def test_otp_fido2_check_success_url(self):
# Given there is no next querystring set
request_factory = RequestFactory()
request = request_factory.get("/accounts/2fa/fido2/check/")
request.user = self.user
request.session = SessionBase()
otp_fido2_check_view = Fido2Check()
otp_fido2_check_view.request = request
# Success url is set to Home
self.assertEqual(otp_fido2_check_view.get_success_url(),
reverse_lazy("home"))
# Given there is a safe url in next querystring
request = request_factory.get("/accounts/2fa/fido2/check/")
request.user = self.user
request.session = SessionBase()
request.session["next"] = reverse_lazy("account_index")
otp_fido2_check_view = Fido2Check()
otp_fido2_check_view.request = request
# Success url is set to next url
self.assertEqual(otp_fido2_check_view.get_success_url(),
reverse_lazy("account_index"))
# Given there is an unsafe url in next querystring
request = request_factory.get("/accounts/2fa/fido2/check/")
request.user = self.user
request.session = SessionBase()
request.session["next"] = "https://buymybitcoins.plz"
otp_fido2_check_view = Fido2Check()
otp_fido2_check_view.request = request
# Success url is set NOT set to next url, it defaults to Home
self.assertEqual(otp_fido2_check_view.get_success_url(),
reverse_lazy("home"))
def test_stash_utm_params():
session = SessionBase()
assert not stash_utm_params(session, {})
assert stash_utm_params(session, {"utm_medium": "foo"})
assert session.modified
assert len(session[SESSION_KEY_UTM_PARAMS]) == 1
assert session[SESSION_KEY_UTM_PARAMS][0] == {"utm_medium": "foo"}
# add a second set of params
assert stash_utm_params(session, {"utm_medium": "bar"})
assert len(session[SESSION_KEY_UTM_PARAMS]) == 2
assert session[SESSION_KEY_UTM_PARAMS][1] == {"utm_medium": "bar"}
# add a duplicate set of params
assert not stash_utm_params(session, {"utm_medium": "bar"})
assert len(session[SESSION_KEY_UTM_PARAMS]) == 2
def process_request(self, request):
for url in self.IGNORE_URLS:
if (request.path_info.startswith(url)
and settings.SESSION_COOKIE_NAME not in request.COOKIES
and self.cookie_name_fallback not in request.COOKIES):
# Hack request.session otherwise the Authentication middleware complains.
request.session = SessionBase() # create an empty session
return
if settings.SESSION_COOKIE_SAMESITE:
super().process_request(request)
else:
if settings.SESSION_COOKIE_NAME in request.COOKIES:
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)
else:
session_key = request.COOKIES.get(self.cookie_name_fallback)
request.session = self.SessionStore(session_key)
def test_middleware(self, mock_utm):
request = mock.Mock(spec=HttpRequest)
request.session = SessionBase()
mock_utm.return_value = {
"utm_medium": "medium",
"utm_source": "source",
"utm_campaign": "campaign",
"utm_term": "term",
"utm_content": "content",
"gclid": "1C5CHFA_enGB874GB874",
}
middleware = UtmSessionMiddleware(lambda r: HttpResponse())
middleware(request)
assert len(request.session[SESSION_KEY_UTM_PARAMS]) == 1
utm_params = request.session[SESSION_KEY_UTM_PARAMS][0]
assert utm_params["utm_medium"] == "medium"
assert utm_params["utm_source"] == "source"
assert utm_params["utm_campaign"] == "campaign"
assert utm_params["utm_term"] == "term"
assert utm_params["utm_content"] == "content"
assert utm_params["gclid"] == "1C5CHFA_enGB874GB874"
def test_otp_totp_confirm_success_url(self):
# Given user didn't set static device
request_factory = RequestFactory()
request = request_factory.post(
f"/accounts/2fa/totp/{self.totp_device.id}/")
request.user = self.user
request.session = SessionBase()
otp_totp_confirm_view = TOTPDeviceConfirm()
otp_totp_confirm_view.request = request
# Success url is set to otp_static_add
self.assertEqual(otp_totp_confirm_view.get_success_url(),
reverse_lazy("otp_static_add"))
# Given user set one static device
setup_2fa_static_device(self.user)
request = request_factory.post(
f"/accounts/2fa/totp/{self.totp_device.id}/")
request.user = self.user
otp_totp_confirm_view = TOTPDeviceConfirm()
otp_totp_confirm_view.request = request
# Success url is set to otp_list
self.assertEqual(otp_totp_confirm_view.get_success_url(),
reverse_lazy("otp_list"))
# Given user set two static devices
setup_2fa_static_device(self.user)
request = request_factory.post(
f"/accounts/2fa/totp/{self.totp_device.id}/")
request.user = self.user
otp_totp_confirm_view = TOTPDeviceConfirm()
otp_totp_confirm_view.request = request
# Success url is set to otp_list
self.assertEqual(otp_totp_confirm_view.get_success_url(),
reverse_lazy("otp_list"))
def test_otp_totp_confirm_form_valid_set_data(self):
request_factory = RequestFactory()
request = request_factory.post(
f"/accounts/2fa/totp/{self.totp_device.id}/")
request.user = self.user
request.session = SessionBase()
# mock session create method because it is required by form_valid of parent view (login call)
request.session.create = lambda: True
otp_totp_confirm_view = TOTPDeviceConfirm()
TOTPDeviceConfirm.setup(otp_totp_confirm_view,
request,
pk=self.totp_device.id) # to init self.kwargs
otp_totp_confirm_view.post(request) # to set self.object
otp_totp_confirm_view.request = request
form = otp_totp_confirm_view.get_form(otp_totp_confirm_view.form_class)
form.is_valid()
otp_totp_confirm_view.form_valid(form)
# Device is saved with confirmed attribute set to True
expected_device = TOTPDevice.objects.get(pk=self.totp_device.id)
self.assertEqual(expected_device.confirmed, True)
def __init__(self, cookie):
SessionBase.__init__(self, 'cookie')
self.cookie = cookie
self.deleted = False
def request_with_session(rf):
request = rf.get('/slash_doesnt_matter')
request.session = SessionBase()
return request
def set_tenant(session: Session, tenant: AbstractBaseTenant) -> None:
session.update({
'active_tenant': tenant.pk,
'active_tenant_name': tenant.name
})
def clear_tenant(session: Session) -> None:
session.pop('active_tenant', None)
session.pop('active_tenant_name', None)
def pop_utm_params(session: SessionBase) -> List[UtmParamsDict]:
"""Pop the list of utm_param dicts from a session."""
return session.pop(SESSION_KEY_UTM_PARAMS, [])
def _build_request(self, url='/'): # TODO: in CremeTestCase ??
request = self.factory.get(url)
request.session = SessionBase()
request.user = self.user
return request
def _build_request(self, url='/'):
request = self.factory.get(url)
request.session = SessionBase()
request.user = self.user
return request
def is_user_authenticated(session: SessionBase) -> bool:
"""Return True if user is authenticated on website and False if not"""
return session.get("is_authenticated", False)
def build_request(self, url='/', user=None):
request = self.request_factory.get(url)
request.session = SessionBase()
request.user = user or self.user
return request
def generic(self, *args, **kwargs):
request = super().generic(*args, **kwargs)
request.session = SessionBase()
request.user = self.user
return request
def flush(cls, session: SessionBase):
"""Remove the table from the session."""
session.pop(PAYLOAD_SESSION_DICTIONARY, None)
def session_logout(session: SessionBase) -> None:
session.pop('user_data')
def __init__(self, cookie):
SessionBase.__init__(self, 'cookie')
self.cookie = cookie
self.deleted = False
def generic(self, *args, **kwargs):
request = super().generic(*args, **kwargs)
request.session = SessionBase()
request.user = self.user
request._messages = default_storage(request)
return request
