Example #1
0
    def render(self, context):
        user = AnonymousUser()

        if 'user' in context:
            if isinstance(context['user'], User):
                user = context['user']

        try:
            pk = Variable(self.pk)
            pk = pk.resolve(context)
        except:
            pk = self.pk

        try:
            filters = get_query_filters(user, 'boxes.view_box')
            box = Box.objects.filter(filters).filter(pk=pk)
            if user.is_authenticated():
                if not user.profile.is_superuser:
                    box = box.distinct()
            context['box'] = box[0]
            template = get_template('boxes/edit-link.html')
            output = '<div id="box-%s" class="boxes">%s %s</div>' % (
                box[0].pk,
                box[0].content,
                template.render(context),
            )
            return output
        except:
            return unicode()
Example #2
0
class ProfileEditPermissionTestCase(TestCase):

    def setUp(self):
        self.user = PersonaFactory()
        self.anonymous = AnonymousUser()
        self.profile = ProfileFactory()

    def test_owner_can_change_profile(self):
        '''Tests owner has change permission of Profile'''
        self.assertTrue(self.profile.user.has_perm('profiles.change_profile', obj=self.profile))

    def test_others_cannot_change_profile(self):
        '''Tests others don't have change permission of Profile'''
        self.assertFalse(self.user.has_perm('profiles.change_profile', obj=self.profile))

    def test_anonymous_cannot_change_profile(self):
        '''Tests anonymous don't have change permission of Profile'''
        self.assertFalse(self.anonymous.has_perm('profiles.change_profile', obj=self.profile))

    def test_owner_cannot_delete_profile(self):
        '''Tests owner don't have delete permission of Profile'''
        self.assertFalse(self.profile.user.has_perm('profiles.delete_profile', obj=self.profile))

    def test_others_cannot_delete_profile(self):
        '''Tests others don't have delete permission of Profile'''
        self.assertFalse(self.user.has_perm('profiles.delete_profile', obj=self.profile))

    def test_anonymous_cannot_delete_profile(self):
        '''Tests anonymous don't have delete permission of Profile'''
        self.assertFalse(self.anonymous.has_perm('profiles.delete_profile', obj=self.profile))
Example #3
0
class NoAnonymousUserBackendTest(TestCase):
    """
    Tests that AnonymousUser does not delegate to backend if it has 'supports_anonymous_user' = False
    """
    backend = 'django.contrib.auth.tests.auth_backends.NoAnonymousUserBackend'

    def setUp(self):
        self.curr_auth = settings.AUTHENTICATION_BACKENDS
        settings.AUTHENTICATION_BACKENDS = tuple(self.curr_auth) + (self.backend,)
        self.user1 = AnonymousUser()

    def tearDown(self):
        settings.AUTHENTICATION_BACKENDS = self.curr_auth

    def test_has_perm(self):
        self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
        self.assertEqual(self.user1.has_perm('anon', TestObj()), False)

    def test_has_perms(self):
        self.assertEqual(self.user1.has_perms(['anon'], TestObj()), False)

    def test_has_module_perms(self):
        self.assertEqual(self.user1.has_module_perms("app1"), False)
        self.assertEqual(self.user1.has_module_perms("app2"), False)

    def test_get_all_permissions(self):
        self.assertEqual(self.user1.get_all_permissions(TestObj()), set())
Example #4
0
    def test_clean_overwrite_url(self):
        user = AnonymousUser()
        user.is_superuser = True
        user.pk = 1
        request = type('Request', (object,), {'user': user})
        with SettingsOverride():
            data = {
                'title': 'TestPage',
                'slug': 'test-page',
                'language': 'en',
                'overwrite_url': '/overwrite/url/',
                'site': Site.objects.get_current().pk,
                'template': get_cms_setting('TEMPLATES')[0][0],
                'published': True
            }

            form = PageForm(data)
            self.assertTrue(form.is_valid(), form.errors.as_text())
            # WTF? WHY DOES form.save() not handle this stuff???
            instance = form.save()
            instance.permission_user_cache = user
            instance.permission_advanced_settings_cache = True
            Title.objects.set_or_create(request, instance, form, 'en')
            form = PageForm(data, instance=instance)
            self.assertTrue(form.is_valid(), form.errors.as_text())
Example #5
0
    def test_custom_perms(self):
        user = self.UserModel.objects.get(pk=self.user.pk)
        user.user_permissions = ['auth.test']
        user.save()

        # reloading user to purge the _perm_cache
        user = self.UserModel.objects.get(pk=self.user.pk)
        self.assertEqual(user.get_all_permissions() == set(['auth.test']), True)
        self.assertEqual(user.get_group_permissions(), set([]))
        self.assertEqual(user.has_module_perms('Group'), False)
        self.assertEqual(user.has_module_perms('auth'), True)
        user.user_permissions.extend(['auth.test2', 'auth.test3'])
        user.save()
        user = self.UserModel.objects.get(pk=self.user.pk)
        self.assertEqual(user.get_all_permissions(), set(['auth.test2', 'auth.test', 'auth.test3']))
        self.assertEqual(user.has_perm('test'), False)
        self.assertEqual(user.has_perm('auth.test'), True)
        self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), True)

        group = Group.objects.create(name='test_group')
        group.permissions = ['auth.test_group']
        group.save()
        user.groups = [group]
        user.save()

        user = self.UserModel.objects.get(pk=self.user.pk)
        exp = set(['auth.test2', 'auth.test', 'auth.test3', 'auth.test_group'])
        self.assertEqual(user.get_all_permissions(), exp)
        self.assertEqual(user.get_group_permissions(), set(['auth.test_group']))
        self.assertEqual(user.has_perms(['auth.test3', 'auth.test_group']), True)

        user = AnonymousUser()
        self.assertEqual(user.has_perm('test'), False)
        self.assertEqual(user.has_perms(['auth.test2', 'auth.test3']), False)
Example #6
0
class AnonymousUserBackendTest(TestCase):
    """
    Tests for AnonymousUser delegating to backend.
    """

    backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'

    def setUp(self):
        self.curr_auth = settings.AUTHENTICATION_BACKENDS
        settings.AUTHENTICATION_BACKENDS = (self.backend,)
        self.user1 = AnonymousUser()

    def tearDown(self):
        settings.AUTHENTICATION_BACKENDS = self.curr_auth

    def test_has_perm(self):
        self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
        self.assertEqual(self.user1.has_perm('anon', TestObj()), True)

    def test_has_perms(self):
        self.assertEqual(self.user1.has_perms(['anon'], TestObj()), True)
        self.assertEqual(self.user1.has_perms(['anon', 'perm'], TestObj()), False)

    def test_has_module_perms(self):
        self.assertEqual(self.user1.has_module_perms("app1"), True)
        self.assertEqual(self.user1.has_module_perms("app2"), False)

    def test_get_all_permissions(self):
        self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['anon']))
Example #7
0
class BackendTestAnonymousUser(RubberStampTestCase):
    fixtures = ['users.json', 'objects.json', 'permissions.json', 'assigned.json', 'assigned_object.json']
    
    def setUp(self):
        self.anon = AnonymousUser()
        self.user = User.objects.get(pk=2)
        self.object = TestModel.objects.get(pk=1)
    
    def test_no_type_or_object(self):
        self.assertFalse(self.anon.has_perm('testapp.use'))
    
    def test_with_type(self):
        self.assertFalse(self.anon.has_perm('testapp.use.testapp.testmodel'))
    
    def test_with_object(self):
        self.assertFalse(self.anon.has_perm('testapp.use', obj=self.object))
    
    def test_with_both(self):
        self.assertFalse(self.anon.has_perm('testapp.use.testapp.testmodel', obj=self.object))
    
    def test_with_both_mismatched(self):
        self.assertFalse(self.anon.has_perm('testapp.use.auth.user', obj=self.object))
        self.assertFalse(self.anon.has_perm('testapp.use.testapp.testmodel', obj=self.user))
    
    def test_has_module_perms(self):
        self.assertFalse(self.anon.has_module_perms('testapp'))
    
    def test_get_all(self):
        self.assertEqual(len(self.anon.get_all_permissions()), 0)
        self.assertEqual(len(self.anon.get_all_permissions(obj=self.object)), 0)
        self.assertEqual(len(self.anon.get_all_permissions(obj=self.user)), 0)
Example #8
0
class AccountEditPermissionTestCase(TestCase):

    def setUp(self):
        self.user = PersonaFactory()
        self.anonymous = AnonymousUser()
        self.account = AccountFactory()

    def test_owner_cannot_change_account(self):
        '''Tests owners don't have change permission of Account'''
        self.assertFalse(self.account.user.has_perm('profiles.change_account', obj=self.account))

    def test_others_cannot_change_account(self):
        '''Tests others don't have change permission of Account'''
        self.assertFalse(self.user.has_perm('profiles.change_account', obj=self.account))

    def test_anonymous_cannot_change_account(self):
        '''Tests anonymous don't have change permission of Account'''
        self.assertFalse(self.anonymous.has_perm('profiles.change_account', obj=self.account))

    def test_owner_can_delete_account(self):
        '''Tests owners have delete permission of Account'''
        self.assertTrue(self.account.user.has_perm('profiles.delete_account', obj=self.account))

    def test_others_cannot_delete_account(self):
        '''Tests others don't have delete permission of Account'''
        self.assertFalse(self.user.has_perm('profiles.delete_account', obj=self.account))

    def test_anonymous_cannot_delete_account(self):
        '''Tests anonymous don't have delete permission of Account'''
        self.assertFalse(self.anonymous.has_perm('profiles.delete_account', obj=self.account))
Example #9
0
 def render(self, context):
     user_obj = template.resolve_variable('user', context)
     obj = template.resolve_variable(self.objname, context)
     if not user_obj.is_authenticated:
         user_obj = AnonymousUser()
     context[self.varname] = user_obj.has_perm(self.codename, obj)
     return ''
Example #10
0
class GroupObjectPermBackendTest(TestCase):
    def setUp(self):
        self.james = User.objects.create_user('james', '*****@*****.**', 'james')
        self.emily = User.objects.create_user('emily', '*****@*****.**', 'emily')
        self.peter = User.objects.create_user('peter', '*****@*****.**', 'peter')
        self.fread = AnonymousUser()
        self.manager = Group.objects.create(name='manager')
        self.editor = Group.objects.create(name='editor')
        self.james.groups.add(self.manager)
        self.james.groups.add(self.editor)
        self.emily.groups.add(self.editor)
        self.page = FlatPage.objects.create(url='/test/', title='test', content='James can see this content but emily.')
        # for checking permission for all authenticated user
        ObjectPermissionMediator.viewer(self.page, None)
        # for checking permission for particular group
        ObjectPermissionMediator.manager(self.page, self.manager)
        ObjectPermissionMediator.editor(self.page, self.editor)
        
    def test_permission(self):
        # James has view, change, delete
        self.assertTrue(self.james.has_perm('flatpages.view_flatpage', self.page))
        self.assertTrue(self.james.has_perm('flatpages.change_flatpage', self.page))
        self.assertTrue(self.james.has_perm('flatpages.delete_flatpage', self.page))
        # Emliy has view, change but delete
        self.assertTrue(self.emily.has_perm('flatpages.view_flatpage', self.page))
        self.assertTrue(self.emily.has_perm('flatpages.change_flatpage', self.page))
        self.assertTrue(not self.emily.has_perm('flatpages.delete_flatpage', self.page))
        # Peter has view
        self.assertTrue(self.peter.has_perm('flatpages.view_flatpage', self.page))
        self.assertTrue(not self.peter.has_perm('flatpages.change_flatpage', self.page))
        self.assertTrue(not self.peter.has_perm('flatpages.delete_flatpage', self.page))
        # Fread never has any permission because he is not authenticated
        self.assertTrue(not self.fread.has_perm('flatpages.view_flatpage', self.page))
        self.assertTrue(not self.fread.has_perm('flatpages.change_flatpage', self.page))
        self.assertTrue(not self.fread.has_perm('flatpages.delete_flatpage', self.page))
Example #11
0
def get_cached_user(request):
    from django.contrib.auth.models import AnonymousUser

    if not hasattr(request, '_cached_user'):
        try:
            key = CACHE_KEY % request.session[SESSION_KEY]
            user = cache.cache.get(key)
        except KeyError:
            user = AnonymousUser()
        else:
            if user is None:
                user = get_user(request)

                # Try to populate profile cache if profile is installed
                if profile_model:
                    try:
                        user.get_profile()
                    # Handle exception for user with no profile and AnonymousUser
                    except (profile_model.DoesNotExist, AttributeError):
                        pass

                cache.cache.set(key, user)

        request._cached_user = user

    return request._cached_user
Example #12
0
    def read_detail( self, object_detail, bundle ):

        logged_in_user = bundle.request.user
        user = bundle.request.GET.get( 'user', None )

        if object_detail.is_public:
            return True

        # Case 1: There is no logged in user and no user query provided. We don't
        # know what to query
        if logged_in_user.is_anonymous() and user is None:
            return False

        # Case 2: There *is* a logged in user and no user query. Query repos
        # that only belong to the currently logged in user
        if user is None and logged_in_user.is_authenticated():
            public = AnonymousUser()
            return public.has_perm( 'view_repository', object_detail ) or logged_in_user.has_perm( 'view_repository', object_detail )

        # Case 3: User query is provided. Check whether the public or the user has access
        # to this data.
        if user is not None:
            public = AnonymousUser()
            user   = User.objects.get( username=user )
            return public.has_perm( 'view_repository', object_detail ) or user.has_perm( 'view_repository', object_detail )

        return False
def is_worker(request):

    json_data = json.loads(request.raw_post_data, strict=False)

    engine = import_module(settings.SESSION_ENGINE)
    try:
        session = engine.SessionStore(json_data['session_key'])
    except KeyError:
        json_response = json.dumps({"success": "false",
                                    "type": "badRequest"})
        return HttpResponse(json_response, mimetype='application/json')

    try:
        worker = session[SESSION_KEY]
        sample_path = session[BACKEND_SESSION_KEY]
        sample = load_backend(sample_path)
        user = sample.get_user(worker) or AnonymousUser()
    except KeyError:
        user = AnonymousUser()

    if user.is_authenticated():
        try:
            if user.worker:
                json_data['worker'] = user.worker
                return json_data
        except:
            return False
Example #14
0
def get_user(request):
    def get_response(data):
        return HttpResponse(json.dumps(data),
            content_type="application/json")

    response_data = {
        'errors': [],
    }

    try:
        session_key = request.GET['session_key']
    except KeyError:
        response_data['errors'].append('Session key (session_key) not provided')
        return get_response(response_data)

    response_data['isAnonymous'] = True
    response_data['isSuperuser'] = False

    try:
        session = Session.objects.get(session_key=session_key)
        uid = session.get_decoded()['_auth_user_id']
        user = User.objects.get(id=uid)
    except Session.DoesNotExist:
        response_data['errors'].append('Invalid session key')
        user = AnonymousUser()
        return get_response(response_data)

    response_data['isSuperuser'] = user.is_superuser
    response_data['isAnonymous'] = user.is_anonymous()

    if not user.is_anonymous():
        response_data['userId'] = user.id

    return get_response(response_data)
Example #15
0
def navigation(context, nav_id):
    """
    Renders the nav and its nav items.
    This will call nav_item that will call itself recursively nesting
    the subnavs
    """
    user = AnonymousUser()

    if 'user' in context:
        if isinstance(context['user'], User):
            user = context['user']

    try:
        nav_id = Variable(nav_id)
        nav_id = nav_id.resolve(context)
    except:
        pass

    try:
        filters = get_query_filters(user, 'navs.view_nav')
        navs = Nav.objects.filter(filters).filter(id=nav_id)
        if user.is_authenticated():
            if not user.profile.is_superuser:
                navs = navs.distinct()
        nav = navs[0]
    except:
        return None
    context.update({
        "nav": nav,
        "items": nav.top_items,
    })
    return context
Example #16
0
    def authenticate(self, token=None, request=None):
        """ Reads in a Facebook code and asks Facebook if it's valid and what
        user it points to. """
        args = {
            'client_id': settings.FACEBOOK_APP_ID,
            'client_secret': settings.FACEBOOK_APP_SECRET,
            'redirect_uri': request.build_absolute_uri(
                                            reverse('facebook_callback')),
            'code': token,
        }

        # Get a legit access token
        target = urllib.urlopen(
                        'https://graph.facebook.com/oauth/access_token?'
                            + urllib.urlencode(args)).read()
        response = cgi.parse_qs(target)
        access_token = response['access_token'][-1]

        # Read the user's profile information
        fb_profile = urllib.urlopen(
                'https://graph.facebook.com/me?access_token=%s' % access_token)
        fb_profile = json.load(fb_profile)

        try:
            # Try and find existing user
            fb_user = UserProfile.objects.get(facebook_id=fb_profile['id'])
            user = fb_user.user
            # Update access_token
            fb_user.access_token = access_token
            fb_user.save()
        except UserProfile.DoesNotExist:
            # No existing user
            if getattr(settings, 'FACEBOOK_FORCE_SIGNUP', False):
                # No existing user, use anonymous
                user = AnonymousUser()
                user.username = username
                user.first_name = fb_profile['first_name']
                user.last_name = fb_profile['last_name']
                fb_user = UserProfile(
                        facebook_id=fb_profile['id'],
                        access_token=access_token
                )
                user.facebookprofile = fb_user
            else:
                # No existing user, create one
                user = User.objects.create_user(fb_profile['id'],
                                                fb_profile['email'])
                user.first_name = fb_profile['first_name']
                user.last_name = fb_profile['last_name']
                # with django-primate User has one field called 'name' instead
                # of first_name and last_name
                user.name = u'%s %s' % (user.first_name, user.last_name)
                user.save()

                # Create the UserProfile
                fb_user = UserProfile(user=user,
                                          facebook_id=fb_profile['id'],
                                          access_token=access_token)
                fb_user.save()
        return user
Example #17
0
class AnonymousUserBackendTest(TestCase):
    """
    Tests for AnonymousUser delegating to backend if it has 'supports_anonymous_user' = True
    """

    backend = "django.contrib.auth.tests.auth_backends.AnonymousUserBackend"

    def setUp(self):
        self.curr_auth = settings.AUTHENTICATION_BACKENDS
        settings.AUTHENTICATION_BACKENDS = (self.backend,)
        self.user1 = AnonymousUser()

    def tearDown(self):
        settings.AUTHENTICATION_BACKENDS = self.curr_auth

    def test_has_perm(self):
        self.assertEqual(self.user1.has_perm("perm", TestObj()), False)
        self.assertEqual(self.user1.has_perm("anon", TestObj()), True)

    def test_has_perms(self):
        self.assertEqual(self.user1.has_perms(["anon"], TestObj()), True)
        self.assertEqual(self.user1.has_perms(["anon", "perm"], TestObj()), False)

    def test_has_module_perms(self):
        self.assertEqual(self.user1.has_module_perms("app1"), True)
        self.assertEqual(self.user1.has_module_perms("app2"), False)

    def test_get_all_permissions(self):
        self.assertEqual(self.user1.get_all_permissions(TestObj()), set(["anon"]))
Example #18
0
class RowlevelBackendTest(TestCase):

    backend = 'django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend'

    def setUp(self):
        self.curr_auth = settings.AUTHENTICATION_BACKENDS
        settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,)
        self.user1 = User.objects.create_user('test', '*****@*****.**', 'test')
        self.user2 = User.objects.create_user('test2', '*****@*****.**', 'test')
        self.user3 = AnonymousUser()
        self.user4 = User.objects.create_user('test4', '*****@*****.**', 'test')

    def tearDown(self):
        settings.AUTHENTICATION_BACKENDS = self.curr_auth

    def test_has_perm(self):
        self.assertEqual(self.user1.has_perm('perm', TestObj()), False)
        self.assertEqual(self.user2.has_perm('perm', TestObj()), True)
        self.assertEqual(self.user2.has_perm('perm'), False)
        self.assertEqual(self.user2.has_perms(['simple', 'advanced'], TestObj()), True)
        self.assertEqual(self.user3.has_perm('perm', TestObj()), False)
        self.assertEqual(self.user3.has_perm('anon', TestObj()), False)
        self.assertEqual(self.user3.has_perms(['simple', 'advanced'], TestObj()), False)

    def test_get_all_permissions(self):
        self.assertEqual(self.user1.get_all_permissions(TestObj()), set(['simple']))
        self.assertEqual(self.user2.get_all_permissions(TestObj()), set(['simple', 'advanced']))
        self.assertEqual(self.user2.get_all_permissions(), set([]))

    def test_get_group_permissions(self):
        content_type=ContentType.objects.get_for_model(Group)
        group = Group.objects.create(name='test_group')
        self.user4.groups.add(group)
        self.assertEqual(self.user4.get_group_permissions(TestObj()), set(['group_perm']))
Example #19
0
    def render(self, context):
        user = AnonymousUser()

        if 'user' in context:
            if isinstance(context['user'], User):
                user = context['user']

        try:
            pk = Variable(self.pk)
            pk = pk.resolve(context)
        except:
            pk = self.pk

        try:
            filters = get_query_filters(user, 'navs.view_nav')
            nav = Nav.objects.filter(filters).filter(pk=pk)
            if user.is_authenticated():
                if not user.profile.is_superuser:
                    nav = nav.distinct()

            context[self.context_var] = nav[0]
        except:
            pass

        return unicode()
Example #20
0
def nav(context, nav_id):
    """
    Renders the nav from cache
    if not will use the navigation tag for rendering the nav
    """
    user = AnonymousUser()

    if 'user' in context:
        if isinstance(context['user'], User):
            user = context['user']
    try:
        filters = get_query_filters(user, 'navs.view_nav')
        navs = Nav.objects.filter(filters).filter(id=nav_id)
        if user.is_authenticated():
            if not user.profile.is_superuser:
                navs = navs.distinct()

        nav_object = navs[0]
        nav = get_nav(nav_object.pk)
        if not nav:
            cache_nav(nav_object)
    except:
        return None

    context.update({
        "cached": nav,
        "nav_id": nav_id,
    })
    return context
Example #21
0
class RowlevelBackendTest(TestCase):

    backend = "django.contrib.auth.tests.auth_backends.SimpleRowlevelBackend"

    def setUp(self):
        self.curr_auth = settings.AUTHENTICATION_BACKENDS
        settings.AUTHENTICATION_BACKENDS = self.curr_auth + (self.backend,)
        self.user1 = User.objects.create_user("test", "*****@*****.**", "test")
        self.user2 = User.objects.create_user("test2", "*****@*****.**", "test")
        self.user3 = AnonymousUser()
        self.user4 = User.objects.create_user("test4", "*****@*****.**", "test")

    def tearDown(self):
        settings.AUTHENTICATION_BACKENDS = self.curr_auth

    def test_has_perm(self):
        self.assertEqual(self.user1.has_perm("perm", TestObj()), False)
        self.assertEqual(self.user2.has_perm("perm", TestObj()), True)
        self.assertEqual(self.user2.has_perm("perm"), False)
        self.assertEqual(self.user2.has_perms(["simple", "advanced"], TestObj()), True)
        self.assertEqual(self.user3.has_perm("perm", TestObj()), False)
        self.assertEqual(self.user3.has_perm("anon", TestObj()), False)
        self.assertEqual(self.user3.has_perms(["simple", "advanced"], TestObj()), False)

    def test_get_all_permissions(self):
        self.assertEqual(self.user1.get_all_permissions(TestObj()), set(["simple"]))
        self.assertEqual(self.user2.get_all_permissions(TestObj()), set(["simple", "advanced"]))
        self.assertEqual(self.user2.get_all_permissions(), set([]))

    def test_get_group_permissions(self):
        content_type = ContentType.objects.get_for_model(Group)
        group = Group.objects.create(name="test_group")
        self.user4.groups.add(group)
        self.assertEqual(self.user4.get_group_permissions(TestObj()), set(["group_perm"]))
Example #22
0
class ProductQuitPermissionTestCase(TestCase):
    def setUp(self):
        self.product = ProductFactory()
        self.user = PersonaFactory()
        self.wille = PersonaFactory(role='wille')
        self.anonymous = AnonymousUser()

    def test_anonymous_dont_have_quit_permission(self):
        '''
        Test anonymous users do not have quit from product permission
        '''
        self.assertFalse(self.anonymous.has_perm('products.quit_product'))

    def test_wille_dont_have_quit_permission(self):
        '''
        Test wille users do not have quit from product permission
        '''
        self.assertFalse(self.wille.has_perm('products.quit_product'))

    def test_general_user_have_quit_permission(self):
        '''
        Test general user have quit from product permission
        '''
        self.assertTrue(self.user.has_perm('products.quit_product'))

    def test_anonymous_dont_have_quit_permission_with_object(self):
        '''
        Test anonymous users do not have quit from product permission
        '''
        self.assertFalse(self.anonymous.has_perm('products.quit_product', self.product))

    def test_wille_dont_have_quit_permission_with_object(self):
        '''
        Test wille users do not have quit from product permission
        '''
        self.assertFalse(self.wille.has_perm('products.quit_product', self.product))

    def test_other_user_dont_have_quit_permission_with_object(self):
        '''
        Test other user don't have quit from product permission
        '''
        self.assertFalse(self.user.has_perm('products.quit_product', self.product))

    def test_last_administrators_dont_have_quit_permission_with_object(self):
        '''
        Test last_administrators don't have quit from product permission
        '''
        self.product.administrators.add(self.user)
        self.assertEqual(self.product.administrators.count(), 1)
        self.assertFalse(self.user.has_perm('products.quit_product', self.product))

    def test_administrators_have_quit_permission_with_object(self):
        '''
        Test last_administrators have quit from product permission
        '''
        other = PersonaFactory()
        self.product.administrators.add(self.user)
        self.product.administrators.add(other)
        self.assertTrue(self.user.has_perm('products.quit_product', self.product))
Example #23
0
def get_user(request):
    from django.contrib.auth.models import AnonymousUser

    user = authenticate(request=request)
    if user is None:
        user = AnonymousUser()
        user.email, user.first_name = request["From"]
    return user
Example #24
0
 def test_loop_page_with_anonymous_user(self):
     """
     Should redirect.
     """
     hostname = Site.objects.filter(site_name='Loop')[0].hostname
     user = AnonymousUser()
     user.client = Client()
     response = user.client.get('/groups/web-content-group/', HTTP_HOST=hostname)
     self.assertEqual(response.status_code, 302)
Example #25
0
def get_course_lti_endpoints(request, course_id):
    """
    View that, given a course_id, returns the a JSON object that enumerates all of the LTI endpoints for that course.

    The LTI 2.0 result service spec at
    http://www.imsglobal.org/lti/ltiv2p0/uml/purl.imsglobal.org/vocab/lis/v2/outcomes/Result/service.html
    says "This specification document does not prescribe a method for discovering the endpoint URLs."  This view
    function implements one way of discovering these endpoints, returning a JSON array when accessed.

    Arguments:
        request (django request object):  the HTTP request object that triggered this view function
        course_id (unicode):  id associated with the course

    Returns:
        (django response object):  HTTP response.  404 if course is not found, otherwise 200 with JSON body.
    """
    try:
        course_key = SlashSeparatedCourseKey.from_deprecated_string(course_id)
    except InvalidKeyError:
        return HttpResponse(status=404)

    try:
        course = get_course(course_key, depth=2)
    except ValueError:
        return HttpResponse(status=404)

    anonymous_user = AnonymousUser()
    anonymous_user.known = False  # make these "noauth" requests like module_render.handle_xblock_callback_noauth
    lti_descriptors = modulestore().get_items(course.id, qualifiers={'category': 'lti'})

    lti_noauth_modules = [
        get_module_for_descriptor(
            anonymous_user,
            request,
            descriptor,
            FieldDataCache.cache_for_descriptor_descendents(
                course_key,
                anonymous_user,
                descriptor
            ),
            course_key
        )
        for descriptor in lti_descriptors
    ]

    endpoints = [
        {
            'display_name': module.display_name,
            'lti_2_0_result_service_json_endpoint': module.get_outcome_service_url(
                service_name='lti_2_0_result_rest_handler') + "/user/{anon_user_id}",
            'lti_1_1_result_service_xml_endpoint': module.get_outcome_service_url(
                service_name='grade_handler'),
        }
        for module in lti_noauth_modules
    ]

    return HttpResponse(json.dumps(endpoints), content_type='application/json')
Example #26
0
 def test_anonymous_user(self):
     "Check the properties of the anonymous user"
     a = AnonymousUser()
     self.assertFalse(a.is_authenticated())
     self.assertFalse(a.is_staff)
     self.assertFalse(a.is_active)
     self.assertFalse(a.is_superuser)
     self.assertEqual(a.groups.all().count(), 0)
     self.assertEqual(a.user_permissions.all().count(), 0)
Example #27
0
    def read_detail( self, object_detail, bundle ):

        logged_in_user = bundle.request.user

        if logged_in_user.is_anonymous():
            return object_detail.is_public or logged_in_user.has_perm( 'view_data', object_detail )

        if logged_in_user.is_authenticated():
            public = AnonymousUser()
            return public.has_perm( 'view_data', object_detail ) or logged_in_user.has_perm( 'view_data', object_detail )
Example #28
0
def update_hitcount(session_key, ip_address, user_agent, username,
                    app_label, model, object_id):

    try:
        user = User.objects.get(username=username)
    except ObjectDoesNotExist:
        user = AnonymousUser()

    ctype = ContentType.objects.get(app_label=app_label, model=model)

    hitcount, created = HitCount.objects.get_or_create(
        content_type=ctype, object_pk=object_id)

    hits_per_ip_limit = getattr(settings, 'HITCOUNT_HITS_PER_IP_LIMIT', 0)
    exclude_user_group = getattr(settings, 'HITCOUNT_EXCLUDE_USER_GROUP', None)

    # first, check our request against the blacklists before continuing
    if BlacklistIP.objects.filter(ip__exact=ip_address) or \
            BlacklistUserAgent.objects.filter(user_agent__exact=user_agent):
        return False

    # second, see if we are excluding a specific user group or not
    if exclude_user_group and user.is_authenticated():
        if user.groups.filter(name__in=exclude_user_group):
            return False

    # start with a fresh active query set (HITCOUNT_KEEP_HIT_ACTIVE )
    qs = Hit.objects.filter_active()

    # check limit on hits from a unique ip address (HITCOUNT_HITS_PER_IP_LIMIT)
    if hits_per_ip_limit:
        if qs.filter(ip__exact=ip_address).count() > hits_per_ip_limit:
            return False

    # create a generic Hit object with request data
    hit = Hit(session=session_key, hitcount=hitcount, ip=ip_address,
              user_agent=user_agent)

    # first, use a user's authentication to see if they made an earlier hit
    if user.is_authenticated():
        if not qs.filter(user=user, hitcount=hitcount):
            hit.user = user  # associate this hit with a user
            hit.save()

            return True

    # if not authenticated, see if we have a repeat session
    else:
        if not qs.filter(session=session_key, hitcount=hitcount):
            hit.save()

            return True

    return False
Example #29
0
    def authenticate(self, token=None, request=None):
        """ Reads in a Facebook code and asks Facebook if it's valid and what user it points to. """
        args = {
            "client_id": settings.FACEBOOK_APP_ID,
            "client_secret": settings.FACEBOOK_APP_SECRET,
            "redirect_uri": request.build_absolute_uri("/facebook/authentication_callback"),
            "code": token,
        }

        # Get a legit access token
        target = urllib.urlopen("https://graph.facebook.com/oauth/access_token?" + urllib.urlencode(args)).read()
        response = cgi.parse_qs(target)
        access_token = response["access_token"][-1]

        # Read the user's profile information
        fb_profile = urllib.urlopen("https://graph.facebook.com/me?access_token=%s" % access_token)
        fb_profile = json.load(fb_profile)

        try:
            # Try and find existing user
            fb_user = FacebookProfile.objects.get(facebook_id=fb_profile["id"])
            user = fb_user.user

            # Update access_token
            fb_user.access_token = access_token
            fb_user.save()

        except FacebookProfile.DoesNotExist:
            # No existing user

            # Not all users have usernames
            username = fb_profile.get("username", fb_profile["id"])

            if getattr(settings, "FACEBOOK_FORCE_SIGNUP", False):
                # No existing user, use anonymous
                user = AnonymousUser()
                user.username = username
                user.first_name = fb_profile["first_name"]
                user.last_name = fb_profile["last_name"]
                fb_user = FacebookProfile(facebook_id=fb_profile["id"], access_token=access_token)
                user.facebookprofile = fb_user

            else:
                # No existing user, create one

                try:
                    user = User.objects.create_user(username, fb_profile["email"])
                except IntegrityError:
                    # Username already exists, make it unique
                    user = User.objects.create_user(username + fb_profile["id"], fb_profile["email"])
                user.first_name = fb_profile["first_name"]
                user.last_name = fb_profile["last_name"]
                user.save()

                # Create the FacebookProfile
                fb_user = FacebookProfile(user=user, facebook_id=fb_profile["id"], access_token=access_token)
                fb_user.save()

        return user
Example #30
0
    def has_perm(self, user_obj, perm, obj=None):
        '''
        main method, calls other methods based on permission type queried
        '''
        if not user_obj.is_authenticated():
            allowed_tokens = getattr(user_obj, 'allowed_tokens', [])
            user_obj = AnonymousUser()
            user_obj.allowed_tokens = allowed_tokens

        if obj is None:
            return False

        try:
            perm_label, perm_type = perm.split('.')
            perm_action, perm_ct = perm_type.split('_')
        except:
            return False

        if perm_label != self.app_label:
            return False

        ct = ContentType.objects.get_for_model(obj)
        if ct.name != perm_ct:
            return False

        method_name = '_has_%s_perm' % perm_action

        # run any custom perms per model, continue if not None
        # allows complete overriding of standard authorisation, eg for public
        # experiments
        model_spec_perm = getattr(obj, method_name,
                                  lambda *args, **kwargs: None)(user_obj)
        if type(model_spec_perm) == bool:
            return model_spec_perm

        #get_acls
        obj_acls = ObjectACL.objects.filter(
            content_type=ct, object_id=obj.id).filter(
                self.get_perm_bool(perm_action)).filter(
                    ObjectACL.get_effective_query())

        query = Q(pluginId='django_user',
                  entityId=str(user_obj.id))

        if user_obj.is_authenticated():
            for name, group in user_obj.get_profile().ext_groups:
                query |= Q(pluginId=name, entityId=str(group))
        else:
            # the only authorisation available for anonymous users is tokenauth
            tgp = TokenGroupProvider()
            for name, group in tgp.getGroups(user_obj):
                query |= Q(pluginId=name, entityId=str(group))

        return obj_acls.filter(query).count() > 0
Example #31
0
 def test_get_contents_for_unauthenticated_user(self):
     user = AnonymousUser()
     contents = Content.get_contents_for_user(self.ids, user)
     self.assertEqual(set(contents), {self.public_content})
Example #32
0
 def test_register_unauthenticated(self):
     path = reverse('register')
     request = self.factory.get(path)
     request.user = AnonymousUser()
     response = register(request)
     assert response.status_code == 200
Example #33
0
def anonymous_user():
    return AnonymousUser()
Example #34
0
 def test_logged_out_default(self):
     request = self.rf.get('/foo')
     request.user = AnonymousUser()
     view = permission_required('perm')(simple_view)
     response = view(request)
     eq_(302, response.status_code)
Example #35
0
    def test_csrf_rotation(self):
        info_mock = self.info(AnonymousUser())
        decorators.csrf_rotation(lambda cls, root, info, *args, **kwargs: None,
                                 )(self, None, info_mock)

        self.assertTrue(info_mock.context.csrf_cookie_needs_reset)
    def setUp(self):
        # This is run before every test
        self.admin_user = f.AdminUserFactory.create()
        self.anon_user = AnonymousUser()

        self.permission_view = 'view_accountsubscriptionpause'
        self.permission_add = 'add_accountsubscriptionpause'
        self.permission_change = 'change_accountsubscriptionpause'
        self.permission_delete = 'delete_accountsubscriptionpause'

        self.variables_create = {
            "input": {
                "dateStart": "2019-01-01",
                "dateEnd": "2019-01-31",
                "description": "Test description"
            }
        }

        self.variables_update = {
            "input": {
                "dateStart": "2019-01-01",
                "dateEnd": "2019-01-31",
                "description": "Test description"
            }
        }

        self.subscription_pauses_query = '''
    query AccountSubscriptionPauses($before: String, $after: String, $accountSubscription: ID!) {
      accountSubscriptionPauses(first: 20, before: $before, after: $after, accountSubscription: $accountSubscription) {
        pageInfo {
          hasNextPage
          hasPreviousPage
          startCursor
          endCursor
        }
        edges {
          node {
            id
            accountSubscription {
              id
            }
            dateStart
            dateEnd
            description
            createdAt
          }
        } 
      }
    }
'''

        self.subscription_pause_query = '''
    query AccountSubscriptionPause($id: ID!) {
      accountSubscriptionPause(id:$id) {
        id
        accountSubscription {
          id
        }
        dateStart
        dateEnd
        description
      }
    }
'''

        self.subscription_pause_create_mutation = ''' 
  mutation CreateAccountSubscriptionPause($input:CreateAccountSubscriptionPauseInput!) {
    createAccountSubscriptionPause(input: $input) {
      accountSubscriptionPause {
        id
        accountSubscription {
          id
        }
        dateStart
        dateEnd
        description
      }
    }
  }
'''

        self.subscription_pause_update_mutation = '''
  mutation UpdateAccountSubscriptionPause($input:UpdateAccountSubscriptionPauseInput!) {
    updateAccountSubscriptionPause(input: $input) {
      accountSubscriptionPause {
        id
        accountSubscription {
          id
        }
        dateStart
        dateEnd
        description
      }
    }
  }
'''

        self.subscription_pause_delete_mutation = '''
Example #37
0
    def __call__(self, request):
        try:
            x_forwarded_for = request.META['HTTP_X_FORWARDED_FOR']
            request_ip = x_forwarded_for.split(',')[-1].strip()
        except:
            request_ip = request.META['REMOTE_ADDR']

        banned_ip = BannedIP.objects.filter(ip=request_ip)
        if banned_ip.exists():
            if time() - banned_ip[0].time_banned > settings.BANNED_IP_EXPIRE_TIME:
                banned_ip.delete()
            else:
                return HttpResponseForbidden('%s %s' % (banned_ip[0].log, 'please wait {} seconds.'.format(settings.BANNED_IP_EXPIRE_TIME-int(time()-banned_ip[0].time_banned))))


        user_agent = request.META['HTTP_USER_AGENT']
        user = request.user
        session_key = request.session.session_key
        if user == AnonymousUser():
            user = None
        
        request_data = RequestData(ip=request_ip, user_agent=user_agent, user=user, session_key=session_key, time=time())
        request_data.save()

        if user and user.is_authenticated:
            same_user_visitors = RequestData.objects.filter(user=user).exclude(ip=request_ip)
            if same_user_visitors.count() > 0:
                Session.objects.filter(session_key__in=same_user_visitors.values_list('session_key', flat=True)).delete()
                same_user_visitors.delete()

        N = settings.REQUEST_LIMIT_NUMBER
        H = settings.REQUEST_LIMIT_TIME
        request_queryset = RequestData.objects.filter(ip=request_ip).order_by('time')
        requests = list(request_queryset)
        delete_early_requests = False
        if len(requests) >= N:
            time_spread = requests[-1].time - requests[0].time
            if (time_spread < H):
                BannedIP.objects.create(ip=request_ip, time_banned=time(), log='sent {} requests in {} seconds.'.format(len(requests), time_spread))
                request_queryset.delete()
            else:
                delete_early_requests = True

        response = self.get_response(request)

        if response.status_code == 401 or response.status_code == 403:
            request_data.authorized = False
            request_data.save()

        request_queryset = RequestData.objects.filter(ip=request_ip).order_by('time')
        requests = list(request_queryset)
        for i in range(len(requests)):
            n = 0
            while i < len(requests) and not requests[i].authorized:
                n += 1
                i += 1
            if n >= N:
                BannedIP.objects.create(ip=request_ip, time_banned=time(), log='sent {} consecutive unauthorized requests.'.format(n))
                request_queryset.delete()
                delete_early_requests = False

        if delete_early_requests:
            for i in range(0, len(requests)-N+1):
                    request_queryset[0].delete()
        
        return response
Example #38
0
def test_get_loginview(auth_source, rf):
    request = rf.get('/login')
    request.user = AnonymousUser()
    response = views.MPASSLoginView.as_view()(request)
    assert response.status_code == 200
    response.render()
Example #39
0
    monkeypatch.setattr(Checkout, 'shipping_method', shipping_method_mock)

    checkout = Checkout(
        cart, AnonymousUser(), 'tracking_code')

    deliveries = list(checkout.deliveries)
    assert deliveries[0][1] == Price(
        shipping_cost, currency=settings.DEFAULT_CURRENCY)
    assert deliveries[0][2] == Price(
        items_cost + shipping_cost, currency=settings.DEFAULT_CURRENCY)
    assert deliveries[0][0][0][0] == partition


@pytest.mark.parametrize('user, shipping', [
    (Mock(default_shipping_address='user_shipping'), 'user_shipping'),
    (AnonymousUser(), None)])
def test_checkout_shipping_address_with_anonymous_user(user, shipping):
    checkout = Checkout(Mock(), user, 'tracking_code')
    assert checkout._shipping_address is None
    assert checkout.shipping_address == shipping
    assert checkout._shipping_address == shipping


@pytest.mark.parametrize('address_objects, shipping', [
    (Mock(get=Mock(return_value='shipping')), 'shipping'),
    (Mock(get=Mock(side_effect=Address.DoesNotExist)), None)])
def test_checkout_shipping_address_with_storage(
        address_objects, shipping, monkeypatch):
    monkeypatch.setattr(
        'saleor.checkout.core.Address.objects', address_objects)
    checkout = Checkout(Mock(), AnonymousUser(), 'tracking_code')
Example #40
0
def test_checkout_version():
    checkout = Checkout(Mock(), AnonymousUser(), 'tracking_code')
    storage = checkout.for_storage()
    assert storage['version'] == Checkout.VERSION
Example #41
0
 def test_index_view_unauthenticated(self):
     request = self.factory.get('/index.html')
     request.user = AnonymousUser()
     response = index(request)
     self.assertEqual(response.status_code, 200)
Example #42
0
def test_checkout_is_shipping_required():
    cart = Mock(is_shipping_required=Mock(return_value=True))
    checkout = Checkout(cart, AnonymousUser(), 'tracking_code')
    assert checkout.is_shipping_required is True
Example #43
0
def test_checkout_discount(request_cart, sale, product_in_stock):
    variant = product_in_stock.variants.get()
    request_cart.add(variant, 1)
    checkout = Checkout(request_cart, AnonymousUser(), 'tracking_code')
    assert checkout.get_total() == Price(currency="USD", net=5)
Example #44
0
def test_checkout_version_with_from_storage(storage_data, expected_storage):
    checkout = Checkout.from_storage(
        storage_data, Mock(), AnonymousUser(), 'tracking_code')
    storage = checkout.for_storage()
    assert storage == expected_storage
Example #45
0
 def test_delete_view_redirects(self, foe: Foe, rf: RequestFactory):
     request = rf.get(reverse("foes:delete", kwargs={"uuid": foe.uuid}))
     request.user = AnonymousUser()
     response = foe_delete_view(request, uuid=foe.uuid)
     assert response.status_code == 302
     assert response.url == f"/accounts/login/?next=/foes/{foe.uuid}/delete/"
Example #46
0
 def test_display_profile_not_ok(self):
     request = self.factory.get(reverse("profile"))
     request.user = AnonymousUser()
     response = profile(request)
     self.assertEqual(response.status_code, 302)
Example #47
0
    def setUp(self):
        """
        """
        session = SessionStore()

        rf = RequestFactory()
        self.request = rf.get('/')
        self.request.session = session
        self.request.user = AnonymousUser()

        tax = Tax.objects.create(rate=19)

        discount = Discount.objects.create(name="Summer",
                                           value=10.0,
                                           type=0,
                                           tax=tax)

        shipping_method = ShippingMethod.objects.create(name="Standard",
                                                        active=True,
                                                        price=1.0,
                                                        tax=tax)

        payment_method = PaymentMethod.objects.create(
            name="Direct Debit",
            active=True,
            tax=tax,
        )

        us = Country.objects.get(code="us")

        address1 = Address.objects.create(
            firstname="John",
            lastname="Doe",
            company_name="Doe Ltd.",
            line1="Street 42",
            city="Gotham City",
            zip_code="2342",
            country=us,
            phone="555-111111",
            email="*****@*****.**",
        )

        self.customer = Customer.objects.create(
            session=session.session_key,
            selected_shipping_method=shipping_method,
            selected_payment_method=payment_method,
            selected_shipping_address=address1,
            selected_invoice_address=address1,
        )

        self.p1 = Product.objects.create(
            name="Product 1",
            slug="product-1",
            sku="sku-1",
            price=1.1,
            tax=tax,
            active=True,
        )

        self.p2 = Product.objects.create(
            name="Product 2",
            slug="product-2",
            sku="sku-2",
            price=2.2,
            tax=tax,
            active=True,
        )

        cart = Cart.objects.create(session=session.session_key)

        item = CartItem.objects.create(
            cart=cart,
            product=self.p1,
            amount=2,
        )

        item = CartItem.objects.create(
            cart=cart,
            product=self.p2,
            amount=3,
        )
Example #48
0
def collection_data(collection):
    request = RequestFactory().get('/')
    request.user = AnonymousUser()
    request.REGION = RESTOFWORLD
    return ShortAppsCollectionSerializer(collection,
                                         context={'request': request}).data
Example #49
0
def has_access(user, action, obj, course_key=None):
    """
    Check whether a user has the access to do action on obj.  Handles any magic
    switching based on various settings.

    Things this module understands:
    - start dates for modules
    - visible_to_staff_only for modules
    - DISABLE_START_DATES
    - different access for instructor, staff, course staff, and students.

    user: a Django user object. May be anonymous. If none is passed,
                    anonymous is assumed

    obj: The object to check access for.  A module, descriptor, location, or
                    certain special strings (e.g. 'global')

    action: A string specifying the action that the client is trying to perform.

    actions depend on the obj type, but include e.g. 'enroll' for courses.  See the
    type-specific functions below for the known actions for that type.

    course_key: A course_key specifying which course run this access is for.
        Required when accessing anything other than a CourseDescriptor, 'global',
        or a location with category 'course'

    Returns a bool.  It is up to the caller to actually deny access in a way
    that makes sense in context.
    """
    # Just in case user is passed in as None, make them anonymous
    if not user:
        user = AnonymousUser()

    # delegate the work to type-specific functions.
    # (start with more specific types, then get more general)
    if isinstance(obj, CourseDescriptor):
        return _has_access_course_desc(user, action, obj)

    if isinstance(obj, ErrorDescriptor):
        return _has_access_error_desc(user, action, obj, course_key)

    if isinstance(obj, XModule):
        return _has_access_xmodule(user, action, obj, course_key)

    # NOTE: any descriptor access checkers need to go above this
    if isinstance(obj, XBlock):
        return _has_access_descriptor(user, action, obj, course_key)

    if isinstance(obj, CourseKey):
        return _has_access_course_key(user, action, obj)

    if isinstance(obj, UsageKey):
        return _has_access_location(user, action, obj, course_key)

    if isinstance(obj, basestring):
        return _has_access_string(user, action, obj, course_key)

    # Passing an unknown object here is a coding error, so rather than
    # returning a default, complain.
    raise TypeError("Unknown object type in has_access(): '{0}'".format(
        type(obj)))
Example #50
0
def get_user(request):
    if hasattr(request, 'user') and request.user.__class__ != AnonymousUser:
        return request.user
    else:
        return AnonymousUser()
Example #51
0
    def test_permission_denied(self):
        func = decorators.login_required(lambda info: None)

        with self.assertRaises(exceptions.PermissionDenied):
            func(self.info(AnonymousUser()))
Example #52
0
 def test_anonymous(self):
     self.request.user = AnonymousUser()
     self.client.logout()
     assert not check_addon_ownership(self.request, self.addon)
Example #53
0
 def test_logged_out_default(self):
     request = self.rf.get('/foo')
     request.user = AnonymousUser()
     view = logout_required(simple_view)
     response = view(request)
     eq_(200, response.status_code)
Example #54
0
def anonymous_checkout():
    return Checkout(Mock(), AnonymousUser(), 'tracking_code')
Example #55
0
 def test_profile_unauthenticated(self):
     path = reverse('profile')
     request = self.factory.get(path)
     request.user = AnonymousUser()
     response = profile(request)
     assert 'login' in response.url
Example #56
0
def create_anonymous(**kwargs):
    from django.contrib.auth.models import AnonymousUser
    return AnonymousUser(**kwargs)
 def setUp(self):
     super(TestRebindModule, self).setUp()
     self.homework = self.add_graded_section_to_course('homework')
     self.lti = ItemFactory.create(category='lti', parent=self.homework)
     self.user = UserFactory.create()
     self.anon_user = AnonymousUser()
Example #58
0
 def test_create_view_redirects(self, rf: RequestFactory):
     request = rf.get(reverse("foes:create"))
     request.user = AnonymousUser()
     response = foe_create_view(request)
     assert response.status_code == 302
     assert response.url == "/accounts/login/?next=/foes/create/"
Example #59
0
def test_checkout_clear_storage():
    checkout = Checkout(Mock(), AnonymousUser(), 'tracking_code')
    checkout.storage['new'] = 1
    checkout.clear_storage()
    assert checkout.storage is None
    assert checkout.modified is True
Example #60
0
def test_note_form(note_value):
    checkout = Checkout(Mock(), AnonymousUser(), 'tracking_code')
    form = NoteForm({'note': note_value}, checkout=checkout)
    form.is_valid()
    form.set_checkout_note()
    assert checkout.note == note_value.strip()