def tamperWithForm(self, **kwargs):
a = Article.objects.get(pk=1)
d = self.getValidData(a)
d.update(kwargs)
f = CommentForm(Article.objects.get(pk=1), data=d)
self.assertFalse(f.is_valid())
return f
def tamperWithForm(self, **kwargs):
a = Article.objects.get(pk=1)
d = self.getValidData(a)
d.update(kwargs)
f = CommentForm(Article.objects.get(pk=1), data=d)
self.assertFalse(f.is_valid())
return f
def test_updates_avoid(self):
mail.outbox = []
req = FoiRequest.objects.all()[0]
mes = list(req.messages)[-1]
self.client.login(username=req.user.username, password='******')
d = {
'name': 'Jim Bob',
'email': '*****@*****.**',
'url': '',
'comment': 'This is my comment',
}
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
_batch_update()
self.assertEqual(len(mail.outbox), 0)
mail.outbox = []
self.client.logout()
# follow request
self.client.login(username='******', password='******')
response = self.client.post(
reverse('foirequestfollower-follow', kwargs={"slug": req.slug}))
self.assertEqual(response.status_code, 302)
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
_batch_update()
self.assertEqual(len(mail.outbox), 1)
def ajax_comment_post(request):
print request.POST
try:
form = CommentForm(request.POST)
except Exception as e:
print e
print "HERE"
if form.is_valid():
form.save()
return HttpResponse("IT WORKED!")
return HttpResponse("FAIL!")
def post_comment(request):
if request.method == 'POST':
prod_id = request.POST['object_pk']
prod = Product.objects.get(pk=prod_id)
form = CommentForm(target_object=prod, data=request.POST)
if form.is_valid():
form.save()
return redirect('store_home')
else:
form = CommentForm()
return render(request, "register.html", {'form': form})
def update_note(request):
"""
Updated the current note with the POST data. UpdateNoteForm is an incomplete
form that doesn't handle some properties, only the important for the note editing.
"""
if request.method == "GET" and request.is_ajax:
note = get_object_or_404(Note, pk=request.GET['noteid'])
ctype = ContentType.objects.get_for_model(Note)
latest_comments = Comment.objects.filter(
is_public=True,
is_removed=False,
content_type=ctype,
object_pk=note.id).order_by('submit_date')
note.comment_count = Comment.objects.filter(is_public=True,
is_removed=False,
content_type=ctype,
object_pk=note.id).count()
note.save()
form = CommentForm(target_object=note)
response_data = {}
response_data['author'] = {'name': note.author.username}
response_data['debate'] = {'id': note.debate.pk}
response_data['title'] = note.title
response_data['message'] = note.message
response_data['comments'] = [{
'username': c.user.username,
'comment': c.comment,
'submit_date': c.submit_date
} for c in latest_comments]
response_data["form_html"] = form.as_p()
return HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
mimetype="application/json")
if request.method == "POST" and request.is_ajax:
note = get_object_or_404(Note, pk=request.POST['noteid'])
note_form = UpdateNoteForm(request.POST or None, instance=note)
if note_form.is_valid():
note_form_uncommited = note_form.save(commit=False)
note_form_uncommited.title = request.POST['title']
note_form_uncommited.message = request.POST['message']
note_form_uncommited.last_mod_author = request.user
note_form_uncommited.save()
msg = "The note has been updated."
else:
msg = "The form is not valid, check field(s): " + note_form.errors
else:
msg = "There was some error in the petition."
return HttpResponse(msg)
def update_note(request, space_url):
"""
Updated the current note with the POST data. UpdateNoteForm is an incomplete
form that doesn't handle some properties, only the important for the note
editing.
"""
place = get_object_or_404(Space, url=space_url)
if request.method == "GET" and request.is_ajax:
note = get_object_or_404(Note, pk=request.GET['noteid'])
ctype = ContentType.objects.get_for_model(Note)
latest_comments = Comment.objects.filter(is_public=True,
is_removed=False, content_type=ctype, object_pk=note.id) \
.order_by('-submit_date')[:5]
form = CommentForm(target_object=note)
response_data = {}
response_data['title'] = note.title
response_data['message'] = note.message
response_data['author'] = {'name': note.author.username}
response_data['comments'] = [{'username': c.user.username,
'comment': c.comment,
'submit_date': c.submit_date} for c in latest_comments]
response_data["form_html"] = form.as_p()
return HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
mimetype="application/json")
if request.method == "POST" and request.is_ajax:
if has_operation_permission(request.user, place, 'note.change_note',
allow=['admins', 'mods']) or request.user == note.author:
note = get_object_or_404(Note, pk=request.POST['noteid'])
note_form = UpdateNoteForm(request.POST or None, instance=note)
if note_form.is_valid():
note_form_uncommited = note_form.save(commit=False)
note_form_uncommited.title = request.POST['title']
note_form_uncommited.message = request.POST['message']
note_form_uncommited.last_mod_author = request.user
note_form_uncommited.save()
msg = "The note has been updated."
else:
msg = "The form is not valid, check field(s): " + note_form.errors
return HttpResponse(msg)
else:
msg = "There was some error in the petition."
return HttpResponse(msg)
def test_integrity_error_on_duplicate_spam_comments(self):
class AllIsSpamModerator(EntryCommentModerator):
spam_checker_backends = [
'zinnia.spam_checker.backends.all_is_spam'
]
moderator_stack.unregister(Entry)
moderator_stack.register(Entry, AllIsSpamModerator)
datas = {
'name': 'Jim Bob',
'email': '*****@*****.**',
'url': '',
'comment': 'This is my comment'
}
f = CommentForm(self.entry)
datas.update(f.initial)
url = reverse('comments-post-comment')
self.assertEquals(self.entry.comment_count, 0)
connect_discussion_signals()
self.client.post(url, datas)
self.client.post(url, datas)
disconnect_discussion_signals()
self.assertEqual(comments.get_model().objects.count(), 1)
entry_reloaded = Entry.objects.get(pk=self.entry.pk)
self.assertEquals(entry_reloaded.comment_count, 0)
def testDjango12Hash(self):
# Ensure we can use the hashes generated by Django 1.2
a = Article.objects.get(pk=1)
d = self.getValidData(a)
content_type = d['content_type']
object_pk = d['object_pk']
timestamp = d['timestamp']
# The Django 1.2 method hard-coded here:
info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
security_hash = sha_constructor("".join(info)).hexdigest()
d['security_hash'] = security_hash
f = CommentForm(a, data=d)
self.assertTrue(f.is_valid(), f.errors)
def test_updates(self):
mail.outbox = []
req = FoiRequest.objects.all()[0]
comment_user = factories.UserFactory()
user = User.objects.get(username='******')
self.client.login(username='******', password='******')
response = self.client.post(
reverse('foirequestfollower-follow', kwargs={"slug": req.slug}))
self.assertEqual(response.status_code, 302)
self.client.logout()
self.client.login(username=comment_user.username, password='******')
mes = list(req.messages)[-1]
d = {
'name': 'Jim Bob',
'email': '*****@*****.**',
'url': '',
'comment': 'This is my comment',
}
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
_batch_update()
self.assertEqual(len(mail.outbox), 2)
self.assertEqual(mail.outbox[0].to[0], req.user.email)
self.assertEqual(mail.outbox[1].to[0], user.email)
def testDjango12Hash(self):
# Ensure we can use the hashes generated by Django 1.2
a = Article.objects.get(pk=1)
d = self.getValidData(a)
content_type = d['content_type']
object_pk = d['object_pk']
timestamp = d['timestamp']
# The Django 1.2 method hard-coded here:
info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
security_hash = sha_constructor("".join(info)).hexdigest()
d['security_hash'] = security_hash
f = CommentForm(a, data=d)
self.assertTrue(f.is_valid(), f.errors)
def test_updates_avoid(self):
mail.outbox = []
req = FoiRequest.objects.all()[0]
dummy_user = User.objects.get(username='******')
req2 = factories.FoiRequestFactory.create(site=self.site,
user=req.user)
mes = list(req.messages)[-1]
mes2 = factories.FoiMessageFactory.create(request=req2)
self.client.login(username=req.user.username, password='******')
d = {
'name': 'Jim Bob',
'email': '*****@*****.**',
'url': '',
'comment': 'This is my comment',
}
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
_batch_update(update_requester=False)
self.assertEqual(len(mail.outbox), 0)
mail.outbox = []
self.client.logout()
def do_follow(req, username):
self.client.login(username=username, password='******')
response = self.client.post(
reverse('foirequestfollower-follow', kwargs={"slug":
req.slug}))
self.assertEqual(response.status_code, 302)
self.client.logout()
def do_comment(mes, username):
self.client.login(username=username, password='******')
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
do_follow(req, 'dummy')
do_comment(mes, 'sw')
do_follow(req2, 'dummy')
do_comment(mes2, 'sw')
_batch_update()
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to[0], dummy_user.email)
Comment.objects.all().delete()
mail.outbox = []
do_comment(mes2, 'dummy')
_batch_update()
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(mail.outbox[0].to[0], req.user.email)
def update_note(request, space_url):
"""
Updated the current note with the POST data. UpdateNoteForm is an incomplete
form that doesn't handle some properties, only the important for the note editing.
"""
if request.method == "GET" and request.is_ajax:
note = get_object_or_404(Note, pk=request.GET["noteid"])
ctype = ContentType.objects.get_for_model(Note)
latest_comments = Comment.objects.filter(
is_public=True, is_removed=False, content_type=ctype, object_pk=note.id
).order_by("-submit_date")[:5]
form = CommentForm(target_object=note)
response_data = {}
response_data["title"] = note.title
response_data["message"] = note.message
response_data["comments"] = [
{"username": c.user.username, "comment": c.comment, "submit_date": c.submit_date} for c in latest_comments
]
response_data["form_html"] = form.as_p()
return HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder), mimetype="application/json")
if request.method == "POST" and request.is_ajax:
note = get_object_or_404(Note, pk=request.POST["noteid"])
note_form = UpdateNoteForm(request.POST or None, instance=note)
if note_form.is_valid():
note_form_uncommited = note_form.save(commit=False)
note_form_uncommited.title = request.POST["title"]
note_form_uncommited.message = request.POST["message"]
note_form_uncommited.last_mod_author = request.user
note_form_uncommited.save()
msg = "The note has been updated."
else:
msg = "The form is not valid, check field(s): " + note_form.errors
else:
msg = "There was some error in the petition."
return HttpResponse(msg)
def getValidData(self, obj, **kwargs):
""" work-a-round for comment form security fields """
f = CommentForm(obj)
d = {
'name' : 'John Doe',
'email' : '*****@*****.**',
'url' : '',
'comment' : 'This is my comment',
}
d.update(f.initial)
d.update(kwargs)
return d
def post_comment(request):
if request.method == 'POST':
prod_id = request.POST['object_pk']
prod = Product.objects.get(pk=prod_id)
form = CommentForm(target_object=prod, data=request.POST)
if form.is_valid():
form.save()
return redirect('store_home')
else:
form = CommentForm()
return render(request, "register.html", {'form': form})
def testProfanities(self):
"""Test COMMENTS_ALLOW_PROFANITIES and PROFANITIES_LIST settings"""
a = Article.objects.get(pk=1)
d = self.getValidData(a)
# Save settings in case other tests need 'em
saved = settings.PROFANITIES_LIST, settings.COMMENTS_ALLOW_PROFANITIES
# Don't wanna swear in the unit tests if we don't have to...
settings.PROFANITIES_LIST = ["rooster"]
# Try with COMMENTS_ALLOW_PROFANITIES off
settings.COMMENTS_ALLOW_PROFANITIES = False
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertFalse(f.is_valid())
# Now with COMMENTS_ALLOW_PROFANITIES on
settings.COMMENTS_ALLOW_PROFANITIES = True
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertTrue(f.is_valid())
# Restore settings
settings.PROFANITIES_LIST, settings.COMMENTS_ALLOW_PROFANITIES = saved
def testProfanities(self):
"""Test COMMENTS_ALLOW_PROFANITIES and PROFANITIES_LIST settings"""
a = Article.objects.get(pk=1)
d = self.getValidData(a)
# Try with COMMENTS_ALLOW_PROFANITIES off
with self.settings(COMMENTS_ALLOW_PROFANITIES=False):
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertFalse(f.is_valid())
# Now with COMMENTS_ALLOW_PROFANITIES on
with self.settings(COMMENTS_ALLOW_PROFANITIES=True):
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertTrue(f.is_valid())
def test_comment_count_denormalization(self):
class AllIsSpamModerator(EntryCommentModerator):
spam_checker_backends = [
'zinnia.spam_checker.backends.all_is_spam'
]
class NoMailNoSpamModerator(EntryCommentModerator):
def email(self, *ka, **kw):
pass
def moderate(self, *ka, **kw):
return False
datas = {
'name': 'Jim Bob',
'email': '*****@*****.**',
'url': '',
'comment': 'This is my comment'
}
f = CommentForm(self.entry)
datas.update(f.initial)
url = reverse('comments-post-comment')
moderator_stack.unregister(Entry)
moderator_stack.register(Entry, AllIsSpamModerator)
self.assertEquals(self.entry.comment_count, 0)
connect_discussion_signals()
self.client.post(url, datas)
entry_reloaded = Entry.objects.get(pk=self.entry.pk)
self.assertEquals(entry_reloaded.comment_count, 0)
moderator_stack.unregister(Entry)
moderator_stack.register(Entry, NoMailNoSpamModerator)
datas['comment'] = 'This a published comment'
self.client.post(url, datas)
disconnect_discussion_signals()
entry_reloaded = Entry.objects.get(pk=self.entry.pk)
self.assertEquals(entry_reloaded.comment_count, 1)
def testProfanities(self):
"""Test COMMENTS_ALLOW_PROFANITIES and PROFANITIES_LIST settings"""
a = Article.objects.get(pk=1)
d = self.getValidData(a)
# Save settings in case other tests need 'em
saved = settings.PROFANITIES_LIST, settings.COMMENTS_ALLOW_PROFANITIES
# Don't wanna swear in the unit tests if we don't have to...
settings.PROFANITIES_LIST = ["rooster"]
# Try with COMMENTS_ALLOW_PROFANITIES off
settings.COMMENTS_ALLOW_PROFANITIES = False
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertFalse(f.is_valid())
# Now with COMMENTS_ALLOW_PROFANITIES on
settings.COMMENTS_ALLOW_PROFANITIES = True
f = CommentForm(a, data=dict(d, comment="What a rooster!"))
self.assertTrue(f.is_valid())
# Restore settings
settings.PROFANITIES_LIST, settings.COMMENTS_ALLOW_PROFANITIES = saved
def do_comment(mes, username):
self.client.login(username=username, password='******')
f = CommentForm(mes)
d.update(f.initial)
self.client.post(reverse("comments-post-comment"), d)
def testValidPost(self):
a = Article.objects.get(pk=1)
f = CommentForm(a, data=self.getValidData(a))
self.assertTrue(f.is_valid(), f.errors)
return f
def testInit(self):
f = CommentForm(Article.objects.get(pk=1))
self.assertEqual(f.initial['content_type'], str(Article._meta))
self.assertEqual(f.initial['object_pk'], "1")
self.assertNotEqual(f.initial['security_hash'], None)
self.assertNotEqual(f.initial['timestamp'], None)
def clean_honeypot(self):
return CommentForm.clean_honeypot(self)
def get_comment_create_data(self):
data = CommentForm.get_comment_create_data(self)
data.update({"parent_comment_id": self.cleaned_data["parent_comment_id"]})
return data
def get_comment_create_data(self):
data = CommentForm.get_comment_create_data(self)
data.update(AuthOslCommentForm.get_comment_create_data(self))
return data
def __init__(self, *a, **kw):
_CommentForm.__init__(self, *a, **kw)
del self.fields['name']
del self.fields['email']
del self.fields['url']
def __init__(self, *a, **kw):
_CommentForm.__init__(self, *a, **kw)
del self.fields['name']
del self.fields['email']
del self.fields['url']
def update_note(request, space_url):
"""
Updated the current note with the POST data. UpdateNoteForm is an incomplete
form that doesn't handle some properties, only the important for the note
editing.
"""
# Shit double validation here due to the fact that we can't get the note ID
# until the JS code sends us the GET or POST signals
place = get_object_or_404(Space, url=space_url)
if request.method == "GET" and request.is_ajax():
note = get_object_or_404(Note, pk=request.GET['noteid'])
debate = get_object_or_404(Debate, pk=note.debate.id)
if (request.user.has_perm('admin_space', place)
or request.user.has_perm('mod_space', place)
or request.user.has_perm('admin_debate', debate)
or request.user.has_perm('mod_debate', debate)
or request.user == note.author):
ctype = ContentType.objects.get_for_model(Note)
latest_comments = Comment.objects.filter(is_public=True,
is_removed=False, content_type=ctype, object_pk=note.id) \
.order_by('-submit_date')[:5]
form = CommentForm(target_object=note)
response_data = {}
response_data['title'] = note.title
response_data['message'] = note.message
response_data['author'] = {'name': note.author.username}
response_data['comments'] = [{
'username': c.user.username,
'comment': c.comment,
'submit_date': c.submit_date
} for c in latest_comments]
response_data["form_html"] = form.as_p()
return HttpResponse(json.dumps(response_data,
cls=DjangoJSONEncoder),
mimetype="application/json")
else:
raise PermissionDenied
elif request.method == "POST" and request.is_ajax():
note = get_object_or_404(Note, pk=request.POST['noteid'])
debate = get_object_or_404(Debate, pk=note.debate.id)
if (request.user.has_perm('admin_space', place)
or request.user.has_perm('mod_space', place)
or request.user.has_perm('admin_debate', debate)
or request.user.has_perm('mod_debate', debate)
or request.user == note.author):
note_form = UpdateNoteForm(request.POST or None, instance=note)
if note_form.is_valid():
note_form_uncommited = note_form.save(commit=False)
note_form_uncommited.title = request.POST['title']
note_form_uncommited.message = request.POST['message']
note_form_uncommited.last_mod_author = request.user
note_form_uncommited.save()
return HttpResponse(_("Note saved"))
else:
return HttpResponseBadRequest(
_("The form is not valid, check field(s): ") +
note_form.errors)
else:
raise PermissionDenied
else:
return HttpResponseBadRequest(_("Bad request"))
def testValidPost(self):
a = Article.objects.get(pk=1)
f = CommentForm(a, data=self.getValidData(a))
self.assertTrue(f.is_valid(), f.errors)
return f
def getValidData(self, obj):
f = CommentForm(obj)
d = self.getData()
d.update(f.initial)
return d
def update_note(request, space_url):
"""
Updated the current note with the POST data. UpdateNoteForm is an incomplete
form that doesn't handle some properties, only the important for the note
editing.
"""
# Shit double validation here due to the fact that we can't get the note ID
# until the JS code sends us the GET or POST signals
place = get_object_or_404(Space, url=space_url)
if request.method == "GET" and request.is_ajax():
note = get_object_or_404(Note, pk=request.GET['noteid'])
debate = get_object_or_404(Debate, pk=note.debate.id)
if (request.user.has_perm('admin_space', place) or
request.user.has_perm('mod_space', place) or
request.user.has_perm('admin_debate', debate) or
request.user.has_perm('mod_debate', debate) or
request.user == note.author):
ctype = ContentType.objects.get_for_model(Note)
latest_comments = Comment.objects.filter(is_public=True,
is_removed=False, content_type=ctype, object_pk=note.id) \
.order_by('-submit_date')[:5]
form = CommentForm(target_object=note)
response_data = {}
response_data['title'] = note.title
response_data['message'] = note.message
response_data['author'] = {'name': note.author.username}
response_data['comments'] = [{'username': c.user.username,
'comment': c.comment,
'submit_date': c.submit_date} for c in latest_comments]
response_data["form_html"] = form.as_p()
return HttpResponse(json.dumps(response_data, cls=DjangoJSONEncoder),
mimetype="application/json")
else:
raise PermissionDenied
if request.method == "POST" and request.is_ajax:
note = get_object_or_404(Note, pk=request.POST['noteid'])
debate = get_object_or_404(Debate, pk=note.debate.id)
if (request.user.has_perm('admin_space', place) or
request.user.has_perm('mod_space', place) or
request.user.has_perm('admin_debate', debate) or
request.user.has_perm('mod_debate', debate) or
request.user == note.author):
note_form = UpdateNoteForm(request.POST or None, instance=note)
if note_form.is_valid():
note_form_uncommited = note_form.save(commit=False)
note_form_uncommited.title = request.POST['title']
note_form_uncommited.message = request.POST['message']
note_form_uncommited.last_mod_author = request.user
note_form_uncommited.save()
else:
return HttpResponseBadRequest(_("The form is not valid, check field(s): ") + note_form.errors)
else:
raise PermissionDenied
return HttpResponseBadRequest(_("Bad request"))
