def form_valid(self, form):
result = self.save_form_parts(form)
gdpr_settings = self.get_object()
if gdpr_settings.enabled:
ensure_gdpr_privacy_policy(self.object.shop)
if not GDPRCookieCategory.objects.filter(shop=gdpr_settings.shop).exists():
create_initial_required_cookie_category(self.object.shop)
return result
def form_valid(self, form):
result = self.save_form_parts(form)
gdpr_settings = self.get_object()
if gdpr_settings.enabled:
ensure_gdpr_privacy_policy(self.object.shop)
if not GDPRCookieCategory.objects.filter(shop=gdpr_settings.shop).exists():
create_initial_required_cookie_category(self.object.shop)
return result
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 200
assert "You must accept this in order to register." in response.content.decode(
"utf-8")
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def test_authenticate_form_without_consent_checkboxes(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
consent_text = printable_gibberish()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.skip_consent_on_auth = True
gdpr_settings.auth_consent_text = consent_text
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
login_url = reverse("shuup:login")
response = client.get(login_url)
soup = BeautifulSoup(response.content)
login_form = soup.find("form", {"action": "/login/"})
assert len(login_form.findAll("input")) == 4
assert consent_text in login_form.text
# user didn't check the privacy policy agreement
response = client.post(login_url, data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
def test_field_provider(rf, admin_user):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
page_consent_key = "accept_%d" % privacy_policy.pk
request = apply_request_middleware(rf.post("/"), shop=shop, user=admin_user)
field_provider = GDPRFieldProvider()
# call twice.. the field should be there while the user hasn't consented to the page
for test in range(2):
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
# consent to the page, the field shouldn't be there
create_user_consent_for_all_documents(shop, admin_user)
fields = field_provider.get_fields(request=request)
assert page_consent_key not in [f.name for f in fields]
# change the document version - field must be there again
privacy_policy.save()
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
# check if the field is shown for anonymous
request = apply_request_middleware(rf.post("/"), shop=shop, user=AnonymousUser())
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_data_download(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == page
create_user_consent_for_all_documents(shop, user)
view = GDPRDownloadDataView.as_view()
request = apply_request_middleware(rf.post("/"), user=user, shop=shop)
response = view(request=request)
assert response.status_code == 200
data = json.loads(response.content.decode("utf-8"))
assert data == {}
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request=request)
assert response.status_code == 404
def test_cookie_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
page = ensure_gdpr_privacy_policy(shop)
user = factories.create_random_user("en")
create_initial_required_cookie_category(shop)
view = GDPRCookieConsentView.as_view()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, pk=None)
assert response.status_code == 302
modified = page.modified_on
new_page = ensure_gdpr_privacy_policy(shop)
assert modified == new_page.modified_on # no update done.
new_page = ensure_gdpr_privacy_policy(shop, force_update=True)
assert modified < new_page.modified_on # no update done.
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to register." in response.content.decode("utf-8")
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def test_consent_cookies():
"""
Test that the GDPR consent is generated and saved into a cooki
"""
for code, lang in settings.LANGUAGES:
activate(code)
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work")
optional_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_opt1,_opt2,_opt3",
name="OptionalCookies",
how_is_used="to spy users")
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent
response = client.post(
reverse("shuup:gdpr_consent"),
data={
"cookie_category_{}".format(required_cookie_category.id): "on",
"cookie_category_{}".format(optional_cookie_category.id): "on"
})
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(
response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
assert privacy_policy.id == cookies_data["documents"][0]["id"]
assert privacy_policy.url == cookies_data["documents"][0]["url"]
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in optional_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
def test_consent_cookies():
"""
Test that the GDPR consent is generated and saved into a cooki
"""
for code, lang in settings.LANGUAGES:
activate(code)
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work"
)
optional_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_opt1,_opt2,_opt3",
name="OptionalCookies",
how_is_used="to spy users"
)
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent
response = client.post(reverse("shuup:gdpr_consent"), data={
"cookie_category_{}".format(required_cookie_category.id): "on",
"cookie_category_{}".format(optional_cookie_category.id): "on"
})
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
assert privacy_policy.id == cookies_data["documents"][0]["id"]
assert privacy_policy.url == cookies_data["documents"][0]["url"]
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in optional_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
create_user_consent_for_all_documents(shop, user)
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(
page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"content__en": "test_data",
"available_from": "",
"url__en": "test",
"title__en": "defa",
"available_to": "",
"page_type": PageType.REVISIONED.value
}
request = apply_request_middleware(rf.post("/", post_data),
user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert response.status_code == 302
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_cookie_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
page = ensure_gdpr_privacy_policy(shop)
user = factories.create_random_user("en")
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
create_initial_required_cookie_category(shop)
view = GDPRCookieConsentView.as_view()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, pk=None)
assert response.status_code == 302
modified = page.modified_on
new_page = ensure_gdpr_privacy_policy(shop)
assert new_page.pk == page.pk
assert modified == new_page.modified_on # no update done.
new_page = ensure_gdpr_privacy_policy(shop, force_update=True)
assert modified < new_page.modified_on # no update done.
def test_authenticate_form(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
login_url = reverse("shuup:login")
response = client.get(login_url)
soup = BeautifulSoup(response.content)
login_form = soup.find("form", {"action": "/login/"})
assert len(login_form.findAll("input")) == 5 # 4 + privacy policy checkbox
# user didn't check the privacy policy agreement
response = client.post(reverse("shuup:login"),
data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept this in order to authenticate." in response.content.decode(
"utf-8")
response = client.post(
reverse("shuup:login"),
data={
"username": user.email,
"password": "******",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"),
shop=shop,
user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing",
public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(
shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing", public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def test_authenticate_form(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
# user didn't check the privacy policy agreement
response = client.post(reverse("shuup:login"), data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to authenticate." in response.content.decode("utf-8")
response = client.post(reverse("shuup:login"), data={
"username": user.email,
"password": "******",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
def test_data_download(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == page
create_user_consent_for_all_documents(shop, user)
view = GDPRDownloadDataView.as_view()
request = apply_request_middleware(rf.post("/"), user=user, shop=shop)
response = view(request=request)
assert response.status_code == 200
data = json.loads(response.content.decode("utf-8"))
assert data["user"]["gdpr_consents"]
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request=request)
assert response.status_code == 404
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists()
original_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
# create one outside the usual flow
GDPRUserConsent.objects.create(user=user, shop=shop)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2
# consent again
new_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
assert original_consent.pk == new_consent.pk
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"base-content__en": "test_data",
"base-available_from": "",
"base-url__en": "test",
"base-title__en": "defa",
"base-available_to": "",
}
request = apply_request_middleware(rf.post("/", post_data), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
if hasattr(response, "render"):
content = response.render()
assert response.status_code in [200, 302]
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_consent_block_snippet_injection(rf):
"""
Test that the GDPR consent is required to inject xtheme scripts
"""
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# configure some snippets to be injected
google_snippet = Snippet.objects.create(
name="Google Analytics",
snippet_type=SnippetType.InlineHTMLMarkup,
location="body_end",
shop=shop,
snippet='<script id="google-script"></script>',
)
facebook_snippet = Snippet.objects.create(
name="Facebook Pixel",
snippet_type=SnippetType.InlineHTMLMarkup,
location="body_end",
shop=shop,
snippet='<script id="facebook-script"></script>',
)
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work",
)
google_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_google",
name="GoogleCookies",
how_is_used="to spy users",
)
google_cookie_category.block_snippets.add(google_snippet)
faceboook_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_facebook",
name="Facebook",
how_is_used="to track users",
)
faceboook_cookie_category.block_snippets.add(facebook_snippet)
# create privacy policy GDPR document
ensure_gdpr_privacy_policy(shop)
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent only for the required and google
response = client.post(
reverse("shuup:gdpr_consent"),
data={
"cookie_category_{}".format(required_cookie_category.id): "on",
"cookie_category_{}".format(google_cookie_category.id): "on",
"cookie_category_{}".format(faceboook_cookie_category.id): "off",
},
)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(
response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in google_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in faceboook_cookie_category.cookies.split(","):
assert cookie not in cookies_data["cookies"]
# send the request again, only the google script should be injected
response = client.get(index_url)
response.render()
content = BeautifulStoneSoup(response.content)
assert content.find_all("script", attrs={"id": "google-script"})
assert not content.find_all("script", attrs={"id": "facebook-script"})
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
assert not GDPRUserConsent.objects.filter(shop=shop,
user=user).exists()
original_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 1
# create one outside the usual flow
GDPRUserConsent.objects.create(user=user, shop=shop)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 2
# consent again
new_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 1
assert original_consent.pk == new_consent.pk
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(
page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"base-content__en": "test_data",
"base-available_from": "",
"base-url__en": "test",
"base-title__en": "defa",
"base-available_to": "",
}
request = apply_request_middleware(rf.post("/", post_data),
user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
if hasattr(response, "render"):
content = response.render()
assert response.status_code in [200, 302]
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_consent_cookies(rf):
"""
Test that the GDPR consent is generated and saved into a cooki
"""
for code, lang in settings.LANGUAGES:
activate(code)
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work")
optional_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_opt1,_opt2,_opt3",
name="OptionalCookies",
how_is_used="to spy users")
default_active_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
default_active=True,
cookies="_analytics",
name="Analytics",
how_is_used="to track users")
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent
response = client.post(
reverse("shuup:gdpr_consent"),
data={
"cookie_category_{}".format(required_cookie_category.id):
"on",
"cookie_category_{}".format(optional_cookie_category.id):
"on",
"cookie_category_{}".format(default_active_cookie_category.id):
"on",
})
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(
response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
assert privacy_policy.id == cookies_data["documents"][0]["id"]
assert privacy_policy.url == cookies_data["documents"][0]["url"]
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in optional_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in default_active_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
engine = django.template.engines['jinja2']
template = engine.from_string("{{ gdpr.get_accepted_cookies()|json }}")
request = rf.get("/")
context = {'request': request}
rendered_cookies = json.loads(template.render(context))
assert rendered_cookies == []
request.COOKIES = {
settings.SHUUP_GDPR_CONSENT_COOKIE_NAME: (response.client.cookies[
settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
}
context = {'request': request}
rendered_cookies = set(json.loads(template.render(context)))
assert rendered_cookies == set([
'_opt2', 'cookie1', '_cookie3', '_opt3', '_analytics', 'cookir2',
'_opt1'
])
