def test_key_history(self):
# Assemble some sample log lines
log_lines = []
for i in range(0, ITEMS_PER_PAGE * 2):
log_lines.append(('ping', self.user2, 'Number #%s' % i))
# Record the log lines for this key
for l in log_lines:
self.key1.log(*l)
# Reverse the lines for comparison.
log_lines.reverse()
# Iterate through 2 expected pages...
for qs, offset in (('', 0), ('?page=2', ITEMS_PER_PAGE)):
url = '%s%s' % (reverse('authkeys.history', args=(self.key1.pk,),
locale='en-US'), qs)
resp = self.client.get(url)
eq_(200, resp.status_code)
page = pq(resp.content)
rows = page.find('.item')
for idx in range(0, ITEMS_PER_PAGE):
row = rows.eq(idx)
expected = log_lines[idx + offset]
line = (row.find('.action').text(),
row.find('.object').text(),
row.find('.notes').text())
eq_(expected[0], line[0])
ok_('%s' % expected[1] in line[1])
eq_(expected[2], line[2])
def test_xss_file_attachment_title(self):
title = '"><img src=x onerror=prompt(navigator.userAgent);>'
# use view to create new attachment
file_for_upload = make_test_file()
post_data = {
'title': title,
'description': 'xss',
'comment': 'xss',
'file': file_for_upload,
}
self.client.login(username='******', password='******')
resp = self.client.post(reverse('attachments.new_attachment'),
data=post_data)
eq_(302, resp.status_code)
# now stick it in/on a document
attachment = Attachment.objects.get(title=title)
rev = revision(content='<img src="{0!s}" />'.format(attachment.get_file_url()),
save=True)
# view it and verify markup is escaped
response = self.client.get(rev.document.get_edit_url())
eq_(200, response.status_code)
doc = pq(response.content)
eq_('{0!s} xss'.format(title),
doc('#page-attachments-table .attachment-name-cell').text())
ok_('><img src=x onerror=prompt(navigator.userAgent);>' in
doc('#page-attachments-table .attachment-name-cell').html())
def test_lang_switcher(self):
translation.activate("bn-BD")
html = render_to_string(self.template, request=self.request)
doc = pq(html)
# Check default locale is in the first choice field
first_field = doc("#language.autosubmit option")[0].text_content()
ok_(settings.LANGUAGE_CODE in first_field)
def test_persona_signup_create_socialaccount(self):
"""
Signing up with Persona creates a new SocialAccount instance.
"""
persona_signup_email = '*****@*****.**'
persona_signup_username = '******'
with mock.patch('requests.post') as requests_mock:
requests_mock.return_value.json.return_value = {
'status': 'okay',
'email': persona_signup_email,
}
self.client.post(reverse('persona_login'), follow=True)
data = {'website': '',
'username': persona_signup_username,
'email': persona_signup_email,
'terms': True,
'g-recaptcha-response': 'PASSED'}
signup_url = reverse('socialaccount_signup',
locale=settings.WIKI_DEFAULT_LANGUAGE)
self.client.post(signup_url, data=data, follow=True)
try:
socialaccount = (SocialAccount.objects
.filter(user__username=persona_signup_username))[0]
except IndexError:
socialaccount = None
ok_(socialaccount is not None)
eq_('persona', socialaccount.provider)
eq_(persona_signup_email, socialaccount.uid)
eq_({'status': 'okay', 'email': persona_signup_email},
socialaccount.extra_data)
testuser = self.user_model.objects.get(username=persona_signup_username)
eq_(testuser.id, socialaccount.user.id)
def test_add_newindex(self):
index = Index.objects.create()
ok_(not index.populated)
index.populate()
index = self._reload(index)
ok_(index.populated)
index.delete()
def test_permissions(self, mock_analytics_upageviews):
"""A user with correct permissions is able to see the dashboard."""
self.client.login(username='******', password='******')
# Attempt to see spam dashboard as a logged-in user without permissions
response = self.client.get(reverse('dashboards.spam',
locale='en-US'))
eq_(403, response.status_code)
# Give testuser wiki.add_revisionakismetsubmission permission
perm_akismet = Permission.objects.get(codename='add_revisionakismetsubmission')
self.testuser.user_permissions.add(perm_akismet)
response = self.client.get(reverse('dashboards.spam',
locale='en-US'))
eq_(403, response.status_code)
# Give testuser wiki.add_documentspamattempt permission
perm_spam = Permission.objects.get(codename='add_documentspamattempt')
self.testuser.user_permissions.add(perm_spam)
response = self.client.get(reverse('dashboards.spam',
locale='en-US'))
eq_(403, response.status_code)
# Give testuser wiki.add_userban permission
perm_ban = Permission.objects.get(codename='add_userban')
self.testuser.user_permissions.add(perm_ban)
response = self.client.get(reverse('dashboards.spam',
locale='en-US'))
# With all correct permissions testuser is able to see the dashboard
eq_(200, response.status_code)
ok_('text/html' in response['Content-Type'])
ok_('dashboards/spam.html' in
[template.name for template in response.templates])
def test_user_revisions_in_summary_page_template(self):
"""The user's revisions show up in ban and cleanup summary template."""
# Create 3 revisions for self.testuser, titled 'Revision 1', 'Revision 2'...
revisions_expected = self.create_revisions(
num=3,
document=self.document,
creator=self.testuser)
self.client.login(username='******', password='******')
ban_url = reverse('users.ban_user_and_cleanup_summary',
kwargs={'user_id': self.testuser.id})
full_ban_url = self.client.get(ban_url)['Location']
resp = self.client.post(full_ban_url)
eq_(200, resp.status_code)
page = pq(resp.content)
revisions_reverted = page.find('#revisions-reverted li')
revisions_reverted_text = ''
for rev in revisions_reverted:
revisions_reverted_text += rev.text_content()
eq_(len(revisions_reverted), len(revisions_expected))
# The title for each of the created revisions shows up in the template
for revision in revisions_expected:
ok_(revision.title in revisions_reverted_text)
# The title for the original revision is not in the template
ok_(self.original_revision.title not in revisions_reverted_text)
def test_message_with_url_is_link(self):
m = Message(message='Go to http://bit.ly/sample-demo', is_global=True,
is_active=True, url='/')
m.save()
ok_('Go to <a href="http://bit.ly/sample-demo">'
'http://bit.ly/sample-demo</a>' in
soapbox_messages(get_soapbox_messages('/')))
def test_legacy_redirect(self):
test_user = self.user_model.objects.get(username="******")
test_file_content = "Meh meh I am a test file."
test_files = (
{"file_id": 97, "filename": "Canvas_rect.png", "title": "Canvas rect", "slug": "canvas-rect"},
{"file_id": 107, "filename": "Canvas_smiley.png", "title": "Canvas smiley", "slug": "canvas-smiley"},
{"file_id": 86, "filename": "Canvas_lineTo.png", "title": "Canvas lineTo", "slug": "canvas-lineto"},
{"file_id": 55, "filename": "Canvas_arc.png", "title": "Canvas arc", "slug": "canvas-arc"},
)
for f in test_files:
a = Attachment(title=f["title"], slug=f["slug"], mindtouch_attachment_id=f["file_id"])
a.save()
now = datetime.datetime.now()
r = AttachmentRevision(
attachment=a,
mime_type="text/plain",
title=f["title"],
slug=f["slug"],
description="",
created=now,
is_approved=True,
)
r.creator = test_user
r.file.save(f["filename"], ContentFile(test_file_content))
r.make_current()
mindtouch_url = reverse(
"attachments.mindtouch_file_redirect",
args=(),
kwargs={"file_id": f["file_id"], "filename": f["filename"]},
)
resp = self.client.get(mindtouch_url)
eq_(301, resp.status_code)
ok_(a.get_file_url() in resp["Location"])
def test_mail_handler(self):
self.logger.handlers = [AdminEmailHandler()]
response = self.client.get(self.suspicous_path)
eq_(response.status_code, 400)
eq_(1, len(mail.outbox))
ok_('*****@*****.**' in mail.outbox[0].to)
ok_(self.suspicous_path in mail.outbox[0].body)
def test_outdated(self):
# first create and populate an index
main_index = Index.objects.create(name='first')
main_index.populate()
main_index = self._reload(main_index)
ok_(main_index.populated)
main_index.promote()
eq_(Index.objects.get_current().prefixed_name,
main_index.prefixed_name)
# then create a successor and render a document against the old index
successor_index = Index.objects.create(name='second')
doc = Document.objects.get(pk=1)
doc.title = 'test outdated'
doc.slug = 'test-outdated'
doc.save()
doc.render()
eq_(successor_index.outdated_objects.count(), 1)
# .populate() creates the index and populates it.
successor_index.populate()
S = WikiDocumentType.search
eq_(S(index=successor_index.prefixed_name).count(), 7)
eq_(S().query('match', title='lorem').execute()[0].slug, 'lorem-ipsum')
# Promotion reindexes outdated documents. Test that our change is
# reflected in the index.
successor_index.promote()
self.refresh(index=successor_index.prefixed_name)
eq_(successor_index.outdated_objects.count(), 0)
eq_(S(index=successor_index.prefixed_name)
.query('match', title='outdated').execute()[0].slug,
'test-outdated')
def _test_form_maintains_based_on_rev(client, doc, view, post_data,
trans_lang=None, locale=None):
"""Confirm that the based_on value set in the revision created by an edit
or translate form is the current_revision of the document as of when the
form was first loaded, even if other revisions have been approved in the
meantime."""
if trans_lang:
translate_path = doc.slug
uri = urllib.quote(reverse('wiki.translate',
locale=trans_lang,
args=[translate_path]))
else:
uri = reverse(view, locale=locale, args=[doc.slug])
response = client.get(uri)
orig_rev = doc.current_revision
eq_(orig_rev.id,
int(pq(response.content)('input[name=based_on]').attr('value')))
# While Fred is editing the above, Martha approves a new rev:
martha_rev = revision(document=doc)
martha_rev.is_approved = True
martha_rev.save()
# Then Fred saves his edit:
post_data_copy = {'based_on': orig_rev.id, 'slug': orig_rev.slug}
post_data_copy.update(post_data) # Don't mutate arg.
response = client.post(uri,
data=post_data_copy)
ok_(response.status_code in (200, 302))
fred_rev = Revision.objects.all().order_by('-id')[0]
eq_(orig_rev, fred_rev.based_on)
def test_contributors_ordering(self):
contrib_1 = user(save=True)
contrib_2 = user(save=True)
contrib_3 = user(save=True)
rev_1 = revision(creator=contrib_1, save=True)
rev_2 = revision(creator=contrib_2,
document=rev_1.document,
# live in the future to make sure we handle the lack
# of microseconds support in Django 1.7 nicely
created=rev_1.created + timedelta(seconds=1),
save=True)
ok_(rev_1.created < rev_2.created)
job = DocumentContributorsJob()
job_user_pks = [contributor['id']
for contributor in job.fetch(rev_1.document.pk)]
# the user with the more recent revision first
recent_contributors_pks = [contrib_2.pk, contrib_1.pk]
eq_(job_user_pks, recent_contributors_pks)
# a third revision should now show up again and
# the job's cache is invalidated
rev_3 = revision(creator=contrib_3,
document=rev_1.document,
created=rev_2.created + timedelta(seconds=1),
save=True)
ok_(rev_2.created < rev_3.created)
job_user_pks = [contributor['id']
for contributor in job.fetch(rev_1.document.pk)]
# The new revision shows up
eq_(job_user_pks, [contrib_3.pk] + recent_contributors_pks)
def test_main_view(self):
response = self.client.get(reverse('dashboards.revisions',
locale='en-US'))
eq_(200, response.status_code)
ok_('text/html' in response['Content-Type'])
ok_('dashboards/revisions.html' in
[template.name for template in response.templates])
def test_user_revisions_in_one_click_page_template(self):
"""The user's revisions show up in the ban and cleanup template."""
# Create 3 revisions for testuser, titled 'Revision 1', 'Revision 2'...
revisions_expected = self.create_revisions(
num=3,
creator=self.testuser,
document=self.document)
self.client.login(username='******', password='******')
ban_url = reverse('users.ban_user_and_cleanup',
kwargs={'user_id': self.testuser.id})
resp = self.client.get(ban_url, follow=True)
eq_(200, resp.status_code)
page = pq(resp.content)
revisions_found = page.find('.dashboard-row')
revisions_found_text = ''
for rev in revisions_found:
revisions_found_text += rev.text_content()
eq_(len(revisions_found), len(revisions_expected))
# The title for each of the created revisions shows up in the template
for revision in revisions_expected:
ok_(revision.title in revisions_found_text)
# The original revision created by the admin user is not in the template
ok_(self.original_revision.title not in revisions_found_text)
def test_post_submits_revisions_to_akismet_as_spam(self, mock_requests):
"""POSTing to ban_user_and_cleanup url submits revisions to akismet."""
# Create 3 revisions for self.testuser, titled 'Revision 1', 'Revision 2'...
# Don't specify document so a new one is created for each revision
num_revisions = 3
revisions_created = self.create_revisions(
num=num_revisions,
creator=self.testuser)
# Enable Akismet and mock calls to it
mock_requests = self.enable_akismet_and_mock_requests(mock_requests)
# The request
data = {'revision-id': [rev.id for rev in revisions_created]}
resp = self.client.post(self.ban_testuser_url, data=data)
eq_(200, resp.status_code)
# All of self.testuser's revisions have been submitted
testuser_submissions = RevisionAkismetSubmission.objects.filter(revision__creator=self.testuser.id)
eq_(testuser_submissions.count(), num_revisions)
for submission in testuser_submissions:
ok_(submission.revision in revisions_created)
# Akismet endpoints were called twice for each revision
ok_(mock_requests.called)
eq_(mock_requests.call_count, 2 * num_revisions)
def test_my_user_edit(self):
u = self.user_model.objects.get(username='******')
self.client.login(username=u.username, password=TESTUSER_PASSWORD)
resp = self.client.get(reverse('users.my_edit_page'))
eq_(302, resp.status_code)
ok_(reverse('users.user_edit', args=(u.username,)) in
resp['Location'])
def test_SiteURLField(self):
class FakeValue(object):
slug = 'Firefox'
locale = 'de'
field = SiteURLField('wiki.document', args=['slug'])
value = field.to_representation(FakeValue())
ok_('/de/docs/Firefox' in value)
def test_404_logins(self):
"""The login buttons should display on the 404 page"""
response = self.client.get('/something-doesnt-exist', follow=True)
doc = pq(response.content)
login_block = doc.find('.socialaccount-providers')
ok_(len(login_block) > 0)
eq_(404, response.status_code)
def test_no_highlight_filter(self):
class HighlightView(SearchView):
filter_backends = (SearchQueryBackend, HighlightFilterBackend)
view = HighlightView.as_view()
request = self.get_request('/en-US/search?q=article&highlight=false')
response = view(request)
ok_('<mark>' not in response.data['documents'][0]['excerpt'])
def test_can_keep_legacy_username(self):
test_user = user(username='******', save=True)
ok_(test_user.has_legacy_username)
data = {
'username': '******'
}
form = UserEditForm(data, instance=test_user)
ok_(form.is_valid(), repr(form.errors))
def test_get_calls_format_slug_for_templates(self, mock_format_slug):
doc = document(title='Template:Test',
slug='Template:Test',
html='<%= "Test" %>',
save=True)
mock_format_slug.return_value = doc.slug
kumascript.get(doc, 'no-cache', 'https://testserver')
ok_(mock_format_slug.called, "format slug should have been called")
def test_translate_GET_logged_out(self):
"""Try to create a translation while logged out."""
self.client.logout()
translate_uri = self._translate_uri()
response = self.client.get(translate_uri)
eq_(302, response.status_code)
expected_url = "%s?next=%s" % (reverse("account_login", locale="en-US"), urlquote(translate_uri))
ok_(expected_url in response["Location"])
def test_cannot_change_legacy_username(self):
test_user = user(username='******', save=True)
ok_(test_user.has_legacy_username)
data = {
'username': '******'
}
form = UserEditForm(data, instance=test_user)
eq_(form.is_valid(), False)
eq_(form.errors, {'username': [USERNAME_CHARACTERS]})
def test_get_does_not_call_format_slug_for_docs(self, mock_format_slug):
doc = document(title='Test',
slug='Test',
html='Test',
save=True)
mock_format_slug.return_value = doc.slug
kumascript.get(doc, 'no-cache', 'https://testserver')
ok_(not mock_format_slug.called,
"format slug should not have been called")
def test_translate_GET_logged_out(self):
"""Try to create a translation while logged out."""
self.client.logout()
translate_uri = self._translate_uri()
response = self.client.get(translate_uri)
eq_(302, response.status_code)
expected_url = '{0!s}?next={1!s}'.format(reverse('account_login', locale='en-US'),
urlquote(translate_uri))
ok_(expected_url in response['Location'])
def test_never_cache(self):
request = RequestFactory().get('/foo')
view = never_cache(simple_view)
response = view(request)
eq_(200, response.status_code)
[ok_(value in response['Cache-Control'])
for value in ['no-cache', 'no-store', 'must-revalidate']]
ok_('no-cache' in response['Pragma'])
eq_('0', response['Expires'])
def test_new_document_POST_empty_title(self):
"""Trigger required field validation for title."""
self.client.login(username="******", password="******")
data = new_document_data(["tag1", "tag2"])
data["title"] = ""
response = self.client.post(reverse("wiki.create"), data, follow=True)
doc = pq(response.content)
ul = doc("article ul.errorlist")
ok_(len(ul) > 0)
ok_("Please provide a title." in ul("li").text())
def test_edit_attachment(self):
file_for_upload = make_test_file(
content='I am a test file for editing.')
post_data = {
'title': 'Test editing file',
'description': 'A test file for editing.',
'comment': 'Initial upload',
'file': file_for_upload,
}
resp = self.client.post(reverse('attachments.new_attachment'),
data=post_data)
tdir = tempfile.gettempdir()
edited_file_for_upload = tempfile.NamedTemporaryFile(suffix=".txt",
dir=tdir)
edited_file_for_upload.write(
'I am a new version of the test file for editing.')
edited_file_for_upload.seek(0)
post_data = {
'title': 'Test editing file',
'description': 'A test file for editing.',
'comment': 'Second revision.',
'file': edited_file_for_upload,
}
attachment = Attachment.objects.get(title='Test editing file')
resp = self.client.post(reverse('attachments.edit_attachment',
kwargs={
'attachment_id': attachment.id,
}),
data=post_data)
eq_(302, resp.status_code)
# Re-fetch because it's been updated.
attachment = Attachment.objects.get(title='Test editing file')
eq_(resp['Location'],
'http://testserver%s' % attachment.get_absolute_url())
eq_(2, attachment.revisions.count())
rev = attachment.current_revision
eq_('admin', rev.creator.username)
eq_('Second revision.', rev.comment)
ok_(rev.is_approved)
url = attachment.get_file_url()
resp = self.client.get(url, HTTP_HOST=settings.ATTACHMENT_HOST)
eq_('text/plain', rev.mime_type)
ok_('I am a new version of the test file for editing.'
in resp.streaming_content)
def test_new_document_POST_empty_title(self):
"""Trigger required field validation for title."""
self.client.login(username='******', password='******')
data = new_document_data(['tag1', 'tag2'])
data['title'] = ''
response = self.client.post(reverse('wiki.create'), data,
follow=True)
doc = pq(response.content)
ul = doc('article ul.errorlist')
ok_(len(ul) > 0)
ok_('Please provide a title.' in ul('li').text())
def test_new_revision_POST_document_with_current(self, get_current):
"""HTTP POST to new revision URL creates the revision on a document.
The document in this case already has a current_revision, therefore
the document document fields are not editable.
Also assert that the edited and reviewable notifications go out.
"""
get_current.return_value.domain = 'testserver'
# Sign up for notifications:
EditDocumentEvent.notify('*****@*****.**', self.d).activate().save()
# Edit a document
data = {
'summary': 'A brief summary',
'content': 'The article content',
'keywords': 'keyword1 keyword2',
'slug': self.d.slug,
'toc_depth': 1,
'based_on': self.d.current_revision.id,
'form-type': 'rev',
}
edit_url = reverse('wiki.edit', args=[self.d.slug])
response = self.client.post(edit_url, data)
ok_(response.status_code in (200, 302))
eq_(2, self.d.revisions.count())
new_rev = self.d.revisions.order_by('-id')[0]
eq_(self.d.current_revision, new_rev.based_on)
# Assert notifications fired and have the expected content:
# 1 email for the first time edit notification
# 1 email for the EditDocumentEvent to [email protected]
# Regression check:
# messing with context processors can
# cause notification emails to error
# and stop being sent.
time.sleep(1)
eq_(2, len(mail.outbox))
first_edit_email = mail.outbox[0]
expected_to = [config.EMAIL_LIST_SPAM_WATCH]
expected_subject = u'[MDN] %(username)s made their first edit, to: %(title)s' % (
{
'username': new_rev.creator.username,
'title': self.d.title
})
eq_(expected_subject, first_edit_email.subject)
eq_(expected_to, first_edit_email.to)
edited_email = mail.outbox[1]
expected_to = [u'*****@*****.**']
expected_subject = u'[MDN] Page "%s" changed by %s' % (self.d.title,
new_rev.creator)
eq_(expected_subject, edited_email.subject)
eq_(expected_to, edited_email.to)
ok_('%s changed %s.' % (unicode(self.username),
unicode(self.d.title)) in edited_email.body)
ok_(u'https://testserver/en-US/docs/%s$history?utm_campaign=' %
self.d.slug in edited_email.body)
def test_get_excerpt_strips_html(self):
self.refresh()
results = WikiDocumentType.search().query('match', content='audio')
ok_(results.count() > 0)
for doc in results.execute():
excerpt = doc.get_excerpt()
ok_('audio' in excerpt)
ok_('<strong>' not in excerpt)
def test_get_excerpt_uses_summary(self):
self.refresh()
results = WikiDocumentType.search().query('match', content='audio')
ok_(results.count() > 0)
for doc in results.execute():
excerpt = doc.get_excerpt()
ok_('the word for tough things' in excerpt)
ok_('extra content' not in excerpt)
def test_persona_signup_create_socialaccount(self):
"""
Signing up with Persona creates a new SocialAccount instance.
"""
persona_signup_email = '*****@*****.**'
persona_signup_username = '******'
with mock.patch('requests.post') as requests_mock:
requests_mock.return_value.json.return_value = {
'status': 'okay',
'email': persona_signup_email,
}
self.client.post(reverse('persona_login'), follow=True)
data = {
'website': '',
'username': persona_signup_username,
'email': persona_signup_email,
'terms': True,
'g-recaptcha-response': 'PASSED'
}
signup_url = reverse('socialaccount_signup',
locale=settings.WIKI_DEFAULT_LANGUAGE)
self.client.post(signup_url, data=data, follow=True)
try:
socialaccount = (SocialAccount.objects.filter(
user__username=persona_signup_username))[0]
except IndexError:
socialaccount = None
ok_(socialaccount is not None)
eq_('persona', socialaccount.provider)
eq_(persona_signup_email, socialaccount.uid)
eq_({
'status': 'okay',
'email': persona_signup_email
}, socialaccount.extra_data)
testuser = self.user_model.objects.get(
username=persona_signup_username)
eq_(testuser.id, socialaccount.user.id)
def test_no_tidied_content(self):
"""
Verify revisions without tidied content show appropriate message.
"""
# update() to skip the tidy_revision_content post_save signal handler
Revision.objects.filter(
id__in=[self.revision1.id, self.revision2.id]
).update(
tidied_content=''
)
url = reverse('wiki.compare_revisions', args=[self.document.slug])
query = {'from': self.revision1.id, 'to': self.revision2.id}
url = urlparams(url, **query)
response = self.client.get(url)
eq_(200, response.status_code)
ok_('Please refresh this page in a few minutes.' in response.content)
url = url + '&raw=1'
response = self.client.get(url)
eq_(200, response.status_code)
ok_('Please refresh this page in a few minutes.' in response.content)
def test_new_revision_POST_document_without_current(
self, get_current, edited_fire):
"""HTTP POST to new revision URL creates the revision on a document.
The document in this case doesn't have a current_revision, therefore
the document fields are open for editing.
"""
get_current.return_value.domain = 'testserver'
self.d.current_revision = None
self.d.save()
tags = ['tag1', 'tag2', 'tag3']
data = new_document_data(tags)
data['form'] = 'rev'
response = self.client.post(reverse('wiki.edit', args=[self.d.slug]),
data)
eq_(302, response.status_code)
eq_(2, self.d.revisions.count())
new_rev = self.d.revisions.order_by('-id')[0]
# There are no approved revisions, so it's based_on nothing:
eq_(None, new_rev.based_on)
ok_(edited_fire.called)
def test_legacy_redirect(self):
test_user = self.user_model.objects.get(username='******')
test_file_content = 'Meh meh I am a test file.'
test_files = (
{'file_id': 97, 'filename': 'Canvas_rect.png',
'title': 'Canvas rect', 'slug': 'canvas-rect'},
{'file_id': 107, 'filename': 'Canvas_smiley.png',
'title': 'Canvas smiley', 'slug': 'canvas-smiley'},
{'file_id': 86, 'filename': 'Canvas_lineTo.png',
'title': 'Canvas lineTo', 'slug': 'canvas-lineto'},
{'file_id': 55, 'filename': 'Canvas_arc.png',
'title': 'Canvas arc', 'slug': 'canvas-arc'},
)
for f in test_files:
a = Attachment(title=f['title'], slug=f['slug'],
mindtouch_attachment_id=f['file_id'])
a.save()
now = datetime.datetime.now()
r = AttachmentRevision(
attachment=a,
mime_type='text/plain',
title=f['title'],
slug=f['slug'],
description='',
created=now,
is_approved=True)
r.creator = test_user
r.file.save(f['filename'], ContentFile(test_file_content))
r.make_current()
mindtouch_url = reverse('attachments.mindtouch_file_redirect',
args=(),
kwargs={'file_id': f['file_id'],
'filename': f['filename']})
resp = self.client.get(mindtouch_url)
eq_(301, resp.status_code)
ok_(a.get_file_url() in resp['Location'])
def test_attachment_raw_requires_attachment_host(self):
resp = self._post_new_attachment()
attachment = Attachment.objects.get(title='Test uploaded file')
url = attachment.get_file_url()
resp = self.client.get(url)
eq_(301, resp.status_code)
eq_(attachment.get_file_url(), resp['Location'])
url = attachment.get_file_url()
resp = self.client.get(url, HTTP_HOST=settings.ATTACHMENT_HOST)
eq_('ALLOW-FROM: %s' % settings.DOMAIN, resp['x-frame-options'])
eq_(200, resp.status_code)
ok_('Last-Modified' in resp)
ok_('1970' not in resp['Last-Modified'])
ok_('GMT' in resp['Last-Modified'])
ok_(parse_http_date_safe(resp['Last-Modified']) is not None)
def test_account_connected_message(self):
""" https://bugzil.la/1054461 """
message_template = 'socialaccount/messages/account_connected.txt'
request = self.rf.get('/')
# first check for the case in which the next url in the account
# connection process is the frontpage, there shouldn't be a message
session = self.client.session
session['sociallogin_next_url'] = '/'
session.save()
request.session = session
request.user = self.user_model.objects.get(username='******')
request.LANGUAGE_CODE = 'en-US'
messages = self.get_messages(request)
self.adapter.add_message(request, django_messages.INFO,
message_template)
eq_(len(messages), 0)
# secondly check for the case in which the next url in the connection
# process is the profile edit page, there should be a message
session = self.client.session
next_url = reverse('users.user_edit',
kwargs={'username': request.user.username},
locale=request.LANGUAGE_CODE)
session['sociallogin_next_url'] = next_url
session.save()
request.session = session
messages = self.get_messages(request)
self.adapter.add_message(request, django_messages.INFO,
message_template)
queued_messages = list(messages)
eq_(len(queued_messages), 1)
eq_(django_messages.SUCCESS, queued_messages[0].level)
ok_('connected' in queued_messages[0].message)
def test_non_ascii_section_headers(self):
headers = [
(u'Documentation à propos de HTML',
u'Documentation_à_propos_de_HTML'),
(u'Outils facilitant le développement HTML',
u'Outils_facilitant_le_développement_HTML'),
(u'字面值(literals)',
u'字面值(literals)'),
(u'Documentação',
u'Documentação'),
(u'Lektury uzupełniające',
u'Lektury_uzupełniające'),
(u'Атрибуты',
u'Атрибуты'),
(u'HTML5 엘리먼트',
u'HTML5_엘리먼트'),
(u'Non safe title "#$%&+,/:;=?@[\\]^`{|}~',
u'Non_safe_title'),
]
section_filter = SectionIDFilter('')
for original, slugified in headers:
ok_(slugified == section_filter.slugify(original))
def test_there_can_be_only_one(self):
"""Tests that when one index is promoted, all others are demoted."""
index1 = Index.objects.get_current()
ok_(index1.promoted)
index2 = Index.objects.create(name='second')
index2.promote()
index1 = self._reload(index1)
ok_(index2.promoted)
ok_(not index1.promoted)
def test_promote_index(self):
index = Index.objects.create()
index.populate()
index = self._reload(index)
ok_(index.populated)
index.promote()
ok_(index.promoted)
eq_(Index.objects.get_current().prefixed_name, index.prefixed_name)
index.demote()
ok_(not index.promoted)
def test_persona_signup_create_django_user(self):
"""
Signing up with Persona creates a new Django User instance.
"""
persona_signup_email = '*****@*****.**'
persona_signup_username = '******'
with mock.patch('requests.post') as requests_mock:
old_count = self.user_model.objects.count()
requests_mock.return_value.json.return_value = {
'status': 'okay',
'email': persona_signup_email,
}
self.client.post(reverse('persona_login'), follow=True)
data = {
'website': '',
'username': persona_signup_username,
'email': persona_signup_email,
'terms': True,
'g-recaptcha-response': 'PASSED'
}
signup_url = reverse('socialaccount_signup',
locale=settings.WIKI_DEFAULT_LANGUAGE)
response = self.client.post(signup_url, data=data, follow=True)
eq_(response.status_code, 200)
# not on the signup page anymore
ok_('form' not in response.context)
# Did we get a new user?
eq_(old_count + 1, self.user_model.objects.count())
# Does it have the right attributes?
testuser = None
try:
testuser = self.user_model.objects.order_by('-date_joined')[0]
except IndexError:
pass
ok_(testuser)
ok_(testuser.is_active)
eq_(persona_signup_username, testuser.username)
eq_(persona_signup_email, testuser.email)
ok_(testuser.password.startswith(UNUSABLE_PASSWORD_PREFIX))
def test_document_serializer(self):
search = WikiDocumentType.search()
result = search.execute()
doc_serializer = DocumentSerializer(result, many=True)
list_data = doc_serializer.data
eq_(len(list_data), 7)
ok_(isinstance(list_data, list))
ok_(1 in [data['id'] for data in list_data])
doc_serializer = DocumentSerializer(result[0], many=False)
dict_data = doc_serializer.data
ok_(isinstance(dict_data, dict))
eq_(dict_data['id'], result[0].id)
def test_section_ids(self):
doc_src = """
<h1 class="header1">Header One</h1>
<p>test</p>
<section>
<h1 class="header2">Header Two</h1>
<p>test</p>
</section>
<h2 name="Constants" class="hasname">This title does not match the name</h2>
<p>test</p>
<h1 id="i-already-have-an-id" class="hasid">This text clobbers the ID</h1>
<h1 class="header3">Header Three</h1>
<p>test</p>
<section id="Quick_Links" class="Quick_Links">
<ol>
<li>Hey look, quick links</li>
</ol>
</section>
"""
result_src = (kuma.wiki.content
.parse(doc_src)
.injectSectionIDs()
.serialize())
result_doc = pq(result_src)
expected = (
('header1', 'Header_One'),
('header2', 'Header_Two'),
('hasname', 'Constants'),
('hasid', 'This_text_clobbers_the_ID'),
('Quick_Links', 'Quick_Links'),
)
for cls, id in expected:
eq_(id, result_doc.find('.%s' % cls).attr('id'))
# Then, ensure all elements in need of an ID now all have unique IDs.
ok_(len(SECTION_TAGS) > 0)
els = result_doc.find(', '.join(SECTION_TAGS))
seen_ids = set()
for i in range(0, len(els)):
id = els.eq(i).attr('id')
ok_(id is not None)
ok_(id not in seen_ids)
seen_ids.add(id)
def test_ban_view(self):
testuser = self.user_model.objects.get(username='******')
admin = self.user_model.objects.get(username='******')
self.client.login(username='******', password='******')
data = {'reason': 'Banned by unit test.'}
ban_url = reverse('users.ban_user', kwargs={'user_id': testuser.id})
resp = self.client.post(ban_url, data)
eq_(302, resp.status_code)
ok_(testuser.get_absolute_url() in resp['Location'])
testuser_banned = self.user_model.objects.get(username='******')
ok_(not testuser_banned.is_active)
bans = UserBan.objects.filter(user=testuser,
by=admin,
reason='Banned by unit test.')
ok_(bans.count())
def test_wiki_revisions(self):
user = self.user_model.objects.get(username='******')
rev = revision(save=True, is_approved=True)
ok_(rev.pk in user.wiki_revisions().values_list('pk', flat=True))
def test_can_keep_legacy_username(self):
test_user = user(username='******', save=True)
ok_(test_user.has_legacy_username)
data = {'username': '******'}
form = UserEditForm(data, instance=test_user)
ok_(form.is_valid(), repr(form.errors))
def test_secret_generation(self):
"""Generated secret should be saved as a hash and pass a check"""
u = user(username="******", email="*****@*****.**", save=True)
key = Key(user=u)
secret = key.generate_secret()
key.save()
ok_(key.key)
ok_(key.hashed_secret)
ok_(len(key.hashed_secret) > 0)
ok_(len(secret) > 0)
ok_(secret != key.hashed_secret)
ok_(not key.check_secret("I AM A FAKE"))
ok_(key.check_secret(secret))
def test_lang_switcher_footer(self):
"""Test the language switcher footer"""
parent = document(locale=settings.WIKI_DEFAULT_LANGUAGE, save=True)
trans_bn_bd = document(parent=parent, locale="bn-BD", save=True)
trans_ar = document(parent=parent, locale="ar", save=True)
trans_pt_br = document(parent=parent, locale="pt-BR", save=True)
trans_fr = document(parent=parent, locale="fr", save=True)
response = self.client.get(trans_pt_br.get_absolute_url())
eq_(200, response.status_code)
doc = pq(response.content)
options = doc(".languages.go select.wiki-l10n option")
# The requeseted document language name should be at first
ok_(trans_pt_br.language in options[0].text)
ok_(parent.language not in options[0].text)
# The parent document language should be at at second
ok_(parent.language in options[1].text)
ok_(trans_ar.language not in options[1].text)
# Then should be ar, bn-BD, fr
ok_(trans_ar.language in options[2].text)
ok_(trans_bn_bd.language in options[3].text)
ok_(trans_fr.language in options[4].text)
def test_default_gravatar(self):
d_param = urllib.urlencode({'d': settings.DEFAULT_AVATAR})
ok_(d_param in gravatar_url(self.u.email),
"Bad default avatar: {0!s}".format(gravatar_url(self.u.email)))
def test_contribute_json(self):
r = self.client.get(reverse('contribute_json'))
eq_(200, r.status_code)
ok_('application/json' in r['Content-Type'])
def test_key_auth_decorator(self):
u = user(username="******", email="*****@*****.**", save=True)
key = Key(user=u)
secret = key.generate_secret()
key.save()
@accepts_auth_key
def fake_view(request, foo, bar):
return (foo, bar)
cases = ((key.key, secret, True), (key.key, 'FAKE', False),
('FAKE', secret, False), ('FAKE', 'FAKE', False))
for k, s, success in cases:
request = HttpRequest()
request.user = AnonymousUser()
auth = '%s:%s' % (k, s)
b64_auth = base64.encodestring(auth)
request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % b64_auth
foo, bar = fake_view(request, 'foo', 'bar')
eq_('foo', foo)
eq_('bar', bar)
if not success:
ok_(not request.user.is_authenticated())
else:
ok_(request.user.is_authenticated())
ok_(request.user == u)
ok_(request.authkey)
ok_(request.authkey == key)
# Test with incorrect auth header
request = HttpRequest()
request.user = AnonymousUser()
request.META['HTTP_AUTHORIZATION'] = "Basic bad_auth_string"
# Make a request to the view
fake_view(request, 'foo', 'bar')
# The user should not be authonticated and no server error should raise
ok_(not request.user.is_authenticated())
def test_list_files(self):
list_files_url = reverse('attachments.list_files',
locale=settings.WIKI_DEFAULT_LANGUAGE)
resp = self.client.get(list_files_url)
eq_(200, resp.status_code)
ok_('All Files' in resp.content)
def test_gravatar_url(self):
self.u.email = '*****@*****.**'
ok_(md5(self.u.email).hexdigest() in gravatar_url(self.u.email))
def test_account_email_page_requires_signin(self):
url = reverse('account_email')
response = self.client.get(url, follow=True)
self.assertContains(response, 'Please sign in')
ok_(len(response.redirect_chain) > 0)
def test_get_does_not_call_format_slug_for_docs(self, mock_format_slug):
doc = document(title='Test', slug='Test', html='Test', save=True)
mock_format_slug.return_value = doc.slug
kumascript.get(doc, 'no-cache', 'https://testserver')
ok_(not mock_format_slug.called,
"format slug should not have been called")
def test_irc_nickname(self):
"""We've added IRC nickname as a profile field.
Make sure it shows up."""
user = self.user_model.objects.get(username='******')
ok_(hasattr(user, 'irc_nickname'))
eq_('testuser', user.irc_nickname)
def test_ban_user(self):
testuser = self.user_model.objects.get(username='******')
admin = self.user_model.objects.get(username='******')
ok_(testuser.is_active)
ban = UserBan(user=testuser, by=admin, reason='Banned by unit test')
ban.save()
testuser_banned = self.user_model.objects.get(username='******')
ok_(not testuser_banned.is_active)
ok_(testuser_banned.active_ban.by == admin)
ban.is_active = False
ban.save()
testuser_unbanned = self.user_model.objects.get(username='******')
ok_(testuser_unbanned.is_active)
ban.is_active = True
ban.save()
testuser_banned = self.user_model.objects.get(username='******')
ok_(not testuser_banned.is_active)
ok_(testuser_unbanned.active_ban)
ban.delete()
testuser_unbanned = self.user_model.objects.get(username='******')
ok_(testuser_unbanned.is_active)
ok_(testuser_unbanned.active_ban is None)
def test_permissions(self):
"""Ensure that the negative and positive permissions for adding
attachments work."""
# Get the negative and positive permissions
ct = ContentType.objects.get(app_label='attachments',
model='attachment')
p1 = Permission.objects.get(codename='disallow_add_attachment',
content_type=ct)
p2 = Permission.objects.get(codename='add_attachment', content_type=ct)
# Create a group with the negative permission.
g1, created = Group.objects.get_or_create(name='cannot_attach')
g1.permissions = [p1]
g1.save()
# Create a group with the positive permission.
g2, created = Group.objects.get_or_create(name='can_attach')
g2.permissions = [p2]
g2.save()
# User with no explicit permission is allowed
u2 = user(username='******', save=True)
ok_(allow_add_attachment_by(u2))
# User in group with negative permission is disallowed
u3 = user(username='******', save=True)
u3.groups = [g1]
u3.save()
ok_(not allow_add_attachment_by(u3))
# Superusers can do anything, despite group perms
u1 = user(username='******', is_superuser=True, save=True)
u1.groups = [g1]
u1.save()
ok_(allow_add_attachment_by(u1))
# User with negative permission is disallowed
u4 = user(username='******', save=True)
u4.user_permissions.add(p1)
u4.save()
ok_(not allow_add_attachment_by(u4))
# User with positive permission overrides group
u5 = user(username='******', save=True)
u5.groups = [g1]
u5.user_permissions.add(p2)
u5.save()
ok_(allow_add_attachment_by(u5))
# Group with positive permission takes priority
u6 = user(username='******', save=True)
u6.groups = [g1, g2]
u6.save()
ok_(allow_add_attachment_by(u6))
# positive permission takes priority, period.
u7 = user(username='******', save=True)
u7.user_permissions.add(p1)
u7.user_permissions.add(p2)
u7.save()
ok_(allow_add_attachment_by(u7))
