class ProgramRecordViewTests(SiteMixin, TestCase): MOCK_USER_DATA = { "username": "******", "name": "Test User", "email": "*****@*****.**", } def setUp(self): super().setUp() dump_random_state() self.user = UserFactory(username=self.MOCK_USER_DATA["username"]) self.client.login(username=self.user.username, password=USER_PASSWORD) self.course = CourseFactory(site=self.site) self.course_runs = CourseRunFactory.create_batch(3, course=self.course) self.user_grade_low = UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=self.course_runs[0], letter_grade="A", percent_grade=0.70, ) self.user_grade_high = UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=self.course_runs[1], letter_grade="C", percent_grade=1.00, ) self.user_grade_revoked_cert = UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=self.course_runs[2], letter_grade="B", percent_grade=0.80, ) self.course_certs = [ CourseCertificateFactory(course_id=course_run.key, site=self.site) for course_run in self.course_runs ] self.credential_content_type = ContentType.objects.get(app_label="credentials", model="coursecertificate") self.program_cert = ProgramCertificateFactory(site=self.site) self.program_content_type = ContentType.objects.get(app_label="credentials", model="programcertificate") self.user_credentials = [ UserCredentialFactory( username=self.MOCK_USER_DATA["username"], credential_content_type=self.credential_content_type, credential=course_cert, ) for course_cert in self.course_certs ] self.user_credentials[2].status = UserCredential.REVOKED self.user_credentials[2].save() self.org_names = ["CCC", "AAA", "BBB"] self.orgs = [OrganizationFactory(name=name, site=self.site) for name in self.org_names] self.program = ProgramFactory( course_runs=self.course_runs, authoring_organizations=self.orgs, site=self.site, uuid=self.program_cert.program_uuid, ) self.pcr = ProgramCertRecordFactory(program=self.program, user=self.user) self.pathway = PathwayFactory(site=self.site) self.pathway.programs.set([self.program]) def _render_program_record(self, record_data=None, status_code=200): """ Helper method to mock rendering a user certificate.""" if record_data is None: record_data = {} with patch("credentials.apps.records.views.ProgramRecordView._get_record") as get_record: get_record.return_value = record_data response = self.client.get(reverse("records:private_programs", kwargs={"uuid": uuid.uuid4().hex})) self.assertEqual(response.status_code, status_code) return response def assert_matching_template_origin(self, actual, expected_template_name): expected = select_template([expected_template_name]) self.assertEqual(actual.origin, expected.origin) def test_no_anonymous_access_private(self): """ Verify that the private view rejects non-logged-in users. """ self.client.logout() response = self._render_program_record(status_code=302) self.assertRegex(response.url, "^/login/.*") def test_anonymous_access_public(self): """ Verify that the public view does not reject non-logged-in users""" self.client.logout() response = self.client.get(reverse("records:public_programs", kwargs={"uuid": self.pcr.uuid.hex})) self.assertContains(response, "Record") @ddt.data(True, False) def test_access_to_empty_record(self, is_superuser): """ Verify that the an empty record rejects non-superusers. """ # Make sure no credentials exist self.user.is_superuser = is_superuser self.user.save() # Get rid of all credentials for credential in self.user_credentials: credential.status = UserCredential.REVOKED credential.save() expected_code = 200 if is_superuser else 404 response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) self.assertEqual(response.status_code, expected_code) # Confirm it is indeed reported as empty if is_superuser: program_data = json.loads(response.context_data["record"])["program"] self.assertTrue(program_data["empty"]) def test_normal_access(self): """ Verify that the view works in default case. """ response = self._render_program_record() response_context_data = response.context_data self.assertContains(response, "Record") actual_child_templates = response_context_data["child_templates"] self.assert_matching_template_origin(actual_child_templates["footer"], "_footer.html") self.assert_matching_template_origin(actual_child_templates["header"], "_header.html") self.assert_matching_template_origin(actual_child_templates["masquerade"], "_masquerade.html") def test_public_access(self): """ Verify that the public view instructs front end to be public """ response = self.client.get(reverse("records:public_programs", kwargs={"uuid": self.pcr.uuid.hex})) is_public = response.context_data["is_public"] self.assertTrue(is_public) def test_private_access(self): """ Verify that the private view instructs front end to be private """ response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) is_public = response.context_data["is_public"] self.assertFalse(is_public) def test_public_private_data(self): """ Verify that the public and private views return the same record data """ response = self.client.get(reverse("records:public_programs", kwargs={"uuid": self.pcr.uuid.hex})) public_data = json.loads(response.context_data["record"]) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) private_data = json.loads(response.context_data["record"]) self.assertEqual(private_data, public_data) def test_highest_grades(self): """Verify that the view only shows the highest *percentage* grade Also verified that the attempts are counted correctly, even with revoked certs """ response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] self.assertEqual(len(grades), 1) grade = grades[0] expected_grade = { "name": self.course_runs[1].title, "school": "", "attempts": 3, "course_id": self.course_runs[1].key, "issue_date": self.user_credentials[1].created.isoformat(), "percent_grade": self.user_grade_high.percent_grade, "letter_grade": self.user_grade_high.letter_grade, } self.assertEqual(grade, expected_grade) def test_visible_date_as_issue_date(self): """ Verify that we show visible_date when available """ UserCredentialAttributeFactory( user_credential=self.user_credentials[1], name="visible_date", value="2017-07-31T09:32:46Z" ) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] self.assertEqual(len(grades), 1) self.assertEqual(grades[0]["issue_date"], "2017-07-31T09:32:46+00:00") def test_future_visible_date_not_shown(self): """ Verify that we don't show certificates with a visible_date in the future """ UserCredentialAttributeFactory( user_credential=self.user_credentials[1], name="visible_date", value=datetime.datetime.max.strftime("%Y-%m-%dT%H:%M:%SZ"), ) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] self.assertEqual(len(grades), 1) self.assertEqual(grades[0]["course_id"], self.course_runs[0].key) # 0 instead of 1 now that 1 is in future self.assertEqual(grades[0]["issue_date"], self.user_credentials[0].created.isoformat()) @ddt.data( ("9999-01-01T01:01:01Z", False), ("1970-01-01T01:01:01Z", True), (None, True), ) @ddt.unpack def test_program_visible_date(self, date, completed): """ Test that the program's visible_date is considered """ program_credential = UserCredentialFactory( username=self.MOCK_USER_DATA["username"], credential_content_type=self.program_content_type, credential=self.program_cert, ) if date: UserCredentialAttributeFactory( user_credential=program_credential, name="visible_date", value=date, ) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) self.assertEqual(json.loads(response.context_data["record"])["program"]["completed"], completed) def test_organization_order(self): """ Test that the organizations are returned in the order they were added """ self.course.owners.set(self.orgs) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) program_data = json.loads(response.context_data["record"])["program"] grade = json.loads(response.context_data["record"])["grades"][0] self.assertEqual(program_data["school"], ", ".join(self.org_names)) self.assertEqual(grade["school"], ", ".join(self.org_names)) def test_course_run_order(self): """ Test that the course_runs are returned in the program order """ new_course_run = CourseRunFactory() self.program.course_runs.add(new_course_run) UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=new_course_run, letter_grade="C", percent_grade=0.70 ) new_course_cert = CourseCertificateFactory(course_id=new_course_run.key, site=self.site) UserCredentialFactory( username=self.MOCK_USER_DATA["username"], credential_content_type=self.credential_content_type, credential=new_course_cert, ) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] expected_course_run_keys = [course_run.key for course_run in [self.course_runs[1], new_course_run]] actual_course_run_keys = [grade["course_id"] for grade in grades] self.assertEqual(expected_course_run_keys, actual_course_run_keys) def test_course_run_no_credential(self): """ Adds a course run with no credential and tests that it does appear in the results """ new_course_run = CourseRunFactory() self.program.course_runs.add(new_course_run) UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=new_course_run, letter_grade="F", percent_grade=0.05 ) CourseCertificateFactory(course_id=new_course_run.key, site=self.site) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] self.assertEqual(len(grades), 2) self.assertEqual(new_course_run.course.title, grades[1]["name"]) def test_multiple_attempts_no_cert(self): """Adds a course with two failed course_run attempts (no cert) and verifies that the course only shows up once""" # Only superusers can view an empty program (we could add a real cert too here, but this is a more direct test) self.user.is_superuser = True self.user.save() new_course = CourseFactory(site=self.site) new_course_runs = CourseRunFactory.create_batch(2, course=new_course) _ = [ UserGradeFactory( username=self.MOCK_USER_DATA["username"], course_run=course_run, letter_grade="F", percent_grade=0.20 ) for course_run in new_course_runs ] self.program.course_runs.set(new_course_runs) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) grades = json.loads(response.context_data["record"])["grades"] self.assertEqual(len(grades), 1) self.assertEqual(new_course.title, grades[0]["name"]) def test_learner_data(self): """ Test that the learner data is returned successfully """ response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) learner_data = json.loads(response.context_data["record"])["learner"] expected = {"full_name": self.user.get_full_name(), "username": str(self.user), "email": self.user.email} self.assertEqual(learner_data, expected) def test_program_data(self): """ Test that the program data is returned successfully """ response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) program_data = json.loads(response.context_data["record"])["program"] expected = { "name": self.program.title, "type": slugify(self.program.type), "type_name": self.program.type, "completed": False, "empty": False, "last_updated": UserCredential.objects.last().created.isoformat(), "school": ", ".join(self.org_names), } self.assertEqual(program_data, expected) def test_pathway_data(self): """ Test that the pathway data is returned successfully """ response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) pathway_data = json.loads(response.context_data["record"])["pathways"] expected = [ { "name": self.pathway.name, "id": self.pathway.id, "status": "", "is_active": True, "pathway_type": PathwayType.CREDIT.value, } ] self.assertEqual(pathway_data, expected) def test_pathway_no_email(self): """ Test that a pathway without an email is inactive """ self.pathway.email = "" self.pathway.save() response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) pathway_data = json.loads(response.context_data["record"])["pathways"] expected = [ { "name": self.pathway.name, "id": self.pathway.id, "status": "", "is_active": False, "pathway_type": PathwayType.CREDIT.value, } ] self.assertEqual(pathway_data, expected) def test_sent_pathway_status(self): """ Test that a user credit pathway pathway that has already been sent includes a pathway """ UserCreditPathwayFactory(pathway=self.pathway, user=self.user) response = self.client.get(reverse("records:private_programs", kwargs={"uuid": self.program.uuid.hex})) pathway_data = json.loads(response.context_data["record"])["pathways"] expected = [ { "name": self.pathway.name, "id": self.pathway.id, "status": "sent", "is_active": True, "pathway_type": PathwayType.CREDIT.value, } ] self.assertEqual(pathway_data, expected) def test_xss(self): """ Verify that the view protects against xss in translations. """ response = self._render_program_record( { "name": "<xss>", "program": { "name": "<xss>", "school": "XSS School", }, "uuid": "uuid", } ) # Test that the data is parsed from an escaped string self.assertContains( response, "JSON.parse('{\\u0022name\\u0022: \\u0022\\u003Cxss\\u003E\\u0022, " + "\\u0022program\\u0022: {\\u0022name\\u0022: \\u0022\\u003Cxss\\u003E\\u0022, " + "\\u0022school\\u0022: \\u0022XSS School\\u0022}, \\u0022uuid\\u0022: " + "\\u0022uuid\\u0022}')", ) self.assertNotContains(response, "<xss>")
class ProgramRecordViewTests(SiteMixin, TestCase): MOCK_USER_DATA = {'username': '******', 'name': 'Test User', 'email': '*****@*****.**', } def setUp(self): super().setUp() dump_random_state() self.user = UserFactory(username=self.MOCK_USER_DATA['username']) self.client.login(username=self.user.username, password=USER_PASSWORD) self.course = CourseFactory(site=self.site) self.course_runs = CourseRunFactory.create_batch(3, course=self.course) self.user_grade_low = UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=self.course_runs[0], letter_grade='A', percent_grade=0.70) self.user_grade_high = UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=self.course_runs[1], letter_grade='C', percent_grade=1.00) self.user_grade_revoked_cert = UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=self.course_runs[2], letter_grade='B', percent_grade=.80) self.course_certs = [CourseCertificateFactory(course_id=course_run.key, site=self.site) for course_run in self.course_runs] self.credential_content_type = ContentType.objects.get(app_label='credentials', model='coursecertificate') self.program_cert = ProgramCertificateFactory(site=self.site) self.program_content_type = ContentType.objects.get(app_label='credentials', model='programcertificate') self.user_credentials = [UserCredentialFactory(username=self.MOCK_USER_DATA['username'], credential_content_type=self.credential_content_type, credential=course_cert) for course_cert in self.course_certs] self.user_credentials[2].status = UserCredential.REVOKED self.user_credentials[2].save() self.org_names = ['CCC', 'AAA', 'BBB'] self.orgs = [OrganizationFactory(name=name, site=self.site) for name in self.org_names] self.program = ProgramFactory(course_runs=self.course_runs, authoring_organizations=self.orgs, site=self.site, uuid=self.program_cert.program_uuid) self.pcr = ProgramCertRecordFactory(program=self.program, user=self.user) self.pathway = PathwayFactory(site=self.site) self.pathway.programs = [self.program] def _render_program_record(self, record_data=None, status_code=200): """ Helper method to mock rendering a user certificate.""" if record_data is None: record_data = {} with patch('credentials.apps.records.views.ProgramRecordView._get_record') as get_record: get_record.return_value = record_data response = self.client.get(reverse('records:private_programs', kwargs={'uuid': uuid.uuid4().hex})) self.assertEqual(response.status_code, status_code) return response def assert_matching_template_origin(self, actual, expected_template_name): expected = select_template([expected_template_name]) self.assertEqual(actual.origin, expected.origin) def test_no_anonymous_access_private(self): """ Verify that the private view rejects non-logged-in users. """ self.client.logout() response = self._render_program_record(status_code=302) self.assertRegex(response.url, '^/login/.*') # pylint: disable=deprecated-method def test_anonymous_access_public(self): """ Verify that the public view does not reject non-logged-in users""" self.client.logout() response = self.client.get(reverse('records:public_programs', kwargs={'uuid': self.pcr.uuid.hex})) self.assertContains(response, 'Record') @ddt.data(True, False) def test_access_to_empty_record(self, is_superuser): """ Verify that the an empty record rejects non-superusers. """ # Make sure no credentials exist self.user.is_superuser = is_superuser self.user.save() # Get rid of all credentials for credential in self.user_credentials: credential.status = UserCredential.REVOKED credential.save() expected_code = 200 if is_superuser else 404 response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) self.assertEqual(response.status_code, expected_code) # Confirm it is indeed reported as empty if is_superuser: program_data = json.loads(response.context_data['record'])['program'] self.assertTrue(program_data['empty']) def test_normal_access(self): """ Verify that the view works in default case. """ response = self._render_program_record() response_context_data = response.context_data self.assertContains(response, 'Record') actual_child_templates = response_context_data['child_templates'] self.assert_matching_template_origin(actual_child_templates['footer'], '_footer.html') self.assert_matching_template_origin(actual_child_templates['header'], '_header.html') self.assert_matching_template_origin(actual_child_templates['masquerade'], '_masquerade.html') def test_public_access(self): """ Verify that the public view instructs front end to be public """ response = self.client.get(reverse('records:public_programs', kwargs={'uuid': self.pcr.uuid.hex})) is_public = response.context_data['is_public'] self.assertTrue(is_public) def test_private_access(self): """ Verify that the private view instructs front end to be private """ response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) is_public = response.context_data['is_public'] self.assertFalse(is_public) def test_public_private_data(self): """ Verify that the public and private views return the same record data """ response = self.client.get(reverse('records:public_programs', kwargs={'uuid': self.pcr.uuid.hex})) public_data = json.loads(response.context_data['record']) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) private_data = json.loads(response.context_data['record']) self.assertEqual(private_data, public_data) def test_highest_grades(self): """ Verify that the view only shows the highest *percentage* grade Also verified that the attempts are counted correctly, even with revoked certs """ response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] self.assertEqual(len(grades), 1) grade = grades[0] expected_grade = {'name': self.course_runs[1].title, 'school': '', 'attempts': 3, 'course_id': self.course_runs[1].key, 'issue_date': self.user_credentials[1].created.isoformat(), 'percent_grade': self.user_grade_high.percent_grade, 'letter_grade': self.user_grade_high.letter_grade, } self.assertEqual(grade, expected_grade) def test_visible_date_as_issue_date(self): """ Verify that we show visible_date when available """ UserCredentialAttributeFactory(user_credential=self.user_credentials[1], name='visible_date', value='2017-07-31T09:32:46Z') response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] self.assertEqual(len(grades), 1) self.assertEqual(grades[0]['issue_date'], '2017-07-31T09:32:46+00:00') def test_future_visible_date_not_shown(self): """ Verify that we don't show certificates with a visible_date in the future """ UserCredentialAttributeFactory(user_credential=self.user_credentials[1], name='visible_date', value=datetime.datetime.max.strftime('%Y-%m-%dT%H:%M:%SZ')) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] self.assertEqual(len(grades), 1) self.assertEqual(grades[0]['course_id'], self.course_runs[0].key) # 0 instead of 1 now that 1 is in future self.assertEqual(grades[0]['issue_date'], self.user_credentials[0].created.isoformat()) @ddt.data( ('9999-01-01T01:01:01Z', False), ('1970-01-01T01:01:01Z', True), (None, True), ) @ddt.unpack def test_program_visible_date(self, date, completed): """ Test that the program's visible_date is considered """ program_credential = UserCredentialFactory( username=self.MOCK_USER_DATA['username'], credential_content_type=self.program_content_type, credential=self.program_cert) if date: UserCredentialAttributeFactory( user_credential=program_credential, name='visible_date', value=date, ) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) self.assertEqual(json.loads(response.context_data['record'])['program']['completed'], completed) def test_organization_order(self): """ Test that the organizations are returned in the order they were added """ self.course.owners = self.orgs response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) program_data = json.loads(response.context_data['record'])['program'] grade = json.loads(response.context_data['record'])['grades'][0] self.assertEqual(program_data['school'], ', '.join(self.org_names)) self.assertEqual(grade['school'], ', '.join(self.org_names)) def test_course_run_order(self): """ Test that the course_runs are returned in the program order """ new_course_run = CourseRunFactory() self.program.course_runs.add(new_course_run) UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=new_course_run, letter_grade='C', percent_grade=.70) new_course_cert = CourseCertificateFactory(course_id=new_course_run.key, site=self.site) UserCredentialFactory(username=self.MOCK_USER_DATA['username'], credential_content_type=self.credential_content_type, credential=new_course_cert) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] expected_course_run_keys = [course_run.key for course_run in [self.course_runs[1], new_course_run]] actual_course_run_keys = [grade['course_id'] for grade in grades] self.assertEqual(expected_course_run_keys, actual_course_run_keys) def test_course_run_no_credential(self): """ Adds a course run with no credential and tests that it does appear in the results """ new_course_run = CourseRunFactory() self.program.course_runs.add(new_course_run) UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=new_course_run, letter_grade='F', percent_grade=.05) CourseCertificateFactory(course_id=new_course_run.key, site=self.site) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] self.assertEqual(len(grades), 2) self.assertEqual(new_course_run.course.title, grades[1]['name']) def test_multiple_attempts_no_cert(self): """ Adds a course with two failed course_run attempts (no cert) and verifies that the course only shows up once """ # Only superusers can view an empty program (we could add a real cert too here, but this is a more direct test) self.user.is_superuser = True self.user.save() new_course = CourseFactory(site=self.site) new_course_runs = CourseRunFactory.create_batch(2, course=new_course) _ = [UserGradeFactory(username=self.MOCK_USER_DATA['username'], course_run=course_run, letter_grade='F', percent_grade=0.20) for course_run in new_course_runs] self.program.course_runs = new_course_runs response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) grades = json.loads(response.context_data['record'])['grades'] self.assertEqual(len(grades), 1) self.assertEqual(new_course.title, grades[0]['name']) def test_learner_data(self): """ Test that the learner data is returned succesfully """ response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) learner_data = json.loads(response.context_data['record'])['learner'] expected = {'full_name': self.user.get_full_name(), 'username': str(self.user), 'email': self.user.email} self.assertEqual(learner_data, expected) def test_program_data(self): """ Test that the program data is returned successfully """ response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) program_data = json.loads(response.context_data['record'])['program'] expected = {'name': self.program.title, 'type': slugify(self.program.type), 'type_name': self.program.type, 'completed': False, 'empty': False, 'last_updated': UserCredential.objects.last().created.isoformat(), 'school': ', '.join(self.org_names)} self.assertEqual(program_data, expected) def test_pathway_data(self): """ Test that the pathway data is returned successfully """ response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) pathway_data = json.loads(response.context_data['record'])['pathways'] expected = [{'name': self.pathway.name, 'id': self.pathway.id, 'status': '', 'is_active': True, 'pathway_type': PathwayType.CREDIT.value}] self.assertEqual(pathway_data, expected) def test_pathway_no_email(self): """ Test that a pathway without an email is inactive """ self.pathway.email = '' self.pathway.save() response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) pathway_data = json.loads(response.context_data['record'])['pathways'] expected = [{'name': self.pathway.name, 'id': self.pathway.id, 'status': '', 'is_active': False, 'pathway_type': PathwayType.CREDIT.value}] self.assertEqual(pathway_data, expected) def test_sent_pathway_status(self): """ Test that a user credit pathway pathway that has already been sent includes a pathway """ UserCreditPathwayFactory(pathway=self.pathway, user=self.user) response = self.client.get(reverse('records:private_programs', kwargs={'uuid': self.program.uuid.hex})) pathway_data = json.loads(response.context_data['record'])['pathways'] expected = [{'name': self.pathway.name, 'id': self.pathway.id, 'status': 'sent', 'is_active': True, 'pathway_type': PathwayType.CREDIT.value}] self.assertEqual(pathway_data, expected) def test_xss(self): """ Verify that the view protects against xss in translations. """ response = self._render_program_record({ "name": "<xss>", 'program': { 'name': '<xss>', 'school': 'XSS School', }, 'uuid': 'uuid', }) # Test that the data is parsed from an escaped string self.assertContains(response, "JSON.parse(\'{\\u0022name\\u0022: \\u0022\\u003Cxss\\u003E\\u0022, " + "\\u0022program\\u0022: {\\u0022name\\u0022: \\u0022\\u003Cxss\\u003E\\u0022, " + "\\u0022school\\u0022: \\u0022XSS School\\u0022}, \\u0022uuid\\u0022: " + "\\u0022uuid\\u0022}\')") self.assertNotContains(response, '<xss>')