def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
def test_authorisation(self):
"""
Only superuser or API users
:return:
"""
url = reverse("wl_returns:api:data", kwargs={
'return_type_pk': self.return_type.pk,
'resource_number': 0
})
customer = helpers.get_or_create_default_customer()
officer = helpers.get_or_create_default_officer()
assessor = helpers.get_or_create_default_assessor()
api_user = helpers.get_or_create_api_user()
self.assertTrue(is_api_user(api_user))
admin = helpers.create_random_customer()
admin.is_superuser = True
admin.save()
self.assertTrue(is_api_user(admin))
client = helpers.SocialClient()
forbidden = [customer, officer, assessor]
for user in forbidden:
client.login(user.email)
self.assertEqual(client.get(url).status_code,
status.HTTP_403_FORBIDDEN)
client.logout()
allowed = [admin, api_user]
for user in allowed:
client.login(user.email)
self.assertEqual(client.get(url).status_code,
status.HTTP_200_OK)
client.logout()
def setUp(self):
self.customer = get_or_create_default_customer(include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.licence_type = get_or_create_licence_type('regulation-17')
self.return_type = get_or_create_return_type(self.licence_type)
def setUp(self):
self.customer = get_or_create_default_customer(
include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.application = create_and_lodge_application(self.customer)
def create_application(user=None, **kwargs):
if "applicant_profile" not in kwargs:
if user is None:
user = create_random_customer()
kwargs["applicant_profile"] = create_profile(user)
if "licence_type" not in kwargs:
kwargs["licence_type"] = create_licence_type()
if "data" not in kwargs:
kwargs["data"] = {}
application = mixer.blend(Application, **kwargs)
return application
def create_application(user=None, **kwargs):
if 'applicant_profile' not in kwargs:
if user is None:
user = create_random_customer()
kwargs['applicant_profile'] = create_profile(user)
if 'licence_type' not in kwargs:
kwargs['licence_type'] = create_licence_type()
if 'data' not in kwargs:
kwargs['data'] = {}
application = mixer.blend(Application, **kwargs)
return application
def create_application(user=None, **kwargs):
if user is None:
user = create_random_customer()
if 'applicant' not in kwargs:
kwargs['applicant'] = user
if 'applicant_profile' not in kwargs:
kwargs['applicant_profile'] = create_profile(user)
if 'licence_type' not in kwargs:
kwargs['licence_type'] = get_or_create_licence_type()
if 'data' not in kwargs:
kwargs['data'] = {}
application = G(Application, **kwargs)
return application
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('applications:edit_application', args=[application.licence_type.code, application.pk]),
reverse('applications:enter_details_existing_application',
args=[application.licence_type.code, application.pk]),
reverse('applications:preview', args=[application.licence_type.code, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
self.assertTrue(is_login_page(response))
# lodge the application
self.client.login(customer1.email)
url = reverse('applications:preview', args=[application.licence_type.code, application.pk])
session = self.client.session
session['application'] = {
'customer_pk': customer1.pk,
'profile_pk': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
# login as user1
self.client.login(customer1.email)
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('wl_applications:edit_application', args=[application.licence_type.code_slug, application.pk]),
reverse('wl_applications:enter_details_existing_application',
args=[application.licence_type.code_slug, application.pk]),
reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
# lodge the application
url = reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk])
session = self.client.session
session['application'] = {
'customer_pk': customer1.pk,
'profile_pk': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(403, response.status_code)
def test_create_profile(self):
user = create_random_customer()
profile = create_profile(user)
self.assertIsNotNone(profile)
self.assertEquals(user, profile.user)
self.assertEquals(profile, user.profile_set.first())
def test_create_profile(self):
user = create_random_customer()
profile = create_profile(user)
self.assertIsNotNone(profile)
self.assertEquals(user, profile.user)
self.assertEquals(profile, user.profiles.first())
