def test_banned_returns_403(self): """banned error page has no show-stoppers""" response = self.client.get(reverse('raise-misago-banned')) self.assertContains(response, "misago:error-banned", status_code=403) self.assertContains(response, encode_json_html("<p>Banned for test!</p>"), status_code=403)
def test_view_activate_banned(self): """activate banned user shows error""" User = get_user_model() test_user = User.objects.create_user('Bob', '*****@*****.**', 'Pass.123', requires_activation=1) Ban.objects.create( check_type=BAN_USERNAME, banned_value='bob', user_message='Nope!', ) activation_token = make_activation_token(test_user) response = self.client.get( reverse('misago:activate-by-token', kwargs={ 'pk': test_user.pk, 'token': activation_token, })) self.assertContains(response, encode_json_html("<p>Nope!</p>"), status_code=403) test_user = User.objects.get(pk=test_user.pk) self.assertEqual(test_user.requires_activation, 1)
def test_view_activate_banned(self): """activate banned user shows error""" test_user = UserModel.objects.create_user( 'Bob', '*****@*****.**', 'Pass.123', requires_activation=1 ) Ban.objects.create( check_type=Ban.USERNAME, banned_value='bob', user_message='Nope!', ) activation_token = make_activation_token(test_user) response = self.client.get( reverse( 'misago:activate-by-token', kwargs={ 'pk': test_user.pk, 'token': activation_token, } ) ) self.assertContains(response, encode_json_html("<p>Nope!</p>"), status_code=403) test_user = UserModel.objects.get(pk=test_user.pk) self.assertEqual(test_user.requires_activation, 1)
def test_fail(self): """deny_banned_ips decorator denied banned request""" Ban.objects.create(check_type=Ban.IP, banned_value='127.*', user_message="Ya got banned!") response = self.client.post(reverse('misago:request-activation')) self.assertContains(response, encode_json_html("<p>Ya got banned!</p>"), status_code=403)
def test_fail(self): """deny_banned_ips decorator denied banned request""" Ban.objects.create( check_type=Ban.IP, banned_value='127.*', user_message="Ya got banned!", ) response = self.client.post(reverse('misago:request-activation')) self.assertContains(response, encode_json_html("<p>Ya got banned!</p>"), status_code=403)
def test_change_password_on_banned(self): """change banned user password errors""" test_user = UserModel.objects.create_user('Bob', '*****@*****.**', 'Pass.123') Ban.objects.create( check_type=Ban.USERNAME, banned_value='bob', user_message='Nope!', ) password_token = make_password_change_token(test_user) response = self.client.get( reverse('misago:forgotten-password-change-form', kwargs={ 'pk': test_user.pk, 'token': password_token, })) self.assertContains(response, encode_json_html("<p>Nope!</p>"), status_code=403)
def as_json(value): json_dump = json.dumps(value) # fixes XSS as described in #651 return mark_safe(encode_json_html(json_dump))