def test_whoami_disallowed_methods(client, api_settings, http_method): """HTTP methods other than GET are not allowed.""" url = reverse('api.v1.whoami') response = getattr(client, http_method)(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 405 assert_no_cache_header(response)
def test_doc_api_disallowed_methods(client, api_settings, http_method): """HTTP methods other than GET are not allowed.""" url = reverse('api.v1.doc', args=['en-US', 'Web/CSS']) response = getattr(client, http_method)(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 405 assert_no_cache_header(response)
def test_purge_get_no_log(deleted_doc, moderator_client): url = reverse('wiki.purge_document', args=[deleted_doc.slug]) DocumentDeletionLog.objects.all().delete() response = moderator_client.get(url) assert response.status_code == 200 assert_no_cache_header(response) assert 'deleted, for unknown reasons' in response.content.decode('utf-8')
def test_doc_api_for_redirect_to_non_doc(client, api_settings, redirect_to_home, redirect_to_macros, case): """ Test the document API when we're requesting data for a document that redirects to a non-document page (either the home page or another). """ if case == 'redirect-to-home': doc = redirect_to_home expected_redirect_url = '/en-US/' else: doc = redirect_to_macros expected_redirect_url = absolutify('/en-US/dashboards/macros', for_wiki_site=True) url = reverse('api.v1.doc', args=[doc.locale, doc.slug]) response = client.get(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 200 assert_no_cache_header(response) data = response.json() assert data['documentData'] is None assert data['redirectURL'] == expected_redirect_url # Also ensure that we get exactly the same data by calling # the document_api_data() function directly assert data == document_api_data(redirect_url=expected_redirect_url)
def test_permissions(self, mock_analytics_upageviews): """A user with correct permissions is able to see the dashboard.""" self.client.login(username='******', password='******') # Attempt to see spam dashboard as a logged-in user without permissions response = self.client.get(reverse('dashboards.spam')) assert response.status_code == 403 # Give testuser wiki.add_revisionakismetsubmission permission perm_akismet = Permission.objects.get(codename='add_revisionakismetsubmission') self.testuser.user_permissions.add(perm_akismet) response = self.client.get(reverse('dashboards.spam')) assert response.status_code == 403 # Give testuser wiki.add_documentspamattempt permission perm_spam = Permission.objects.get(codename='add_documentspamattempt') self.testuser.user_permissions.add(perm_spam) response = self.client.get(reverse('dashboards.spam')) assert response.status_code == 403 # Give testuser wiki.add_userban permission perm_ban = Permission.objects.get(codename='add_userban') self.testuser.user_permissions.add(perm_ban) response = self.client.get(reverse('dashboards.spam')) # With all correct permissions testuser is able to see the dashboard assert response.status_code == 200 assert_no_cache_header(response) assert 'text/html' in response['Content-Type'] assert 'dashboards/spam.html' in (template.name for template in response.templates)
def test_revisions_not_logged_in(root_doc, client): """A user who is not logged in can't see the revisions dashboard.""" url = reverse('dashboards.revisions') response = client.get(url) assert response.status_code == 302 assert response['Location'] == '/en-US/users/signin?next={}'.format(url) assert_no_cache_header(response)
def test_spam_with_many_response(create_revision, akismet_wiki_user, akismet_wiki_user_2, user_client, enable_akismet_submissions, akismet_mock_requests): submission = RevisionAkismetSubmission( type="ham", sender=akismet_wiki_user_2, revision=create_revision ) submission.save() # Check that one RevisionAkismetSubmission instance exists. ras = RevisionAkismetSubmission.objects.filter(revision=create_revision) assert ras.count() == 1 # Create another Akismet revision via the endpoint. url = reverse('wiki.submit_akismet_spam') response = user_client.post(url, data={'revision': create_revision.id}) assert response.status_code == 201 assert_no_cache_header(response) data = json.loads(response.content) assert len(data) == 2 assert data[0]['type'] == 'ham' assert data[0]['sender'] == akismet_wiki_user_2.username assert data[1]['type'] == 'spam' assert data[1]['sender'] == akismet_wiki_user.username # Check that the Akismet endpoints were called. assert akismet_mock_requests.called assert akismet_mock_requests.call_count == 2
def test_login(client): """Tests that login is required. The "client" fixture is not logged in.""" url = reverse('wiki.admin_bulk_purge') response = client.get(url) assert response.status_code == 302 assert 'en-US/users/signin?' in response['Location'] assert_no_cache_header(response)
def test_create_child_valid(root_doc, add_doc_client, slug): """Test creating a new child document with valid and invalid slugs.""" data = dict( title='A Child of the Root Document', slug=slug, tags='tag1, tag2', review_tags=['editorial', 'technical'], keywords='key1, key2', summary='lipsum', content='lorem ipsum dolor sit amet', comment='This is foobar.', toc_depth=1, ) url = reverse('wiki.create') url += '?parent={}'.format(root_doc.id) full_slug = '{}/{}'.format(root_doc.slug, slug) resp = add_doc_client.post(url, data) assert resp.status_code == 302 assert resp['X-Robots-Tag'] == 'noindex' assert_no_cache_header(resp) assert resp['Location'].endswith( reverse('wiki.document', args=(full_slug,))) assert root_doc.children.count() == 1 doc = Document.objects.get(slug=full_slug, locale='en-US') skip_keys = set(('tags', 'review_tags', 'parent_topic')) for name in (set(data.keys()) - skip_keys): expected = full_slug if name == 'slug' else data[name] assert getattr(doc.current_revision, name) == expected assert (sorted(doc.tags.all().values_list('name', flat=True)) == ['tag1', 'tag2']) review_tags = doc.current_revision.review_tags assert (sorted(review_tags.all().values_list('name', flat=True)) == ['editorial', 'technical'])
def test_create_child_invalid(root_doc, add_doc_client, slug): """Test creating a new child document with valid and invalid slugs.""" data = dict( title='A Child of the Root Document', slug=slug, tags='tag1, tag2', review_tags=['editorial', 'technical'], keywords='key1, key2', summary='lipsum', content='lorem ipsum dolor sit amet', comment='This is foobar.', toc_depth=1, ) url = reverse('wiki.create') url += '?parent={}'.format(root_doc.id) full_slug = '{}/{}'.format(root_doc.slug, slug) resp = add_doc_client.post(url, data) assert resp.status_code == 200 assert resp['X-Robots-Tag'] == 'noindex' assert_no_cache_header(resp) assert b'The slug provided is not valid.' in resp.content with pytest.raises(Document.DoesNotExist): Document.objects.get(slug=full_slug, locale='en-US') page = pq(resp.content) assert page.find('input[name=slug]')[0].value == slug
def test_create_valid(add_doc_client): """Test creating a new document with valid and invalid slugs.""" slug = 'Foobar' data = dict( title='A Foobar Document', slug=slug, tags='tag1, tag2', review_tags=['editorial', 'technical'], keywords='key1, key2', summary='lipsum', content='lorem ipsum dolor sit amet', comment='This is foobar.', toc_depth=1, ) url = reverse('wiki.create') resp = add_doc_client.post(url, data) assert resp.status_code == 302 assert resp['X-Robots-Tag'] == 'noindex' assert_no_cache_header(resp) assert resp['Location'].endswith(reverse('wiki.document', args=(slug,))) doc = Document.objects.get(slug=slug) for name in (set(data.keys()) - set(('tags', 'review_tags'))): assert getattr(doc.current_revision, name) == data[name] assert (sorted(doc.tags.all().values_list('name', flat=True)) == ['tag1', 'tag2']) review_tags = doc.current_revision.review_tags assert (sorted(review_tags.all().values_list('name', flat=True)) == ['editorial', 'technical'])
def test_intermediate(self): """ Test that the intermediate DocumentAttachment gets created correctly when adding an Attachment with a document_id. """ doc = document(locale='en-US', slug='attachment-test-intermediate', save=True) revision(document=doc, is_approved=True, save=True) file_for_upload = make_test_file( content='A file for testing intermediate attachment model.') post_data = { 'title': 'Intermediate test file', 'description': 'Intermediate test file', 'comment': 'Initial upload', 'file': file_for_upload, } files_url = reverse('attachments.edit_attachment', kwargs={'document_path': doc.slug}) response = self.client.post(files_url, data=post_data) assert response.status_code == 302 assert_no_cache_header(response) assert doc.files.count() == 1 intermediates = DocumentAttachment.objects.filter(document__pk=doc.id) assert intermediates.count() == 1 intermediate = intermediates[0] assert intermediate.attached_by.username == 'admin' assert intermediate.name == file_for_upload.name.split('/')[-1]
def test_key_history(self): # Assemble some sample log lines log_lines = [] for i in range(0, ITEMS_PER_PAGE * 2): log_lines.append(('ping', self.user2, 'Number #%s' % i)) # Record the log lines for this key for l in log_lines: self.key1.log(*l) # Reverse the lines for comparison. log_lines.reverse() # Iterate through 2 expected pages... for qs, offset in (('', 0), ('?page=2', ITEMS_PER_PAGE)): url = '%s%s' % (reverse('authkeys.history', args=(self.key1.pk,)), qs) resp = self.client.get(url) assert resp.status_code == 200 assert_no_cache_header(resp) page = pq(resp.content) rows = page.find('.item') for idx in range(0, ITEMS_PER_PAGE): row = rows.eq(idx) expected = log_lines[idx + offset] line = (row.find('.action').text(), row.find('.object').text(), row.find('.notes').text()) assert line[0] == expected[0] assert ('%s' % expected[1]) in line[1] assert line[2] == expected[2]
def test_home_when_rate_limited(mock_render, client, db): """ Cloudfront CDN's don't cache 429's, but let's test this anyway. """ mock_render.side_effect = Ratelimited() response = client.get(reverse('home')) assert response.status_code == 429 assert_no_cache_header(response)
def test_read_only_mode(root_doc, user_client, endpoint): args = [root_doc.slug] if endpoint == 'revert_document': args.append(root_doc.current_revision.id) url = reverse('wiki.{}'.format(endpoint), args=args) response = user_client.get(url) assert response.status_code == 403 assert_no_cache_header(response)
def test_revision_hash(client, db, method, settings): settings.REVISION_HASH = 'the_revision_hash' response = getattr(client, method)(reverse('version.kuma')) assert response.status_code == 200 assert response['Content-Type'] == 'text/plain; charset=utf-8' assert_no_cache_header(response) if method == 'get': assert response.content.decode('utf-8') == 'the_revision_hash'
def test_recurring_payment_management_customer_id(enabled_, get, user_client, stripe_user): """The recurring payments page shows there are active subscriptions.""" response = user_client.get(reverse('recurring_payment_management')) assert response.status_code == 200 content = response.content.decode(response.charset) assert ('<button id="id_stripe_cancel_subscription"' ' name="stripe_cancel_subscription"') in content assert_no_cache_header(response)
def test_watch_login_required(client, root_doc, endpoint): """User must be logged-in to subscribe to a document.""" url = reverse(endpoint, args=[root_doc.slug]) response = client.post(url) assert response.status_code == 302 assert_no_cache_header(response) assert response['Location'].endswith( reverse('account_login') + '?next=' + quote(url))
def test_mime_type_filtering(self): """ Don't allow uploads outside of the explicitly-permitted mime-types. """ _file = make_test_file(content='plain and text', suffix='.txt') post_data = { 'title': 'Test disallowed file type', 'description': 'A file kuma should disallow on type.', 'comment': 'Initial upload', 'file': _file, } response = self.client.post(self.files_url, data=post_data) assert response.status_code == 200 assert_no_cache_header(response) self.assertContains(response, 'Files of this type are not permitted.') _file.close()
def test_get(add_doc_client): response = add_doc_client.get(reverse("wiki.create"), HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 200 assert response["X-Robots-Tag"] == "noindex" assert_no_cache_header(response) page = pq(response.content) toc_select = page.find("#id_toc_depth") toc_options = toc_select.find("option") found_selected = False for option in toc_options: opt_element = pq(option) if opt_element.attr("selected"): found_selected = True assert opt_element.attr("value") == str(Revision.TOC_DEPTH_H4) assert found_selected, "No ToC depth initially selected." # Check discard button. assert page.find(".btn-discard").attr("href") == reverse("wiki.create")
def test_revert_post(edit_revision, delete_client): root_doc = edit_revision.document assert len(root_doc.revisions.all()) == 2 first_revision = root_doc.revisions.first() url = reverse('wiki.revert_document', locale='en-US', args=[root_doc.slug, first_revision.id]) response = delete_client.post(url, data=dict(comment='test')) assert response.status_code == 302 assert response['Location'].endswith( reverse('wiki.document_revisions', args=[root_doc.slug])) assert_no_cache_header(response) assert len(root_doc.revisions.all()) == 3 root_doc.refresh_from_db() assert root_doc.current_revision.id != edit_revision.id assert root_doc.current_revision.id != first_revision.id assert root_doc.current_revision.id == root_doc.revisions.last().id
def test_revision_api_get(doc_with_macros, client, constance_config, qs, expected): """ The wiki.revision_api endpoint returns revised raw HTML for GET requests. """ constance_config.KUMASCRIPT_TIMEOUT = 1 url = reverse( "wiki.revision_api", args=[doc_with_macros.slug], locale=doc_with_macros.locale ) response = client.get(url + qs, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 200 assert response.content.decode() == expected assert_no_cache_header(response) assert response["X-Frame-Options"] == "deny" assert response["X-Robots-Tag"] == "noindex" assert response["Last-Modified"] == get_last_modified_header( doc_with_macros.current_revision.created )
def test_spam_revision_does_not_exist(create_revision, akismet_wiki_user, user_client, enable_akismet_submissions, akismet_mock_requests): revision_id = create_revision.id create_revision.delete() url = reverse('wiki.submit_akismet_spam') response = user_client.post(url, data={'revision': revision_id}) assert response.status_code == 400 assert_no_cache_header(response) # No RevisionAkismetSubmission record should exist. ras = RevisionAkismetSubmission.objects.filter(revision_id=revision_id) assert ras.count() == 0 # Check that the Akismet endpoints were not called. assert not akismet_mock_requests.called
def test_get(add_doc_client): response = add_doc_client.get(reverse('wiki.create')) assert response.status_code == 200 assert response['X-Robots-Tag'] == 'noindex' assert_no_cache_header(response) page = pq(response.content) toc_select = page.find('#id_toc_depth') toc_options = toc_select.find('option') found_selected = False for option in toc_options: opt_element = pq(option) if opt_element.attr('selected'): found_selected = True assert opt_element.attr('value') == str(Revision.TOC_DEPTH_H4) assert found_selected, 'No ToC depth initially selected.' # Check discard button. assert (page.find('.btn-discard').attr('href') == reverse('wiki.create'))
def test_json(doc_hierarchy_with_zones, client, params_case): """Test the wiki.json endpoint.""" Switch.objects.create(name='application_ACAO', active=True) top_doc = doc_hierarchy_with_zones.top bottom_doc = doc_hierarchy_with_zones.bottom expected_tags = sorted(['foo', 'bar', 'baz']) expected_review_tags = sorted(['tech', 'editorial']) for doc in (top_doc, bottom_doc): doc.tags.set(*expected_tags) doc.current_revision.review_tags.set(*expected_review_tags) params = None expected_slug = None expected_status_code = 200 if params_case == 'nothing': expected_status_code = 400 elif params_case == 'title-only': expected_slug = top_doc.slug params = dict(title=top_doc.title) elif params_case == 'slug-only': expected_slug = bottom_doc.slug params = dict(slug=bottom_doc.slug) elif params_case == 'title-and-slug': expected_slug = top_doc.slug params = dict(title=top_doc.title, slug=bottom_doc.slug) else: # missing title expected_status_code = 404 params = dict(title='nonexistent document title') url = reverse('wiki.json', locale='en-US') response = client.get(url, params) assert response.status_code == expected_status_code if response.status_code == 404: assert_no_cache_header(response) else: assert_shared_cache_header(response) assert response['Access-Control-Allow-Origin'] == '*' if response.status_code == 200: data = json.loads(response.content) assert data['slug'] == expected_slug assert sorted(data['tags']) == expected_tags assert sorted(data['review_tags']) == expected_review_tags
def test_revision_api_post_400(doc_with_macros, wiki_user_2_token, client): """The wiki.revision_api endpoint returns 400 for bad POST requests.""" url = reverse( "wiki.revision_api", args=[doc_with_macros.slug], locale=doc_with_macros.locale ) response = client.post( url, content_type="text/plain", HTTP_HOST=settings.WIKI_HOST, HTTP_AUTHORIZATION=f"Token {wiki_user_2_token.key}", ) assert response.status_code == 400 assert response.content.decode() == ( 'POST body must be of type "application/json", ' '"application/x-www-form-urlencoded", or "multipart/form-data".' ) assert_no_cache_header(response)
def test_doc_api_for_redirect_to_doc(client, api_settings, root_doc, redirect_doc, cleared_cacheback_cache, ensure_contributors): """ Test the document API when we're requesting data for a document that redirects to another document. """ if ensure_contributors: # Pre-populate the cache for the call to document_api_data() # made within the view that serves the "api.v1.doc" endpoint. DocumentContributorsJob().refresh(root_doc.pk) url = reverse('api.v1.doc', args=[redirect_doc.locale, redirect_doc.slug]) response = client.get(url, HTTP_HOST=api_settings.BETA_HOST, follow=True) assert response.status_code == 200 assert_no_cache_header(response) data = response.json() assert data['documentData'] assert data['redirectURL'] is None doc_data = data['documentData'] assert doc_data['locale'] == root_doc.locale assert doc_data['slug'] == root_doc.slug assert doc_data['id'] == root_doc.id assert doc_data['title'] == root_doc.title assert doc_data['language'] == root_doc.language assert doc_data['hrefLang'] == 'en' assert doc_data['absoluteURL'] == root_doc.get_absolute_url() assert doc_data['editURL'] == absolutify(root_doc.get_edit_url(), for_wiki_site=True) assert doc_data['bodyHTML'] == root_doc.get_body_html() assert doc_data['quickLinksHTML'] == root_doc.get_quick_links_html() assert doc_data['tocHTML'] == root_doc.get_toc_html() assert doc_data['translations'] == [] assert doc_data['contributors'] == (['wiki_user'] if ensure_contributors else []) assert doc_data['lastModified'] == '2017-04-14T12:15:00' assert doc_data['lastModifiedBy'] == 'wiki_user' # Clear the cache for a clean slate when calling document_api_data(). DocumentContributorsJob().delete(root_doc.pk) # Also ensure that we get exactly the same data by calling # the document_api_data() function directly assert data == document_api_data(root_doc, ensure_contributors=ensure_contributors)
def test_json(doc_hierarchy, client, params_case): """Test the wiki.json endpoint.""" top_doc = doc_hierarchy.top bottom_doc = doc_hierarchy.bottom expected_tags = sorted(["foo", "bar", "baz"]) expected_review_tags = sorted(["tech", "editorial"]) for doc in (top_doc, bottom_doc): doc.tags.set(*expected_tags) doc.current_revision.review_tags.set(*expected_review_tags) params = None expected_slug = None expected_status_code = 200 if params_case == "nothing": expected_status_code = 400 elif params_case == "title-only": expected_slug = top_doc.slug params = dict(title=top_doc.title) elif params_case == "slug-only": expected_slug = bottom_doc.slug params = dict(slug=bottom_doc.slug) elif params_case == "title-and-slug": expected_slug = top_doc.slug params = dict(title=top_doc.title, slug=bottom_doc.slug) else: # missing title expected_status_code = 404 params = dict(title="nonexistent document title") url = reverse("wiki.json") with override_switch("application_ACAO", True): response = client.get(url, params) assert response.status_code == expected_status_code if response.status_code == 404: assert_no_cache_header(response) else: assert_shared_cache_header(response) assert response["Access-Control-Allow-Origin"] == "*" if response.status_code == 200: data = json.loads(response.content) assert data["slug"] == expected_slug assert sorted(data["tags"]) == expected_tags assert sorted(data["review_tags"]) == expected_review_tags
def test_doc_api(client, api_settings, trans_doc, cleared_cacheback_cache, ensure_contributors): """On success we get document details in a JSON response.""" if ensure_contributors: # Pre-populate the cache for the call to document_api_data() # made within the view that serves the "api.v1.doc" endpoint. DocumentContributorsJob().refresh(trans_doc.pk) url = reverse('api.v1.doc', args=[trans_doc.locale, trans_doc.slug]) response = client.get(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 200 assert_no_cache_header(response) data = response.json() assert data['locale'] == trans_doc.locale assert data['slug'] == trans_doc.slug assert data['id'] == trans_doc.id assert data['title'] == trans_doc.title assert data['language'] == trans_doc.language assert data['absoluteURL'] == trans_doc.get_absolute_url() assert data['redirectURL'] is None assert data['editURL'] == absolutify(trans_doc.get_edit_url(), for_wiki_site=True) assert data['bodyHTML'] == trans_doc.get_body_html() assert data['quickLinksHTML'] == trans_doc.get_quick_links_html() assert data['tocHTML'] == trans_doc.get_toc_html() assert data['translations'] == [{ 'locale': 'en-US', 'language': 'English (US)', 'localizedLanguage': u'Anglais am\u00e9ricain', 'title': 'Root Document', 'url': '/en-US/docs/Root' }] assert data['contributors'] == (['wiki_user'] if ensure_contributors else []) assert data['lastModified'] == '2017-04-14T12:20:00' assert data['lastModifiedBy'] == 'wiki_user' # Clear the cache for a clean slate when calling document_api_data(). DocumentContributorsJob().delete(trans_doc.pk) # Also ensure that we get exactly the same data by calling # the document_api_data() function directly assert data == document_api_data(trans_doc, ensure_contributors=ensure_contributors)
def test_whoami_anonymous(client, settings, timezone): """Test response for anonymous users.""" # Create some fake waffle objects Flag.objects.create(name="section_edit", authenticated=True) Flag.objects.create(name="flag_all", everyone=True) Flag.objects.create(name="flag_none", percent=0) Switch.objects.create(name="switch_on", active=True) Switch.objects.create(name="switch_off", active=False) Sample.objects.create(name="sample_never", percent=0) Sample.objects.create(name="sample_always", percent=100) settings.TIME_ZONE = timezone url = reverse("api.v1.whoami") response = client.get(url) assert response.status_code == 200 assert response["content-type"] == "application/json" assert response.json() == { "username": None, "timezone": timezone, "is_authenticated": False, "is_staff": False, "is_superuser": False, "is_beta_tester": False, "avatar_url": None, "waffle": { "flags": { "section_edit": False, "flag_all": True, "flag_none": False, "subscription": False, "subscription_banner": False, }, "switches": { "switch_on": True, "switch_off": False }, "samples": { "sample_always": True, "sample_never": False }, }, "is_subscriber": False, "email": None, } assert_no_cache_header(response)
def test_delete_post(root_doc, moderator_client): url = reverse('wiki.delete_document', args=[root_doc.slug]) response = moderator_client.post(url, data=dict(reason='test'), HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 302 assert response['Location'].endswith(root_doc.get_absolute_url()) assert_no_cache_header(response) assert len( Document.admin_objects.filter(slug=root_doc.slug, locale=root_doc.locale, deleted=True)) == 1 with pytest.raises(Document.DoesNotExist): Document.objects.get(slug=root_doc.slug, locale=root_doc.locale) assert len( DocumentDeletionLog.objects.filter(locale=root_doc.locale, slug=root_doc.slug, reason='test')) == 1
def test_revert_post(edit_revision, moderator_client): root_doc = edit_revision.document assert len(root_doc.revisions.all()) == 2 first_revision = root_doc.revisions.first() url = reverse("wiki.revert_document", args=[root_doc.slug, first_revision.id]) response = moderator_client.post(url, data=dict(comment="test"), HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 302 assert response["Location"].endswith( reverse("wiki.document_revisions", args=[root_doc.slug])) assert_no_cache_header(response) assert len(root_doc.revisions.all()) == 3 root_doc.refresh_from_db() assert root_doc.current_revision.id != edit_revision.id assert root_doc.current_revision.id != first_revision.id assert root_doc.current_revision.id == root_doc.revisions.last().id
def test_whoami_anonymous(client, api_settings, timezone): """Test response for anonymous users.""" # Create some fake waffle objects Flag.objects.create(name='section_edit', authenticated=True) Flag.objects.create(name='flag_all', everyone=True) Flag.objects.create(name='flag_none', percent=0) Switch.objects.create(name="switch_on", active=True) Switch.objects.create(name="switch_off", active=False) Sample.objects.create(name="sample_never", percent=0) Sample.objects.create(name="sample_always", percent=100) api_settings.TIME_ZONE = timezone url = reverse('api.v1.whoami') response = client.get(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 200 assert response['content-type'] == 'application/json' assert response.json() == { 'username': None, 'timezone': timezone, 'is_authenticated': False, 'is_staff': False, 'is_superuser': False, 'is_beta_tester': False, 'gravatar_url': { 'small': None, 'large': None, }, 'waffle': { 'flags': { 'section_edit': False, 'flag_all': True, 'flag_none': False, }, 'switches': { 'switch_on': True, 'switch_off': False }, 'samples': { 'sample_always': True, 'sample_never': False } } } assert_no_cache_header(response)
def test_mime_type_filtering(self): """ Don't allow uploads outside of the explicitly-permitted mime-types. """ _file = make_test_file(content="plain and text", suffix=".txt") post_data = { "title": "Test disallowed file type", "description": "A file kuma should disallow on type.", "comment": "Initial upload", "file": _file, } response = self.client.post(self.files_url, data=post_data, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 200 assert_no_cache_header(response) self.assertContains(response, "Files of this type are not permitted.") _file.close()
def test_watch_unwatch(user_client, wiki_user, root_doc, endpoint, event): """Watch and unwatch a document.""" url = reverse(endpoint, args=[root_doc.slug]) # Subscribe response = user_client.post(url) assert response.status_code == 302 assert_no_cache_header(response) assert response['Location'].endswith( reverse('wiki.document', args=[root_doc.slug])) assert event.is_notifying(wiki_user, root_doc), 'Watch was not created' # Unsubscribe response = user_client.post(url) assert response.status_code == 302 assert_no_cache_header(response) assert response['Location'].endswith( reverse('wiki.document', args=[root_doc.slug])) assert not event.is_notifying(wiki_user, root_doc), \ 'Watch was not destroyed'
def test_get_existing_user(client, wiki_user, wiki_user_github_account, http_method, case): """ Test GET and HEAD on the api.v1.get_user endpoint for an existing user, and also that the username is case insensitive. """ username = getattr(str, case)(wiki_user.username) url = reverse('api.v1.get_user', args=(username,)) response = getattr(client, http_method)(url) assert response.status_code == 200 assert response['content-type'] == 'application/json' assert_no_cache_header(response) if http_method == 'get': data = response.json() assert data['username'] == wiki_user.username assert data['avatar_url'] == wiki_user_github_account.get_avatar_url() for field in ('title', 'fullname', 'organization', 'location', 'timezone', 'locale'): assert data[field] == getattr(wiki_user, field)
def test_watch_unwatch(user_client, wiki_user, root_doc, endpoint, event): """Watch and unwatch a document.""" url = reverse(endpoint, args=[root_doc.slug]) # Subscribe response = user_client.post(url, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 302 assert_no_cache_header(response) assert response["Location"].endswith( reverse("wiki.document", args=[root_doc.slug])) assert event.is_notifying(wiki_user, root_doc), "Watch was not created" # Unsubscribe response = user_client.post(url, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 302 assert_no_cache_header(response) assert response["Location"].endswith( reverse("wiki.document", args=[root_doc.slug])) assert not event.is_notifying(wiki_user, root_doc), "Watch was not destroyed"
def test_whoami_anonymous(client, api_settings, timezone): """Test response for anonymous users.""" api_settings.TIME_ZONE = timezone url = reverse('api.v1.whoami') response = client.get(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 200 assert response['content-type'] == 'application/json' assert response.json() == { 'username': None, 'timezone': timezone, 'is_authenticated': False, 'is_staff': False, 'is_superuser': False, 'is_beta_tester': False, 'gravatar_url': { 'small': None, 'large': None, } } assert_no_cache_header(response)
def test_whoami_anonymous(client, settings): """Test response for anonymous users.""" # Create some fake waffle objects Flag.objects.create(name="vip_only", authenticated=True) Flag.objects.create(name="flag_all", everyone=True) Flag.objects.create(name="flag_none", percent=0) Switch.objects.create(name="switch_on", active=True) Switch.objects.create(name="switch_off", active=False) url = reverse("api.v1.whoami") response = client.get(url) assert response.status_code == 200 assert response["content-type"] == "application/json" assert response.json() == { "waffle": { "flags": {"flag_all": True}, "switches": {"switch_on": True}, }, } assert_no_cache_header(response)
def test_spam_valid_response(create_revision, akismet_wiki_user, user_client, enable_akismet_submissions, akismet_mock_requests): url = reverse('wiki.submit_akismet_spam', locale='en-US') response = user_client.post(url, data={'revision': create_revision.id}) assert response.status_code == 201 assert_no_cache_header(response) # One RevisionAkismetSubmission record should exist for this revision. ras = RevisionAkismetSubmission.objects.get(revision=create_revision) assert ras.type == u'spam' # Check that the Akismet endpoints were called. assert akismet_mock_requests.called assert akismet_mock_requests.call_count == 2 data = json.loads(response.content) assert len(data) == 1 assert data[0]['sender'] == akismet_wiki_user.username assert data[0]['type'] == u'spam'
def test_get_and_set_settings_happy_path(user_client, wiki_user): url = reverse("api.v1.settings") response = user_client.get(url) assert response.status_code == 200 assert_no_cache_header(response) assert response.json()["locale"] == "en-US" response = user_client.post(url, {"locale": "zh-CN"}) assert response.status_code == 200 response = user_client.get(url) assert response.status_code == 200 assert response.json()["locale"] == "zh-CN" # You can also omit certain things and things won't be set response = user_client.post(url, {}) assert response.status_code == 200 response = user_client.get(url) assert response.status_code == 200 assert response.json()["locale"] == "zh-CN"
def test_svg_mime_type_non_staff(self): """ Regular users are not allowed to upload SVG images. """ _file = make_test_file(content='<svg viewBox="0 0 841.9 595.3"></svg>', suffix=".svg") post_data = { "title": "Test Svg upload", "description": "Mime type only allowed for some users.", "comment": "Initial upload", "file": _file, } self.client.login(username="******", password="******") response = self.client.post(self.files_url, data=post_data, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 200 # means it didn't upload assert_no_cache_header(response) self.assertContains(response, "Files of this type are not permitted.") _file.close()
def test_svg_mime_type_staff_override(self): """ Staff users are allowed to upload SVG images. Only. """ _file = make_test_file(content='<svg viewBox="0 0 841.9 595.3"></svg>', suffix=".svg") post_data = { "title": "Test Svg upload", "description": "Mime type only allowed for some users.", "comment": "Initial upload", "file": _file, } # Remember, self.client use logged in as user 'admin' response = self.client.post(self.files_url, data=post_data, HTTP_HOST=settings.WIKI_HOST) assert response.status_code == 302 # means it worked assert_no_cache_header(response) _file.close() (attachment_revision, ) = AttachmentRevision.objects.all() assert attachment_revision.mime_type == "image/svg+xml"
def test_doc_api(client, api_settings, trans_doc, cleared_cacheback_cache): """On success we get document details in a JSON response.""" # The fetch_on_miss mock and the cleared_cacheback_cache fixture # are here to ensure that we don't get an old cached value for # the contributors property, and also that we don't use [] # while a celery job is running. url = reverse('api.v1.doc', args=[trans_doc.locale, trans_doc.slug]) response = client.get(url, HTTP_HOST=api_settings.BETA_HOST) assert response.status_code == 200 assert_no_cache_header(response) data = response.json() assert data['locale'] == trans_doc.locale assert data['slug'] == trans_doc.slug assert data['id'] == trans_doc.id assert data['title'] == trans_doc.title assert data['language'] == trans_doc.language assert data['absoluteURL'] == trans_doc.get_absolute_url() assert data['redirectURL'] == trans_doc.get_redirect_url() assert data['editURL'] == absolutify(trans_doc.get_edit_url(), for_wiki_site=True) assert data['bodyHTML'] == trans_doc.get_body_html() assert data['quickLinksHTML'] == trans_doc.get_quick_links_html() assert data['tocHTML'] == trans_doc.get_toc_html() assert data['translations'] == [{ 'locale': 'en-US', 'language': 'English (US)', 'localizedLanguage': u'Anglais am\u00e9ricain', 'title': 'Root Document', 'url': '/en-US/docs/Root' }] assert data['contributors'] == ['wiki_user'] assert data['lastModified'] == '2017-04-14T12:20:00' assert data['lastModifiedBy'] == 'wiki_user' # Also ensure that we get exactly the same data by calling # the document_api_data() function directly data2 = document_api_data(trans_doc) assert data == data2
def test_create_invalid(add_doc_client, slug): """Test creating a new document with valid and invalid slugs.""" data = dict( title='A Foobar Document', slug=slug, tags='tag1, tag2', review_tags=['editorial', 'technical'], keywords='key1, key2', summary='lipsum', content='lorem ipsum dolor sit amet', comment='This is foobar.', toc_depth=1, ) url = reverse('wiki.create') resp = add_doc_client.post(url, data) assert resp.status_code == 200 assert resp['X-Robots-Tag'] == 'noindex' assert_no_cache_header(resp) assert b'The slug provided is not valid.' in resp.content with pytest.raises(Document.DoesNotExist): Document.objects.get(slug=slug, locale='en-US') assert pq(resp.content).find('input[name=slug]')[0].value == slug
def test_create_invalid(add_doc_client, slug): """Test creating a new document with valid and invalid slugs.""" data = dict( title="A Foobar Document", slug=slug, tags="tag1, tag2", review_tags=["editorial", "technical"], keywords="key1, key2", summary="lipsum", content="lorem ipsum dolor sit amet", comment="This is foobar.", toc_depth=1, ) url = reverse("wiki.create") resp = add_doc_client.post(url, data, HTTP_HOST=settings.WIKI_HOST) assert resp.status_code == 200 assert resp["X-Robots-Tag"] == "noindex" assert_no_cache_header(resp) assert b"The slug provided is not valid." in resp.content with pytest.raises(Document.DoesNotExist): Document.objects.get(slug=slug, locale="en-US") assert pq(resp.content).find("input[name=slug]")[0].value == slug
def test_spam_no_permission( create_revision, wiki_user, user_client, enable_akismet_submissions, akismet_mock_requests, ): url = reverse("wiki.submit_akismet_spam") response = user_client.post(url, data={"revision": create_revision.id}, HTTP_HOST=settings.WIKI_HOST) # Redirects to login page when without permission. assert response.status_code == 302 assert response["Location"].endswith("users/signin?next={}".format(url)) assert_no_cache_header(response) # No RevisionAkismetSubmission record should exist. ras = RevisionAkismetSubmission.objects.filter(revision=create_revision) assert ras.count() == 0 # Check that the Akismet endpoints were not called. assert not akismet_mock_requests.called
def test_new_key(self): data = {"description": "This is meant for a test app"} url = reverse("authkeys.new") # Check out the creation page, look for the form. resp = self.client.get(url, HTTP_HOST=settings.WIKI_HOST) assert resp.status_code == 200 assert_no_cache_header(resp) page = pq(resp.content) assert page.find("form.key").length == 1 # We don't have this key yet, right? keys = Key.objects.filter(description=data["description"]) assert keys.count() == 0 # Okay, create it. resp = self.client.post(url, data, follow=False, HTTP_HOST=settings.WIKI_HOST) assert resp.status_code == 200 assert_no_cache_header(resp) # We have the key now, right? keys = Key.objects.filter(description=data["description"]) assert keys.count() == 1 # Okay, and it should belong to the logged-in user key = keys[0] assert key.user == self.user # Take a look at the description and key shown on the result page. page = pq(resp.content) assert page.find(".key .description").text() == data["description"] assert page.find(".key .key").text() == key.key # Ensure the secret on the page checks out. secret = page.find(".key .secret").text() assert key.check_secret(secret)