test(backend): add coverage for services tasks and apis

2026-04-30 12:44:24 +03:30
parent 8774a4d4dc
commit 3152284cf3
15 changed files with 1279 additions and 0 deletions
--- a/apps/users/tests/test_api_views.py
+++ b/apps/users/tests/test_api_views.py
@@ -0,0 +1,199 @@
+from unittest.mock import patch
+
+from rest_framework.test import APIRequestFactory
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+from apps.users.api.views import RegisterWithPasswordView
+from apps.users.models import User
+
+
+class UserApiViewTests(APITestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = User.objects.create_user(
+            mobile="09123330001",
+            password="secret123",
+            first_name="Ali",
+            last_name="Test",
+        )
+        cls.other_user = User.objects.create_user(
+            mobile="09123330002",
+            password="secret123",
+            first_name="Sara",
+            last_name="Search",
+        )
+
+    @patch("apps.users.api.views.register_user_with_password")
+    def test_register_with_password_view_returns_tokens(self, register_user_with_password):
+        register_user_with_password.return_value = {
+            "access": "access-token",
+            "refresh": "refresh-token",
+        }
+        request = APIRequestFactory().post(
+            "/api/users/register/password/",
+            {"mobile": "09123330009", "password": "secret123"},
+            format="json",
+        )
+
+        response = RegisterWithPasswordView.as_view()(request)
+
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["access"], "access-token")
+        register_user_with_password.assert_called_once_with("09123330009", "secret123")
+
+    def test_register_with_password_requires_mobile_and_password(self):
+        request = APIRequestFactory().post("/api/users/register/password/", {}, format="json")
+        response = RegisterWithPasswordView.as_view()(request)
+
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    @patch("apps.users.api.views.generate_and_send_otp")
+    def test_send_otp_view_validates_and_dispatches(self, generate_and_send_otp):
+        response = self.client.post(
+            "/api/users/otp/send/",
+            {"mobile": "09123330009", "mode": "login"},
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        generate_and_send_otp.assert_called_once_with(
+            mobile="09123330009",
+            mode="login",
+        )
+
+    @patch("apps.users.api.views.login_with_password")
+    def test_login_view_returns_tokens(self, login_with_password):
+        login_with_password.return_value = {"access": "a", "refresh": "r"}
+
+        response = self.client.post(
+            "/api/users/login/",
+            {"mobile": "09123330001", "password": "secret123"},
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["refresh"], "r")
+        login_with_password.assert_called_once()
+
+    @patch("apps.users.api.views.login_with_otp")
+    def test_login_otp_view_returns_tokens(self, login_with_otp):
+        login_with_otp.return_value = {"access": "a", "refresh": "r"}
+
+        response = self.client.post(
+            "/api/users/otp/login/",
+            {"mobile": "09123330001", "code": "123456"},
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["access"], "a")
+
+    @patch("apps.users.api.views.reset_password_with_otp")
+    def test_reset_password_view_calls_service(self, reset_password_with_otp):
+        response = self.client.post(
+            "/api/users/password/reset/",
+            {
+                "mobile": "09123330001",
+                "code": "123456",
+                "password": "new-secret123",
+                "re_password": "new-secret123",
+            },
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        reset_password_with_otp.assert_called_once_with(
+            mobile="09123330001",
+            code="123456",
+            password="new-secret123",
+        )
+
+    @patch("apps.users.api.views.change_password")
+    def test_change_password_view_requires_auth_and_calls_service(self, change_password):
+        self.client.force_authenticate(user=self.user)
+
+        response = self.client.patch(
+            "/api/users/password/change/",
+            {
+                "old_password": "secret123",
+                "new_password": "new-secret123",
+                "re_password": "new-secret123",
+            },
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        change_password.assert_called_once_with(
+            user=self.user,
+            old_password="secret123",
+            new_password="new-secret123",
+        )
+
+    @patch("apps.users.api.views.logout_user")
+    def test_logout_view_calls_service(self, logout_user):
+        self.client.force_authenticate(user=self.user)
+
+        response = self.client.post(
+            "/api/users/logout/",
+            {"refresh": "refresh-token"},
+            format="json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_205_RESET_CONTENT)
+        logout_user.assert_called_once_with("refresh-token")
+
+    def test_user_list_and_profile_views_require_authentication(self):
+        list_response = self.client.get("/api/users/list/")
+        me_response = self.client.get("/api/users/me/")
+
+        self.assertEqual(list_response.status_code, status.HTTP_401_UNAUTHORIZED)
+        self.assertEqual(me_response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_user_list_returns_users_for_authenticated_request(self):
+        self.client.force_authenticate(user=self.user)
+
+        response = self.client.get("/api/users/list/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        items = (
+            response.data
+            if isinstance(response.data, list)
+            else response.data.get("results")
+            or response.data.get("items")
+            or []
+        )
+        mobiles = {item["mobile"] for item in items}
+        self.assertIn(self.user.mobile, mobiles)
+        self.assertIn(self.other_user.mobile, mobiles)
+
+    def test_user_me_retrieve_and_patch_work(self):
+        self.client.force_authenticate(user=self.user)
+
+        retrieve_response = self.client.get("/api/users/me/")
+        self.assertEqual(retrieve_response.status_code, status.HTTP_200_OK)
+        self.assertEqual(retrieve_response.data["mobile"], self.user.mobile)
+
+        patch_response = self.client.patch(
+            "/api/users/me/",
+            {"first_name": "Updated", "description": "Bio"},
+            format="json",
+        )
+
+        self.assertEqual(patch_response.status_code, status.HTTP_200_OK)
+        self.assertEqual(patch_response.data["first_name"], "Updated")
+        self.user.refresh_from_db()
+        self.assertEqual(self.user.description, "Bio")
+
+    def test_user_search_handles_missing_mobile_not_found_and_success(self):
+        self.client.force_authenticate(user=self.user)
+
+        missing = self.client.get("/api/users/search/")
+        self.assertEqual(missing.status_code, status.HTTP_400_BAD_REQUEST)
+
+        not_found = self.client.get("/api/users/search/?mobile=09129999999")
+        self.assertEqual(not_found.status_code, status.HTTP_404_NOT_FOUND)
+
+        success = self.client.get(f"/api/users/search/?mobile={self.other_user.mobile}")
+        self.assertEqual(success.status_code, status.HTTP_200_OK)
+        self.assertEqual(success.data["mobile"], self.other_user.mobile)
--- a/apps/users/tests/test_auth_services.py
+++ b/apps/users/tests/test_auth_services.py
@@ -0,0 +1,149 @@
+from unittest.mock import Mock, patch
+
+from django.test import TestCase
+from rest_framework.exceptions import ValidationError
+from rest_framework_simplejwt.tokens import RefreshToken
+
+from apps.users.models import LoginAttempt, User
+from apps.users.services.auth import (
+    change_password,
+    generate_and_send_otp,
+    login_with_otp,
+    login_with_password,
+    logout_user,
+    register_user_with_otp,
+    register_user_with_password,
+    reset_password_with_otp,
+)
+
+
+class FakeRedisConnection:
+    def __init__(self):
+        self.store = {}
+
+    def get(self, key):
+        return self.store.get(key)
+
+    def setex(self, key, timeout, value):
+        self.store[key] = str(value).encode("utf-8")
+
+    def delete(self, key):
+        self.store.pop(key, None)
+
+
+class AuthServiceTests(TestCase):
+    def test_register_user_with_password_creates_user_and_tokens(self):
+        tokens = register_user_with_password("09120000001", "secret123")
+
+        self.assertTrue(User.objects.filter(mobile="09120000001").exists())
+        self.assertIn("access", tokens)
+        self.assertIn("refresh", tokens)
+
+    @patch("apps.users.services.auth.send_verification_sms.delay")
+    @patch("apps.users.services.auth.get_redis_connection")
+    def test_generate_and_send_otp_stores_code_and_schedules_sms(
+        self,
+        get_redis_connection,
+        send_delay,
+    ):
+        User.objects.create_user(mobile="09120000002", password="secret123")
+        fake_redis = FakeRedisConnection()
+        get_redis_connection.return_value = fake_redis
+
+        generate_and_send_otp("09120000002", "login")
+
+        self.assertIn("verification_code:09120000002", fake_redis.store)
+        send_delay.assert_called_once()
+
+    @patch("apps.users.services.auth.record_login_attempt")
+    def test_login_with_password_records_success(self, record_login_attempt):
+        user = User.objects.create_user(mobile="09120000003", password="secret123")
+
+        tokens = login_with_password("09120000003", "secret123", request=None)
+
+        self.assertIn("access", tokens)
+        record_login_attempt.assert_called_once_with(
+            None,
+            user,
+            LoginAttempt.StatusType.SUCCESS,
+        )
+
+    @patch("apps.users.services.auth.record_login_attempt")
+    def test_login_with_password_rejects_invalid_password(self, record_login_attempt):
+        User.objects.create_user(mobile="09120000004", password="secret123")
+
+        with self.assertRaises(ValidationError):
+            login_with_password("09120000004", "wrong-password", request=None)
+
+        record_login_attempt.assert_called_once()
+
+    @patch("apps.users.services.auth.record_login_attempt")
+    @patch("apps.users.services.auth.get_redis_connection")
+    def test_login_with_otp_creates_user_and_consumes_code(
+        self,
+        get_redis_connection,
+        record_login_attempt,
+    ):
+        fake_redis = FakeRedisConnection()
+        fake_redis.setex("verification_code:09120000005", 120, "12345")
+        get_redis_connection.return_value = fake_redis
+
+        tokens = login_with_otp("09120000005", "12345", request=None)
+
+        self.assertTrue(User.objects.filter(mobile="09120000005").exists())
+        self.assertIn("access", tokens)
+        self.assertNotIn("verification_code:09120000005", fake_redis.store)
+        record_login_attempt.assert_called_once()
+
+    @patch("apps.users.services.auth.get_redis_connection")
+    def test_register_user_with_otp_verifies_code_and_marks_user_verified(
+        self,
+        get_redis_connection,
+    ):
+        fake_redis = FakeRedisConnection()
+        fake_redis.setex("verification_code:09120000006", 120, "12345")
+        get_redis_connection.return_value = fake_redis
+
+        tokens = register_user_with_otp(
+            mobile="09120000006",
+            code="12345",
+            password="secret123",
+            first_name="OTP",
+            last_name="User",
+        )
+
+        user = User.objects.get(mobile="09120000006")
+        self.assertTrue(user.is_verified)
+        self.assertTrue(user.check_password("secret123"))
+        self.assertIn("refresh", tokens)
+
+    @patch("apps.users.services.auth.get_redis_connection")
+    def test_reset_password_with_otp_updates_password(self, get_redis_connection):
+        user = User.objects.create_user(mobile="09120000007", password="oldsecret")
+        fake_redis = FakeRedisConnection()
+        fake_redis.setex("verification_code:09120000007", 120, "12345")
+        get_redis_connection.return_value = fake_redis
+
+        reset_password_with_otp("09120000007", "12345", "newsecret")
+
+        user.refresh_from_db()
+        self.assertTrue(user.check_password("newsecret"))
+        self.assertNotIn("verification_code:09120000007", fake_redis.store)
+
+    def test_change_password_updates_existing_user_password(self):
+        user = User.objects.create_user(mobile="09120000008", password="oldsecret")
+
+        change_password(user, "oldsecret", "newsecret")
+
+        user.refresh_from_db()
+        self.assertTrue(user.check_password("newsecret"))
+        self.assertIsNotNone(user.password_updated_at)
+
+    def test_logout_user_blacklists_refresh_token(self):
+        user = User.objects.create_user(mobile="09120000009", password="secret123")
+        refresh = str(RefreshToken.for_user(user))
+
+        logout_user(refresh)
+
+        with self.assertRaises(ValidationError):
+            logout_user(refresh)
--- a/apps/users/tests/test_utils.py
+++ b/apps/users/tests/test_utils.py
@@ -0,0 +1,36 @@
+from django.test import RequestFactory, TestCase
+
+from apps.users.models import LoginAttempt, User
+from apps.users.utils import _get_ip, record_login_attempt
+
+
+class UserUtilsTests(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = User.objects.create_user(mobile="09120000051", password="secret123")
+
+    def setUp(self):
+        self.factory = RequestFactory()
+
+    def test_get_ip_returns_none_without_request(self):
+        self.assertIsNone(_get_ip(None))
+
+    def test_get_ip_prefers_forwarded_header(self):
+        request = self.factory.get("/", HTTP_X_FORWARDED_FOR="1.1.1.1, 2.2.2.2")
+
+        self.assertEqual(_get_ip(request), "1.1.1.1")
+
+    def test_get_ip_falls_back_to_remote_addr(self):
+        request = self.factory.get("/", REMOTE_ADDR="3.3.3.3")
+
+        self.assertEqual(_get_ip(request), "3.3.3.3")
+
+    def test_record_login_attempt_persists_attempt(self):
+        request = self.factory.get("/", REMOTE_ADDR="4.4.4.4")
+
+        record_login_attempt(request, user=self.user, status=LoginAttempt.StatusType.SUCCESS)
+
+        attempt = LoginAttempt.objects.get()
+        self.assertEqual(attempt.user, self.user)
+        self.assertEqual(attempt.status, LoginAttempt.StatusType.SUCCESS)
+        self.assertEqual(attempt.ip_address, "4.4.4.4")