def real_user_or_none(user): """ Convert anonymous user to None. If user is anonymous, return None, otherwise return the user as is. """ assert (user is None or is_anonymous(user) or isinstance(user, get_user_model())) return user if (user and not is_anonymous(user)) else None
def test_login_with_email_2(client, regular_user, rf): # Create user with same email as regular user to fail login get_user_model().objects.create_user(username="******", password="******", email=regular_user.email) get_default_shop() prepare_user(regular_user) redirect_target = "/redirect-success/" client.post( reverse("shuup:login"), data={ "username": regular_user.email, "password": REGULAR_USER_PASSWORD, REDIRECT_FIELD_NAME: redirect_target }, ) request = rf.get("/") request.session = client.session assert is_anonymous(get_user(request)), "User is still anonymous" # Login with unknown email client.post( reverse("shuup:login"), data={ "username": "******", "password": REGULAR_USER_PASSWORD, REDIRECT_FIELD_NAME: redirect_target, }, ) request = rf.get("/") request.session = client.session assert is_anonymous(get_user(request)), "User is still anonymous" # Login with username should work normally response = client.post( reverse("shuup:login"), data={ "username": regular_user.username, "password": REGULAR_USER_PASSWORD, REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.get("location") assert response.get("location").endswith(redirect_target) request = rf.get("/") request.session = client.session assert get_user(request) == regular_user, "User is logged in"
def test_login_inactive_user_fails(client, regular_user, rf): get_default_shop() prepare_user(regular_user) client.post(reverse("shuup:login"), data={ "username": regular_user.username, "password": REGULAR_USER_PASSWORD, }) request = rf.get("/") request.session = client.session assert get_user(request) == regular_user, "User is logged in" request = rf.get("/") request.session = client.session logout(request) user_contact = regular_user.contact assert user_contact.is_active user_contact.is_active = False user_contact.save() client.post(reverse("shuup:login"), data={ "username": regular_user.username, "password": REGULAR_USER_PASSWORD, }) request = rf.get("/") request.session = client.session assert is_anonymous(get_user(request)), "User is still anonymous"
def get_person_contact(user): """ Get PersonContact of given user. If given user is non-zero (evaluates true as bool) and not anonymous, return the PersonContact of the user. If there is no PersonContact for the user yet, create it first. When this creation happens, details (name, email, is_active) are copied from the user. If given user is None (or otherwise evaluates as false) or anonymous, return the AnonymousContact. :param user: User object (or None) to get contact for :type user: django.contrib.auth.models.User|None :return: PersonContact of the user or AnonymousContact :rtype: PersonContact|AnonymousContact """ if not (user and not is_anonymous(user)): return AnonymousContact() defaults = { "is_active": user.is_active, "first_name": getattr(user, "first_name", ""), "last_name": getattr(user, "last_name", ""), "email": getattr(user, "email", ""), } return PersonContact.objects.get_or_create(user=user, defaults=defaults)[0]
def get_shop_count(context): """ Return the number of shops accessible by the currently logged in user """ request = context["request"] if not (request and not django_compat.is_anonymous(request.user)): return 0 return Shop.objects.get_for_user(request.user).count()
def test_anon_cant_see_invisible_page(rf): page = create_page(shop=get_default_shop(), available_from=None) get_default_shop() view_func = PageView.as_view() request = apply_request_middleware(rf.get("/")) assert is_anonymous(request.user) with pytest.raises(Http404): response = view_func(request, url=page.url)
def test_visible_page_has_right_content(rf): page = create_page(available_from=datetime.date(1988, 1, 1), shop=get_default_shop()) view_func = PageView.as_view() request = apply_request_middleware(rf.get("/")) assert is_anonymous(request.user) response = view_func(request, url=page.url) response.render() assert "<h1>Bacon ipsum" in response.rendered_content
def login(request, **kwargs): if not is_anonymous( request.user ) and request.method == "POST": # We're logging in, so log out first do_logout(request) kwargs.setdefault("extra_context", {})["error"] = request.GET.get("error") return LoginView.as_view(**kwargs)(request)
def test_login_fails_without_valid_password(client, regular_user, rf): prepare_user(regular_user) get_default_shop() client.post(reverse("shuup:login"), data={ "username": regular_user.username, "password": "******" % REGULAR_USER_PASSWORD, }) request = rf.get("/") request.session = client.session assert is_anonymous(get_user(request)), "User is still anonymous"
def add_gdpr_consent_resources(context, content): if not valid_view(context): return request = context["request"] shop = get_shop(request) gdpr_settings = GDPRSettings.get_for_shop(shop) # GDPR not enabled, nothing to do if not gdpr_settings.enabled: return # always add styles add_resource(context, "head_end", get_shuup_static_url("shuup-gdpr.css")) user = request.user if not is_anonymous(user) and should_reconsent_privacy_policy(shop, user): consent_page = get_privacy_policy_page(shop) render_context = { "request": request, "csrf_token": context["csrf_token"], "url": "/%s" % consent_page.url, "accept_url": reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=consent_page.id)) } update_resource = InlineMarkupResource( loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja", context=render_context)) add_resource(context, "body_end", update_resource) # consent already added if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES: return gdpr_documents = [] if has_installed("shuup.simple_cms"): gdpr_documents = get_active_consent_pages(shop) render_context = { "request": request, "csrf_token": context["csrf_token"], "gdpr_settings": gdpr_settings, "gdpr_documents": gdpr_documents, "gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop) } html_resource = InlineMarkupResource( loader.render_to_string("shuup/gdpr/gdpr_consent.jinja", context=render_context)) add_resource(context, "body_end", html_resource) add_resource(context, "body_end", get_shuup_static_url("shuup-gdpr.js"))
def for_user(self, user): """ :type user: django.contrib.auth.models.AbstractUser """ if not (user and not is_anonymous(user)): return self.none() q = Q(recipient_type=RecipientType.SPECIFIC_USER) & Q(recipient=user) if getattr(user, "is_superuser", False): q |= Q(recipient_type=RecipientType.ADMINS) return self.filter(q)
def test_login_with_invalid_password(client, regular_user, rf): get_default_shop() prepare_user(regular_user) redirect_target = "/redirect-success/" response = client.post( reverse("shuup_admin:login"), data={"username": regular_user.email, "password": "******", REDIRECT_FIELD_NAME: redirect_target}, ) assert not response.get("location") # No redirect since errors request = rf.get("/") request.session = client.session assert is_anonymous(get_user(request)), "User is still anonymous"
def dispatch(self, request, *args, **kwargs): user = request.user if is_anonymous(request.user): return HttpResponseNotFound() shop = request.shop page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first() if not page: return HttpResponseNotFound() document = create_user_consent_for_all_documents(shop, user) if document: if not is_documents_consent_in_sync(shop, user): return HttpResponseNotFound() return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/")) return HttpResponseNotFound()
def login(request, **kwargs): if not is_anonymous(request.user) and request.method == "POST": # We're logging in, so log out first do_logout(request) kwargs.setdefault("extra_context", {})["error"] = request.GET.get("error") if django.VERSION < (2, 0): return auth_views.login( request=request, authentication_form=cached_load("SHUUP_ADMIN_AUTH_FORM_SPEC"), **kwargs ) else: return auth_views.LoginView.as_view( form_class=cached_load("SHUUP_ADMIN_AUTH_FORM_SPEC"), **kwargs )(request)
def for_user(self, user): """ Get pages that should be visible for the given user. """ if user and not is_anonymous(user): # superuser can see everything if user.is_superuser: user_filter = Q() else: user_filter = Q( Q(available_permission_groups__in=user.groups.all()) | Q(created_by=user) ) else: user_filter = Q(available_permission_groups__isnull=True) return self.filter(user_filter).distinct()
def test_visible_children(rf): shop = get_default_shop() request = apply_request_middleware(rf.get("/")) assert is_anonymous(request.user) parent_content = "Parent content" page = create_page(available_from=datetime.date(1988, 1, 1), content=parent_content, shop=shop, url="test") children_content = "Children content" # Visible child create_page(available_from=datetime.date(2000, 1, 1), content=children_content, parent=page, shop=shop) assert page.list_children_on_page == False check_children_content(request, page, children_content, False) page.list_children_on_page = True page.save() check_children_content(request, page, children_content, True) # check timestamps page.show_child_timestamps = True page.save() page.refresh_from_db() view = PageView.as_view() response = view(request=request, pk=page.pk, url="test") response.render() content = force_text(response.content) assert "Children content" in content assert "Jan 1, 2000, 12:00:00 AM" in content page.show_child_timestamps = False page.save() page.refresh_from_db() view = PageView.as_view() response = view(request=request, pk=page.pk, url="test") response.render() content = force_text(response.content) assert "Children content" in content assert "Jan 1, 2000, 12:00:00 AM" not in content
def visible(self, shop, dt=None, user=None): """ Get pages that should be publicly visible. This does not do permission checking. :param dt: Datetime for visibility check. :type dt: datetime.datetime :return: QuerySet of pages. :rtype: QuerySet[Page] """ if not dt: dt = now() q = Q( Q(available_from__lte=dt) & (Q(available_to__gte=dt) | Q(available_to__isnull=True))) if user and not is_anonymous(user): q |= Q(created_by=user) qs = self.not_deleted().for_shop(shop).filter(q) return qs
def _filer_file_from_upload(model, request, path, upload_data, sha1=None): """ Create some sort of Filer file (either File or Image, really) from the given upload data (ContentFile or UploadFile). :param model: Model class. :param request: Request, to figure out the owner for this file. :type request: django.http.request.HttpRequest|None :param path: Pathname string (see `filer_folder_from_path`) or a Filer Folder. :type path: basestring|filer.models.Folder :param upload_data: Upload data. :type upload_data: django.core.files.base.File :param sha1: SHA1 checksum. If given and a matching `model` with the SHA1 is found, it is returned instead. :type sha1: basestring :return: Filer file. """ if sha1: upload = model.objects.filter(sha1=sha1).first() if upload: return upload file_form_cls = modelform_factory(model=model, fields=('original_filename', 'owner', 'file')) upload_form = file_form_cls(data={ 'original_filename': upload_data.name, 'owner': (request.user.pk if (request and not is_anonymous(request.user)) else None) }, files={'file': upload_data}) upload = upload_form.save(commit=False) upload.is_public = True if isinstance(path, Folder): upload.folder = path else: upload.folder = filer_folder_from_path(path) upload.save() return upload
def test_multishop(rf): shop1 = get_default_shop() shop2 = get_shop() assert shop1.pk != shop2.pk request = apply_request_middleware(rf.get("/")) assert is_anonymous(request.user) user = request.user contact = get_person_contact(user) assert contact == AnonymousContact() # both shops have anonymous groups group = contact.get_default_group() # ensure default group exists grp1 = group.set_price_display_options(shop=shop1, hide_prices=False) assert grp1 assert isinstance(grp1, ContactGroup) dspl1 = get_price_display_for_group_and_shop(group, shop1) assert isinstance(dspl1, ContactGroupPriceDisplay) assert not get_price_display_for_group_and_shop(group, shop2) # shop 2 decides to setup options grp2 = group.set_price_display_options(shop=shop2, hide_prices=True) assert grp1 == grp2 # returns same group assert isinstance(grp2, ContactGroup) dspl2 = get_price_display_for_group_and_shop(group, shop2) assert isinstance(dspl2, ContactGroupPriceDisplay) # get returns proper values opts11 = contact.get_price_display_options(shop=shop1) assert isinstance(opts11, PriceDisplayOptions) opts12 = contact.get_price_display_options(shop=shop2) assert isinstance(opts12, PriceDisplayOptions) assert opts11 != opts12 assert opts11.show_prices != opts12.show_prices
def test_contact_groups(rf, regular_user): shop = get_default_shop() assert ContactGroupPriceDisplay.objects.count() == 0 request = apply_request_middleware(rf.get("/")) # default groups created for non shop and shop assert ContactGroupPriceDisplay.objects.count() == 2 assert is_anonymous(request.user) user = request.user contact = get_person_contact(user) assert contact == AnonymousContact() group = contact.get_default_group() assert group.is_protected groups = ContactGroup.objects.all() assert groups.count() == 1 assert not groups.filter(shop=shop).exists() assert groups.filter(shop__isnull=True).exists() group = groups.first() assert group.identifier == AnonymousContact.default_contact_group_identifier assert ContactGroupPriceDisplay.objects.count() == 2 g1 = ContactGroupPriceDisplay.objects.first() assert g1.group == group assert not g1.shop assert group.price_display_options.exists() assert group.price_display_options.for_group_and_shop(group, shop) != group.price_display_options.first() assert ContactGroupPriceDisplay.objects.count() == 2 # new one was created (shop + anonymous) g2 = ContactGroupPriceDisplay.objects.exclude(id=g1.id).first() assert g2.group == group # same group as before assert g2.shop == shop assert group.price_display_options.count() == 2 for cgpd in ContactGroupPriceDisplay.objects.all(): assert not cgpd.group.members.count() options = group.get_price_display_options() assert options # create real contact contact = get_person_contact(regular_user) assert contact.groups.count() # contact was added to default group contact.add_to_shop(shop) group_with_shop = contact.get_default_group() assert contact.groups.first() == group_with_shop assert group_with_shop.identifier == PersonContact.default_contact_group_identifier assert ContactGroupPriceDisplay.objects.count() == 3 # new one was created g3 = ContactGroupPriceDisplay.objects.exclude(id__in=[g1.id, g2.id]).first() assert g3.group != group # same group as before assert g3.group == group_with_shop assert not g3.shop # no group as it's the default group groups = ContactGroup.objects.all() assert groups.count() == 2 # two groups assert not groups.filter(shop=shop).exists() # still not exists as we are using defaults assert groups.filter(shop__isnull=True).count() == 2 assert groups.filter(identifier__in=[AnonymousContact.default_contact_group_identifier, PersonContact.default_contact_group_identifier]).count() == 2 assert ContactGroupPriceDisplay.objects.count() == 3 # no new ones created assert group.price_display_options.count() == 2 # all in same group assert group.price_display_options.for_group_and_shop(group_with_shop, shop) not in group.price_display_options.all() assert ContactGroupPriceDisplay.objects.count() == 4 # new was created