def recompute_privacy_consents(unregister=True): """Recompute the built-in consent requirements for user privacy. Args: unregister (bool, optional): Whether to unregister previous entries first. """ registry = get_consent_requirements_registry() if unregister: # Unregister our consent requirements (but leave ones provided by # extensions). for requirement in (GravatarConsentRequirement, PolicyConsentRequirement): try: registry.unregister_by_attr( 'requirement_id', requirement.requirement_id) except ItemLookupError: pass siteconfig = SiteConfiguration.objects.get_current() privacy_policy = siteconfig.get('privacy_policy_url') terms_of_service = siteconfig.get('terms_of_service_url') if privacy_policy or terms_of_service: registry.register(PolicyConsentRequirement( privacy_policy, terms_of_service, siteconfig.get('site_admin_email'))) registry.register(GravatarConsentRequirement())
def recompute_privacy_consents(unregister=True): """Recompute the built-in consent requirements for user privacy. Args: unregister (bool, optional): Whether to unregister previous entries first. """ registry = get_consent_requirements_registry() if unregister: # Unregister our consent requirements (but leave ones provided by # extensions). for requirement in (GravatarConsentRequirement, PolicyConsentRequirement): try: registry.unregister_by_attr( 'requirement_id', requirement.requirement_id) except ItemLookupError: pass siteconfig = SiteConfiguration.objects.get_current() privacy_policy = siteconfig.get('privacy_policy_url') terms_of_service = siteconfig.get('terms_of_service_url') if privacy_policy or terms_of_service: registry.register(PolicyConsentRequirement( privacy_policy, terms_of_service, siteconfig.get('site_admin_email'))) registry.register(GravatarConsentRequirement())
def setUp(self): super(ConsentRequirementHookTests, self).setUp() self.registry = get_consent_requirements_registry() self.extension = self.setup_extension(MyExtension) self.consent_requirement = MyConsentRequirement() self.consent_requirement_id = self.consent_requirement.requirement_id
def decorated(request, *args, **kwargs): user = request.user if user.is_authenticated(): pending_requirements = \ get_consent_tracker().get_pending_consent_requirements(user) policy_requirement = \ get_consent_requirements_registry().get_consent_requirement( PolicyConsentRequirement.requirement_id) if (pending_requirements or (policy_requirement is not None and (policy_requirement.get_consent(user) != Consent.GRANTED))): redirect_url = getattr(settings, _CONSENT_REDIRECT_SETTING, None) if redirect_url is None: raise ImproperlyConfigured( 'settings.%s must be set.' % _CONSENT_REDIRECT_SETTING ) if callable(redirect_url): redirect_url = redirect_url(request) return HttpResponseRedirect(redirect_url) return view(request, *args, **kwargs)
def test_render_only_privacy_form_if_reject_policy_reject_others(self): """Testing MyAccountView only renders privacy policy when a user has rejected the privacy policy/terms of service and rejected all other requirements """ settings = { 'privacy_enable_user_consent': True, 'privacy_policy_url': 'https://example.com', 'terms_of_service_url': 'https://example.com', } user = User.objects.get(username='******') # Accept all consent requirements *except* the policy. get_consent_tracker().record_consent_data_list(user, [ requirement.build_consent_data(granted=False) for requirement in get_consent_requirements_registry() ]) self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.get('/account/preferences/') self.assertEqual(rsp.status_code, 200) context = rsp.context self.assertEqual(context['render_sidebar'], False) self.assertEqual(len(context['forms']), 1) self.assertIsInstance(context['forms'][0], PrivacyForm)
def test_render_all_reject_requirements(self): """Testing MyAccountView renders all forms when a user has rejected all consent decisions """ settings = { 'privacy_enable_user_consent': True, } user = User.objects.get(username='******') get_consent_tracker().record_consent_data_list(user, [ requirement.build_consent_data(granted=False) for requirement in get_consent_requirements_registry() ]) request = RequestFactory().get('/account/preferences') request.user = User.objects.get(username='******') view = MyAccountView() self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.get('/account/preferences/') self.assertEqual(rsp.status_code, 200) context = rsp.context self.assertEqual(context['render_sidebar'], True) self.assertEqual( {type(page) for page in context['pages']}, { account_page for account_page in AccountPage.registry if account_page(view, request, request.user).is_visible() })
def test_redirect_privacy_form(self): """Testing MyAccountView redirects to previous URL when saving the privacy form if a next URL is provided """ settings = { 'privacy_enable_user_consent': True, } self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.post( '/account/preferences/', dict( { 'next_url': '/some-page/', 'form_target': PrivacyForm.form_id, }, **{ 'consent_%s_choice' % requirement.requirement_id: 'allow' for requirement in get_consent_requirements_registry() })) self.assertEqual(rsp.status_code, 302) self.assertEqual(rsp.url, 'http://testserver/some-page/')
def test_render_only_privacy_form_if_reject_policy_reject_others(self): """Testing MyAccountView only renders privacy policy when a user has rejected the privacy policy/terms of service and rejected all other requirements """ settings = { 'privacy_enable_user_consent': True, 'privacy_policy_url': 'https://example.com', 'terms_of_service_url': 'https://example.com', } user = User.objects.get(username='******') # Accept all consent requirements *except* the policy. get_consent_tracker().record_consent_data_list( user, [ requirement.build_consent_data(granted=False) for requirement in get_consent_requirements_registry() ]) self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.get('/account/preferences/') self.assertEqual(rsp.status_code, 200) context = rsp.context self.assertEqual(context['render_sidebar'], False) self.assertEqual(len(context['forms']), 1) self.assertIsInstance(context['forms'][0], PrivacyForm)
def test_get_pending_consent_requirements(self): """Testing DatabaseConsentTracker.get_pending_consent_requirements""" requirement1 = MyConsentRequirement1() requirement2 = MyConsentRequirement2() registry = get_consent_requirements_registry() try: registry.register(requirement1) registry.register(requirement2) self.assertEqual( self.tracker.get_pending_consent_requirements(self.user), [requirement1, requirement2]) consent_data_1 = requirement1.build_consent_data(granted=True) self.tracker.record_consent_data_list(self.user, [consent_data_1]) self.assertEqual( self.tracker.get_pending_consent_requirements(self.user), [requirement2]) consent_data_2 = requirement2.build_consent_data(granted=True) self.tracker.record_consent_data_list(self.user, [consent_data_2]) self.assertEqual( self.tracker.get_pending_consent_requirements(self.user), []) finally: registry.unregister(requirement1) registry.unregister(requirement2)
def decorated(request, *args, **kwargs): user = request.user if user.is_authenticated(): pending_requirements = \ get_consent_tracker().get_pending_consent_requirements(user) policy_requirement = \ get_consent_requirements_registry().get_consent_requirement( PolicyConsentRequirement.requirement_id) if (pending_requirements or (policy_requirement is not None and (policy_requirement.get_consent(user) != Consent.GRANTED))): redirect_url = getattr(settings, _CONSENT_REDIRECT_SETTING, None) if redirect_url is None: raise ImproperlyConfigured('settings.%s must be set.' % _CONSENT_REDIRECT_SETTING) if callable(redirect_url): redirect_url = redirect_url(request) return HttpResponseRedirect(redirect_url) return view(request, *args, **kwargs)
def setUp(self): super(ConsentFormMixinTests, self).setUp() self.registry = get_consent_requirements_registry() self.consent_requirement_1 = MyConsentRequirement1() self.registry.register(self.consent_requirement_1) self.consent_requirement_2 = MyConsentRequirement2() self.registry.register(self.consent_requirement_2) self.user = User.objects.create(username='******')
def __init__(self, consent_requirements=None, user=None, consent_source=None, extra_consent_data=None, *args, **kwargs): """Initialize the field. Args: consent_requirements (list of djblets.privacy.consent.base. ConsentRequirement, optional): The list of consent requirements to display. If not provided, all registered consent requirements will be used. user (django.contrib.auth.models.User, optional): The user viewing the form. If provided, the default options for each field will be based on the choices already made by the user. consent_source (unicode, optional): The source to record in the consent audit trail for anything saved in this field. extra_consent_data (dict, optional): Extra information to record in the consent audit trail for anything saved in this field. *args (tuple): Additional positional arguments to pass to the parent class. **kwargs (dict): Additional keyword arguments to pass to the parent class. """ self.consent_requirements = (consent_requirements or list( get_consent_requirements_registry())) super(MultiConsentRequirementsField, self).__init__( fields=[ ConsentRequirementField(consent_requirement, consent_source=consent_source, extra_consent_data=extra_consent_data) for consent_requirement in self.consent_requirements ], widget=self.widget(self.consent_requirements), *args, **kwargs) if user and user.is_authenticated(): self.set_initial_from_user(user)
def accept_policies(self, user): """Accept the linked policies for the given user. Args: user (django.contrib.auth.models.User): The user who has accepted the privacy policy and/or terms of service. """ if self.policies_enabled: consent_registry = get_consent_requirements_registry() requirement = consent_registry.get_consent_requirement( PolicyConsentRequirement.requirement_id) consent_tracker = get_consent_tracker() consent_tracker.record_consent_data( user, requirement.build_consent_data(granted=True))
def accept_policies(self, user): """Accept the linked policies for the given user. Args: user (django.contrib.auth.models.User): The user who has accepted the privacy policy and/or terms of service. """ if self.policies_enabled: consent_registry = get_consent_requirements_registry() requirement = consent_registry.get_consent_requirement( PolicyConsentRequirement.requirement_id) consent_tracker = get_consent_tracker() consent_tracker.record_consent_data( user, requirement.build_consent_data(granted=True))
def __init__(self, consent_requirements=None, user=None, consent_source=None, extra_consent_data=None, *args, **kwargs): """Initialize the field. Args: consent_requirements (list of djblets.privacy.consent.base. ConsentRequirement, optional): The list of consent requirements to display. If not provided, all registered consent requirements will be used. user (django.contrib.auth.models.User, optional): The user viewing the form. If provided, the default options for each field will be based on the choices already made by the user. consent_source (unicode, optional): The source to record in the consent audit trail for anything saved in this field. extra_consent_data (dict, optional): Extra information to record in the consent audit trail for anything saved in this field. *args (tuple): Additional positional arguments to pass to the parent class. **kwargs (dict): Additional keyword arguments to pass to the parent class. """ self.consent_requirements = (consent_requirements or list(get_consent_requirements_registry())) super(MultiConsentRequirementsField, self).__init__( fields=[ ConsentRequirementField(consent_requirement, consent_source=consent_source, extra_consent_data=extra_consent_data) for consent_requirement in self.consent_requirements ], widget=self.widget(self.consent_requirements), *args, **kwargs) if user and user.is_authenticated(): self.set_initial_from_user(user)
def test_with_consent_required_and_no_consent_pending(self): """Testing @valid_prefs_required with privacy_enable_user_consent=True and no pending consent """ Profile.objects.create(user=self.user) consent_tracker = get_consent_tracker() consent_tracker.record_consent_data_list(self.user, [ consent_requirement.build_consent_data(granted=True) for consent_requirement in get_consent_requirements_registry() ]) all_consent = consent_tracker.get_all_consent(self.user) self.assertNotEqual(all_consent, {}) with self.siteconfig_settings({'privacy_enable_user_consent': True}): response = self._view_func(self.request) self.assertIs(type(response), HttpResponse)
def test_with_consent_required_and_no_consent_pending(self): """Testing @valid_prefs_required with privacy_enable_user_consent=True and no pending consent """ Profile.objects.create(user=self.user) consent_tracker = get_consent_tracker() consent_tracker.record_consent_data_list( self.user, [ consent_requirement.build_consent_data(granted=True) for consent_requirement in get_consent_requirements_registry() ]) all_consent = consent_tracker.get_all_consent(self.user) self.assertNotEqual(all_consent, {}) with self.siteconfig_settings({'privacy_enable_user_consent': True}): response = self._view_func(self.request) self.assertIs(type(response), HttpResponse)
def test_render_all_accept_requirements(self): """Testing MyAccountView renders all forms when a user has accepted all requirements """ settings = { 'privacy_enable_user_consent': True, } user = User.objects.get(username='******') get_consent_tracker().record_consent_data_list( user, [ requirement.build_consent_data(granted=True) for requirement in get_consent_requirements_registry() ]) request = RequestFactory().get('/account/preferences') request.user = User.objects.get(username='******') view = MyAccountView() self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.get('/account/preferences/') self.assertEqual(rsp.status_code, 200) context = rsp.context self.assertEqual(context['render_sidebar'], True) self.assertEqual( { type(page) for page in context['pages'] if page.is_visible() }, { account_page for account_page in AccountPage.registry if account_page(view, request, request.user).is_visible() })
def register_privacy_consents(force=False): """Register the built-in consent requirements for user privacy. This will only register the consents once. Calling this method multiple times will have no effect. Args: force (bool, optional): Force all consent requirements to re-register. """ global _registered if not _registered or force: registry = get_consent_requirements_registry() # Unregister our consent requirements (but leave ones provided by # extensions). for requirement in (GravatarConsentRequirement, PolicyConsentRequirement): try: registry.unregister_by_attr( 'requirement_id', requirement.requirement_id) except ItemLookupError: pass siteconfig = SiteConfiguration.objects.get_current() privacy_policy = siteconfig.get('privacy_policy_url') terms_of_service = siteconfig.get('terms_of_service_url') if privacy_policy or terms_of_service: registry.register(PolicyConsentRequirement( privacy_policy, terms_of_service, siteconfig.get('site_admin_email'))) registry.register(GravatarConsentRequirement()) _registered = True
def setUp(self): super(ConsentConfigPageFormMixinTests, self).setUp() self.registry = get_consent_requirements_registry() self.consent_requirement_1 = MyConsentRequirement1() self.registry.register(self.consent_requirement_1) self.consent_requirement_2 = MyConsentRequirement2() self.registry.register(self.consent_requirement_2) self.user = User.objects.create(username='******') self.request = RequestFactory().get('/consent/') self.request.user = self.user # Enable support for messages. SessionMiddleware().process_request(self.request) MessageMiddleware().process_request(self.request) self.page = MyPage(config_view=ConfigPagesView(), request=self.request, user=self.user)
def setUp(self): super(ConsentConfigPageFormMixinTests, self).setUp() self.registry = get_consent_requirements_registry() self.consent_requirement_1 = MyConsentRequirement1() self.registry.register(self.consent_requirement_1) self.consent_requirement_2 = MyConsentRequirement2() self.registry.register(self.consent_requirement_2) self.user = User.objects.create(username='******') self.request = RequestFactory().get('/consent/') self.request.user = self.user # Enable support for messages. SessionMiddleware().process_request(self.request) MessageMiddleware().process_request(self.request) self.page = MyPage(config_view=ConfigPagesView(), request=self.request, user=self.user)
def test_redirect_privacy_form(self): """Testing MyAccountView redirects to previous URL when saving the privacy form if a next URL is provided """ settings = { 'privacy_enable_user_consent': True, } self.client.login(username='******', password='******') with self.siteconfig_settings(settings): rsp = self.client.post( '/account/preferences/', dict({ 'next_url': '/some-page/', 'form_target': PrivacyForm.form_id, }, **{ 'consent_%s_choice' % requirement.requirement_id: 'allow' for requirement in get_consent_requirements_registry() })) self.assertEqual(rsp.status_code, 302) self.assertEqual(rsp.url, 'http://testserver/some-page/')
def clear_consent_caches(self): """Clear all consent-related caches.""" cache.clear() get_consent_requirements_registry().reset() clear_consent_tracker()
def setUpClass(cls): super(CheckPendingConsentTests, cls).setUpClass() cls.request_factory = RequestFactory() cls.registry = get_consent_requirements_registry()
def setUpClass(cls): super(CheckPendingConsentTests, cls).setUpClass() cls.request_factory = RequestFactory() cls.registry = get_consent_requirements_registry()