def setUp(self): # Setup org, admin, user and user is logged self.org = setup_org() setup_admin(self.org) self.user = setup_user(self.org) setup_authenticated_session(self.client, self.org, self.user) # reset mock self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def test_authorization_ko_view(self): setup_authenticated_session(self.client, self.org, self.admin) response = self.client.get(reverse("authorization_code_ko")) self.assertContains(response, "Application couldn't be authorized.", status_code=200) self.assertTemplateUsed(response, "ftl/oauth2_provider/authorization_ko.html")
def test_document_download_returns_proper_binary(self): # Add a document and log user doc = setup_document(self.org, self.user) setup_authenticated_session(self.client, self.org, self.user) response = self.client.get(f"/app/api/v1/documents/{doc.pid}/download") with open(doc.binary.path, "rb") as uploaded_doc: self.assertEqual(uploaded_doc.read(), response.content)
def test_authorization_code_view(self): setup_authenticated_session(self.client, self.org, self.admin) response = self.client.get( f"{reverse('authorization_code')}?code=6j29e99yxsB0YsgwVJt2zLI8XgWbf3" ) self.assertContains(response, "6j29e99yxsB0YsgwVJt2zLI8XgWbf3", status_code=200) self.assertTemplateUsed(response, "ftl/oauth2_provider/authorization_code.html")
def test_logout_call_proper_signal(self, mocked_signal): # Setup org, admin, user and log the user org = setup_org() setup_admin(org) user = setup_user(org) setup_authenticated_session(self.client, org, user) self.client.get("/logout/") mocked_signal.assert_called_once()
def test_activate_language_en(self): self.admin.lang = "en" self.admin.save() setup_authenticated_session(self.client, self.org, self.admin) response = self.client.get(reverse_lazy("account_index")) self.assertContains(response, "Settings") self.assertIn("content-language", response) self.assertEqual("en", response["content-language"])
def test_temp_document_download_expired(self, mocked_time): mocked_time.return_value = time.mktime( datetime.datetime(2019, 1, 1).timetuple()) doc = setup_document(self.org, self.user) setup_authenticated_session(self.client, self.org, self.user) response = self.client.get(reverse_lazy("api_temp_download_url", kwargs={"spid": doc.pid}), follow=True) self.assertEqual(response.status_code, 404)
def test_document_download_only_work_for_users_in_the_doc_org(self): # Add a document in first org with first user doc = setup_document(self.org, self.user) # Create a second org and user, log the second user org_2 = setup_org(tv.ORG_NAME_2, tv.ORG_SLUG_2) user_2 = setup_user(org_2, tv.USER2_EMAIL, tv.USER2_PASS) setup_authenticated_session(self.client, org_2, user_2) # Trying to download the document of first org with a user of second org returns a 404 response = self.client.get(f"/app/api/v1/documents/{doc.pid}/download") self.assertEqual(response.status_code, 404)
def test_no_language_configured_use_browser_accept_language(self): self.admin.lang = "" self.admin.save() setup_authenticated_session(self.client, self.org, self.admin) response = self.client.get(reverse_lazy("account_index"), HTTP_ACCEPT_LANGUAGE="fr") self.assertContains(response, "Paramètres") self.assertIn("content-language", response) self.assertEqual("fr", response["content-language"])
def setUp(self): # Setup org, user self.org = setup_org() self.user = setup_user(self.org) setup_authenticated_session(self.client, self.org, self.user) # mock OTPMiddleware._verify_user() to skip check page self.middleware_patcher = patch.object(OTPMiddleware, "_verify_user", mocked_verify_user) self.middleware_patcher.start() self.addCleanup( patch.stopall ) # ensure mock is remove after each test, even if the test crash self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def setUp(self): # Setup org, user, a static device and the user is logged self.org = setup_org() self.user = setup_user(self.org) self.static_device = setup_2fa_static_device( self.user, codes_list=tv.STATIC_DEVICE_CODES_LIST) setup_authenticated_session(self.client, self.org, self.user) # mock OTPMiddleware._verify_user() to skip check page self.middleware_patcher = patch.object(OTPMiddleware, "_verify_user", mocked_verify_user) self.middleware_patcher.start() self.addCleanup( patch.stopall ) # ensure mock is remove after each test, even if the test crash self.addCleanup(totp_time_setter.reset_mock, side_effect=True)
def test_logout_signal_trigger_django_messages(self, messages_mocked): # Setup org, admin, user and log the user org = setup_org() setup_admin(org) user = setup_user(org) setup_authenticated_session(self.client, org, user) message_to_display_on_login_page = "bingo!" messages_mocked.return_value = message_to_display_on_login_page mocked_request = Mock() mocked_request.GET = {} mocked_request.axes_attempt_time = datetime.now() user_logged_out.send(self.__class__, request=mocked_request, user=user) messages_mocked.assert_called_once()
def test_timezone_us_east_cost(self): self.admin.lang = "en" self.admin.tz = "America/New_York" self.admin.save() setup_authenticated_session(self.client, self.org, self.admin) with translation.override("en"): # Force translation to en only in this code block now_in_utc = timezone.now() now_ny = timezone.localtime(now_in_utc, gettz("America/New_York")) # Use Django timezone tool to get the expected time in New York, USA formatted = dateformat.format( now_ny, get_format("SHORT_DATETIME_FORMAT", lang="en", use_l10n=True)) response = self.client.get(reverse_lazy("account_user_settings")) self.assertContains(response, formatted)
def test_timezone_fr(self): self.admin.lang = "fr" self.admin.tz = "Europe/Paris" self.admin.save() setup_authenticated_session(self.client, self.org, self.admin) with translation.override("fr"): # Force translation to fr only in this code block now_in_utc = timezone.now() now_in_paris = timezone.localtime(now_in_utc, gettz("Europe/Paris")) # Use Django timezone tool to get the expected time in Paris, FR formatted = dateformat.format( now_in_paris, get_format("SHORT_DATETIME_FORMAT", lang="fr", use_l10n=True), ) response = self.client.get(reverse_lazy("account_user_settings")) self.assertContains(response, formatted)
def test_temp_document_download(self): doc = setup_document( self.org, self.user, title=tv.DOCUMENT_DOCX_TITLE, note=tv.DOCUMENT_DOCX_NOTE, text_content=tv.DOCUMENT_DOCX_CONTENT, binary=tv.DOCUMENT_DOCX_BINARY_PATH, file_type= "application/vnd.openxmlformats-officedocument.wordprocessingml.document", ) setup_authenticated_session(self.client, self.org, self.user) response = self.client.get(f"/app/api/v1/documents/{doc.pid}") self.assertEqual(response.status_code, 200) self.assertIn("only_office_config", response.data) self.assertIn("document", response.data["only_office_config"]) self.assertIn("url", response.data["only_office_config"]["document"]) response = self.client.get( response.data["only_office_config"]["document"]["url"]) with open(doc.binary.path, "rb") as uploaded_doc: self.assertEqual(uploaded_doc.read(), response.content)
def setUp(self): # Setup org, admin, user and log the user self.org = setup_org() setup_admin(self.org) self.user = setup_user(self.org) setup_authenticated_session(self.client, self.org, self.user)
def test_oauth2_authorization_code_flow_with_export_cli(self): setup_authenticated_session(self.client, self.org, self.admin) # User opens browser to the following URL (user is already logged) response = self.client.get( reverse("authorize"), { "client_id": self.application.client_id, "response_type": "code", "scope": "read write", "redirect_uri": self.application.redirect_uris, }, ) self.assertEqual(response.status_code, 200) # User authorize app by clicking on the submit button # This is the data in the submitted form form_data = { "client_id": self.application.client_id, "scope": "read write", "redirect_uri": self.application.redirect_uris, "response_type": "code", "allow": True, } response_authorize = self.client.post(reverse("authorize"), data=form_data) # Verify we have the redirect self.assertEqual(response_authorize.status_code, 302) url_parsed = urlparse(response_authorize["Location"]) query_parsed = parse_qs(url_parsed.query) self.assertIn( f"https://pm-instance.example.org{reverse('authorization_code')}?code=", response_authorize["Location"], ) self.assertIsNotNone(query_parsed["code"][0]) # Use authorization code to get a token post = { "client_id": self.application.client_id, "grant_type": "authorization_code", "code": query_parsed["code"][0], "redirect_uri": self.application.redirect_uris, } response_token = self.client.post(reverse("token"), data=post) self.assertEqual(response_token.status_code, 200) # Use token with API self.client.get(reverse("logout")) content = response_token.json() response_documents = self.client.get( "/app/api/v1/documents", format="json", Authorization=f"Bearer {content['access_token']}", ) self.assertEqual(response_documents.status_code, 200) self.assertGreaterEqual(response_documents.data["count"], 0) # Renew token post = { "client_id": self.application.client_id, "grant_type": "refresh_token", "refresh_token": content["refresh_token"], } response_renew = self.client.post(reverse("token"), data=post) self.assertEqual(response_renew.status_code, 200) self.assertIsNotNone(response_renew.json()["access_token"]) # Use renewed token with API content = response_renew.json() response_documents = self.client.get( "/app/api/v1/documents", format="json", Authorization=f"Bearer {content['access_token']}", ) self.assertEqual(response_documents.status_code, 200) self.assertGreaterEqual(response_documents.data["count"], 0)
def test_oauth2_authorization_code_flow(self): setup_authenticated_session(self.client, self.org, self.admin) # Third party app open user browser to the following URL (user is already logged) response = self.client.get( reverse("authorize"), { "client_id": self.application.client_id, "response_type": "code", "state": "random_state_string", "scope": "read write", "redirect_uri": self.application.redirect_uris, }, ) self.assertEqual(response.status_code, 200) # User authorize app by clicking on the submit button form_data = { "client_id": self.application.client_id, "state": "random_state_string", "scope": "read write", "redirect_uri": self.application.redirect_uris, "response_type": "code", "allow": True, } response_authorize = self.client.post(reverse("authorize"), data=form_data) # Verify we have the redirect to the localhost server self.assertEqual(response_authorize.status_code, 302) url_parsed = urlparse(response_authorize["Location"]) query_parsed = parse_qs(url_parsed.query) self.assertIn(self.application.redirect_uris, response_authorize["Location"]) self.assertEqual("random_state_string", query_parsed["state"][0]) self.assertIsNotNone(query_parsed["code"][0]) # Use authorization code to get a token post = { "client_id": self.application.client_id, "client_secret": self.application.client_secret, "grant_type": "authorization_code", "code": query_parsed["code"][0], "redirect_uri": self.application.redirect_uris, } response_token = self.client.post(reverse("token"), data=post) self.assertEqual(response_token.status_code, 200) # Use token with API self.client.get(reverse("logout")) content = response_token.json() response_documents = self.client.get( "/app/api/v1/documents", format="json", Authorization=f"Bearer {content['access_token']}", ) self.assertEqual(response_documents.status_code, 200) self.assertGreaterEqual(response_documents.data["count"], 0)
def test_non_admin_user_already_logged(self): setup_authenticated_session(self.client, self.org_1, self.user_1) response = self.client.get(reverse("admin:login"), follow=True) self.assertEqual(response.status_code, 403)
def test_admin_user_already_logged(self): setup_authenticated_session(self.client, self.org, self.admin) response = self.client.get(reverse("admin:index"), follow=True) self.assertContains(response, "Welcome")