from base64 import b64decode from io import BytesIO from unittest import mock from PIL import Image from django.test import TestCase from django.utils import timezone from rest_framework import status from rest_framework.reverse import reverse from rest_framework.test import APIClient from api import settings from desecapi.models import Captcha from desecapi.serializers import CaptchaSolutionSerializer from desecapi.tests.base import DesecTestCase class CaptchaClient(APIClient): def obtain(self, **kwargs): return self.post(reverse("v1:captcha"), data=kwargs) class CaptchaModelTestCase(TestCase): captcha_class = Captcha def test_random_initialization(self): captcha = [self.captcha_class() for _ in range(2)] self.assertNotEqual(captcha[0].content, None) self.assertNotEqual(captcha[0].content, "") self.assertNotEqual(captcha[0].content, captcha[1].content) def test_verify_solution(self): for _ in range(10): c = self.captcha_class.objects.create() self.assertFalse(c.verify("likely the wrong solution!")) c = self.captcha_class.objects.create() self.assertTrue(c.verify(c.content)) class CaptchaWorkflowTestCase(DesecTestCase): client_class = CaptchaClient captcha_class = Captcha serializer_class = CaptchaSolutionSerializer kind = None def verify(self, id, solution): """ Given unsafe (user-input) id and solution, this is how the CAPTCHA module expects you to verify that id and solution are valid. :param id: unsafe ID :param solution: unsafe proposed solution :return: whether the id/solution pair is correct """ # use the serializer to validate the solution; id is validated implicitly on DB lookup return self.serializer_class(data={"id": id, "solution": solution}).is_valid() def obtain(self): if self.kind is None: return self.client.obtain() else: return self.client.obtain(kind=self.kind) def test_obtain(self): response = self.obtain() self.assertContains(response, "id", status_code=status.HTTP_201_CREATED) self.assertContains(response, "challenge", status_code=status.HTTP_201_CREATED) self.assertTrue("content" not in response.data) self.assertTrue(len(response.data) == 3) self.assertEqual(self.captcha_class.objects.all().count(), 1) # use the value of f'

' # to display the CAPTCHA in a browser def test_verify_correct(self): id = self.obtain().data["id"] correct_solution = Captcha.objects.get(id=id).content self.assertTrue(self.verify(id, correct_solution)) def test_verify_incorrect(self): id = self.obtain().data["id"] wrong_solution = "most certainly wrong!" self.assertFalse(self.verify(id, wrong_solution)) def test_expired(self): id = self.obtain().data["id"] correct_solution = Captcha.objects.get(id=id).content with mock.patch( "desecapi.models.timezone.now", return_value=timezone.now() + settings.CAPTCHA_VALIDITY_PERIOD, ): self.assertFalse(self.verify(id, correct_solution)) class ImageCaptchaWorkflowTestCase(CaptchaWorkflowTestCase): kind = "image" def test_length(self): self.assertTrue(5000 < len(self.obtain().data["challenge"]) < 50000) def test_parses(self): for _ in range(10): # use the show method on the Image object to see the actual image during test run # This also allows an impression of how the CAPTCHAs will look like. cap = self.obtain().data challenge = b64decode(cap["challenge"]) Image.open(BytesIO(challenge)) # .show() class AudioCaptchaWorkflowTestCase(CaptchaWorkflowTestCase): kind = "audio" def test_length(self): self.assertTrue(10 ** 5 < len(self.obtain().data["challenge"]) < 10 ** 6) def test_parses(self): for _ in range(10): challenge = b64decode(self.obtain().data["challenge"]) self.assertTrue(b"WAVE" in challenge)