    assert json.loads(response.content) == {"errors": []}
diff --git a/misago/account/views/validate.py b/misago/account/views/validate.py
@@ -2,7 +2,7 @@
 
 from django.contrib.auth import get_user_model
 from django.contrib.auth.password_validation import validate_password
-from django.core.exceptions import ValidationError
+from django.core.exceptions import BadRequest, ValidationError
 from django.http import HttpRequest, JsonResponse
 from django.utils.translation import pgettext
 
@@ -13,12 +13,15 @@
 
 def validation_view(f):
     @wraps(f)
-    def view_wrapper(*args, **kwargs):
+    def view_wrapper(request: HttpRequest, *args, **kwargs):
         try:
-            f(*args, **kwargs)
+            if request.method != "POST":
+                raise BadRequest()
+
+            f(request, *args, **kwargs)
             return JsonResponse({"errors": []})
         except ValidationError as e:
-            return JsonResponse({"errors": e.messages})
+            return JsonResponse({"errors": e.messages}, status=400)
 
     return view_wrapper
 
@@ -34,7 +37,7 @@ def clean_value(request: HttpRequest, strip: bool = True) -> str:
     return value
 
 
-def get_user_or_404(request: HttpRequest):
+def get_user_from_data(request: HttpRequest):
     user_id = request.POST.get("user")
 
     if not user_id:
@@ -61,20 +64,20 @@ def get_user_or_404(request: HttpRequest):
 
 @validation_view
 def username(request: HttpRequest) -> JsonResponse:
-    user = get_user_or_404(request)
+    user = get_user_from_data(request)
     value = clean_value(request)
     validate_username(request.settings, value, user)
 
 
 @validation_view
 def email(request: HttpRequest) -> JsonResponse:
-    user = get_user_or_404(request)
+    user = get_user_from_data(request)
     value = clean_value(request)
-    validate_email(request.settings, value, user)
+    validate_email(value, user)
 
 
 @validation_view
 def password(request: HttpRequest) -> JsonResponse:
-    user = get_user_or_404(request)
+    user = get_user_from_data(request)
     value = clean_value(request, strip=False)
-    validate_password(request.settings, value, user)
+    validate_password(value, user)