diff --git a/django/thunderstore/api/cyberstorm/tests/test_user.py b/django/thunderstore/api/cyberstorm/tests/test_user.py new file mode 100644 index 000000000..992f466a2 --- /dev/null +++ b/django/thunderstore/api/cyberstorm/tests/test_user.py @@ -0,0 +1,67 @@ +import json + +import pytest +from django.contrib.auth import get_user_model +from rest_framework.test import APIClient + +from thunderstore.core.types import UserType +from thunderstore.repository.factories import UserFactory + +User = get_user_model() + + +@pytest.mark.django_db +def test_user_delete__success( + api_client: APIClient, + user: UserType, +): + api_client.force_authenticate(user) + response = api_client.post( + f"/api/cyberstorm/user/{user.username}/delete/", + json.dumps({"verification": user.username}), + content_type="application/json", + ) + + assert response.status_code == 200 + response_json = response.json() + assert response_json["username"] == user.username + + with pytest.raises(User.DoesNotExist) as e: + User.objects.get(pk=user.pk) + assert "User matching query does not exist." in str(e.value) + + +@pytest.mark.django_db +def test_user_delete__user_doesnt_match_session_user( + api_client: APIClient, + user: UserType, +): + user2 = UserFactory() + api_client.force_authenticate(user2) + response = api_client.post( + f"/api/cyberstorm/user/{user.username}/delete/", + json.dumps({"verification": user.username}), + content_type="application/json", + ) + + assert response.status_code == 401 + assert response.json()["detail"] == "You can only delete your own account" + assert User.objects.get(pk=user.pk).is_active + + +@pytest.mark.django_db +def test_user_delete__invalid_verification( + api_client: APIClient, + user: UserType, +): + api_client.force_authenticate(user) + response = api_client.post( + f"/api/cyberstorm/user/{user.username}/delete/", + json.dumps({"verification": "TotallyNotCorrectUsername"}), + content_type="application/json", + ) + + assert response.status_code == 400 + response_json = response.json() + assert "Invalid verification" in response_json["verification"] + assert User.objects.get(pk=user.pk).is_active