def test_structure_selector(self):
"""
Check that a deactivated member can't access the structure
from the dashboard selector
"""
siae2 = SiaeWithMembershipFactory()
guest = siae2.members.first()
siae = SiaeWith2MembershipsFactory()
admin = siae.members.first()
siae.members.add(guest)
memberships = guest.siaemembership_set.all()
self.assertEqual(len(memberships), 2)
# Admin remove guest from structure
self.client.login(username=admin.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:deactivate_member",
kwargs={"user_id": guest.id})
response = self.client.post(url)
self.assertEqual(response.status_code, 302)
self.client.logout()
# guest must be able to login
self.client.login(username=guest.email, password=DEFAULT_PASSWORD)
url = reverse("dashboard:index")
response = self.client.get(url)
# Wherever guest lands should give a 200 OK
self.assertEqual(response.status_code, 200)
# Check response context, only one SIAE should remain
self.assertEqual(len(response.context["user_siaes"]), 1)
def setUp(self):
self.siae = SiaeWith2MembershipsFactory()
self.sender = self.siae.members.first()
self.invitation = SiaeSentInvitationFactory(sender=self.sender,
siae=self.siae)
self.user = get_user_model()
self.response = None
def test_send_two_invitations_to_the_same_guest(self):
# SIAE 1 invites guest once.
self.client.post(self.send_invitation_url, data=self.post_data)
# SIAE 2 invites guest too
siae_2 = SiaeWith2MembershipsFactory()
siae_2_sender = siae_2.members.first()
self.client.login(email=siae_2_sender.email, password=DEFAULT_PASSWORD)
post_data = {
"form-TOTAL_FORMS": "1",
"form-INITIAL_FORMS": "0",
"form-MIN_NUM_FORMS": "",
"form-MAX_NUM_FORMS": "",
"form-0-first_name": self.guest.first_name,
"form-0-last_name": self.guest.last_name,
"form-0-email": self.guest.email,
}
self.client.post(self.send_invitation_url, data=post_data)
invitation_query = self.invitations_model.objects.filter(siae=siae_2)
self.assertTrue(invitation_query.exists())
invitation = invitation_query.first()
self.assertEqual(invitation.first_name, self.guest.first_name)
self.assertEqual(invitation.last_name, self.guest.last_name)
self.assertEqual(invitation.email, self.guest.email)
# SIAE 1 should be able to refresh the invitation.
self.client.login(email=self.sender.email, password=DEFAULT_PASSWORD)
self.client.post(self.send_invitation_url, data=self.post_data)
def test_accept_existing_user_not_logged_in(self):
self.user = SiaeWith2MembershipsFactory().members.first()
# The user verified its email
EmailAddress(user_id=self.user.pk,
email=self.user.email,
verified=True,
primary=True).save()
self.invitation = SiaeSentInvitationFactory(
sender=self.sender,
siae=self.siae,
first_name=self.user.first_name,
last_name=self.user.last_name,
email=self.user.email,
)
response = self.client.get(self.invitation.acceptance_link,
follow=True)
self.assertIn(reverse("account_login"),
response.wsgi_request.get_full_path())
self.assertFalse(self.invitation.accepted)
self.response = self.client.post(
response.wsgi_request.get_full_path(),
data={
"login": self.user.email,
"password": DEFAULT_PASSWORD
},
follow=True,
)
self.assertTrue(self.response.wsgi_request.user.is_authenticated)
def test_user_with_no_siae_left(self):
"""
Former SIAE members with no SIAE membership left must not
be able to log in.
They are still "active" technically speaking, so if they
are activated/invited again, they will be able to log in.
"""
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
self.client.login(username=admin.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:deactivate_member",
kwargs={"user_id": guest.id})
response = self.client.post(url)
self.assertEqual(response.status_code, 302)
self.client.logout()
self.client.login(username=guest.email, password=DEFAULT_PASSWORD)
url = reverse("dashboard:index")
response = self.client.get(url)
# should be redirected to logout
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, reverse("account_logout"))
def test_new_siae_staff_form(self):
siae = SiaeWith2MembershipsFactory()
sender = siae.members.first()
form = NewSiaeStaffInvitationForm(sender=sender, siae=siae)
form.save()
invitation = SiaeStaffInvitation.objects.get(sender=sender)
self.assertEqual(invitation.siae.pk, siae.pk)
def test_admin_management_permissions(self):
"""
Non-admin users can't update admin members
"""
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
self.client.login(username=guest.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:update_admin_role",
kwargs={
"action": "remove",
"user_id": admin.id
})
# Redirection to confirm page
response = self.client.get(url)
self.assertEqual(response.status_code, 403)
# Confirm action
response = self.client.post(url)
self.assertEqual(response.status_code, 403)
# Add self as admin with no privilege
url = reverse("siaes_views:update_admin_role",
kwargs={
"action": "add",
"user_id": guest.id
})
response = self.client.get(url)
self.assertEqual(response.status_code, 403)
response = self.client.post(url)
self.assertEqual(response.status_code, 403)
def test_deactivate_with_no_perms(self):
"""
Non-admin user can't change memberships
"""
siae = SiaeWith2MembershipsFactory()
guest = siae.members.filter(siaemembership__is_admin=False).first()
self.client.login(username=guest.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:deactivate_member",
kwargs={"user_id": guest.id})
response = self.client.post(url)
self.assertEqual(response.status_code, 403)
def test_siae_with_2_memberships_factory(self):
siae = SiaeWith2MembershipsFactory()
self.assertEqual(siae.members.count(), 2)
self.assertEqual(siae.active_members.count(), 2)
self.assertEqual(siae.active_admin_members.count(), 1)
admin_user = siae.active_admin_members.get()
self.assertTrue(siae.has_admin(admin_user))
all_users = list(siae.members.all())
self.assertEqual(len(all_users), 2)
all_users.remove(admin_user)
self.assertEqual(len(all_users), 1)
regular_user = all_users[0]
self.assertFalse(siae.has_admin(regular_user))
def test_has_admin(self):
siae1 = SiaeWith2MembershipsFactory()
siae1_admin_user = siae1.active_admin_members.get()
siae1_regular_user = siae1.active_members.exclude(pk=siae1_admin_user.pk).get()
siae2 = SiaeWith4MembershipsFactory(membership2__user=siae1_admin_user)
self.assertTrue(siae1.has_member(siae1_admin_user))
self.assertTrue(siae1.has_admin(siae1_admin_user))
self.assertTrue(siae1.has_member(siae1_regular_user))
self.assertFalse(siae1.has_admin(siae1_regular_user))
self.assertTrue(siae2.has_member(siae1_admin_user))
self.assertFalse(siae2.has_admin(siae1_admin_user))
def test_accept_existing_user_is_employer(self):
self.user = SiaeWith2MembershipsFactory().members.first()
self.invitation = SiaeSentInvitationFactory(
sender=self.sender,
siae=self.siae,
first_name=self.user.first_name,
last_name=self.user.last_name,
email=self.user.email,
)
self.client.login(email=self.user.email, password=DEFAULT_PASSWORD)
self.response = self.client.get(self.invitation.acceptance_link,
follow=True)
current_siae = get_current_siae_or_404(self.response.wsgi_request)
self.assertEqual(self.invitation.siae.pk, current_siae.pk)
def test_suspicious_action(self):
"""
Test "suspicious" actions: action code not registered for use (even if admin)
"""
suspicious_action = "h4ckm3"
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
self.client.login(username=guest.email, password=DEFAULT_PASSWORD)
# update: less test with RE_PATH
with self.assertRaises(NoReverseMatch):
reverse("siaes_views:update_admin_role",
kwargs={
"action": suspicious_action,
"user_id": admin.id
})
def setUp(self):
self.siae = SiaeWith2MembershipsFactory()
self.sender = self.siae.members.first()
self.guest = UserFactory.build(first_name="Léonie",
last_name="Bathiat")
self.post_data = {
"form-TOTAL_FORMS": "1",
"form-INITIAL_FORMS": "0",
"form-MIN_NUM_FORMS": "",
"form-MAX_NUM_FORMS": "",
"form-0-first_name": self.guest.first_name,
"form-0-last_name": self.guest.last_name,
"form-0-email": self.guest.email,
}
self.invitations_model = SiaeStaffInvitation
self.client.login(email=self.sender.email, password=DEFAULT_PASSWORD)
self.send_invitation_url = reverse(
"invitations_views:invite_siae_staff")
def test_remove_admin(self):
"""
Check the ability for an admin to remove another admin
"""
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
membership = guest.siaemembership_set.first()
membership.is_admin = True
membership.save()
self.assertTrue(guest in siae.active_admin_members)
self.client.login(username=admin.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:update_admin_role",
kwargs={
"action": "remove",
"user_id": guest.id
})
# Redirection to confirm page
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
# Confirm action
response = self.client.post(url)
self.assertEqual(response.status_code, 302)
siae.refresh_from_db()
self.assertFalse(guest in siae.active_admin_members)
# The admin should receive a valid email
self.assertEqual(len(mail.outbox), 1)
email = mail.outbox[0]
self.assertEqual(
f"[Désactivation] Vous n'êtes plus administrateur de {siae.display_name}",
email.subject)
self.assertIn(
"Un administrateur vous a retiré les droits d'administrateur d'une structure",
email.body,
)
self.assertEqual(email.to[0], guest.email)
def test_deactivate_user(self):
"""
Standard use case of user deactivation.
Everything should be fine ...
"""
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
membership = guest.siaemembership_set.first()
self.assertFalse(guest in siae.active_admin_members)
self.assertTrue(admin in siae.active_admin_members)
self.client.login(username=admin.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:deactivate_member",
kwargs={"user_id": guest.id})
response = self.client.post(url)
self.assertEqual(response.status_code, 302)
# User should be deactivated now
membership.refresh_from_db()
self.assertFalse(membership.is_active)
self.assertEqual(admin, membership.updated_by)
self.assertIsNotNone(membership.updated_at)
# Check mailbox
# User must have been notified of deactivation (we're human after all)
self.assertEqual(len(mail.outbox), 1)
email = mail.outbox[0]
self.assertEqual(
f"[Désactivation] Vous n'êtes plus membre de {siae.display_name}",
email.subject)
self.assertIn(
"Un administrateur vous a retiré d'une structure sur les emplois de l'inclusion",
email.body)
self.assertEqual(email.to[0], guest.email)
def test_add_admin(self):
"""
Check the ability for an admin to add another admin to the siae
"""
siae = SiaeWith2MembershipsFactory()
admin = siae.members.filter(siaemembership__is_admin=True).first()
guest = siae.members.filter(siaemembership__is_admin=False).first()
self.client.login(username=admin.email, password=DEFAULT_PASSWORD)
url = reverse("siaes_views:update_admin_role",
kwargs={
"action": "add",
"user_id": guest.id
})
# Redirection to confirm page
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
# Confirm action
response = self.client.post(url)
self.assertEqual(response.status_code, 302)
siae.refresh_from_db()
self.assertTrue(guest in siae.active_admin_members)
# The admin should receive a valid email
self.assertEqual(len(mail.outbox), 1)
email = mail.outbox[0]
self.assertEqual(
f"[Activation] Vous êtes désormais administrateur de {siae.display_name}",
email.subject)
self.assertIn(
"Vous êtes administrateur d'une structure sur les emplois de l'inclusion",
email.body)
self.assertEqual(email.to[0], guest.email)
def test_active_members(self):
siae = SiaeWith2MembershipsFactory(membership2__user__is_active=False)
self.assertEqual(siae.members.count(), 2)
self.assertEqual(siae.active_members.count(), 1)
def test_invite_existing_user_is_employer(self):
self.guest = SiaeWith2MembershipsFactory().members.first()
self.post_data["form-0-first_name"] = self.guest.first_name
self.post_data["form-0-last_name"] = self.guest.last_name
self.post_data["form-0-email"] = self.guest.email
self.client.post(self.send_invitation_url, data=self.post_data)
def setUp(self):
self.siae = SiaeWith2MembershipsFactory()
self.sender = self.siae.members.first()
self.send_invitation_url = reverse(
"invitations_views:invite_siae_staff")
self.invitations_model = SiaeStaffInvitation
