def test_update_injection(): shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") page = ensure_gdpr_privacy_policy(shop) shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.enabled = True shop_gdpr.privacy_policy = page shop_gdpr.save() assert_update(client, index_url, False) # nothing consented in past, should not show user = factories.create_random_user("en") password = "******" user.set_password(password) user.save() client.login(username=user.username, password=password) assert_update(client, index_url, False) # no consent given, should not be visible create_user_consent_for_all_documents(shop, user) assert_update(client, index_url, False) with reversion.create_revision(): page.save() assert not is_documents_consent_in_sync(shop, user) assert_update(client, index_url, True) # consent client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk))) assert is_documents_consent_in_sync(shop, user) assert_update(client, index_url, False)
def test_update_injection(): shop = factories.get_default_shop() client = SmartClient() index_url = reverse("shuup:index") page = ensure_gdpr_privacy_policy(shop) shop_gdpr = GDPRSettings.get_for_shop(shop) shop_gdpr.enabled = True shop_gdpr.privacy_policy = page shop_gdpr.save() assert_update(client, index_url, False) # nothing consented in past, should not show user = factories.create_random_user("en") password = "******" user.set_password(password) user.save() client.login(username=user.username, password=password) assert_update(client, index_url, False) # no consent given, should not be visible create_user_consent_for_all_documents(shop, user) assert_update(client, index_url, False) with reversion.create_revision(): page.save() assert not is_documents_consent_in_sync(shop, user) assert_update(client, index_url, True) # consent client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk))) assert is_documents_consent_in_sync(shop, user) assert_update(client, index_url, False)
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") create_user_consent_for_all_documents(shop, user) version = versions[0] assert GDPRUserConsentDocument.objects.filter( page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "content__en": "test_data", "available_from": "", "url__en": "test", "title__en": "defa", "available_to": "", "page_type": PageType.REVISIONED.value } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert response.status_code == 302 versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_register_form(client): activate("en") shop = factories.get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/index/" client = SmartClient() # user didn't checked the privacy policy agreement response = client.post( reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.status_code == 200 assert "You must accept this in order to register." in response.content.decode( "utf-8") response = client.post( reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target, }, ) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target) user = User.objects.first() assert is_documents_consent_in_sync(shop, user) ensure_gdpr_privacy_policy(shop, force_update=True) assert not is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language): activate(language) shop = factories.get_default_shop() user = factories.create_random_user("en") page = ensure_gdpr_privacy_policy(shop) view = GDPRPolicyConsentView.as_view() # try without user request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request, page_id=page.id) assert response.status_code == 404 # try with anonymous user anonymous_user = AnonymousUser() request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user) response = view(request, page_id=page.id) assert response.status_code == 404 # try without correct page incorrect_shop = Shop.objects.create(name="testing", public_name="testing..") incorrect_page = Page.objects.create(shop=incorrect_shop) request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=incorrect_page.id) assert response.status_code == 404 assert is_documents_consent_in_sync( shop, user) # returns true because no settings set request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 404 # gdpr settings not enabled gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.privacy_policy = page gdpr_settings.save() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 302 # all good! assert is_documents_consent_in_sync(shop, user)
def test_register_form(client): activate("en") shop = factories.get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() # create privacy policy GDPR document privacy_policy = ensure_gdpr_privacy_policy(shop) redirect_target = "/index/" client = SmartClient() # user didn't checked the privacy policy agreement response = client.post(reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 200 assert "You must accept to this to register." in response.content.decode("utf-8") response = client.post(reverse("shuup:registration_register"), data={ "username": "******", "email": "*****@*****.**", "password1": "1234", "password2": "1234", "accept_%d" % privacy_policy.id: "on", REDIRECT_FIELD_NAME: redirect_target }) assert response.status_code == 302 assert response.get("location") assert response.get("location").endswith(redirect_target) user = User.objects.first() assert is_documents_consent_in_sync(shop, user) ensure_gdpr_privacy_policy(shop, force_update=True) assert not is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language): activate(language) shop = factories.get_default_shop() user = factories.create_random_user("en") page = ensure_gdpr_privacy_policy(shop) view = GDPRPolicyConsentView.as_view() # try without user request = apply_request_middleware(rf.post("/"), shop=shop) response = view(request, page_id=page.id) assert response.status_code == 404 # try with anonymous user anonymous_user = AnonymousUser() request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user) response = view(request, page_id=page.id) assert response.status_code == 404 # try without correct page incorrect_shop = Shop.objects.create(name="testing", public_name="testing..") incorrect_page = Page.objects.create(shop=incorrect_shop) request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=incorrect_page.id) assert response.status_code == 404 assert is_documents_consent_in_sync(shop, user) # returns true because no settings set request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 404 # gdpr settings not enabled gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.privacy_policy = page gdpr_settings.save() request = apply_request_middleware(rf.post("/"), shop=shop, user=user) response = view(request, page_id=page.id) assert response.status_code == 302 # all good! assert is_documents_consent_in_sync(shop, user)
def dispatch(self, request, *args, **kwargs): user = request.user if is_anonymous(request.user): return HttpResponseNotFound() shop = request.shop page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first() if not page: return HttpResponseNotFound() document = create_user_consent_for_all_documents(shop, user) if document: if not is_documents_consent_in_sync(shop, user): return HttpResponseNotFound() return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/")) return HttpResponseNotFound()
def dispatch(self, request, *args, **kwargs): user = request.user if request.user.is_anonymous(): return HttpResponseNotFound() shop = request.shop page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first() if not page: return HttpResponseNotFound() document = create_user_consent_for_all_documents(shop, user) if document: if not is_documents_consent_in_sync(shop, user): return HttpResponseNotFound() return HttpResponseRedirect(request.META.get('HTTP_REFERER', "/")) return HttpResponseNotFound()
def test_consent_required(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) assert not gdpr_settings.enabled assert gdpr_settings.privacy_policy_page == page assert not should_reconsent_privacy_policy(shop, user) assert is_documents_consent_in_sync(shop, user) # settings not enabled assert page in get_possible_consent_pages(shop) # enable gpdr gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert not is_documents_consent_in_sync(shop, user) # create revisioned page hidden_page = Page.objects.create(shop=shop, available_from=None) assert hidden_page not in Page.objects.visible(shop=shop) assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert hidden_page in get_possible_consent_pages(shop) with reversion.create_revision(): page.save() create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1 consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible with reversion.create_revision(): page.save() # add a new (visible) page available_page = Page.objects.create(shop=shop, available_from=now()) assert available_page in Page.objects.visible(shop=shop) create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page not in pages # not there due defined in settings assert available_page in get_possible_consent_pages(shop) assert available_page not in get_active_consent_pages(shop) gdpr_settings.consent_pages.add(available_page) gdpr_settings.refresh_from_db() assert gdpr_settings.privacy_policy_page assert gdpr_settings.consent_pages.count() == 1 assert available_page in get_active_consent_pages(shop) assert consent.documents.count() == 1 create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) assert consent.documents.count() == 2 assert is_documents_consent_in_sync(shop, user) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page in pages
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists() original_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 # create one outside the usual flow GDPRUserConsent.objects.create(user=user, shop=shop) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2 # consent again new_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 assert original_consent.pk == new_consent.pk version = versions[0] assert GDPRUserConsentDocument.objects.filter( page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "base-content__en": "test_data", "base-available_from": "", "base-url__en": "test", "base-title__en": "defa", "base-available_to": "", } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) if hasattr(response, "render"): content = response.render() assert response.status_code in [200, 302] versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_page_form(rf, admin_user): with override_settings(LANGUAGES=[("en", "en")]): activate("en") shop = get_default_shop() gdpr_settings = GDPRSettings.get_for_shop(shop) gdpr_settings.enabled = True gdpr_settings.save() original_gdpr_page = ensure_gdpr_privacy_policy(shop) versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 1 # consent to this with user user = factories.create_random_user("en") assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists() original_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 # create one outside the usual flow GDPRUserConsent.objects.create(user=user, shop=shop) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2 # consent again new_consent = create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1 assert original_consent.pk == new_consent.pk version = versions[0] assert GDPRUserConsentDocument.objects.filter(page=original_gdpr_page, version=version).exists() assert is_documents_consent_in_sync(shop, user) assert Page.objects.count() == 1 view = PageEditView.as_view() # load the page request = apply_request_middleware(rf.get("/"), user=admin_user) response = view(request, pk=original_gdpr_page.pk) assert 200 <= response.status_code < 300 # update the page post_data = { "base-content__en": "test_data", "base-available_from": "", "base-url__en": "test", "base-title__en": "defa", "base-available_to": "", } request = apply_request_middleware(rf.post("/", post_data), user=admin_user) response = view(request, pk=original_gdpr_page.pk) if hasattr(response, "render"): content = response.render() assert response.status_code in [200, 302] versions = Version.objects.get_for_object(original_gdpr_page) assert len(versions) == 4 # saved 4 times in total assert not is_documents_consent_in_sync(shop, user) create_user_consent_for_all_documents(shop, user) assert is_documents_consent_in_sync(shop, user)
def test_consent_required(rf): activate("en") shop = factories.get_default_shop() user = factories.create_random_user() page = ensure_gdpr_privacy_policy(shop) assert page gdpr_settings = GDPRSettings.get_for_shop(shop) assert not gdpr_settings.enabled assert gdpr_settings.privacy_policy_page == page assert not should_reconsent_privacy_policy(shop, user) assert is_documents_consent_in_sync(shop, user) # settings not enabled assert page in get_possible_consent_pages(shop) # enable gpdr gdpr_settings.enabled = True gdpr_settings.save() assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert not is_documents_consent_in_sync(shop, user) # create revisioned page hidden_page = Page.objects.create(shop=shop, available_from=None) assert hidden_page not in Page.objects.visible(shop=shop) assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop) assert hidden_page in get_possible_consent_pages(shop) with reversion.create_revision(): page.save() create_user_consent_for_all_documents(shop, user) assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1 consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible with reversion.create_revision(): page.save() # add a new (visible) page available_page = Page.objects.create(shop=shop, available_from=now()) assert available_page in Page.objects.visible(shop=shop) create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page not in pages # not there due defined in settings assert available_page in get_possible_consent_pages(shop) assert available_page not in get_active_consent_pages(shop) gdpr_settings.consent_pages.add(available_page) gdpr_settings.refresh_from_db() assert gdpr_settings.privacy_policy_page assert gdpr_settings.consent_pages.count() == 1 assert available_page in get_active_consent_pages(shop) assert consent.documents.count() == 1 create_user_consent_for_all_documents(shop, user) consent = GDPRUserConsent.objects.get(user=user, shop=shop) assert consent.documents.count() == 2 assert is_documents_consent_in_sync(shop, user) pages = [c.page for c in consent.documents.all()] assert page in pages assert hidden_page not in pages # not there due not visible assert available_page in pages