def test_return_authorization(self): # Simulate a valid user trying to return their access editor = EditorCraftRoom(self, Terms=True, Coordinator=False) partner = PartnerFactory(authorization_method=Partner.PROXY) app = ApplicationFactory(status=Application.SENT, editor=editor, partner=partner) authorization = Authorization.objects.get(user=editor.user, partner=partner) self.assertEqual(authorization.get_latest_app(), app) return_url = reverse("users:return_authorization", kwargs={"pk": authorization.pk}) response = self.client.get(return_url, follow=True) return_form = response.context["form"] self.client.post(return_url, return_form.initial) yesterday = datetime.now().date() - timedelta(days=1) authorization.refresh_from_db() self.assertEqual(authorization.date_expires, yesterday) # Simulate an invalid user trying to return access of some other user someday = yesterday + timedelta(days=30) authorization.date_expires = someday authorization.save() EditorCraftRoom(self, Terms=True, Coordinator=False) return_url = reverse("users:return_authorization", kwargs={"pk": authorization.pk}) response = self.client.get(return_url, follow=True) self.assertEqual(response.status_code, 403) response = self.client.post(return_url, return_form.initial) self.assertEqual(response.status_code, 403) authorization.refresh_from_db() self.assertEqual(authorization.date_expires, someday)
def test_comment_email_sending_4(self): """ A comment made on an application that's any further along the process than PENDING (i.e. a coordinator has taken some action on it) should fire an email to the coordinator who took the last action on it. """ app, request = self._set_up_email_test_objects() request.user = UserFactory() self.assertEqual(len(mail.outbox), 0) # Create a coordinator with a test client session coordinator = EditorCraftRoom(self, Terms=True, Coordinator=True) self.partner.coordinator = coordinator.user self.partner.save() # Approve the application url = reverse("applications:evaluate", kwargs={"pk": app.pk}) response = self.client.post(url, data={"status": Application.QUESTION}, follow=True) comment4 = self._create_comment(app, self.editor) comment_was_posted.send(sender=Comment, comment=comment4, request=request) self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].to, [coordinator.user.email])
def test_authorization_url(self): """ Check to see if the URL-based endpoint correctly sends users on to EZProxy. We're testing it rather the token-based endpoint because we can check the target URL. """ self.editor1 = EditorCraftRoom(self, Terms=True, Coordinator=False, editor=self.editor1) response = self.client.get( reverse("ezproxy:ezproxy_auth_u", kwargs={"url": self.app1.partner.target_url})) # verify that we get a redirect to the proxy server # We're validating everything but the ticket contents # because the ticket is deterministic based on the input ... and it would be a pain to write a test for it. too_lazy_to_test_ticket = quote( urlparse.parse_qs(response.url)['ticket'][0]) expected_url = settings.TWLIGHT_EZPROXY_URL + "/login?user="******"&ticket=" + too_lazy_to_test_ticket + "&url=" + self.app1.partner.target_url self.assertRedirects(response, expected_url, fetch_redirect_response=False) # Users without valid authorization can't get in. # Let's be mean and delete all of this user's authorizations. for user_authorization in Authorization.objects.filter( authorized_user=self.editor1.user): user_authorization.date_expires = date.today() - timedelta(days=1) user_authorization.save() response = self.client.get( reverse("ezproxy:ezproxy_auth_u", kwargs={"url": self.app1.partner.target_url})) # verify that was denied. self.assertEqual(response.status_code, 403)
def test_authorization_authorizer_validation(self): """ When an Authorization is created, we validate that the authorizer field is set to a user with an expected group. """ user = UserFactory() coordinator_editor = EditorCraftRoom(self, Terms=True, Coordinator=True) auth = Authorization(user=user, authorizer=coordinator_editor.user) try: auth.save() except ValidationError: self.fail("Authorization authorizer validation failed.")
def test_user_submit_contact_us_emails(self): EditorCraftRoom(self, Terms=True, Coordinator=False) self.assertEqual(len(mail.outbox), 0) contact_us_url = reverse("contact") contact_us = self.client.get(contact_us_url, follow=True) contact_us_form = contact_us.context["form"] data = contact_us_form.initial data["email"] = "*****@*****.**" data["message"] = "This is a test" data["cc"] = True data["submit"] = True self.client.post(contact_us_url, data) self.assertEqual(len(mail.outbox), 1)
def test_user_submit_contact_us_emails(self): EditorCraftRoom(self, Terms=True, Coordinator=False) self.assertEqual(len(mail.outbox), 0) contact_us_url = reverse('contact') contact_us = self.client.get(contact_us_url, follow=True) contact_us_form = contact_us.context['form'] data = contact_us_form.initial data['email'] = '*****@*****.**' data['message'] = 'This is a test' data['cc'] = True data['submit'] = True self.client.post(contact_us_url, data) self.assertEqual(len(mail.outbox), 1)
def test_comment_email_sending_6(self): """ In case the coordinator is changed for a Partner, then the previous coordinator should not receive comment notification email. Also now the new coordinator should receive the email. """ app, request = self._set_up_email_test_objects() request.user = UserFactory() self.assertEqual(len(mail.outbox), 0) # Setting up coordinator1 as coordinator for partner self.partner.coordinator = self.coordinator1 self.partner.save() # Coordinator posts a comment, then Editor posts an additional comment # An email is sent to the coordinator who posted the earlier comment _ = self._create_comment(app, self.coordinator1) comment1 = self._create_comment(app, self.editor) comment_was_posted.send(sender=Comment, comment=comment1, request=request) self.assertEqual(len(mail.outbox), 1) self.assertEqual(mail.outbox[0].to, [self.coordinator1.email]) # Create a coordinator with a test client session # and set it as the coordinator for partner coordinator = EditorCraftRoom(self, Terms=True, Coordinator=True) self.partner.coordinator = coordinator.user self.partner.save() # Evaluate the application url = reverse("applications:evaluate", kwargs={"pk": app.pk}) response = self.client.post(url, data={"status": Application.QUESTION}, follow=True) # Editor makes another comment # Now the New Coordinator will receive the Email comment2 = self._create_comment(app, self.editor) comment_was_posted.send(sender=Comment, comment=comment2, request=request) self.assertEqual(mail.outbox[1].to, [coordinator.user.email])
def test_authorization_authorizer_can_be_updated(self): """ After successfully creating a valid Authorization, we should be able to remove the authorizer from the expected user groups and still save the object. """ user = UserFactory() coordinator_editor = EditorCraftRoom(self, Terms=True, Coordinator=True) auth = Authorization(user=user, authorizer=coordinator_editor.user) auth.save() coordinators = get_coordinators() coordinators.user_set.remove(coordinator_editor.user) try: auth.save() except ValidationError: self.fail("Authorization authorizer validation failed.")
def setUp(self): super(AuthorizationBaseTestCase, self).setUp() self.partner1 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.partner2 = PartnerFactory(authorization_method=Partner.PROXY, status=Partner.AVAILABLE) self.partner3 = PartnerFactory(authorization_method=Partner.CODES, status=Partner.AVAILABLE) self.partner4 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.editor1 = EditorFactory() self.editor1.user.email = fake.email() self.editor1.user.save() self.editor2 = EditorFactory() self.editor3 = EditorFactory() # Editor 4 is a coordinator with a session. self.editor4 = EditorCraftRoom(self, Terms=True, Coordinator=True) # Editor 4 is the designated coordinator for all partners. self.partner1.coordinator = self.editor4.user self.partner1.account_length = timedelta(days=180) self.partner1.target_url = 'http://test.localdomain' self.partner1.save() self.partner2.coordinator = self.editor4.user self.partner2.save() self.partner3.coordinator = self.editor4.user self.partner3.save() self.partner4.coordinator = self.editor4.user self.partner4.save() # Editor 5 is a coordinator without a session and with no designated partners. self.editor5 = EditorFactory() coordinators.user_set.add(self.editor5.user) # Create applications. self.app1 = ApplicationFactory(editor=self.editor1, partner=self.partner1, status=Application.PENDING) self.app2 = ApplicationFactory(editor=self.editor2, partner=self.partner1, status=Application.PENDING) self.app3 = ApplicationFactory(editor=self.editor3, partner=self.partner1, status=Application.PENDING) self.app4 = ApplicationFactory(editor=self.editor1, partner=self.partner2, status=Application.PENDING) self.app5 = ApplicationFactory(editor=self.editor2, partner=self.partner2, status=Application.PENDING) self.app6 = ApplicationFactory(editor=self.editor3, partner=self.partner2, status=Application.PENDING) self.app7 = ApplicationFactory(editor=self.editor1, partner=self.partner3, status=Application.PENDING) self.app8 = ApplicationFactory(editor=self.editor1, partner=self.partner4, status=Application.PENDING) self.app9 = ApplicationFactory(editor=self.editor2, partner=self.partner3, status=Application.PENDING) # Editor 4 will update status on applications to partners 1 and 2. # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app1.pk}), data={"status": Application.SENT}, follow=True, ) self.app1.refresh_from_db() self.auth_app1 = Authorization.objects.get( authorizer=self.editor4.user, authorized_user=self.editor1.user, partner=self.partner1, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app2.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app2.refresh_from_db() self.auth_app2 = Authorization( authorizer=self.editor4.user, authorized_user=self.editor2.user, partner=self.partner1, ) # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app3.pk}), data={"status": Application.SENT}, follow=True, ) self.app3.refresh_from_db() self.auth_app3 = Authorization.objects.get( authorizer=self.editor4.user, authorized_user=self.editor3.user, partner=self.partner1, ) # Send the application # PROXY authorization methods don't set .SENT on the evaluate page; # .APPROVED will automatically update them to .SENT self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app4.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app4.refresh_from_db() self.auth_app4 = Authorization.objects.get( # https://phabricator.wikimedia.org/T233508 # authorizer=self.editor4.user, authorized_user=self.editor1.user, partner=self.partner2, ) # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app5.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app5.refresh_from_db() self.auth_app5 = Authorization.objects.get( # https://phabricator.wikimedia.org/T233508 # authorizer=self.editor4.user, authorized_user=self.editor2.user, partner=self.partner2, ) # Set up an access code to distribute self.access_code = AccessCode(code="ABCD-EFGH-IJKL", partner=self.partner3) self.access_code.save() self.message_patcher = patch( "TWLight.applications.views.messages.add_message") self.message_patcher.start()
def setUp(self): super(AuthorizationBaseTestCase, self).setUp() self.partner1 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.partner2 = PartnerFactory( authorization_method=Partner.PROXY, status=Partner.AVAILABLE, requested_access_duration=True, ) self.partner3 = PartnerFactory(authorization_method=Partner.CODES, status=Partner.AVAILABLE) self.partner4 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.partner5 = PartnerFactory( authorization_method=Partner.EMAIL, status=Partner.AVAILABLE, specific_stream=True, ) self.partner5_stream1 = StreamFactory( partner=self.partner5, authorization_method=Partner.EMAIL) self.partner5_stream2 = StreamFactory( partner=self.partner5, authorization_method=Partner.EMAIL) self.editor1 = EditorFactory() self.editor1.user.email = Faker(random.choice( settings.FAKER_LOCALES)).email() self.editor1.user.save() self.editor2 = EditorFactory() self.editor3 = EditorFactory() # Editor 4 is a coordinator with a session. self.editor4 = EditorCraftRoom(self, Terms=True, Coordinator=True) # Editor 4 is the designated coordinator for all partners. self.partner1.coordinator = self.editor4.user self.partner1.account_length = timedelta(days=180) self.partner1.target_url = "http://test.localdomain" self.partner1.save() self.partner2.coordinator = self.editor4.user self.partner2.save() self.partner3.coordinator = self.editor4.user self.partner3.save() self.partner4.coordinator = self.editor4.user self.partner4.save() self.partner5.coordinator = self.editor4.user self.partner5.save() # Editor 5 is a coordinator without a session and with no designated partners. self.editor5 = EditorFactory() coordinators.user_set.add(self.editor5.user) # Create applications. self.app1 = ApplicationFactory(editor=self.editor1, partner=self.partner1, status=Application.PENDING) self.app2 = ApplicationFactory(editor=self.editor2, partner=self.partner1, status=Application.PENDING) self.app3 = ApplicationFactory(editor=self.editor3, partner=self.partner1, status=Application.PENDING) self.app4 = ApplicationFactory(editor=self.editor1, partner=self.partner2, status=Application.PENDING) self.app5 = ApplicationFactory(editor=self.editor2, partner=self.partner2, status=Application.PENDING) self.app6 = ApplicationFactory(editor=self.editor3, partner=self.partner2, status=Application.PENDING) self.app7 = ApplicationFactory(editor=self.editor1, partner=self.partner3, status=Application.PENDING) self.app8 = ApplicationFactory(editor=self.editor1, partner=self.partner4, status=Application.PENDING) self.app9 = ApplicationFactory(editor=self.editor2, partner=self.partner3, status=Application.PENDING) self.app10 = ApplicationFactory( editor=self.editor1, partner=self.partner5, specific_stream=self.partner5_stream1, status=Application.PENDING, ) self.app11 = ApplicationFactory( editor=self.editor1, partner=self.partner5, specific_stream=self.partner5_stream2, status=Application.PENDING, ) # Editor 4 will update status on applications to partners 1, 2, and 5. # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app1.pk}), data={"status": Application.SENT}, follow=True, ) self.app1.refresh_from_db() self.auth_app1 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partners=self.partner1) self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app10.pk}), data={"status": Application.SENT}, follow=True, ) self.app10.refresh_from_db() self.auth_app10 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partners=self.partner5, stream=self.partner5_stream1, ) self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app11.pk}), data={"status": Application.SENT}, follow=True, ) self.app11.refresh_from_db() self.auth_app11 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partners=self.partner5, stream=self.partner5_stream2, ) # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app2.pk}), data={"status": Application.SENT}, follow=True, ) self.app2.refresh_from_db() self.auth_app2 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor2.user, partners=self.partner1) # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app3.pk}), data={"status": Application.SENT}, follow=True, ) self.app3.refresh_from_db() self.auth_app3 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor3.user, partners=self.partner1) # PROXY authorization methods don't set .SENT on the evaluate page; # .APPROVED will automatically update them to .SENT # This app was created with a factory, which doesn't create a revision. # Let's update the status so that we have one. self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app4.pk}), data={"status": Application.QUESTION}, follow=True, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app4.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app4.refresh_from_db() self.auth_app4 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partners=self.partner2) # This app was created with a factory, which doesn't create a revision. # Let's update the status so that we have one. self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app5.pk}), data={"status": Application.QUESTION}, follow=True, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app5.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app5.refresh_from_db() self.auth_app5 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor2.user, partners=self.partner2) # Set up an access code to distribute self.access_code = AccessCode(code="ABCD-EFGH-IJKL", partner=self.partner3) self.access_code.save() self.message_patcher = patch( "TWLight.applications.views.messages.add_message") self.message_patcher.start()
class AuthorizationBaseTestCase(TestCase): """ Setup class for Authorization Object tests. Could possibly achieve the same effect via a new factory class. """ def setUp(self): super(AuthorizationBaseTestCase, self).setUp() self.partner1 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.partner2 = PartnerFactory(authorization_method=Partner.PROXY, status=Partner.AVAILABLE, requested_access_duration=True) self.partner3 = PartnerFactory(authorization_method=Partner.CODES, status=Partner.AVAILABLE) self.partner4 = PartnerFactory(authorization_method=Partner.EMAIL, status=Partner.AVAILABLE) self.editor1 = EditorFactory() self.editor1.user.email = fake.email() self.editor1.user.save() self.editor2 = EditorFactory() self.editor3 = EditorFactory() # Editor 4 is a coordinator with a session. self.editor4 = EditorCraftRoom(self, Terms=True, Coordinator=True) # Editor 4 is the designated coordinator for all partners. self.partner1.coordinator = self.editor4.user self.partner1.account_length = timedelta(days=180) self.partner1.target_url = 'http://test.localdomain' self.partner1.save() self.partner2.coordinator = self.editor4.user self.partner2.save() self.partner3.coordinator = self.editor4.user self.partner3.save() self.partner4.coordinator = self.editor4.user self.partner4.save() # Editor 5 is a coordinator without a session and with no designated partners. self.editor5 = EditorFactory() coordinators.user_set.add(self.editor5.user) # Create applications. self.app1 = ApplicationFactory(editor=self.editor1, partner=self.partner1, status=Application.PENDING) self.app2 = ApplicationFactory(editor=self.editor2, partner=self.partner1, status=Application.PENDING) self.app3 = ApplicationFactory(editor=self.editor3, partner=self.partner1, status=Application.PENDING) self.app4 = ApplicationFactory(editor=self.editor1, partner=self.partner2, status=Application.PENDING) self.app5 = ApplicationFactory(editor=self.editor2, partner=self.partner2, status=Application.PENDING) self.app6 = ApplicationFactory(editor=self.editor3, partner=self.partner2, status=Application.PENDING) self.app7 = ApplicationFactory(editor=self.editor1, partner=self.partner3, status=Application.PENDING) self.app8 = ApplicationFactory(editor=self.editor1, partner=self.partner4, status=Application.PENDING) self.app9 = ApplicationFactory(editor=self.editor2, partner=self.partner3, status=Application.PENDING) # Editor 4 will update status on applications to partners 1 and 2. # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app1.pk}), data={"status": Application.SENT}, follow=True, ) self.app1.refresh_from_db() self.auth_app1 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partner=self.partner1, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app2.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app2.refresh_from_db() self.auth_app2 = Authorization( authorizer=self.editor4.user, user=self.editor2.user, partner=self.partner1, ) # Send the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app3.pk}), data={"status": Application.SENT}, follow=True, ) self.app3.refresh_from_db() self.auth_app3 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor3.user, partner=self.partner1, ) # PROXY authorization methods don't set .SENT on the evaluate page; # .APPROVED will automatically update them to .SENT # This app was created with a factory, which doesn't create a revision. # Let's update the status so that we have one. self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app4.pk}), data={"status": Application.QUESTION}, follow=True, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app4.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app4.refresh_from_db() self.auth_app4 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor1.user, partner=self.partner2, ) # This app was created with a factory, which doesn't create a revision. # Let's update the status so that we have one. self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app5.pk}), data={"status": Application.QUESTION}, follow=True, ) # Approve the application self.client.post( reverse("applications:evaluate", kwargs={"pk": self.app5.pk}), data={"status": Application.APPROVED}, follow=True, ) self.app5.refresh_from_db() self.auth_app5 = Authorization.objects.get( authorizer=self.editor4.user, user=self.editor2.user, partner=self.partner2, ) # Set up an access code to distribute self.access_code = AccessCode(code="ABCD-EFGH-IJKL", partner=self.partner3) self.access_code.save() self.message_patcher = patch( "TWLight.applications.views.messages.add_message") self.message_patcher.start() def tearDown(self): super(AuthorizationBaseTestCase, self).tearDown() self.partner1.delete() self.partner2.delete() self.partner3.delete() self.partner4.delete() self.access_code.delete() self.editor1.delete() self.editor2.delete() self.editor3.delete() self.editor4.delete() self.app1.delete() self.app2.delete() self.app3.delete() self.app4.delete() self.app5.delete() self.app6.delete() self.app7.delete() self.app8.delete() self.app9.delete()