add /friends endpoint

2023-06-22 02:14:52 +02:00 · 2023-06-22 02:14:52 +02:00 · 91cd5c57b3
commit 91cd5c57b3
parent 0b92db278b
15 changed files with 251 additions and 17 deletions
--- a/backend/authentication/tests/helpers.py
+++ b/backend/authentication/tests/helpers.py
@ -13,10 +13,10 @@ class DummyExternalUser:
        self.username = username
        self.domain = domain
        self.__signing_key = SigningKey.generate()
-        self.public_identity, _ = KnownIdentity.objects.get_or_create(
+        self.public_identity = KnownIdentity.objects.get_or_create(
            username=username,
            domain=domain,
-            public_key=self.public_key()) if known else None
+            public_key=self.public_key())[0] if known else None

    def __str__(self):
        return self.username + '@' + self.domain
--- a/backend/authentication/tests/test_auth.py
+++ b/backend/authentication/tests/test_auth.py
@ -5,7 +5,7 @@ from nacl.encoding import HexEncoder
 from nacl.signing import SigningKey

 from authentication.models import ToolshedUser, KnownIdentity
-from authentication.tests import UserTestCase, SignatureAuthClient
+from authentication.tests import UserTestCase, SignatureAuthClient, DummyExternalUser
 from hostadmin.models import Domain


@ -307,6 +307,50 @@ class UserApiTestCase(UserTestCase):
        self.assertEqual(reply.status_code, 403)


+class FriendApiTestCase(UserTestCase):
+    def setUp(self):
+        super().setUp()
+        self.local_user1.friends.add(self.local_user2.public_identity)
+        self.local_user1.friends.add(self.ext_user1.public_identity)
+        self.ext_user1.friends.add(self.local_user1.public_identity)
+        self.anonymous_client = Client(SERVER_NAME='testserver')
+        self.client = SignatureAuthClient()
+
+    def test_friend_local(self):
+        reply = self.client.get('/api/friends/', self.local_user1)
+        self.assertEqual(reply.status_code, 200)
+
+    def test_friend_external(self):
+        reply = self.client.get('/api/friends/', self.ext_user1)
+        self.assertEqual(reply.status_code, 200)
+
+    def test_friend_fail(self):
+        reply = self.anonymous_client.get('/api/friends/')
+        self.assertEqual(reply.status_code, 403)
+
+    def test_friend_fail2(self):
+        target = "/api/friends/"
+        signature = self.local_user1.sign("http://testserver2" + target)
+        header = {'HTTP_AUTHORIZATION': 'Signature ' + str(self.local_user1) + ':' + signature}
+        reply = self.anonymous_client.get(target, **header)
+        self.assertEqual(reply.status_code, 403)
+
+    def test_friend_fail3(self):
+        target = "/api/friends/"
+        unknown_user = DummyExternalUser('extuser3', 'external.org', False)
+        signature = unknown_user.sign("http://testserver" + target)
+        header = {'HTTP_AUTHORIZATION': 'Signature ' + str(unknown_user) + ':' + signature}
+        reply = self.anonymous_client.get(target, **header)
+        self.assertEqual(reply.status_code, 403)
+
+    def test_friend_fail4(self):
+        target = "/api/friends/"
+        signature = self.local_user1.sign("http://testserver" + target)
+        header = {'HTTP_AUTHORIZATION': 'Auth ' + str(self.local_user1) + ':' + signature}
+        reply = self.anonymous_client.get(target, **header)
+        self.assertEqual(reply.status_code, 403)
+
+
 class LoginApiTestCase(UserTestCase):
    user = None
    client = Client(SERVER_NAME='testserver')