def test_edit_with_description_mathematical_object(self): utils.log_as(self, utils.UserType.STAFF) old_description = 'old_test_edit_with_description_mathematical_object' mathematical_object = utils.create_mathematical_object( self, description=old_description) self.assertEqual(mathematical_object.get_content(), old_description) new_description = 'new_test_edit_with_description_mathematical_object' modification_form = forms.ModificationForm( data={ 'new_description': new_description, }) self.assertTrue(modification_form.is_valid()) response = self.client.post(reverse( 'front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}), modification_form.data, format='json') self.assertEqual(models.Modification.objects.count(), 1) created_modification = models.Modification.objects.all()[:1].get() self.assertRedirects( response, reverse('front:modification', kwargs={'pk': created_modification.pk})) self.assertEqual(created_modification.get_content(), new_description) mathematical_object.refresh_from_db() self.assertEqual(mathematical_object.get_content(), old_description)
def test_create_full_mathematical_object(self): utils.log_as(self, utils.UserType.STAFF) func = utils.create_function(self) name = utils.create_name(self) mathematical_object_1 = utils.create_mathematical_object(self) representation = 'testcreatefullmathematicalobject' object_type = 'S' description = 'test_create_full_mathematical_object' mathematical_object_form = forms.MathematicalObjectForm(data={ 'latex': representation, 'type': object_type, 'functions': [func.id], 'names': [name.id], 'related': [mathematical_object_1.id], 'description': description }) self.assertTrue(mathematical_object_form.is_valid()) response = self.client.post(reverse('front:mathematical_object_creation'), mathematical_object_form.data, format='json') self.assertTrue(status.HTTP_302_FOUND) self.assertEqual(models.MathematicalObject.objects.count(), 2) mathematical_object_2 = models.MathematicalObject.objects.exclude(pk=mathematical_object_1.id)[:1].get() self.assertEqual(mathematical_object_2.get_content(), description)
def test_view_mathematical_object_edition_as_staff(self): utils.log_as(self, utils.UserType.STAFF) objects, func, name = self.__create_test_data() mathematical_object_2 = objects[1] response = self.client.get(reverse('front:mathematical_object_edition', kwargs={'pk': mathematical_object_2.pk})) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_can_not_edit_more_than_k_modifications(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) for _ in range(NUMBER_OF_SIMULTANEOUS_MODIFICATIONS_PER_USER): response = self.client.post( reverse('front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}), data={ 'new_description': 'test_user_can_not_edit_more_than_k_modifications' }, format='json') self.assertEqual(response.status_code, status.HTTP_302_FOUND) self.assertEqual(models.Modification.objects.count(), NUMBER_OF_SIMULTANEOUS_MODIFICATIONS_PER_USER) response = self.client.post( reverse('front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}), data={ 'new_description': 'test_user_can_not_edit_more_than_k_modifications' }, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertContains(response, "error") self.assertEqual(models.Modification.objects.count(), NUMBER_OF_SIMULTANEOUS_MODIFICATIONS_PER_USER)
def __create_test_data(self, with_description=None): utils.log_as(self, utils.UserType.STAFF) func = utils.create_function(self) name = utils.create_name(self) mathematical_object_1 = utils.create_mathematical_object(self) representation = 'createtestdata' object_type = 'S' data = { 'latex': representation, 'type': object_type, 'functions': [func.id], 'names': [name.id], 'related': [mathematical_object_1.id], } if with_description: data.update({'description': with_description}) mathematical_object_form = forms.MathematicalObjectForm(data=data) self.assertTrue(mathematical_object_form.is_valid()) self.client.post(reverse('front:mathematical_object_creation'), mathematical_object_form.data, format='json') mathematical_object_2 = models.MathematicalObject.objects.exclude(pk=mathematical_object_1.id).first() return [mathematical_object_1, mathematical_object_2], func, name
def test_view_proposition_as_visitor(self): utils.log_as(self, utils.UserType.VISITOR) url_asked = reverse('front:proposition_creation') response = self.client.get(url_asked) self.assertRedirects(response, reverse('login') + '?next={}'.format(url_asked))
def test_reject_modification(self): utils.log_as(self, utils.UserType.STAFF) old_description = 'old_description' mathematical_object = utils.create_mathematical_object( self, description=old_description) new_description = 'test_reject_modification' modification_object = utils.create_modification( self, mathematical_object, new_description=new_description) path = modification_object.new_description.path self.assertTrue(utils.is_file(path)) response = self.client.post(reverse( 'front:modification', kwargs={'pk': modification_object.pk}), data={'reject_modification': ['Reject']}, format='json') self.assertRedirects(response, reverse('front:modifications')) response = self.client.get( reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) self.assertContains(response, old_description) self.assertEquals(models.Modification.objects.count(), 0) self.assertFalse(utils.is_file(path))
def test_spread_on_several_pages(self): utils.log_as(self, utils.UserType.STAFF) number_of_mathematical_objects = views.PAGINATION_SIZE * 3 + views.PAGINATION_SIZE // 2 mathematical_objects = [utils.create_mathematical_object(self) for _ in range(number_of_mathematical_objects)] for i in range(number_of_mathematical_objects // views.PAGINATION_SIZE): response = self.client.get(reverse('front:mathematical_objects') + "?page={}".format(i + 1)) for m in mathematical_objects[i * views.PAGINATION_SIZE:min((i + 1) * views.PAGINATION_SIZE, number_of_mathematical_objects)]: self.assertContains(response, reverse('front:mathematical_object', kwargs={'pk': m.pk}))
def test_search_entries_with_invalid_latex(self): utils.log_as(self, utils.UserType.STAFF) query_latex = 'ax + b' other_latex = 'ax + \\sin(b)' utils.create_mathematical_object(self, with_latex=query_latex) utils.create_mathematical_object(self, with_latex=other_latex) utils.log_as(self, utils.UserType.VISITOR) response = self.client.get(reverse('front:mathematical_objects') + "?q={}".format('^')) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_spread_on_several_pages(self): utils.log_as(self, utils.UserType.STAFF) number_of_tags = views.PAGINATION_SIZE * 3 + views.PAGINATION_SIZE // 2 tags = self.__create_tags(number_of_tags) for i in range(number_of_tags // views.PAGINATION_SIZE): response = self.client.get(reverse('front:tags') + "?page={}".format(i + 1)) for f in tags[i * views.PAGINATION_SIZE:min((i + 1) * views.PAGINATION_SIZE, number_of_tags)]: self.assertContains(response, reverse('front:tag', kwargs={'pk': f.pk}))
def test_insert_malicious_markdow_1(self): malicious_markdown = """[some text](javascript: alert('xss'))""" utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object( self, description=malicious_markdown) response = self.client.get( reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) self.assertNotContains(response, "javascript: alert('xss')")
def test_view_mathematical_object_creation_as_non_staff(self): utils.log_as(self, utils.UserType.USER) url_asked = reverse('front:mathematical_object_creation') response = self.client.get(url_asked) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) utils.log_as(self, utils.UserType.VISITOR) response = self.client.get(url_asked) self.assertRedirects(response, reverse('login') + '?next={}'.format(url_asked))
def test_view_propositions_as_staff(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) modification_object = utils.create_modification( self, mathematical_object) response = self.client.get(reverse('front:modifications')) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertContains( response, reverse('front:modification', kwargs={'pk': modification_object.pk}))
def test_user_can_post_proposition(self): utils.log_as(self, utils.UserType.USER) content = 'test_user_can_post_proposition' response = self.__post_proposition(content) self.assertEqual(models.Proposition.objects.count(), 1) proposition = models.Proposition.objects.first() self.assertRedirects( response, reverse('front:proposition', kwargs={'pk': proposition.pk})) self.assertEqual(proposition.content, content)
def test_show_mathematical_object(self): utils.log_as(self, utils.UserType.STAFF) to_show = views.PAGINATION_SIZE // 2 object_ids = [] for _ in range(to_show): object_ids.append(utils.create_mathematical_object(self, with_name=True, with_function=True).id) self.assertTrue(models.MathematicalObject.objects.count(), to_show) response = self.client.get(reverse('front:mathematical_objects')) self.assertEqual(response.status_code, status.HTTP_200_OK) for object_id in object_ids: d = reverse('front:mathematical_object', kwargs={'pk': object_id}) self.assertContains(response, reverse('front:mathematical_object', kwargs={'pk': object_id}))
def test_create_mathematical_object_with_invalid_latex(self): utils.log_as(self, utils.UserType.STAFF) representation = '^' mathematical_object_form = forms.MathematicalObjectForm(data={ 'latex': representation, 'type': 'S' }) self.assertFalse(mathematical_object_form.is_valid()) response = self.client.post(reverse('front:mathematical_object_creation'), data=mathematical_object_form.data, format='json') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(models.MathematicalObject.objects.count(), 0)
def test_insert_malicious_markdown_2(self): malicious_markdown = """ > hello <a name="n" > href="javascript:alert('xss')">*you*</a> """ utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object( self, description=malicious_markdown) response = self.client.get( reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) self.assertNotContains(response, "javascript: alert('xss')")
def test_user_can_not_post_more_than_k_propositions(self): utils.log_as(self, utils.UserType.USER) content = 'test_user_can_not_post_more_than_k_propositions' for _ in range(NUMBER_OF_SIMULTANEOUS_PROPOSITIONS_PER_USER): response = self.__post_proposition(content) self.assertEqual(response.status_code, status.HTTP_302_FOUND) self.assertEqual(models.Proposition.objects.count(), NUMBER_OF_SIMULTANEOUS_PROPOSITIONS_PER_USER) response = self.__post_proposition(content) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertContains(response, "error") self.assertEqual(models.Proposition.objects.count(), NUMBER_OF_SIMULTANEOUS_PROPOSITIONS_PER_USER)
def test_view_modification_as_creator(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) modification_object = utils.create_modification( self, mathematical_object) user = utils.log_as(self, utils.UserType.USER) modification_object.user = user modification_object.save() url_asked = reverse('front:modification', kwargs={'pk': modification_object.pk}) response = self.client.get(url_asked) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertNotContains(response, "accept_modification") self.assertContains(response, "reject_modification")
def test_edition_retrieve_all_the_information(self): utils.log_as(self, utils.UserType.STAFF) description = 'test_edition_retrieve_all_the_information' objects, func, name = self.__create_test_data(with_description=description) mathematical_object_2 = objects[1] response = self.client.get(reverse('front:mathematical_object_edition', kwargs={'pk': mathematical_object_2.pk})) self.assertContains(response, mathematical_object_2.latex) self.assertContains(response, '<option value="S" selected>SERIES</option>') self.assertContains(response, '<option value="{}" selected>{}</option>'.format(func.pk, func.function)) self.assertContains(response, '<option value="{}" selected>{}</option>'.format(name.pk, name.name)) for related in mathematical_object_2.related.all(): self.assertContains(response, '<option value="{}" selected>{}</option>'.format(related.pk, html.escape(related))) self.assertContains(response, description)
def test_view_propositions_as_staff(self): user = utils.log_as(self, utils.UserType.STAFF) proposition_object = utils.create_proposition(self, by_user=user) response = self.client.get(reverse('front:propositions')) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertContains(response, reverse('front:proposition', kwargs={'pk': proposition_object.pk}))
def test_insert_malicious_markdown_3(self): malicious_markdown = """ [a](javascript:prompt(document.cookie)) [a](j a v a s c r i p t:prompt(document.cookie)) ![a](javascript:prompt(document.cookie))\ <javascript:prompt(document.cookie)> <javascript:alert('XSS')> ![a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K)\ [a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) [a](javascript:alert('XSS')) ![a'"`onerror=prompt(document.cookie)](x)\ [citelol]: (javascript:prompt(document.cookie)) [notmalicious](javascript:window.onerror=alert;throw%20document.cookie) [test](javascript://%0d%0aprompt(1)) [test](javascript://%0d%0aprompt(1);com) """ utils.log_as(self, utils.UserType.STAFF)
def test_view_mathematical_object_creation_as_visitor(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) utils.log_as(self, utils.UserType.VISITOR) response = self.client.get( reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertNotContains( response, reverse('front:mathematical_object_edition', kwargs={'pk': mathematical_object.pk})) self.assertNotContains( response, reverse('front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}))
def test_edit_description_mathematical_object_as_visitor(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) utils.log_as(self, utils.UserType.VISITOR) self.assertFalse(bool(mathematical_object.description)) new_description = 'edit_no_description_mathematical_object' modification_form = forms.ModificationForm( data={ 'new_description': new_description, }) self.assertTrue(modification_form.is_valid()) url = reverse('front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}) response = self.client.post(url, modification_form.data, format='json') self.assertRedirects(response, reverse('login') + '?next={}'.format(url))
def test_create_small_mathematical_object(self): utils.log_as(self, utils.UserType.STAFF) representation = 'testcreatesmallmathematicalobject' type2 = 'S' mathematical_object_form = forms.MathematicalObjectForm(data={ 'latex': representation, 'type': type2 }) self.assertTrue(mathematical_object_form.is_valid()) response = self.client.post(reverse('front:mathematical_object_creation'), data=mathematical_object_form.data, format='json') self.assertTrue(status.HTTP_302_FOUND) self.assertEqual(models.MathematicalObject.objects.count(), 1) created_object = models.MathematicalObject.objects.all()[:1].get() self.assertRedirects(response, reverse('front:mathematical_object', kwargs={'pk': created_object.pk})) self.assertEqual(created_object.latex, representation) self.assertEqual(created_object.type, type2)
def test_post_as_lambda(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) modification_object = utils.create_modification( self, mathematical_object) utils.log_as(self, utils.UserType.USER) url_asked = reverse('front:modification', kwargs={'pk': modification_object.pk}) response = self.client.post(url_asked, data={'accept_modification': ['Accept']}, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) response = self.client.post(url_asked, data={'reject_modification': ['Reject']}, format='json') self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) utils.log_as(self, utils.UserType.VISITOR) response = self.client.post(url_asked, data={'accept_modification': ['Accept']}, format='json') self.assertRedirects(response, reverse('login') + '?next={}'.format(url_asked)) response = self.client.post(url_asked, data={'reject_modification': ['Reject']}, format='json') self.assertRedirects(response, reverse('login') + '?next={}'.format(url_asked))
def test_change_latex(self): utils.log_as(self, utils.UserType.STAFF) objects, func, name = self.__create_test_data() mathematical_object_2 = objects[1] new_latex = 'testadddescription' data = { 'latex': new_latex, 'type': mathematical_object_2.type, 'related': [m.pk for m in mathematical_object_2.related.all()], 'functions': [f.pk for f in mathematical_object_2.functions.all()], 'names': [n.pk for n in mathematical_object_2.names.all()] } mathematical_object_form = forms.MathematicalObjectForm(data) self.assertTrue(mathematical_object_form.is_valid()) self.client.post(reverse('front:mathematical_object_edition', kwargs={'pk': mathematical_object_2.pk}), mathematical_object_form.data, format='json') mathematical_object_2.refresh_from_db() self.assertEqual(mathematical_object_2.latex, new_latex) self.assertFalse(mathematical_object_2.get_content())
def test_edit_description_mathematical_object_as_user(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) user = utils.log_as(self, utils.UserType.USER) new_description = 'edit_no_description_mathematical_object' modification_form = forms.ModificationForm( data={ 'new_description': new_description, }) self.assertTrue(modification_form.is_valid()) url = reverse('front:mathematical_object_description_edition', kwargs={'pk': mathematical_object.pk}) response = self.client.post(url, modification_form.data, format='json') self.assertEqual(models.Modification.objects.count(), 1) created_modification = models.Modification.objects.all()[:1].get() self.assertRedirects( response, reverse('front:modification', kwargs={'pk': created_modification.pk})) self.assertEqual(created_modification.user, user)
def test_create_partial_mathematical_object_with_related(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object_1 = utils.create_mathematical_object(self, with_name=True, with_function=True) representation = 'testcreatefullmathematicalobject' type2 = 'S' mathematical_object_form = forms.MathematicalObjectForm(data={ 'latex': representation, 'type': type2, 'related': [mathematical_object_1.id] }) self.assertTrue(mathematical_object_form.is_valid()) response = self.client.post(reverse('front:mathematical_object_creation'), mathematical_object_form.data, format='json') self.assertTrue(status.HTTP_302_FOUND) self.assertEqual(models.MathematicalObject.objects.count(), 2) mathematical_object_2 = models.MathematicalObject.objects.exclude(pk=mathematical_object_1.id)[:1].get() self.assertRedirects(response, reverse('front:mathematical_object', kwargs={'pk': mathematical_object_2.pk})) self.assertEqual(mathematical_object_2.latex, representation) self.assertEqual(mathematical_object_2.type, type2) result = mathematical_object_1.related.get(pk=mathematical_object_2.id) self.assertEqual(result.latex, representation)
def test_accept_modification(self): utils.log_as(self, utils.UserType.STAFF) mathematical_object = utils.create_mathematical_object(self) new_description = 'test_accept_modification' modification_object = utils.create_modification( self, mathematical_object, new_description=new_description) response = self.client.post(reverse( 'front:modification', kwargs={'pk': modification_object.pk}), data={'accept_modification': ['Accept']}, format='json') self.assertRedirects( response, reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) response = self.client.get( reverse('front:mathematical_object', kwargs={'pk': mathematical_object.pk})) self.assertContains(response, new_description) self.assertEquals(models.Modification.objects.count(), 0)