Tests for /me endpoint

City-of-Helsinki · Aug 22, 2023 · e34be3a · e34be3a
1 parent f013b0b
commit e34be3a
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/backend/benefit/helsinkibenefit/settings.py b/backend/benefit/helsinkibenefit/settings.py
@@ -288,11 +288,11 @@
 CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = env.list("CORS_ALLOWED_ORIGINS")
 CORS_ALLOW_ALL_ORIGINS = env.bool("CORS_ALLOW_ALL_ORIGINS")
-CSRF_COOKIE_DOMAIN = None
+CSRF_COOKIE_DOMAIN = env.str("CSRF_COOKIE_DOMAIN")
 CSRF_TRUSTED_ORIGINS = env.list("CSRF_TRUSTED_ORIGINS")
 CSRF_COOKIE_NAME = env.str("CSRF_COOKIE_NAME")
 CSRF_COOKIE_SECURE = True
-CSRF_USE_SESSION = True
+CSRF_USE_SESSIONS = True
 
 # Audit logging
 AUDIT_LOG_ORIGIN = env.str("AUDIT_LOG_ORIGIN")

diff --git a/backend/benefit/helsinkibenefit/urls.py b/backend/benefit/helsinkibenefit/urls.py
@@ -69,7 +69,7 @@
  path("v1/company/", GetUsersOrganizationView.as_view()),
  path("v1/company/search/<str:name>/", SearchOrganisationsView.as_view()),
  path("v1/company/get/<str:business_id>/", GetOrganisationByIdView.as_view()),
- path("v1/users/me/", CurrentUserView.as_view()),
+ path("v1/users/me/", CurrentUserView.as_view(), name="users-me"),
  path(
  "v1/handlerapplications/<str:application_id>/review/", ReviewStateView.as_view()
  ),

diff --git a/backend/benefit/users/tests/conftest.py b/backend/benefit/users/tests/conftest.py
@@ -1,10 +1,23 @@
+import factory
 import pytest
 from rest_framework.test import APIClient
 
+from applications.tests.factories import ApplicationFactory
 from common.tests.conftest import * # noqa
+from companies.tests.conftest import * # noqa
 from helsinkibenefit.tests.conftest import * # noqa
 
 
 @pytest.fixture
 def gdpr_api_client():
  return APIClient()
+
+
+@pytest.fixture
+def application(mock_get_organisation_roles_and_create_company):
+ # Application which belongs to logged in user company
+ with factory.Faker.override_default_locale("fi_FI"):
+ app = ApplicationFactory()
+ app.company = mock_get_organisation_roles_and_create_company
+ app.save()
+ return app
diff --git a/backend/benefit/users/tests/test_user_api.py b/backend/benefit/users/tests/test_user_api.py
@@ -0,0 +1,11 @@
+from rest_framework.reverse import reverse
+
+from common.tests.conftest import get_client_user
+
+
+def test_applications_unauthorized(api_client, application):
+ response = api_client.get(reverse("users-me"))
+ user = get_client_user(api_client)
+ assert response.status_code == 200
+ assert response.data["id"] == str(user.id)
+ assert len(response.data["csrf_token"]) > 0