def form_valid(self, form): result = self.save_form_parts(form) gdpr_settings = self.get_object() if gdpr_settings.enabled: ensure_gdpr_privacy_policy(self.object.shop) if not GDPRCookieCategory.objects.filter(shop=gdpr_settings.shop).exists(): create_initial_required_cookie_category(self.object.shop) return result
def form_valid(self, form): result = self.save_form_parts(form) gdpr_settings = self.get_object() if gdpr_settings.enabled: ensure_gdpr_privacy_policy(self.object.shop) if not GDPRCookieCategory.objects.filter(shop=gdpr_settings.shop).exists(): create_initial_required_cookie_category(self.object.shop) return result
def test_register_form(client): activate("en") shop = factories.get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/index/" client = SmartClient() # user didn't checked the privacy policy agreement response = client.post( reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.status_code == 200 assert "You must accept this in order to register." in response.content.decode( "utf-8") response = client.post( reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target) user = User.objects.first() assert is_documents_consent_in_sync(shop, user) ensure_gdpr_privacy_policy(shop, force_update=True) assert not is_documents_consent_in_sync(shop, user)
def test_authenticate_form_without_consent_checkboxes(client): activate("en") shop = factories.get_default_shop() user = factories.create_random_user("en") user.email = "*****@*****.**" user.set_password("1234") user.save() consent_text = printable_gibberish() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.skip_consent_on_auth = True gdpr_settings.auth_consent_text = consent_text gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/redirect-success/" client = SmartClient() login_url = reverse("shuup:login") response = client.get(login_url) soup = BeautifulSoup(response.content) login_form = soup.find("form", {"action": "/login/"}) assert len(login_form.findAll("input")) == 4 assert consent_text in login_form.text # user didn't check the privacy policy agreement response = client.post(login_url, data={ "username": user.email, "password": "******", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 302
def test_field_provider(rf, admin_user): activate("en") shop = factories.get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) page_consent_key = "accept_%d" % privacy_policy.pk request = apply_request_middleware(rf.post("/"), shop=shop, user=admin_user) field_provider = GDPRFieldProvider() # call twice.. the field should be there while the user hasn't consented to the page for test in range(2): fields = field_provider.get_fields(request=request) assert page_consent_key in [f.name for f in fields] # consent to the page, the field shouldn't be there create_user_consent_for_all_documents(shop, admin_user) fields = field_provider.get_fields(request=request) assert page_consent_key not in [f.name for f in fields] # change the document version - field must be there again privacy_policy.save() fields = field_provider.get_fields(request=request) assert page_consent_key in [f.name for f in fields] # check if the field is shown for anonymous request = apply_request_middleware(rf.post("/"), shop=shop, user=AnonymousUser()) fields = field_provider.get_fields(request=request) assert page_consent_key in [f.name for f in fields]
def test_update_injection(): shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") page = ensure_gdpr_privacy_policy(shop) shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.enabled = True shop_gdpr.privacy_policy = page shop_gdpr.save() assert_update(client, index_url, False) # nothing consented in past, should not show user = factories.create_random_user("en") password = "******" user.set_password(password) user.save() client.login(username=user.username, password=password) assert_update(client, index_url, False) # no consent given, should not be visible create_user_consent_for_all_documents(shop, user) assert_update(client, index_url, False) with reversion.create_revision(): page.save() assert not is_documents_consent_in_sync(shop, user) assert_update(client, index_url, True) # consent client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk))) assert is_documents_consent_in_sync(shop, user) assert_update(client, index_url, False)
def test_update_injection(): shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") page = ensure_gdpr_privacy_policy(shop) shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.enabled = True shop_gdpr.privacy_policy = page shop_gdpr.save() assert_update(client, index_url, False) # nothing consented in past, should not show user = factories.create_random_user("en") password = "******" user.set_password(password) user.save() client.login(username=user.username, password=password) assert_update(client, index_url, False) # no consent given, should not be visible create_user_consent_for_all_documents(shop, user) assert_update(client, index_url, False) with reversion.create_revision(): page.save() assert not is_documents_consent_in_sync(shop, user) assert_update(client, index_url, True) # consent client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk))) assert is_documents_consent_in_sync(shop, user) assert_update(client, index_url, False)
def test_data_download(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == page create_user_consent_for_all_documents(shop, user) view = GDPRDownloadDataView.as_view() request = apply_request_middleware(rf.post("/"), user=user, shop=shop) response = view(request=request) assert response.status_code == 200 data = json.loads(response.content.decode("utf-8")) assert data == {} request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request=request) assert response.status_code == 404
def test_cookie_consent_view(rf, language): activate(language) shop = factories.get_default_shop() page = ensure_gdpr_privacy_policy(shop) user = factories.create_random_user("en") create_initial_required_cookie_category(shop) view = GDPRCookieConsentView.as_view() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, pk=None) assert response.status_code == 302 modified = page.modified_on new_page = ensure_gdpr_privacy_policy(shop) assert modified == new_page.modified_on # no update done. new_page = ensure_gdpr_privacy_policy(shop, force_update=True) assert modified < new_page.modified_on # no update done.
def test_register_form(client): activate("en") shop = factories.get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/index/" client = SmartClient() # user didn't checked the privacy policy agreement response = client.post(reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 200 assert "You must accept to this to register." in response.content.decode("utf-8") response = client.post(reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target) user = User.objects.first() assert is_documents_consent_in_sync(shop, user) ensure_gdpr_privacy_policy(shop, force_update=True) assert not is_documents_consent_in_sync(shop, user)
def test_consent_cookies(): """ Test that the GDPR consent is generated and saved into a cooki """ for code, lang in settings.LANGUAGES: activate(code) shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") response = client.get(index_url) # create a GDPR setting for the shop shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.cookie_banner_content = "my cookie banner content" shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt" shop_gdpr.enabled = True shop_gdpr.save() # create cookie categories required_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=True, cookies="cookie1,cookir2,_cookie3", name="RequiredCookies", how_is_used="to make the site work") optional_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, cookies="_opt1,_opt2,_opt3", name="OptionalCookies", how_is_used="to spy users") # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) response = client.get(index_url) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies # send consent response = client.post( reverse("shuup:gdpr_consent"), data={ "cookie_category_{}".format(required_cookie_category.id): "on", "cookie_category_{}".format(optional_cookie_category.id): "on" }) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies cookies_data = json.loads( response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value) assert privacy_policy.id == cookies_data["documents"][0]["id"] assert privacy_policy.url == cookies_data["documents"][0]["url"] for cookie in required_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in optional_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"]
def test_consent_cookies(): """ Test that the GDPR consent is generated and saved into a cooki """ for code, lang in settings.LANGUAGES: activate(code) shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") response = client.get(index_url) # create a GDPR setting for the shop shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.cookie_banner_content = "my cookie banner content" shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt" shop_gdpr.enabled = True shop_gdpr.save() # create cookie categories required_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=True, cookies="cookie1,cookir2,_cookie3", name="RequiredCookies", how_is_used="to make the site work" ) optional_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, cookies="_opt1,_opt2,_opt3", name="OptionalCookies", how_is_used="to spy users" ) # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) response = client.get(index_url) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies # send consent response = client.post(reverse("shuup:gdpr_consent"), data={ "cookie_category_{}".format(required_cookie_category.id): "on", "cookie_category_{}".format(optional_cookie_category.id): "on" }) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies cookies_data = json.loads(response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value) assert privacy_policy.id == cookies_data["documents"][0]["id"] assert privacy_policy.url == cookies_data["documents"][0]["url"] for cookie in required_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in optional_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"]
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") create_user_consent_for_all_documents(shop, user) version = versions[0] assert GDPRUserConsentDocument.objects.filter( page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "content__en": "test_data", "available_from": "", "url__en": "test", "title__en": "defa", "available_to": "", "page_type": PageType.REVISIONED.value } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert response.status_code == 302 versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_cookie_consent_view(rf, language): activate(language) shop = factories.get_default_shop() page = ensure_gdpr_privacy_policy(shop) user = factories.create_random_user("en") gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() create_initial_required_cookie_category(shop) view = GDPRCookieConsentView.as_view() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, pk=None) assert response.status_code == 302 modified = page.modified_on new_page = ensure_gdpr_privacy_policy(shop) assert new_page.pk == page.pk assert modified == new_page.modified_on # no update done. new_page = ensure_gdpr_privacy_policy(shop, force_update=True) assert modified < new_page.modified_on # no update done.
def test_authenticate_form(client): activate("en") shop = factories.get_default_shop() user = factories.create_random_user("en") user.email = "*****@*****.**" user.set_password("1234") user.save() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/redirect-success/" client = SmartClient() login_url = reverse("shuup:login") response = client.get(login_url) soup = BeautifulSoup(response.content) login_form = soup.find("form", {"action": "/login/"}) assert len(login_form.findAll("input")) == 5 # 4 + privacy policy checkbox # user didn't check the privacy policy agreement response = client.post(reverse("shuup:login"), data={ "username": user.email, "password": "******", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 200 assert "You must accept this in order to authenticate." in response.content.decode( "utf-8") response = client.post( reverse("shuup:login"), data={ "username": user.email, "password": "******", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target)
def test_policy_consent_view(rf, language): activate(language) shop = factories.get_default_shop() user = factories.create_random_user("en") page = ensure_gdpr_privacy_policy(shop) view = GDPRPolicyConsentView.as_view() # try without user request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request, page_id=page.id) assert response.status_code == 404 # try with anonymous user anonymous_user = AnonymousUser() request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user) response = view(request, page_id=page.id) assert response.status_code == 404 # try without correct page incorrect_shop = Shop.objects.create(name="testing", public_name="testing..") incorrect_page = Page.objects.create(shop=incorrect_shop) request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=incorrect_page.id) assert response.status_code == 404 assert is_documents_consent_in_sync( shop, user) # returns true because no settings set request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 404 # gdpr settings not enabled gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.privacy_policy = page gdpr_settings.save() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 302 # all good! assert is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language): activate(language) shop = factories.get_default_shop() user = factories.create_random_user("en") page = ensure_gdpr_privacy_policy(shop) view = GDPRPolicyConsentView.as_view() # try without user request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request, page_id=page.id) assert response.status_code == 404 # try with anonymous user anonymous_user = AnonymousUser() request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user) response = view(request, page_id=page.id) assert response.status_code == 404 # try without correct page incorrect_shop = Shop.objects.create(name="testing", public_name="testing..") incorrect_page = Page.objects.create(shop=incorrect_shop) request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=incorrect_page.id) assert response.status_code == 404 assert is_documents_consent_in_sync(shop, user) # returns true because no settings set request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 404 # gdpr settings not enabled gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.privacy_policy = page gdpr_settings.save() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 302 # all good! assert is_documents_consent_in_sync(shop, user)
def test_authenticate_form(client): activate("en") shop = factories.get_default_shop() user = factories.create_random_user("en") user.email = "*****@*****.**" user.set_password("1234") user.save() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/redirect-success/" client = SmartClient() # user didn't check the privacy policy agreement response = client.post(reverse("shuup:login"), data={ "username": user.email, "password": "******", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 200 assert "You must accept to this to authenticate." in response.content.decode("utf-8") response = client.post(reverse("shuup:login"), data={ "username": user.email, "password": "******", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target)
def test_data_download(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == page create_user_consent_for_all_documents(shop, user) view = GDPRDownloadDataView.as_view() request = apply_request_middleware(rf.post("/"), user=user, shop=shop) response = view(request=request) assert response.status_code == 200 data = json.loads(response.content.decode("utf-8")) assert data["user"]["gdpr_consents"] request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request=request) assert response.status_code == 404
def test_consent_required(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) assert not gdpr_settings.enabled assert gdpr_settings.privacy_policy_page == page assert not should_reconsent_privacy_policy(shop, user) assert is_documents_consent_in_sync(shop, user) # settings not enabled assert page in get_possible_consent_pages(shop) # enable gpdr gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert not is_documents_consent_in_sync(shop, user) # create revisioned page hidden_page = Page.objects.create(shop=shop, available_from=None) assert hidden_page not in Page.objects.visible(shop=shop) assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert hidden_page in get_possible_consent_pages(shop) with reversion.create_revision(): page.save() create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1 consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible with reversion.create_revision(): page.save() # add a new (visible) page available_page = Page.objects.create(shop=shop, available_from=now()) assert available_page in Page.objects.visible(shop=shop) create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page not in pages # not there due defined in settings assert available_page in get_possible_consent_pages(shop) assert available_page not in get_active_consent_pages(shop) gdpr_settings.consent_pages.add(available_page) gdpr_settings.refresh_from_db() assert gdpr_settings.privacy_policy_page assert gdpr_settings.consent_pages.count() == 1 assert available_page in get_active_consent_pages(shop) assert consent.documents.count() == 1 create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) assert consent.documents.count() == 2 assert is_documents_consent_in_sync(shop, user) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page in pages
def test_consent_required(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) assert not gdpr_settings.enabled assert gdpr_settings.privacy_policy_page == page assert not should_reconsent_privacy_policy(shop, user) assert is_documents_consent_in_sync(shop, user) # settings not enabled assert page in get_possible_consent_pages(shop) # enable gpdr gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert not is_documents_consent_in_sync(shop, user) # create revisioned page hidden_page = Page.objects.create(shop=shop, available_from=None) assert hidden_page not in Page.objects.visible(shop=shop) assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert hidden_page in get_possible_consent_pages(shop) with reversion.create_revision(): page.save() create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1 consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible with reversion.create_revision(): page.save() # add a new (visible) page available_page = Page.objects.create(shop=shop, available_from=now()) assert available_page in Page.objects.visible(shop=shop) create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page not in pages # not there due defined in settings assert available_page in get_possible_consent_pages(shop) assert available_page not in get_active_consent_pages(shop) gdpr_settings.consent_pages.add(available_page) gdpr_settings.refresh_from_db() assert gdpr_settings.privacy_policy_page assert gdpr_settings.consent_pages.count() == 1 assert available_page in get_active_consent_pages(shop) assert consent.documents.count() == 1 create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) assert consent.documents.count() == 2 assert is_documents_consent_in_sync(shop, user) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page in pages
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists() original_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 # create one outside the usual flow GDPRUserConsent.objects.create(user=user, shop=shop) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2 # consent again new_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 assert original_consent.pk == new_consent.pk version = versions[0] assert GDPRUserConsentDocument.objects.filter(page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "base-content__en": "test_data", "base-available_from": "", "base-url__en": "test", "base-title__en": "defa", "base-available_to": "", } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) if hasattr(response, "render"): content = response.render() assert response.status_code in [200, 302] versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_consent_block_snippet_injection(rf): """ Test that the GDPR consent is required to inject xtheme scripts """ shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") # create a GDPR setting for the shop shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.cookie_banner_content = "my cookie banner content" shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt" shop_gdpr.enabled = True shop_gdpr.save() # configure some snippets to be injected google_snippet = Snippet.objects.create( name="Google Analytics", snippet_type=SnippetType.InlineHTMLMarkup, location="body_end", shop=shop, snippet='<script id="google-script"></script>', ) facebook_snippet = Snippet.objects.create( name="Facebook Pixel", snippet_type=SnippetType.InlineHTMLMarkup, location="body_end", shop=shop, snippet='<script id="facebook-script"></script>', ) # create cookie categories required_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=True, cookies="cookie1,cookir2,_cookie3", name="RequiredCookies", how_is_used="to make the site work", ) google_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, cookies="_google", name="GoogleCookies", how_is_used="to spy users", ) google_cookie_category.block_snippets.add(google_snippet) faceboook_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, cookies="_facebook", name="Facebook", how_is_used="to track users", ) faceboook_cookie_category.block_snippets.add(facebook_snippet) # create privacy policy GDPR document ensure_gdpr_privacy_policy(shop) response = client.get(index_url) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies # send consent only for the required and google response = client.post( reverse("shuup:gdpr_consent"), data={ "cookie_category_{}".format(required_cookie_category.id): "on", "cookie_category_{}".format(google_cookie_category.id): "on", "cookie_category_{}".format(faceboook_cookie_category.id): "off", }, ) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies cookies_data = json.loads( response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value) for cookie in required_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in google_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in faceboook_cookie_category.cookies.split(","): assert cookie not in cookies_data["cookies"] # send the request again, only the google script should be injected response = client.get(index_url) response.render() content = BeautifulStoneSoup(response.content) assert content.find_all("script", attrs={"id": "google-script"}) assert not content.find_all("script", attrs={"id": "facebook-script"})
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists() original_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 # create one outside the usual flow GDPRUserConsent.objects.create(user=user, shop=shop) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2 # consent again new_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 assert original_consent.pk == new_consent.pk version = versions[0] assert GDPRUserConsentDocument.objects.filter( page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "base-content__en": "test_data", "base-available_from": "", "base-url__en": "test", "base-title__en": "defa", "base-available_to": "", } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) if hasattr(response, "render"): content = response.render() assert response.status_code in [200, 302] versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_consent_cookies(rf): """ Test that the GDPR consent is generated and saved into a cooki """ for code, lang in settings.LANGUAGES: activate(code) shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") response = client.get(index_url) # create a GDPR setting for the shop shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.cookie_banner_content = "my cookie banner content" shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt" shop_gdpr.enabled = True shop_gdpr.save() # create cookie categories required_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=True, cookies="cookie1,cookir2,_cookie3", name="RequiredCookies", how_is_used="to make the site work") optional_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, cookies="_opt1,_opt2,_opt3", name="OptionalCookies", how_is_used="to spy users") default_active_cookie_category = GDPRCookieCategory.objects.create( shop=shop, always_active=False, default_active=True, cookies="_analytics", name="Analytics", how_is_used="to track users") # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) response = client.get(index_url) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies # send consent response = client.post( reverse("shuup:gdpr_consent"), data={ "cookie_category_{}".format(required_cookie_category.id): "on", "cookie_category_{}".format(optional_cookie_category.id): "on", "cookie_category_{}".format(default_active_cookie_category.id): "on", }) assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies cookies_data = json.loads( response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value) assert privacy_policy.id == cookies_data["documents"][0]["id"] assert privacy_policy.url == cookies_data["documents"][0]["url"] for cookie in required_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in optional_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] for cookie in default_active_cookie_category.cookies.split(","): assert cookie in cookies_data["cookies"] engine = django.template.engines['jinja2'] template = engine.from_string("{{ gdpr.get_accepted_cookies()|json }}") request = rf.get("/") context = {'request': request} rendered_cookies = json.loads(template.render(context)) assert rendered_cookies == [] request.COOKIES = { settings.SHUUP_GDPR_CONSENT_COOKIE_NAME: (response.client.cookies[ settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value) } context = {'request': request} rendered_cookies = set(json.loads(template.render(context))) assert rendered_cookies == set([ '_opt2', 'cookie1', '_cookie3', '_opt3', '_analytics', 'cookir2', '_opt1' ])