def test_cant_view_unshared_document(self):
        doc = setup_document(self.org, self.user)
        doc_share = setup_document_share(doc)

        response = self.client.get(f"/app/share/{doc_share.pid}")
        self.assertEqual(response.status_code, 200)

        doc_share.delete()

        response = self.client.get(f"/app/share/{doc_share.pid}")
        self.assertEqual(response.status_code, 404)
    def test_list_documents_search_title(self):
        doc_to_search = setup_document(self.org, self.user, note="bingo!")

        search_result = self.client.get(
            f"/app/api/v1/documents?search={doc_to_search.title}", format="json"
        )
        self.assertEqual(search_result.status_code, status.HTTP_200_OK)
        self.assertEqual(search_result["Content-Type"], "application/json")
        self.assertEqual(search_result.data["count"], 1)
        self.assertEqual(len(search_result.data["results"]), 1)
        self.assertEqual(search_result.data["results"][0]["note"], "bingo!")
    def test_temp_document_download_expired(self, mocked_time):
        mocked_time.return_value = time.mktime(
            datetime.datetime(2019, 1, 1).timetuple())

        doc = setup_document(self.org, self.user)
        setup_authenticated_session(self.client, self.org, self.user)

        response = self.client.get(reverse_lazy("api_temp_download_url",
                                                kwargs={"spid": doc.pid}),
                                   follow=True)

        self.assertEqual(response.status_code, 404)
    def test_document_download_only_work_for_users_in_the_doc_org(self):
        # Add a document in first org with first user
        doc = setup_document(self.org, self.user)

        # Create a second org and user, log the second user
        org_2 = setup_org(tv.ORG_NAME_2, tv.ORG_SLUG_2)
        user_2 = setup_user(org_2, tv.USER2_EMAIL, tv.USER2_PASS)
        setup_authenticated_session(self.client, org_2, user_2)

        # Trying to download the document of first org with a user of second org returns a 404
        response = self.client.get(f"/app/api/v1/documents/{doc.pid}/download")
        self.assertEqual(response.status_code, 404)
    def setUp(self):
        self.org = setup_org()
        setup_admin(self.org)
        self.user1 = setup_user(self.org)
        self.user2 = setup_user(self.org, email=tv.USER2_EMAIL)

        self.doc = setup_document(self.org, self.user1)
        self.doc_bis = setup_document(self.org, self.user1, title=tv.DOCUMENT2_TITLE)

        self.doc_user1_reminder = setup_document_reminder(
            self.doc, self.user1, tv.DOCUMENT_REMINDER_TOMORROW_DATE
        )
        self.doc_user1_reminder2 = setup_document_reminder(
            self.doc, self.user1, tv.DOCUMENT_REMINDER_NEXT_WEEK_DATE
        )
        self.doc_user2_reminder = setup_document_reminder(
            self.doc, self.user2, tv.DOCUMENT_REMINDER_TOMORROW_DATE
        )

        self.client.login(
            request=HttpRequest(), email=tv.USER1_EMAIL, password=tv.USER1_PASS
        )
    def setUp(self):
        self.org = setup_org("To delete A", "to-delete-a")
        self.user_a = setup_admin(self.org, "*****@*****.**", "aaa")
        self.folder = setup_folder(self.org, "Folder 1")
        self.doc = setup_document(self.org, self.user_a, self.folder, title="Doc 1")
        self.devices = setup_2fa_static_device(
            self.user_a, codes_list=["AA1222", "BB1222"]
        )

        self.org_no_delete = setup_org("Not delete A", "not-delete-a")
        self.user_no_delete_a = setup_admin(
            self.org_no_delete, "*****@*****.**", "bbb"
        )
        self.folder_no_delete = setup_folder(self.org_no_delete, "Folder 1 no delete")
        self.doc_no_delete = setup_document(
            self.org_no_delete,
            self.user_no_delete_a,
            self.folder_no_delete,
            title="Doc 1 no delete",
        )
        self.devices_no_delete = setup_2fa_static_device(
            self.user_no_delete_a, codes_list=["AA1222", "BB1222"]
        )
    def test_temp_document_download(self):
        doc = setup_document(
            self.org,
            self.user,
            title=tv.DOCUMENT_DOCX_TITLE,
            note=tv.DOCUMENT_DOCX_NOTE,
            text_content=tv.DOCUMENT_DOCX_CONTENT,
            binary=tv.DOCUMENT_DOCX_BINARY_PATH,
            file_type=
            "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
        )
        setup_authenticated_session(self.client, self.org, self.user)

        response = self.client.get(f"/app/api/v1/documents/{doc.pid}")
        self.assertEqual(response.status_code, 200)
        self.assertIn("only_office_config", response.data)
        self.assertIn("document", response.data["only_office_config"])
        self.assertIn("url", response.data["only_office_config"]["document"])

        response = self.client.get(
            response.data["only_office_config"]["document"]["url"])

        with open(doc.binary.path, "rb") as uploaded_doc:
            self.assertEqual(uploaded_doc.read(), response.content)
    def setUp(self, **kwargs):
        # orgs, admin, users are already created
        super().setUp()
        self.admin_org = setup_org(name="admin-org", slug="admin-org")
        self.admin = setup_admin(self.admin_org)
        self.user1_org = setup_org(name=tv.ORG_NAME_1, slug=tv.ORG_SLUG_1)
        self.user1 = setup_user(self.user1_org,
                                email=tv.USER1_EMAIL,
                                password=tv.USER1_PASS)
        self.user2_org = setup_org(name=tv.ORG_NAME_2, slug=tv.ORG_SLUG_2)
        self.user2 = setup_user(self.user2_org,
                                email=tv.USER2_EMAIL,
                                password=tv.USER2_PASS)

        # mock OTPMiddleware._verify_user() to skip check page
        self.middleware_patcher = patch.object(OTPMiddleware, "_verify_user",
                                               mocked_verify_user)
        self.middleware_patcher.start()
        self.addCleanup(
            patch.stopall
        )  # ensure mock is remove after each test, even if the test crash
        self.addCleanup(totp_time_setter.reset_mock, side_effect=True)

        # admin, user1 and user2 have added documents, folders, otp devices
        self.admin_resources = {}
        self.admin_resources["folder1"] = setup_folder(self.admin_org)
        self.admin_resources["sub_folder1"] = setup_folder(
            self.admin_org, parent=self.admin_resources["folder1"])
        self.admin_resources["doc1"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            binary=setup_temporary_file().name)
        self.admin_resources["doc2"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            ftl_folder=self.admin_resources["folder1"],
            binary=setup_temporary_file().name,
        )
        self.admin_resources["doc3"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            ftl_folder=self.admin_resources["sub_folder1"],
            binary=setup_temporary_file().name,
        )
        self.admin_resources["totp_device"] = setup_2fa_totp_device(
            self.admin, secret_key=TOTP_DEVICE_SECRET_KEY)
        self.admin_resources["fido2_device"] = setup_2fa_fido2_device(
            self.admin)
        self.admin_resources["static_device"] = setup_2fa_static_device(
            self.admin, codes_list=["AAA"])

        self.user1_resources = {}
        self.user1_resources["folder1"] = setup_folder(self.user1_org)
        self.user1_resources["sub_folder1"] = setup_folder(
            self.user1_org, parent=self.user1_resources["folder1"])
        self.user1_resources["doc1"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            binary=setup_temporary_file().name)
        self.user1_resources["doc2"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            ftl_folder=self.user1_resources["folder1"],
            binary=setup_temporary_file().name,
        )
        self.user1_resources["doc3"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            ftl_folder=self.user1_resources["sub_folder1"],
            binary=setup_temporary_file().name,
        )
        self.user1_resources["totp_device"] = setup_2fa_totp_device(
            self.user1, secret_key=TOTP_DEVICE_SECRET_KEY)
        self.user1_resources["fido2_device"] = setup_2fa_fido2_device(
            self.user1)
        self.user1_resources["static_device"] = setup_2fa_static_device(
            self.user1, codes_list=["AAA"])

        self.user2_resources = {}
        self.user2_resources["folder1"] = setup_folder(self.user2_org)
        self.user2_resources["sub_folder1"] = setup_folder(
            self.user2_org, parent=self.user2_resources["folder1"])
        self.user2_resources["doc1"] = setup_document(self.user2_org,
                                                      ftl_user=self.user2)
        self.user2_resources["doc2"] = setup_document(
            self.user2_org,
            ftl_user=self.user2,
            ftl_folder=self.user2_resources["folder1"],
        )
        self.user2_resources["doc3"] = setup_document(
            self.user2_org,
            ftl_user=self.user2,
            ftl_folder=self.user2_resources["sub_folder1"],
        )
        self.user2_resources["totp_device"] = setup_2fa_totp_device(
            self.user2, secret_key=TOTP_DEVICE_SECRET_KEY)
        self.user2_resources["fido2_device"] = setup_2fa_fido2_device(
            self.user2)
        self.user2_resources["static_device"] = setup_2fa_static_device(
            self.user2, codes_list=["AAA"])
    def setUp(self, **kwargs):
        # orgs, admin, users are already created
        super().setUp()
        self.admin_org = setup_org(name="admin-org", slug="admin-org")
        self.admin = setup_admin(self.admin_org)
        self.user1_org = setup_org(name=tv.ORG_NAME_1, slug=tv.ORG_SLUG_1)
        self.user1 = setup_user(self.user1_org,
                                email=tv.USER1_EMAIL,
                                password=tv.USER1_PASS)
        self.user2_org = setup_org(name=tv.ORG_NAME_2, slug=tv.ORG_SLUG_2)
        self.user2 = setup_user(self.user2_org,
                                email=tv.USER2_EMAIL,
                                password=tv.USER2_PASS)

        # admin, user1 and user2 have added documents, some documents are shared
        self.admin_resources = {}
        self.admin_resources["doc1"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            binary=setup_temporary_file().name)
        self.admin_resources["doc2"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            binary=setup_temporary_file().name,
        )
        self.admin_resources["doc3"] = setup_document(
            self.admin_org,
            ftl_user=self.admin,
            binary=setup_temporary_file().name,
        )
        self.admin_resources["share_links"] = [
            setup_document_share(self.admin_resources["doc3"])
        ]

        self.user1_resources = {}
        self.user1_resources["doc1"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            binary=setup_temporary_file().name)
        self.user1_resources["doc2"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            binary=setup_temporary_file().name,
        )
        self.user1_resources["doc3"] = setup_document(
            self.user1_org,
            ftl_user=self.user1,
            binary=setup_temporary_file().name,
        )
        self.user1_resources["share_links"] = [
            setup_document_share(self.user1_resources["doc2"])
        ]

        self.user2_resources = {}
        self.user2_resources["doc1"] = setup_document(self.user2_org,
                                                      ftl_user=self.user2)
        self.user2_resources["doc2"] = setup_document(
            self.user2_org,
            ftl_user=self.user2,
        )
        self.user2_resources["doc3"] = setup_document(
            self.user2_org,
            ftl_user=self.user2,
        )
        self.user2_resources["share_links"] = [
            setup_document_share(self.user2_resources["doc1"])
        ]
    def test_only_office_viewer(self):
        doc = setup_document(
            self.org,
            self.user,
            title=tv.DOCUMENT_DOCX_TITLE,
            note=tv.DOCUMENT_DOCX_NOTE,
            text_content=tv.DOCUMENT_DOCX_CONTENT,
            binary=tv.DOCUMENT_DOCX_BINARY_PATH,
            file_type=
            "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
        )
        doc_share = setup_document_share(doc)

        response = self.client.get(f"/app/share/{doc_share.pid}")

        self.assertContains(response,
                            "onlyoffice-embed-container",
                            status_code=200)

        self.assertIn("only_office_supported_ext", response.context)
        self.assertIn("only_office_config", response.context)

        self.assertIn("document", response.context["only_office_config"])
        self.assertIn("editorConfig", response.context["only_office_config"])
        self.assertIn("token", response.context["only_office_config"])

        self.assertIn("url",
                      response.context["only_office_config"]["document"])
        self.assertIn("fileType",
                      response.context["only_office_config"]["document"])
        self.assertIn("key",
                      response.context["only_office_config"]["document"])
        self.assertIn("title",
                      response.context["only_office_config"]["document"])
        self.assertIn("permissions",
                      response.context["only_office_config"]["document"])
        self.assertDictEqual(
            {
                "comment": False,
                "copy": True,
                "download": True,
                "edit": False,
                "fillForms": False,
                "modifyContentControl": False,
                "modifyFilter": False,
                "print": True,
                "review": False,
            },
            response.context["only_office_config"]["document"]["permissions"],
        )

        self.assertIn("lang",
                      response.context["only_office_config"]["editorConfig"])
        self.assertIn("mode",
                      response.context["only_office_config"]["editorConfig"])
        self.assertIn("customization",
                      response.context["only_office_config"]["editorConfig"])
        self.assertDictEqual(
            {
                "autosave": False,
                "chat": False,
                "commentAuthorOnly": False,
                "comments": False,
                "compactHeader": False,
                "compactToolbar": False,
                "compatibleFeatures": False,
                "help": True,
                "hideRightMenu": False,
                "mentionShare": False,
                "plugins": False,
                "reviewDisplay": "original",
                "showReviewChanges": False,
                "spellcheck": False,
                "toolbarNoTabs": False,
                "unit": "cm",
                "zoom": -2,
            },
            response.context["only_office_config"]["editorConfig"]
            ["customization"],
        )
    def test_cant_use_doc_pid_for_sharing(self):
        doc = setup_document(self.org, self.user)

        response = self.client.get(f"/app/share/{doc.pid}")
        self.assertEqual(response.status_code, 404)