def get_definitions(self, **kwargs):
from shuup.gdpr.models import GDPRSettings
if not GDPRSettings.get_for_shop(self.request.shop).enabled:
return []
return [
FormDefinition('agreement', CompanyAgreementForm, required=True)
]
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_data_download(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == page
create_user_consent_for_all_documents(shop, user)
view = GDPRDownloadDataView.as_view()
request = apply_request_middleware(rf.post("/"), user=user, shop=shop)
response = view(request=request)
assert response.status_code == 200
data = json.loads(response.content.decode("utf-8"))
assert data == {}
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request=request)
assert response.status_code == 404
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_resource_injection(client):
"""
Test that the GDPR warning is injected into the front template when enabled
"""
activate("en")
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
assert "gdpr-consent-warn-bar" not in response.content.decode("utf-8")
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = " my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# the contents should be injected in the html
response = client.get(index_url)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" in response_content
assert shop_gdpr.cookie_banner_content in response_content
assert shop_gdpr.cookie_privacy_excerpt in response_content
# create cookie categories
cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookie2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work",
)
default_active_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
default_active=True,
cookies="analyticsCookie",
name="Analytics",
how_is_used="to track users",
)
response, soup = client.response_and_soup(index_url)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" in response_content
assert cookie_category.cookies in response_content
assert cookie_category.name in response_content
assert cookie_category.how_is_used in response_content
default_active_input = soup.find(
"input",
{"name": "cookie_category_%d" % default_active_cookie_category.pk})
assert default_active_input.has_attr("checked")
# make sure no other shop has this
with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True):
shop2 = factories.get_shop(identifier="shop2",
status=ShopStatus.DISABLED,
domain="shop2")
response = client.get(index_url, HTTP_HOST=shop2.domain)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" not in response_content
def get_privacy_policy_page(shop):
from shuup.gdpr.models import GDPRSettings
gdpr_settings = GDPRSettings.get_for_shop(shop)
if not gdpr_settings.enabled:
return None
return gdpr_settings.privacy_policy_page
def test_authenticate_form_without_consent_checkboxes(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
consent_text = printable_gibberish()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.skip_consent_on_auth = True
gdpr_settings.auth_consent_text = consent_text
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
login_url = reverse("shuup:login")
response = client.get(login_url)
soup = BeautifulSoup(response.content)
login_form = soup.find("form", {"action": "/login/"})
assert len(login_form.findAll("input")) == 4
assert consent_text in login_form.text
# user didn't check the privacy policy agreement
response = client.post(login_url, data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
def __init__(self, *args, **kwargs):
self.request = kwargs.pop("request")
self.current_product_ids = kwargs.pop("current_product_ids", "")
super(ConfirmForm, self).__init__(*args, **kwargs)
if has_installed("shuup.gdpr"):
from shuup.gdpr.models import GDPRSettings
if GDPRSettings.get_for_shop(self.request.shop).enabled:
from shuup.simple_cms.models import Page, PageType
gdpr_documents = Page.objects.visible(
self.request.shop).filter(page_type=PageType.REVISIONED)
if gdpr_documents.exists():
self.fields.pop("accept_terms")
for page in gdpr_documents:
self.fields["accept_{}".format(
page.id
)] = forms.BooleanField(
label=_("I have read and accept the {}").format(
page.title),
help_text=_(
"Read the <a href='{}' target='_blank'>{}</a>."
).format(
reverse("shuup:cms_page",
kwargs=dict(url=page.url)),
page.title),
error_messages=dict(required=_(
"You must accept to this to confirm the order."
)))
field_properties = settings.SHUUP_CHECKOUT_CONFIRM_FORM_PROPERTIES
for field, properties in field_properties.items():
for prop in properties:
setattr(self.fields[field], prop, properties[prop])
def get_fields(self, **kwargs):
request = kwargs.get("request", None)
if not has_installed("shuup.gdpr") or not request:
return []
gdpr_settings = GDPRSettings.get_for_shop(request.shop)
if not gdpr_settings.enabled:
return []
fields = []
for page in get_active_consent_pages(request.shop):
key = "accept_{}".format(page.id)
field = forms.BooleanField(
label=_("I have read and accept the {}").format(page.title),
required=True,
help_text=_("Read the <a href='{}' target='_blank'>{}</a>.").format(
reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title
),
error_messages=dict(required=self.error_message)
)
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def test_field_provider(rf, admin_user):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
page_consent_key = "accept_%d" % privacy_policy.pk
request = apply_request_middleware(rf.post("/"), shop=shop, user=admin_user)
field_provider = GDPRFieldProvider()
# call twice.. the field should be there while the user hasn't consented to the page
for test in range(2):
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
# consent to the page, the field shouldn't be there
create_user_consent_for_all_documents(shop, admin_user)
fields = field_provider.get_fields(request=request)
assert page_consent_key not in [f.name for f in fields]
# change the document version - field must be there again
privacy_policy.save()
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
# check if the field is shown for anonymous
request = apply_request_middleware(rf.post("/"), shop=shop, user=AnonymousUser())
fields = field_provider.get_fields(request=request)
assert page_consent_key in [f.name for f in fields]
def test_consent_cookies(client):
"""
Test that the GDPR consent is generated and saved into a cooki
"""
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work")
optional_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_opt1,_opt2,_opt3",
name="OptionalCookies",
how_is_used="to spy users")
# create privacy policy GDPR document
privacy_policy = Page.objects.create(
shop=shop,
title="Privacy policy",
url="privacy-policy",
page_type=PageType.GDPR_CONSENT_DOCUMENT,
content="you just agree",
available_from=now())
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent
response = client.post(
reverse("shuup:gdpr_consent"),
data={
"cookie_category_{}".format(required_cookie_category.id): "on",
"cookie_category_{}".format(optional_cookie_category.id): "on"
})
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(
response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
assert privacy_policy.id == cookies_data["documents"][0]["id"]
assert privacy_policy.url == cookies_data["documents"][0]["url"]
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in optional_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
def get_gdpr_settings(request):
from shuup.gdpr.models import GDPRSettings
if not has_installed("shuup.gdpr") or not request:
return None
gdpr_settings = GDPRSettings.get_for_shop(request.shop)
return gdpr_settings if gdpr_settings.enabled else None
def get_active_consent_pages(shop):
from shuup.gdpr.models import GDPRSettings
gdpr_settings = GDPRSettings.get_for_shop(shop)
if not gdpr_settings.enabled:
return False # nothing to do.
ids = [page.id for page in gdpr_settings.consent_pages.all()]
if gdpr_settings.privacy_policy_page:
ids.append(gdpr_settings.privacy_policy_page.pk)
return Page.objects.filter(pk__in=set(ids))
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end",
static("shuup_gdpr/shuup_gdpr_styles.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request":
request,
"csrf_token":
context["csrf_token"],
"url":
"/%s" % consent_page.url,
"accept_url":
reverse("shuup:gdpr_policy_consent",
kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja",
context=render_context))
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
def test_consent_cookies():
"""
Test that the GDPR consent is generated and saved into a cooki
"""
for code, lang in settings.LANGUAGES:
activate(code)
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# create cookie categories
required_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookir2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work"
)
optional_cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=False,
cookies="_opt1,_opt2,_opt3",
name="OptionalCookies",
how_is_used="to spy users"
)
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
response = client.get(index_url)
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME not in response.cookies
# send consent
response = client.post(reverse("shuup:gdpr_consent"), data={
"cookie_category_{}".format(required_cookie_category.id): "on",
"cookie_category_{}".format(optional_cookie_category.id): "on"
})
assert settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in response.cookies
cookies_data = json.loads(response.cookies[settings.SHUUP_GDPR_CONSENT_COOKIE_NAME].value)
assert privacy_policy.id == cookies_data["documents"][0]["id"]
assert privacy_policy.url == cookies_data["documents"][0]["url"]
for cookie in required_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
for cookie in optional_cookie_category.cookies.split(","):
assert cookie in cookies_data["cookies"]
def create_user_consent_for_all_documents(shop, user):
"""
Create user consent for all available GDPR documents
"""
from shuup.gdpr.models import GDPRUserConsent, GDPRSettings
gdpr_settings = GDPRSettings.get_for_shop(shop)
if not gdpr_settings.enabled or is_documents_consent_in_sync(shop, user):
return
consent_documents = get_active_consent_pages(shop)
return GDPRUserConsent.ensure_for_user(user, shop, consent_documents)
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
create_user_consent_for_all_documents(shop, user)
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(
page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"content__en": "test_data",
"available_from": "",
"url__en": "test",
"title__en": "defa",
"available_to": "",
"page_type": PageType.REVISIONED.value
}
request = apply_request_middleware(rf.post("/", post_data),
user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert response.status_code == 302
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def __init__(self, *args, **kwargs):
self.request = kwargs.pop("request")
super(CompanyRegistrationForm, self).__init__(*args, **kwargs)
address_form_cls = cached_load('SHUUP_ADDRESS_MODEL_FORM')
self.add_form_def('company', CompanyForm, kwargs={"request": self.request})
self.add_form_def('billing', address_form_cls)
self.add_form_def('contact_person', ContactPersonForm)
self.add_form_def('user_account', UserCreationForm)
if has_installed("shuup.gdpr"):
from shuup.gdpr.models import GDPRSettings
if GDPRSettings.get_for_shop(self.request.shop).enabled:
self.add_form_def('agreement', CompanyAgreementForm, kwargs=dict(shop=self.request.shop))
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 200
assert "You must accept this in order to register." in response.content.decode(
"utf-8")
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def is_documents_consent_in_sync(shop, user):
"""
Returns whether the user has consent to the lastest document versions
"""
from shuup.gdpr.models import GDPRSettings
gdpr_settings = GDPRSettings.get_for_shop(shop)
if not gdpr_settings.enabled:
return True # nothing to do.
from shuup.gdpr.models import GDPRUserConsent
last_user_consent = GDPRUserConsent.get_for_user(user, shop)
if not last_user_consent:
return False
return not last_user_consent.should_reconsent(shop, user)
def create_user_consent_for_all_documents(shop, user):
"""
Create user consent for all available GDPR documents
"""
from shuup.gdpr.models import GDPRUserConsent, GDPRSettings
if not GDPRSettings.get_for_shop(
shop).enabled or is_documents_consent_in_sync(shop, user):
return
from shuup.simple_cms.models import Page, PageType
consent_documents = Page.objects.visible(shop).filter(
page_type=PageType.GDPR_CONSENT_DOCUMENT)
GDPRUserConsent.create_for_user(user, shop, consent_documents)
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end", static("shuup-gdpr.css"))
user = request.user
if not user.is_anonymous() and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"url": "/%s" % consent_page.url,
"accept_url": reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja", context=render_context)
)
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja", context=render_context)
)
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup-gdpr.js"))
def __init__(self, **kwargs):
self.request = kwargs.pop("request")
kwargs.setdefault("required_languages",
()) # No required languages here
super(PageForm, self).__init__(**kwargs)
self.fields["parent"].queryset = Page.objects.filter(
shop=get_shop(self.request))
if has_installed("shuup.gdpr"):
# remove page type field if GDPR is disabled or the page type is GDPR for existing object
from shuup.gdpr.models import GDPRSettings
if not GDPRSettings.get_for_shop(get_shop(self.request)).enabled:
self.fields.pop("page_type")
elif self.instance and self.instance.pk and self.instance.page_type == PageType.GDPR_CONSENT_DOCUMENT:
self.fields.pop("page_type")
def test_authenticate_form(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
login_url = reverse("shuup:login")
response = client.get(login_url)
soup = BeautifulSoup(response.content)
login_form = soup.find("form", {"action": "/login/"})
assert len(login_form.findAll("input")) == 5 # 4 + privacy policy checkbox
# user didn't check the privacy policy agreement
response = client.post(reverse("shuup:login"),
data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept this in order to authenticate." in response.content.decode(
"utf-8")
response = client.post(
reverse("shuup:login"),
data={
"username": user.email,
"password": "******",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"),
shop=shop,
user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing",
public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(
shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def __init__(self, *args, **kwargs):
super(EmailAuthenticationForm, self).__init__(*args, **kwargs)
self.fields['username'].label = _("Username or email address")
if has_installed("shuup.gdpr"):
from shuup.gdpr.models import GDPRSettings
if GDPRSettings.get_for_shop(self.request.shop).enabled:
from shuup.simple_cms.models import Page, PageType
for page in Page.objects.visible(self.request.shop).filter(page_type=PageType.REVISIONED):
self.fields["accept_{}".format(page.id)] = forms.BooleanField(
label=_("I have read and accept the {}").format(page.title),
help_text=_("Read the <a href='{}' target='_blank'>{}</a>.").format(
reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title
),
error_messages=dict(required=_("You must accept to this to authenticate."))
)
def __init__(self, *args, **kwargs):
self.request = kwargs.pop("request")
super(PersonRegistrationForm, self).__init__(*args, **kwargs)
if has_installed("shuup.gdpr"):
from shuup.gdpr.models import GDPRSettings
if GDPRSettings.get_for_shop(self.request.shop).enabled:
from shuup.simple_cms.models import Page, PageType
for page in Page.objects.visible(self.request.shop).filter(page_type=PageType.GDPR_CONSENT_DOCUMENT):
self.fields["accept_{}".format(page.id)] = forms.BooleanField(
label=_("I have read and accept the {}").format(page.title),
help_text=_("Read the <a href='{}' target='_blank'>{}</a>.").format(
reverse("shuup:cms_page", kwargs=dict(url=page.url)),
page.title
),
error_messages=dict(required=_("You must accept to this to register."))
)
def test_resource_injection(client):
"""
Test that the GDPR warning is injected into the front template when enabled
"""
activate("en")
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
response = client.get(index_url)
assert "gdpr-consent-warn-bar" not in response.content.decode("utf-8")
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = " my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save()
# the contents should be injected in the html
response = client.get(index_url)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" in response_content
assert shop_gdpr.cookie_banner_content in response_content
assert shop_gdpr.cookie_privacy_excerpt in response_content
# create cookie categories
cookie_category = GDPRCookieCategory.objects.create(
shop=shop,
always_active=True,
cookies="cookie1,cookie2,_cookie3",
name="RequiredCookies",
how_is_used="to make the site work"
)
response = client.get(index_url)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" in response_content
assert cookie_category.cookies in response_content
assert cookie_category.name in response_content
assert cookie_category.how_is_used in response_content
# make sure no other shop has this
with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True):
shop2 = factories.get_shop(identifier="shop2", status=ShopStatus.DISABLED, domain="shop2")
response = client.get(index_url, HTTP_HOST=shop2.domain)
response_content = response.content.decode("utf-8")
assert "gdpr-consent-warn-bar" not in response_content
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = Page.objects.create(
shop=shop,
title="Privacy policy",
url="privacy-policy",
page_type=PageType.GDPR_CONSENT_DOCUMENT,
content="you just agree",
available_from=now())
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to register" in response.content.decode(
"utf-8")
response = client.post(reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
def test_gdpr_consent(browser, live_server, settings):
shop = get_default_shop()
index_url = reverse("shuup:index")
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save() # Enable GDPR
browser = initialize_front_browser_test(browser, live_server)
browser.visit("%s%s" % (live_server, index_url))
wait_until_appeared(browser, ".gdpr-consent-warn-bar")
assert len(browser.find_by_css(".gdpr-consent-preferences")) == 1
click_element(browser, "#agree-btn")
wait_until_condition(browser, lambda x: len(x.find_by_css(".gdpr-consent-warn-bar")) == 0)
wait_until_condition(browser, lambda x: len(x.find_by_css(".gdpr-consent-preferences")) == 0)
def test_gdpr_consent(browser, live_server, settings):
shop = get_default_shop()
index_url = reverse("shuup:index")
# create a GDPR setting for the shop
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.cookie_banner_content = "my cookie banner content"
shop_gdpr.cookie_privacy_excerpt = "my cookie privacyexcerpt"
shop_gdpr.enabled = True
shop_gdpr.save() # Enable GDPR
browser = initialize_front_browser_test(browser, live_server)
browser.visit("%s%s" % (live_server, index_url))
wait_until_appeared(browser, ".gdpr-consent-warn-bar")
assert (len(browser.find_by_css(".gdpr-consent-preferences")) == 1)
click_element(browser, "#agree-btn")
wait_until_condition(browser, lambda x: len(x.find_by_css(".gdpr-consent-warn-bar")) == 0)
wait_until_condition(browser, lambda x: len(x.find_by_css(".gdpr-consent-preferences")) == 0)
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to register." in response.content.decode("utf-8")
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing", public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def add_gdpr_consent_resources(context, content):
# TODO: should we ignore admin urls?
view_class = getattr(context["view"], "__class__",
None) if context.get("view") else None
if not view_class or not context.get("request"):
return
shop = get_shop(context["request"])
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled
if not gdpr_settings.enabled:
return
# consent already added
# TODO: Should we check for changes and ask the consent again here?
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in context["request"].COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
from shuup.simple_cms.models import Page, PageType
gdpr_documents = Page.objects.visible(shop).filter(
page_type=PageType.GDPR_CONSENT_DOCUMENT)
render_context = {
"request": context["request"],
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", static("shuup_gdpr/shuup_gdpr.js"))
add_resource(context, "head_end",
static("shuup_gdpr/shuup_gdpr_styles.css"))
def test_cookie_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
page = ensure_gdpr_privacy_policy(shop)
user = factories.create_random_user("en")
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
create_initial_required_cookie_category(shop)
view = GDPRCookieConsentView.as_view()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, pk=None)
assert response.status_code == 302
modified = page.modified_on
new_page = ensure_gdpr_privacy_policy(shop)
assert new_page.pk == page.pk
assert modified == new_page.modified_on # no update done.
new_page = ensure_gdpr_privacy_policy(shop, force_update=True)
assert modified < new_page.modified_on # no update done.
def test_cookie_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
page = ensure_gdpr_privacy_policy(shop)
user = factories.create_random_user("en")
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
create_initial_required_cookie_category(shop)
view = GDPRCookieConsentView.as_view()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, pk=None)
assert response.status_code == 302
modified = page.modified_on
new_page = ensure_gdpr_privacy_policy(shop)
assert new_page.pk == page.pk
assert modified == new_page.modified_on # no update done.
new_page = ensure_gdpr_privacy_policy(shop, force_update=True)
assert modified < new_page.modified_on # no update done.
def get_fields(self, **kwargs):
request = kwargs.get("request", None)
if not has_installed("shuup.gdpr") or not request:
return []
gdpr_settings = GDPRSettings.get_for_shop(request.shop)
if not gdpr_settings.enabled:
return []
fields = []
for page in get_active_consent_pages(request.shop):
key = "accept_{}".format(page.id)
field = forms.BooleanField(
label=mark_safe(ugettext(
"I have read and accept the <a href='{}' target='_blank' class='gdpr_consent_doc_check'>{}</a>"
).format(reverse("shuup:cms_page", kwargs=dict(url=page.url)), page.title)),
required=True,
error_messages=dict(required=self.error_message)
)
definition = FormFieldDefinition(name=key, field=field)
fields.append(definition)
return fields
def test_data_download(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == page
create_user_consent_for_all_documents(shop, user)
view = GDPRDownloadDataView.as_view()
request = apply_request_middleware(rf.post("/"), user=user, shop=shop)
response = view(request=request)
assert response.status_code == 200
data = json.loads(response.content.decode("utf-8"))
assert data["user"]["gdpr_consents"]
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request=request)
assert response.status_code == 404
def test_authenticate_form(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
# user didn't check the privacy policy agreement
response = client.post(reverse("shuup:login"), data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to authenticate." in response.content.decode("utf-8")
response = client.post(reverse("shuup:login"), data={
"username": user.email,
"password": "******",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
def is_enabled(self, request, **kwargs):
from shuup.gdpr.models import GDPRSettings
return GDPRSettings.get_for_shop(request.shop).enabled
def is_enabled(self, request, **kwargs):
from shuup.gdpr.models import GDPRSettings
return GDPRSettings.get_for_shop(request.shop).enabled
def get_definitions(self, **kwargs):
from shuup.gdpr.models import GDPRSettings
if not GDPRSettings.get_for_shop(self.request.shop).enabled:
return []
return [FormDefinition('agreement', CompanyAgreementForm, required=True)]
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists()
original_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
# create one outside the usual flow
GDPRUserConsent.objects.create(user=user, shop=shop)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2
# consent again
new_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
assert original_consent.pk == new_consent.pk
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"base-content__en": "test_data",
"base-available_from": "",
"base-url__en": "test",
"base-title__en": "defa",
"base-available_to": "",
}
request = apply_request_middleware(rf.post("/", post_data), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
if hasattr(response, "render"):
content = response.render()
assert response.status_code in [200, 302]
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def get_object(self):
return GDPRSettings.get_for_shop(get_shop(self.request))
def get_object(self):
return GDPRSettings.get_for_shop(get_shop(self.request))