def setUp(self):
# Setup org, admin, user and user is logged
self.org = setup_org()
setup_admin(self.org)
self.user = setup_user(self.org)
setup_authenticated_session(self.client, self.org, self.user)
# reset mock
self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def test_authorization_ko_view(self):
setup_authenticated_session(self.client, self.org, self.admin)
response = self.client.get(reverse("authorization_code_ko"))
self.assertContains(response,
"Application couldn't be authorized.",
status_code=200)
self.assertTemplateUsed(response,
"ftl/oauth2_provider/authorization_ko.html")
def test_document_download_returns_proper_binary(self):
# Add a document and log user
doc = setup_document(self.org, self.user)
setup_authenticated_session(self.client, self.org, self.user)
response = self.client.get(f"/app/api/v1/documents/{doc.pid}/download")
with open(doc.binary.path, "rb") as uploaded_doc:
self.assertEqual(uploaded_doc.read(), response.content)
def test_authorization_code_view(self):
setup_authenticated_session(self.client, self.org, self.admin)
response = self.client.get(
f"{reverse('authorization_code')}?code=6j29e99yxsB0YsgwVJt2zLI8XgWbf3"
)
self.assertContains(response,
"6j29e99yxsB0YsgwVJt2zLI8XgWbf3",
status_code=200)
self.assertTemplateUsed(response,
"ftl/oauth2_provider/authorization_code.html")
def test_logout_call_proper_signal(self, mocked_signal):
# Setup org, admin, user and log the user
org = setup_org()
setup_admin(org)
user = setup_user(org)
setup_authenticated_session(self.client, org, user)
self.client.get("/logout/")
mocked_signal.assert_called_once()
def test_activate_language_en(self):
self.admin.lang = "en"
self.admin.save()
setup_authenticated_session(self.client, self.org, self.admin)
response = self.client.get(reverse_lazy("account_index"))
self.assertContains(response, "Settings")
self.assertIn("content-language", response)
self.assertEqual("en", response["content-language"])
def test_temp_document_download_expired(self, mocked_time):
mocked_time.return_value = time.mktime(
datetime.datetime(2019, 1, 1).timetuple())
doc = setup_document(self.org, self.user)
setup_authenticated_session(self.client, self.org, self.user)
response = self.client.get(reverse_lazy("api_temp_download_url",
kwargs={"spid": doc.pid}),
follow=True)
self.assertEqual(response.status_code, 404)
def test_document_download_only_work_for_users_in_the_doc_org(self):
# Add a document in first org with first user
doc = setup_document(self.org, self.user)
# Create a second org and user, log the second user
org_2 = setup_org(tv.ORG_NAME_2, tv.ORG_SLUG_2)
user_2 = setup_user(org_2, tv.USER2_EMAIL, tv.USER2_PASS)
setup_authenticated_session(self.client, org_2, user_2)
# Trying to download the document of first org with a user of second org returns a 404
response = self.client.get(f"/app/api/v1/documents/{doc.pid}/download")
self.assertEqual(response.status_code, 404)
def test_no_language_configured_use_browser_accept_language(self):
self.admin.lang = ""
self.admin.save()
setup_authenticated_session(self.client, self.org, self.admin)
response = self.client.get(reverse_lazy("account_index"),
HTTP_ACCEPT_LANGUAGE="fr")
self.assertContains(response, "Paramètres")
self.assertIn("content-language", response)
self.assertEqual("fr", response["content-language"])
def setUp(self):
# Setup org, user
self.org = setup_org()
self.user = setup_user(self.org)
setup_authenticated_session(self.client, self.org, self.user)
# mock OTPMiddleware._verify_user() to skip check page
self.middleware_patcher = patch.object(OTPMiddleware, "_verify_user",
mocked_verify_user)
self.middleware_patcher.start()
self.addCleanup(
patch.stopall
) # ensure mock is remove after each test, even if the test crash
self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def setUp(self):
# Setup org, user, a static device and the user is logged
self.org = setup_org()
self.user = setup_user(self.org)
self.static_device = setup_2fa_static_device(
self.user, codes_list=tv.STATIC_DEVICE_CODES_LIST)
setup_authenticated_session(self.client, self.org, self.user)
# mock OTPMiddleware._verify_user() to skip check page
self.middleware_patcher = patch.object(OTPMiddleware, "_verify_user",
mocked_verify_user)
self.middleware_patcher.start()
self.addCleanup(
patch.stopall
) # ensure mock is remove after each test, even if the test crash
self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def test_logout_signal_trigger_django_messages(self, messages_mocked):
# Setup org, admin, user and log the user
org = setup_org()
setup_admin(org)
user = setup_user(org)
setup_authenticated_session(self.client, org, user)
message_to_display_on_login_page = "bingo!"
messages_mocked.return_value = message_to_display_on_login_page
mocked_request = Mock()
mocked_request.GET = {}
mocked_request.axes_attempt_time = datetime.now()
user_logged_out.send(self.__class__, request=mocked_request, user=user)
messages_mocked.assert_called_once()
def test_timezone_us_east_cost(self):
self.admin.lang = "en"
self.admin.tz = "America/New_York"
self.admin.save()
setup_authenticated_session(self.client, self.org, self.admin)
with translation.override("en"):
# Force translation to en only in this code block
now_in_utc = timezone.now()
now_ny = timezone.localtime(now_in_utc, gettz("America/New_York"))
# Use Django timezone tool to get the expected time in New York, USA
formatted = dateformat.format(
now_ny,
get_format("SHORT_DATETIME_FORMAT", lang="en", use_l10n=True))
response = self.client.get(reverse_lazy("account_user_settings"))
self.assertContains(response, formatted)
def test_timezone_fr(self):
self.admin.lang = "fr"
self.admin.tz = "Europe/Paris"
self.admin.save()
setup_authenticated_session(self.client, self.org, self.admin)
with translation.override("fr"):
# Force translation to fr only in this code block
now_in_utc = timezone.now()
now_in_paris = timezone.localtime(now_in_utc,
gettz("Europe/Paris"))
# Use Django timezone tool to get the expected time in Paris, FR
formatted = dateformat.format(
now_in_paris,
get_format("SHORT_DATETIME_FORMAT", lang="fr", use_l10n=True),
)
response = self.client.get(reverse_lazy("account_user_settings"))
self.assertContains(response, formatted)
def test_temp_document_download(self):
doc = setup_document(
self.org,
self.user,
title=tv.DOCUMENT_DOCX_TITLE,
note=tv.DOCUMENT_DOCX_NOTE,
text_content=tv.DOCUMENT_DOCX_CONTENT,
binary=tv.DOCUMENT_DOCX_BINARY_PATH,
file_type=
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
)
setup_authenticated_session(self.client, self.org, self.user)
response = self.client.get(f"/app/api/v1/documents/{doc.pid}")
self.assertEqual(response.status_code, 200)
self.assertIn("only_office_config", response.data)
self.assertIn("document", response.data["only_office_config"])
self.assertIn("url", response.data["only_office_config"]["document"])
response = self.client.get(
response.data["only_office_config"]["document"]["url"])
with open(doc.binary.path, "rb") as uploaded_doc:
self.assertEqual(uploaded_doc.read(), response.content)
def setUp(self):
# Setup org, admin, user and log the user
self.org = setup_org()
setup_admin(self.org)
self.user = setup_user(self.org)
setup_authenticated_session(self.client, self.org, self.user)
def test_oauth2_authorization_code_flow_with_export_cli(self):
setup_authenticated_session(self.client, self.org, self.admin)
# User opens browser to the following URL (user is already logged)
response = self.client.get(
reverse("authorize"),
{
"client_id": self.application.client_id,
"response_type": "code",
"scope": "read write",
"redirect_uri": self.application.redirect_uris,
},
)
self.assertEqual(response.status_code, 200)
# User authorize app by clicking on the submit button
# This is the data in the submitted form
form_data = {
"client_id": self.application.client_id,
"scope": "read write",
"redirect_uri": self.application.redirect_uris,
"response_type": "code",
"allow": True,
}
response_authorize = self.client.post(reverse("authorize"),
data=form_data)
# Verify we have the redirect
self.assertEqual(response_authorize.status_code, 302)
url_parsed = urlparse(response_authorize["Location"])
query_parsed = parse_qs(url_parsed.query)
self.assertIn(
f"https://pm-instance.example.org{reverse('authorization_code')}?code=",
response_authorize["Location"],
)
self.assertIsNotNone(query_parsed["code"][0])
# Use authorization code to get a token
post = {
"client_id": self.application.client_id,
"grant_type": "authorization_code",
"code": query_parsed["code"][0],
"redirect_uri": self.application.redirect_uris,
}
response_token = self.client.post(reverse("token"), data=post)
self.assertEqual(response_token.status_code, 200)
# Use token with API
self.client.get(reverse("logout"))
content = response_token.json()
response_documents = self.client.get(
"/app/api/v1/documents",
format="json",
Authorization=f"Bearer {content['access_token']}",
)
self.assertEqual(response_documents.status_code, 200)
self.assertGreaterEqual(response_documents.data["count"], 0)
# Renew token
post = {
"client_id": self.application.client_id,
"grant_type": "refresh_token",
"refresh_token": content["refresh_token"],
}
response_renew = self.client.post(reverse("token"), data=post)
self.assertEqual(response_renew.status_code, 200)
self.assertIsNotNone(response_renew.json()["access_token"])
# Use renewed token with API
content = response_renew.json()
response_documents = self.client.get(
"/app/api/v1/documents",
format="json",
Authorization=f"Bearer {content['access_token']}",
)
self.assertEqual(response_documents.status_code, 200)
self.assertGreaterEqual(response_documents.data["count"], 0)
def test_oauth2_authorization_code_flow(self):
setup_authenticated_session(self.client, self.org, self.admin)
# Third party app open user browser to the following URL (user is already logged)
response = self.client.get(
reverse("authorize"),
{
"client_id": self.application.client_id,
"response_type": "code",
"state": "random_state_string",
"scope": "read write",
"redirect_uri": self.application.redirect_uris,
},
)
self.assertEqual(response.status_code, 200)
# User authorize app by clicking on the submit button
form_data = {
"client_id": self.application.client_id,
"state": "random_state_string",
"scope": "read write",
"redirect_uri": self.application.redirect_uris,
"response_type": "code",
"allow": True,
}
response_authorize = self.client.post(reverse("authorize"),
data=form_data)
# Verify we have the redirect to the localhost server
self.assertEqual(response_authorize.status_code, 302)
url_parsed = urlparse(response_authorize["Location"])
query_parsed = parse_qs(url_parsed.query)
self.assertIn(self.application.redirect_uris,
response_authorize["Location"])
self.assertEqual("random_state_string", query_parsed["state"][0])
self.assertIsNotNone(query_parsed["code"][0])
# Use authorization code to get a token
post = {
"client_id": self.application.client_id,
"client_secret": self.application.client_secret,
"grant_type": "authorization_code",
"code": query_parsed["code"][0],
"redirect_uri": self.application.redirect_uris,
}
response_token = self.client.post(reverse("token"), data=post)
self.assertEqual(response_token.status_code, 200)
# Use token with API
self.client.get(reverse("logout"))
content = response_token.json()
response_documents = self.client.get(
"/app/api/v1/documents",
format="json",
Authorization=f"Bearer {content['access_token']}",
)
self.assertEqual(response_documents.status_code, 200)
self.assertGreaterEqual(response_documents.data["count"], 0)
def test_non_admin_user_already_logged(self):
setup_authenticated_session(self.client, self.org_1, self.user_1)
response = self.client.get(reverse("admin:login"), follow=True)
self.assertEqual(response.status_code, 403)
def test_admin_user_already_logged(self):
setup_authenticated_session(self.client, self.org, self.admin)
response = self.client.get(reverse("admin:index"), follow=True)
self.assertContains(response, "Welcome")
