websockets + chat app (django)

2025-10-31 13:32:39 +01:00
parent 8dd4f6e731
commit 4791bbc92c
22 changed files with 398 additions and 31 deletions
--- a/backend/account/tests.py
+++ b/backend/account/tests.py
@@ -1,3 +1,28 @@
 from django.test import TestCase
+from django.contrib.auth import get_user_model
+from rest_framework.test import APIClient

-# Create your tests here.
+
+class UserViewAnonymousTests(TestCase):
+	def setUp(self):
+		self.client = APIClient()
+		User = get_user_model()
+		self.target_user = User.objects.create_user(
+			username="target",
+			email="target@example.com",
+			password="pass1234",
+			is_active=True,
+		)
+
+	def test_anonymous_update_user_is_forbidden_and_does_not_crash(self):
+		url = f"/api/account/users/{self.target_user.id}/"
+		payload = {"username": "newname", "email": self.target_user.email}
+		resp = self.client.put(url, data=payload, format="json")
+		# Expect 403 Forbidden (permission denied), but most importantly no 500 error
+		self.assertEqual(resp.status_code, 403, msg=f"Unexpected status: {resp.status_code}, body={getattr(resp, 'data', resp.content)}")
+
+	def test_anonymous_retrieve_user_is_unauthorized(self):
+		url = f"/api/account/users/{self.target_user.id}/"
+		resp = self.client.get(url)
+		# Retrieve requires authentication per view; expect 401 Unauthorized
+		self.assertEqual(resp.status_code, 401, msg=f"Unexpected status: {resp.status_code}, body={getattr(resp, 'data', resp.content)}")